DATA PROTECTION

DATA PROTECTION NOTICE

1. Data protection at a glance

General information

This section provides a simple overview of what happens with your personal data when you visit this website. Personal data is the term used for all data with which you can be personally identified. See the data protection notice below this text for in-depth information on data protection.

Data recording on this website

Who is responsible for data recording on this website?

The processing of data on this website is performed by the website operator, whose contact details are provided in the “Information on the responsible authority” section of this data protection notice.

How do we record your data?

Certain data is recorded when provided to us by you, e.g. via entering data in a contact form. Other data is recorded by our IT systems when you visit our website, either automatically or once you grant your consent. This relates primarily to technical data (e.g. internet browser, operating system, or the time at which pages were accessed). Such data is recorded automatically once you access this website.

What do we use your data for?

Certain data is recorded in order to ensure a smooth user experience on our website, while other data can be used to analyze your user behavior.

What rights do you have regarding your data?

You have the right to be informed of the source, recipient, and purpose of your stored personal data – at any time and free of charge. You also have the right to demand the rectification or deletion of this data. If you have granted your consent for data processing, you can revoke this consent at any time with effect for the future. You additionally have the right under certain circumstances to demand that the processing of your personal data be restricted. Furthermore, you have the right to lodge a complaint with the responsible supervisory authority. You are free to contact us at any time in relation to this and other issues concerning data protection.

Analysis tools and tools from third-party providers

Your surfing behavior can be statistically evaluated when you visit this website, primarily via the use of analysis programs. Detailed information on these analysis programs is provided in the following data protection notice. Our data protection officer

Luka Jozanovic PRIOLAN GmbH Steinsfeldstraße 46 74626 Bretzfeld

Mobil: +49 (0) 163 286 77 02 E-Mail: l.jozanovic@priolan.de Web: www.priolan.de

2. Hosting and content delivery networks (CDNs)

External hosting

This website is hosted by an external service provider (hoster). The personal data recorded on this website is stored on the servers of the hoster. In particular, this can include IP addresses, contact inquiries, metadata and communications data, contract data, contact data, names, website access information, and other data that is generated via a website. This hoster is used for the purpose of contract fulfillment in relation to our potential and existing customers (Article 6 para. 1 point b of the GDPR) and in the interest of having our website presented in a secure, fast, and efficient manner by a professional provider (Article 6 para. 1 point f of the GDPR). Our hoster will process your data only to the extent necessary for the fulfillment of his service obligations and observe our instructions in relation to this data. We use the following hoster: [Name und vollständige Anschrift des Hosters]

Conclusion of a contract for order processing

In order to ensure compliance with data protection during processing, we have concluded a contract for order processing with our hoster.

3. General and mandatory information

Data protection

The operator of this website takes the protection of your personal data very seriously. We handle your personal data confidentially and in accordance with both the statutory data protection regulations and this data protection notice. Various items of personal data are recorded when you use this website. Personal data is the term used for data with which you can be personally identified. This data protection notice explains which data we record and what we use it for. It also explains how and why this happens. We wish to inform you that the transmission of data via the internet (e.g. email communication) may be subject to security holes. It is not possible to ensure complete protection of data against third-party access.

Information on the responsible authority

The responsible authority for data processing on this website is: KFG Hotel GmbH & Co. KG Hotel am Remspark Remspark 1 73525 Schwäbisch Gmünd Tel.: +49 (0) 7171 / 7988 200 Email: info@hotelamremspark.de The responsible authority is the natural or legal person who, either individually or together with others, decides on the purpose and means of processing of personal data (e.g. names, email addresses, etc.).

Storage period

Provided that no specific storage period is stated within this data protection notice, your personal data shall remain with us until the purpose for data processing expires. If you assert a legitimate request for deletion or revoke your consent for data processing, your data shall be deleted wherever we do not have any other legally permissible reasons for the storage of your personal data (e.g. storage periods according to tax or commercial law); in the latter case, deletion shall take place once these reasons expire.

Statutory data protection officer

We have appointed a data protection officer for our company. W. Franz | datenschutz-ostalb.de Büro für betriebliche Datenschutz-Dienstleistungen Hauptstr. 66 73441 Bopfingen Tel.: 07362 92 25 92 8 Email: w.franz@datenschutz-ostalb.de

Information on the forwarding of data to the USA and other third countries

Our website features integrated tools from companies based in the USA or in other third countries that are not secure from the perspective of data protection legislation. If these tools are active, your personal data can be transmitted to these third countries and processed there. It cannot be guaranteed that the level of data protection in these countries is comparable to that of the EU. For example, US companies are obligated to provide personal data to the security authorities and you are not able to take any legal action against this as an affected party. This means it cannot be ruled out that the US authorities (e.g. secret service) will, for the purpose of monitoring, engage in the processing, evaluation, and permanent storage of your data located on US servers. We do not have any influence on these processing activities.

Revocation of your consent for data processing

Many data processing operations are only possible with your express consent. You can revoke your previously granted consent at any time. The legality of the data processing that took place prior to revocation is not affected by this revocation.

Right of objection to data collection in particular cases and to direct marketing (Article 21 of the GDPR)

IF DATA PROCESSING TAKES PLACE ON THE BASIS OF ARTICLE 6 PARA. 1 POINT E OR F OF THE GDPR, YOU HAVE THE RIGHT AT ANY TIME – FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION – TO LODGE AN OBJECTION AGAINST THE PROCESSING OF YOUR PERSONAL DATA; THIS SHALL ALSO APPLY FOR PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS FOR PROCESSING CAN BE FOUND IN THIS DATA PROTECTION NOTICE. IF YOU LODGE AN OBJECTION, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE ARE ABLE TO DEMONSTRATE URGENT SECURITY-RELATED REASONS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS OR UNLESS PROCESSING SERVES THE ASSERTION, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION ACCORDING TO ARTICLE 21 PARA. 1 OF THE GDPR). IF YOUR PERSONAL DATA IS PROCESSED IN ORDER TO CONDUCT DIRECT MARKETING, YOU HAVE THE RIGHT AT ANY TIME TO LODGE AN OBJECTION TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES FOR PROFILING TO THE EXTENT THAT THIS IS LINKED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION ACCORDING TO ARTICLE 21 PARA. 2 OF THE GDPR).

Right to lodge a complaint with the responsible supervisory authority

In the event of GDPR violations, the affected parties have the right to lodge a complaint with a supervisory authority – particularly one in the member state of their habitual residence or workplace or one in the member state where the site of the suspected violation is located. The right to lodge a complaint is retained irrespective of any other remedies relating to administrative law or judicial measures.

Right to data portability

You have the right to be issued with any data processed automatically by us on the basis of your consent or in order to fulfill a contract; this data can be issued to you or to a third party in a conventional machine-readable format. If you should demand the direct transmission of data to another responsible party, this shall take place only to the extent that it is technically feasible.

SSL or TLS encryption

This website uses SSL or TLS encryption for reasons of security and to protect the transmission of confidential content that you send to us as the website operator, for example orders or inquiries. You can identify an encrypted connection by virtue of the fact that the address line in the browser changes from “http://” to “https://” and the padlock symbol is displayed in your browser line. If SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

Encrypted payments on this website

If you are obligated to transmit your payment data (e.g. account number for direct debit authorization) to us upon conclusion of a contract against payment, this data is required for the purpose of payment handling. Payments via conventional payment methods (Visa/MasterCard, direct debit) are submitted exclusively by means of an encrypted SSL or TLS connection. You can identify an encrypted connection by virtue of the fact that the address line in the browser changes from “http://” to “https://” and the padlock symbol is displayed in your browser line. In the context of encrypted communication, the payment data that you transmit to us cannot be read by third parties.

Information, deletion, and rectification

In line with the applicable statutory provisions, you have the right at all times to be informed free of charge regarding your stored personal data, its source, its recipient, and the purpose of data processing, as well as the right to rectification or deletion of this data if necessary. You are free to contact us at any time in relation to this and other issues concerning personal data.

Right to restriction of processing

You have the right to demand that the processing of your personal data be restricted and you are free to contact us at any time in this regard. The right to restriction of processing shall exist in the following cases:

• If you dispute the accuracy of the personal data stored by us in relation to you, we generally require a certain amount of time to examine the matter. While this examination is ongoing, you have the right to demand that the processing of your personal data be restricted.
• If the processing of your personal data has occurred or is occurring in an unlawful manner, you can demand the restriction of data processing instead of deletion.
• If your personal data is no longer required by us but is nevertheless required for the assertion, exercise, or defense of legal claims, you have the right to demand the restriction of the processing of your personal data instead of deletion.
• If you have lodged an objection according to Article 21 para. 1 of the GDPR, your interests must be weighed against ours. Until it has been established whose interests outweigh the others, you have the right to demand that the processing of your personal data be restricted.

If you have restricted the processing of your personal data, then this data – with the exception of its storage – may only be processed either with your consent; for the assertion, exercise, or defense of legal claims; to protect the rights of another natural or legal person; or for reasons of an important public interest of the European Union or a member state.

4. Data recording on this website

Cookies

This website uses „Cookies“. Cookies are small text files that do not cause any damage to your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies shall continue to be stored on your device until you delete these yourself or until automatic deletion is performed by your web browser. Cookies from third-party companies may also be stored on your device in some instances when you access our website (third-party cookies). These make it possible for us or you to use certain services provided by this third-party company (e.g. cookies for handling payment services). Cookies have various functions. Many cookies are necessary for technical reasons, as certain website functions could not be supported without them (e.g. the shopping basket function or the display of videos). Other cookies serve the evaluation of user behavior or the display of advertising. Cookies that are required in order to perform electronic communication (necessary cookies), provide certain functions desired by you (functional cookies, e.g. for the shopping basket function), or optimize the website (e.g. cookies for measuring the web audience) are stored on the basis of Article 6 para. 1 point f of the GDPR provided that no other legal basis is stated. 1 point. of the GDPR provided that no other legal basis is stated. The website operator has a legitimate interest in storing cookies so as to provide his services in a technically sound and optimized manner. Provided that consent for the storage of cookies has been requested, the storage of the affected cookies shall take place exclusively on the basis of this consent (Article 6 para. 1 point a of the GDPR); this consent can be revoked at any time. You can configure your browser to inform you about the use of cookies and allow cookies only in individual cases, refuse to allow cookies in specific cases or in general, and activate the automatic deletion of cookies whenever you close the browser. The deactivation of cookies may limit the functionality of this website. We will inform you separately within the scope of this data protection notice regarding the extent to which cookies from third-party companies or for analysis purposes are used; your consent will be requested as required.

Cookie consent with Borlabs Cookie

Our website uses cookie consent technology from Borlabs Cookie in order to obtain your consent for the storage of certain cookies in your browser and to document this in a manner compliant with data protection measures. This technology is provided by Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, Germany (hereinafter referred to as Borlabs). When you access our website, a Borlabs cookie is stored in your browser; this cookie is used to store the various forms of consent you have granted or the revocation of such consent. This data shall not be forwarded to the provider of Borlabs Cookie. The recorded data shall be stored until you request that we delete it, until the Borlabs cookie deletes it by itself, or until the purpose of data storage expires. The mandatory statutory storage periods shall remain unaffected by this. For details on the data processing performed by Borlabs Cookie, visit https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/ [in German]. Borlabs cookie consent technology is used to obtain the legally required consent for the use of cookies. The legal basis for this is Article 6 para. 1 point. c of the GDPR.

Server log files

The provider of the website automatically collects and stores information in server log files that are automatically transmitted to us by your browser. This information is as follows:

• Browser type and browser version
• Operating system used
• Referrer URL
• Host name of accessing computer
• Time of server request
• IP address

This data is not merged with other data sources. This data is recorded on the basis of Article 6 para. 1 point. f of the GDPR. The website operator has a legitimate interest in the technically sound presentation and optimization of his website; the server log files must be recorded for this purpose.

Contact form

If you send inquiries to us via a contact form, your data from the form – including the contact data you have provided there – will be stored with us for the purpose of handling your inquiry and for use in the event of follow-up questions. We do not forward this data without your consent. This data is processed on the basis of Article 6 para. 1 point. b of the GDPR, provided that your inquiry relates to the fulfillment of a contract or the performance of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of inquiries directed to us (Article 6 para. 1 point f of the GDPR) or is based on your consent (Article 6 para. 1 point a of the GDPR) provided that this has been requested. The data you enter in the contact form shall remain with us until you request that we delete it, until you revoke your consent for storage, or until the purpose of the data storage expires (e.g. once the handling of your inquiry has been concluded). The mandatory statutory provisions – particularly the storage periods – shall remain unaffected by this.

Inquiry via email, telephone, or fax

If you contact us via email, telephone, or fax, your inquiry – including all personal data (name, inquiry) that is generated as a result – will be stored with and processed by us for the purpose of handling this matter. We do not forward this data without your consent. This data is processed on the basis of Article 6 para. 1 point. b of the GDPR, provided that your inquiry relates to the fulfillment of a contract or the performance of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of inquiries directed to us (Article 6 para. 1 point f of the GDPR) or is based on your consent (Article 6 para. 1 point a of the GDPR) provided that this has been requested. The data transmitted to us via contact inquiries shall remain with us until you request that we delete it, until you revoke your consent for storage, or until the purpose of the data storage expires (e.g. once the handling of your inquiry has been concluded). The mandatory statutory provisions – particularly the statutory storage periods – shall remain unaffected by this.

5. Analysis tools and advertising

Google Tag Manager

We make use of Google Tag Manager, which is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is a tool that enables us to integrate tracking or statistics tools and other technologies into our website. Google Tag Manager itself does not create any user profiles, store any cookies, or perform any independent analyses. It merely serves the management and execution of the tools that it is used to integrate. However, Google Tag Manager does record your IP address and this can also be transmitted to the parent company of Google in the United States. The use of Google Tag Manager takes place on the basis of Article 6 para. 1 point f of the GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and management of various tools on his website. Provided that corresponding consent has been requested, processing shall take place exclusively on the basis of Article 6 para. 1 point a of the GDPR; this consent can be revoked at any time.

Google Analytics

This website uses functions of the web analysis service Google Analytics, which is provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics enables the website operator to analyze the behavior of visitors to the website. The website operator thereby receives various usage data, e.g. page views, retention time, operating systems used, and the origin of the user. Where applicable, this data is compiled in a profile linked to the respective user or his device. Google Analytics makes use of technologies that enable user recognition for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google in relation to the use of this website will normally be transmitted to a Google server in the USA and stored there. This use of this analysis tool takes place on the basis of Article 6 para. 1 point f of the GDPR. The website operator has a legitimate interest in the analysis of user behavior in order to optimize both his website and his advertising. Provided that corresponding consent has been requested (e.g. consent to the storage of cookies), processing shall take place exclusively on the basis of Article 6 para. 1 point a of the GDPR; this consent can be revoked at any time. The transmission of data to the USA is supported by the standard contractual clauses of the EU Commission. Details are available here: https://privacy.google.com/businesses/controllerterms/mccs/.

IP anonymization

We have enabled the IP anonymization function on this website. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting parties to the Agreement on the European Economic Area before its transmission to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google uses this information to evaluate your use of the website, compile reports on website activity, and provide the website operator with additional services relating to the use of websites and the internet. The IP address transmitted from your browser within the context of Google Analytics is not merged with any other Google data.

Browser plugin

You can prevent Google from recording and processing your data by downloading and installing the browser plugin available via the following link: https://tools.google.com/dlpage/gaoptout?hl=en. For additional information on the handling of user data with Google Analytics, see the Google privacy policy at https://support.google.com/analytics/answer/6004245?hl=en.

Order processing

We have concluded a contract for order processing with Google and fully apply the strict provisions of the German data protection authorities in relation to the use of Google Analytics.

Demographics in Google Analytics

This website makes use of the “Demographics” function in Google Analytics in order to be able to show visitors suitable advertisements from within the Google advertising network. As a result, reports may be generated containing statements on the age, gender, and interests of visitors to the website. The sources of this data are interest-related advertisements from Google and user data from third-party providers. This data cannot be linked to an identified person. You can disable this function at any time via the advertising settings in your Google account or generally prohibit the recording of your data via Google Analytics as described in the section on objecting to the recording of data.

Storage period

User- and event-level data that is stored with Google and linked to cookies, user names (e.g. user ID), or advertising IDs (e.g. DoubleClick cookies, Android ad ID) shall be anonymized or deleted after 14 months. For details on this topic, click the following link: https://support.google.com/analytics/answer/7667196?hl=en.

6. Plugins and Tools

Google Maps

This website makes use of Google Maps, which is provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. In order to use the functions of Google Maps, it is necessary to store your IP address. This information will normally be transmitted to a Google server in the USA and stored there. The operator of this website has no influence on this data transmission. If Google Maps is enabled, Google can use Google Web Fonts for the purpose of consistent font display. If you access Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. The use of Google Maps takes place in the interest of ensuring an appealing appearance for our website and making it easier to find the locations stated by us on the website. This represents a legitimate interest as defined by Article 6 para. 1 point f of the GDPR. Provided that corresponding consent has been requested, processing shall take place exclusively on the basis of Article 6 para. 1 point a of the GDPR; this consent can be revoked at any time. The transmission of data to the USA is supported by the standard contractual clauses of the EU Commission. Details are available here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/. For additional information on the handling of user data, see the Google privacy policy at https://policies.google.com/privacy?hl=en.

7. E-commerce and payment providers

Processing of data (customer and contract data)

We collect, process, and use personal data only to the extent necessary for the justification, structural formulation, or modification of the legal relationship (inventory data). This takes place on the basis of Article 6 para. 1 point b of the GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures. We only collect, process, and use personal data relating to the use of this website (usage data) to the extent necessary for enabling the user to make use of, or be billed for making use of, this service. The collected customer data is deleted upon completion of the order or termination of the business relationship. The statutory storage periods shall remain unaffected by this.

Data transmission upon conclusion of contract for online shops, dealers, and goods dispatch

We transmit personal data to third parties only if this is necessary as part of contract processing; recipients may include the company entrusted with delivery of goods or the credit institute entrusted with payment handling. Additional transmission of data does not take place, or only takes place if you have granted your express consent for such transmission. Your data is not passed on to third parties, such as for the purpose of advertising, without your express consent. Data processing takes place on the basis of Article 6 para. 1 point b of the GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.