Data security
We implement technical and organizational
measures to protect your data in the best possible way. However, please note that data transmission over the Internet is never completely secure. Alternatively, you can send us your data by telephone.
Data collected and purposes of use
Types of data processed:
- Name, address, telephone number, e-mail
- Text entries (e.g. messages), images if necessary
- Usage data (pages visited, access times)
- IP address, device data
Data subjects: Visitors and users of our website
Purposes of the processing:
- Provision of content and functions
- Processing of contact requests and bookings
- Carrying out statistical evaluations
- Ensuring security & system stability
Your rights
You have the right to:
- Information about the stored data (Art. 15 GDPR)
- Correction of incorrect or incomplete data (Art. 16 GDPR)
- Deletion of your data (Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR) Objection to processing (Art. 21 GDPR)
- Withdrawal of your consent (Art. 7 para. 3 GDPR)
- Complaint to the competent supervisory authority (Art. 77 GDPR)
Legal basis
Data processing is only carried out in accordance with Art. 6 GDPR if:
- You have given your consent
- the processing is necessary for the performance or initiation of a contract
- a legal obligation exists
- vital interests are affected
- there is a public interest
- our legitimate interests prevail (e.g. IT security)
Storage duration
Personal data is only stored for as long as is legally required or necessary for the respective processing. After that, it is automatically deleted.
Deletion of data
Personal data is erased or its processing restricted in accordance with Art. 17 and 18 GDPR as soon as
- they are no longer necessary for the purposes for which they were collected, or
- statutory retention periods have expired.
This applies in particular to accounting documents, invoices and business records.
Cooperation with third parties
Your data will only be passed on to third parties:
- for the fulfillment of the contract (Art. 6 para. 1 lit. b GDPR)
- on the basis of your express consent
- due to legal obligations
- on the basis of legitimate interests (e.g. with IT service providers or hosting providers)
If we commission external service providers with processing, this is done on the basis of an order processing contract in accordance with Art. 28 GDPR.
Part for new booking system must be inserted here, I will add it later
Use of Amazon Web Services (CloudFront & S3)
We use the Amazon CloudFront content delivery network (CDN) in conjunction with the Amazon S3 storage service to ensure fast and reliable content delivery. The provider is Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855 Luxembourg.
Purpose: Images and files from our website are delivered via these services in order to optimize the global accessibility and loading times of our website.
Legal basis: The processing is based on our legitimate interest in a stable and secure provision of our online offer (Art. 6 para. 1 lit. f GDPR).
Data protection: Data transfers to the USA are based on the standard contractual clauses of the EU Commission. We have concluded a data protection-compliant data processing agreement (DPA) with the provider.
Use of cookies
Our website uses cookies - small text files that are stored on your end device.
Purposes of the cookies:
- Recognition of your browser (e.g. for shopping cart function or login) Storage of user settings (e.g. travel period)
- Analysis of the origin of page views (e.g. for bookings via links)
- Facilitation of repeated entries
Note: You can deactivate or delete cookies at any time via your browser settings. Please note: If cookies are deactivated, not all functions of the website may be available to you.
Cookie settings
You can individually determine which cookies you allow:
Necessary cookies: Technically required for the operation of the website
Functional cookies: For improved use and individual settings
➢ Please select the cookie setting here
SSL encryption
To protect your data, we use modern
encryption technologies such as SSL via HTTPS. This ensures that all transmitted information is transmitted securely.
Our presence in social networks
We are active on various social networks to get in touch with guests, interested parties and potential employees and to provide information about our company and our services.
Important to know: Data processing is carried out on the basis of the terms and conditions and privacy policies of the respective platform operators. We only process personal data when users actively interact with us - e.g. through messages, comments or the sharing of content.
Integration of YouTube
Our website uses embedded videos from YouTube, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Privacy-friendly integration: Videos are integrated in such a way that no connection to YouTube is established before you actively click on "Play".
Extended data protection mode: We use the extended data protection mode in some cases. According to YouTube, no information is stored before you play a video. Nevertheless, a connection to other Google services (e.g. DoubleClick) can be established before the video is played.
What happens during playback:
- A connection to the YouTube servers is established
- Your IP address and the page you visited are transmitted
- If you are logged in to YouTube, your surfing behavior can be assigned to your profile
- YouTube may set cookies or use comparable technologies
(e.g. device fingerprinting)
Legal basis: The use is based on our legitimate interest in an attractive presentation of our online content (Art. 6 para. 1 lit. f GDPR). If consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG. Consent can be withdrawn at any time.
Further information can be found in YouTube's privacy policy.
Use of Google Analytics
Our website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Purpose: Analysis of user behavior on our website to improve our content and marketing measures.
Data collected:
- Page views, dwell time, device information, origin
- Mouse movements, click behavior, scrolling behavior
- Orders and e-commerce data (with tracking activated)
Technologies: Cookies, IP address (anonymized), possibly device fingerprinting The data is usually transferredto Google servers in the USA. The transfer takes place on the basis of the EU standard contractual clauses.
IP anonymization: We use the IP anonymization function. Your IP address is shortened within the EU before it is transmitted to Google.
Legal basis: The use takes place exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG). This can be revoked at any time.
Google e-commerce measurement: We use the e-commerce function to analyze orders and purchasing behavior. Among other things, order values, shipping costs and times of product views and purchases are recorded.
Order processing: We have concluded a data protection-compliant contract with Google for order processing.
Deactivate data collection: You can permanently prevent Google Analytics from collecting data by installing the following browser plugin.
Further information: Google privacy policy
Integration of Google Maps
To display interactive maps, we use the map service Google Maps, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
What happens when you use it: When you access a page with an embedded Google Maps map, data (e.g. IP address, location data if location sharing is activated) is transmitted to Google and processed there.
Purpose: The integration serves the user-friendly presentation of geographical information, e.g. on how to find us or the location of our hotel.
Legal basis: Data processing is based on your consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG). Consent can be revoked at any time.
Data protection and data transfer: The transfer of personal data to third countries (e.g. USA) takes place on the basis of the EU standard contractual clauses .You can find out more about data processing by Google in Google's privacy policy.
Use of Google Fonts (local hosting)
We use Google Fonts to ensure a consistent and appealing presentation of our website.
Important: The fonts are integrated locally via our hosting partner Tramino (domain: comet.tramino.net). There is no connection to Google servers. This means that no personal data is transmitted to Google.
Further information: Google Fonts FAQ Google Privacy Policy
Use of Google reCAPTCHA
To protect our forms from spam and misuse, we use Google reCAPTCHA, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Purpose of integration: Google reCAPTCHA analyzes the behavior of website visitors to determine whether an input comes from a human or an automated bot. This analysis takes place automatically in the background - even before a form is filled out.
Collected data can be:
- IP address
- Time spent on the website
- Mouse movements and other interactions
Legal basis: The use is based on our legitimate interest in securing our online forms (Art. 6 para. 1 lit. f GDPR).
If active consent is obtained, the processing is also based on your consent (Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG).
Data protection and data transfer: A contract in accordance with the EU standard contractual clauses has been concluded with Google to ensure an adequate level of data protection when transferring data to third countries.
Further information can be found in Google's privacy policy.
Validity of this privacy policy
By using our website, you consent to the data processing described.
Note: This privacy policy may change due to technical developments, legal changes or new offers on our website. We reserve the right to make changes at any time with effect for the future.
Digital reporting office for whistleblowers HinSchG
