Disclaimer

Data protection

The following notes give a simple overview of what happens to your personal information when you visit our website. Personal data is all data that personally identifies you.

This Privacy Policy clarifies the nature, scope and purpose of the processing of personal data (hereinafter referred to as “Data”) within our websites, features and content, as well as external online presence, e.g. our Social Media Profile (collectively referred to as the “Online Offering”).

With regard to the terminology used, e.g. “Processing” or “Responsible”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

We reserve the right to amend this privacy policy to always comply with the latest legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. Your new visit will be subject to the new privacy policy.

Who is responsible for data processing and who can I contact?

Responsible is:
Kurgarten-Hotel GmbH & Co. KG
Funkenbadstraße 7
D-77709 Wolfach
Tel.: + 49 (0) 7834 / 40 – 53
Fax: + 49 (0) 7834 / 47 – 589
E-Mail: info@kurgarten-hotel.de

Imprint: https://www.www.kurgarten-hotel.de/en/imprint/

You can reach our data protection officer at:
Dr. Gert Landauer
HWH – Gesellschaft für Datenschutz und Beratung GmbH
BGM – Rohrmüllerstr. 14
D-86554 Pöttmes
Tel.: +49 (0) 160 / 96780366
E-Mail: landauer@beratung-management.com

Types of processed data

• inventory data (e.g., names, addresses)
• contact information (e.g., e-mail, phone numbers)
• content data (e.g., text input, photographs, videos)
• usage data (e.g., websites visited, interest in content, access times)
• meta / communication data (e.g., device information, IP addresses)

In addition, we process:

• contract data (for example, subject matter, term, customer category)
• payment details (e.g., bank details, payment history)

from our customers, prospects and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.

What do we process your data for (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

• providing the online offer, its features and content
• answering contact requests and communicating with users
• safety measures
• audience measurement / Marketing

We process your personal data only for the purposes stated in this privacy policy. A transfer of your personal data to third parties for purposes other than those mentioned does not take place. We only disclose your personal information to third parties if:

• You have given your express consent
• processing is required to complete a contract with you,
• the processing is necessary to fulfill a legal obligation,
• processing is necessary to protect legitimate interests and there is no reason to believe that you have a predominantly legitimate interest in not disclosing your information.

Use of the website

If the website is used merely for informational purpose, we only collect the data that your browser transmits to our server. If you wish to view our website, we collect the following data that is technically necessary for us to display our website and to ensure the stability and security. The legal basis is art. 6 (1) sentence 1 lit. f GDPR.


Cookies

In addition to the aforementioned data, cookies are saved on your computer when you use our website. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and by which the body that sets the cookie (here by us) receives certain information. Cookies can not run programs or transmit viruses to your computer. They serve to make the website more user-friendly and effective overall.

The website uses transient and persistent cookies, the scope of which is explained below: Transient cookies are automatically deleted when you close the browser. These include the session cookies in particular. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

You can configure your browser setting according to your wishes, e.g. decline the acceptance of third-party cookies or all cookies. Please be aware that you may not be able to use all features of this website.


Use of Google Analytics

This website uses Google Analytics, a web-based analysis tool of Google Inc. (“Google”). Google Analytics uses so called cookies, text files, which a saved on your computer and which allow for an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will be shortened by Google beforehand within member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the United States and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the activities and to provide other services related to website usage and internet usage to the website operator.

The IP address of your browser provided as part of Google Analytics will not be merged with other Google data.

You can prevent the storage of cookies by a corresponding setting of your browser software; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible. In addition, you may prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link : https://tools.google.com/dlpage/gaoptout?hl=en.

We use Google Analytics to analyze and regularly improve the use of our website. With the statistics we can improve our offering and make it more interesting for you as user. For the exceptional cases in which personal data is transmitted to the US, Google has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US framework. The legal basis for the use of Google Analytics is art. 6 (1) sentence 1 lit. f GDPR.


Contact forms

With your consent, you can contact us through the contact forms and send us messages. The legal basis is art. 6 (1) sentence 1 lit. a GDPR.

Obligatory for the transmission of the forms is your name and first name as well as your e-mail address. The input of additional, separately marked data is voluntarily. The data will be used confidentially and exclusively for the purpose intended by you and will not be forwarded to unauthorized third parties.

You can revoke your consent to the transmission of the contact form with effect to the future at any time. The revocation can be explained by sending a message to the contact details given in the imprint.


Data protection during the application process

We process applicant data only for the purpose and in the context of the application process in accordance with the legal requirements. The processing of the applicants data takes place in order to fulfill our (pre-) contractual obligations in the context of the application process as defined by art. 6 (1) lit . GDPR art. 6 (1) lit. f GDPR if the data processing is required of us, e.g. in context of legal proceedings (in Germany § 26 BDSG applies additionally).

The application process requires for applicants to provide us with the applicant data. The necessary applicant data depend on the job descriptions and generally include the personal details, postal and contact addresses and the documents belonging to the application such as a cover letter, CV and certificates. Furthermore, applicants can provide us with additional information voluntarily. By submitting the application to us applicants agree to the processing of their data for the purposes of the application process in accordance with the nature and scope outlined in this Privacy Policy.

Insofar as special categories of personal data as defined by art. 9 (1) GDPR are voluntarily communicated within the context of the application procedure, their processing is additionally carried out in accordance with art. 9 (2) lit. b DSGVO (e.g., health information such as disability or ethnic origin). Insofar as special categories of personal data as defined by Art. 9 (1) GDPR are requested from applicants in the context of the application procedure, their processing is additionally carried out in accordance with Art. 9 (2) lit. a GDPR (for example health data, if they are necessary for the profession).

In addition to postal transmittal applicants can send their applications via e-mail. However, please note that e-mails are generally not sent in encrypted form and that applicants must provide encryption themselves. Therefore we can not take any responsibility for the transmission of the application between the sender and the reception on our server.

In the event of a successful application the data provided by the applicants may be further processed by us for employment purposes. Otherwise, if the application for a job offer is not successful, the applicants’ data will be deleted. Applicants’ data will also be deleted if an application is withdrawn, which the applicants are entitled to at any time.

The cancellation takes place after the expiration of a period of six months, subject to a legitimate cancellation of the candidate, so that we can answer any follow-up questions to the application and meet our obligations under the Equal Treatment Act.

Who receives ma data?

Only those positions of us receive access to your data that need to fulfill their contractual and legal obligations. Also our commissioned data processors according to art. 28 GDPR may receive data for these purposes. These are companies in the categories IT services and telecommunications. In this regard, there are corresponding contracts for order processing according to Article 28 GDPR.

Personal data may only be passed on if legal provisions allow it or if you have consented. Under these conditions, recipients of personal data referred to in point 2 may be third parties.

How long is my data stored?

Personal data will be deleted immediately, as soon as their knowledge is no longer necessary for the fulfillment of the purpose of the storage (e.g. sending of information material) and a deletion or the destruction of corresponding documents does not preclude a legal storage obligation.

Is my data transmitted to a third country or an international organization?

Data transfer to third countries (states except the European Economic Area) only takes place, as far as this is legally permissible or if you have given us your consent. Under these conditions, recipients of personal data referred to in point 3 may be third parties.

Am I obliged to provide data?

As part of your visit to our website, you only need to provide the data necessary for the technical implementation of the visit. The provision of data is neither legally nor contractually required nor necessary for a contract. You are not required to provide the data. Failure to provide personal information may only result in your not being able to use all features and offers of this website.

What data protection rights do I have?

Every affected person hast he right to information according to art. 15 GDPR, the right to rectification according to art. 16 GDPR, the right to cancellation according to art. 17 GDPR, the right to restriction of processing according to art. 18 GDPR as well as the right to data portability according to art. 20 GDPR. Regarding the information right and cancellation right restrictions according to §§ 34 and 35 BDSG apply. Furthermore a right to appeal exists at a Data Protection Inspectorate according to art. 77 GDPR in conjunction with § 19 BDSG.