Privacy policy for our website

Fundamentals

We provide this information in order to transparently explain how we handle your personal data (which, according to supreme court rulings, also includes your IP address) when you visit our website. According to Art. 4 No. 1 GDPR, personal data is any information relating to an identified or identifiable natural person.

Privacy policy and information

We take the protection of your data and your privacy very seriously and comply with our obligations under data protection law. We collect and process your personal data in accordance with European and national legal provisions. How and in what form we process your data is explained explicitly in this privacy policy.

When you visit our website, we are obliged to collect various personal data - on the one hand, this serves to ensure the functionality of our website and, on the other hand, to increase the attractiveness of our website through the use of various tools.

Nevertheless, we would like to point out that it is not possible to transmit data over the Internet without accepting any security gaps that may exist. We cannot guarantee complete protection of your data either, but we will do our best to protect your data comprehensively.

Why do we need your data?

Your data is collected so that we can display our website without errors. Other data may be used to analyze your user behavior.

Furthermore, data is collected on a legal basis:

If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 subpara. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR if sensitive data is processed in accordance with Art. 9 para. 1 GDPR. The processing of data in accordance with Art. 9 GDPR is only permitted in certain cases.

If you have consented to the storage of cookies or access to information on your end device, for example through device fingerprinting, data processing is carried out on the basis of Section 25 (1) TDDDG.

Consent can be revoked at any time with effect for the future. You can revoke your consent by sending us an informal e-mail. You can also contact our data protection officer, who will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.

If we collect your data to fulfill a contract or to carry out pre-contractual measures, your data will be processed on the basis of Art. 6 para. 1 subpara. 1 lit. b GDPR. If your data is required to fulfill a legal obligation, we process your data on the basis of Art. 6 para. 1 subpara. 1 lit. c GDPR.

Data processing may also be collected on the basis that we are pursuing our legitimate interest in data processing. In this case, data processing is possible provided that your interests or the interests of third parties do not conflict with the data processing. Data processing is then carried out in accordance with Art. 6 para. 1 subpara. 1 lit. f GDPR.

We will specify the relevant legal basis in each individual case in the respective section.

Who is responsible?

As the website operator, we are responsible for data processing on our website under data protection law in accordance with Art. 4 No. 7 GDPR. You can reach us using the following contact details

The Gams Hotel Resort Bad Hindelang Kur- und Sporthotel Appartementhaus GmbH

Silke Jennewein-Greulich

Zillenbachstraße 50, 87541 Bad Hindelang

Tel: +49 8324 9840

E-mail: info@die-gams.de

How to contact our data protection officer

#KOMM#IT, Funke Solution GmbH & Co. KG, Salmas 52, 87534 Oberstaufen

Tel: +49 8325 927050, dsb@komm-it.info

How long do we store your data?

We adhere to the respective statutory retention period for the maximum duration of storage of your personal data. Your data will only be stored by us until we no longer need it for our data processing. With regard to the storage of your data, we are bound by the purpose for which we collected your data. Unless a specific storage period is specified in this information, your personal data will remain with us until the purpose for which it was collected no longer applies.

If you assert a justified request for deletion or revoke your consent to data processing, we must delete your data in the event that there are no other legally permissible reasons for the continued storage of your data, such as retention periods under commercial and tax law. We can only comply with your request for erasure once these reasons no longer apply.

Where do we get your data from?

We collect your data because you provide it to us via a contact form or by other means. There is additional data that is collected automatically or only after your consent when you visit our website. This is primarily technical data such as your operating system and the time at which you accessed the page.

Who do we make your data available to?

We use tools from third-party companies based in and outside the EU and the EEA. Your personal data may be transferred to these third-party companies if you have activated these tools - unless they are necessary for the functionality of the website.

We also use tools from companies based in the USA or other third countries that are not secure under data protection law. Your personal data may also be transferred to these companies if you have activated the corresponding tools. The level of data protection in these countries is not comparable to that in the EU.

Such a data transfer requires an adequacy decision issued by the EU Commission, which guarantees a comparable level of protection for your personal data. In the event that there is no such adequacy decision, other appropriate safeguards pursuant to Art. 44 et seq. GDPR must be taken.

How is money handled on this website?

On our website, we offer the direct conclusion of a fee-based contract. In order to be able to fulfill this contract and process the payment, you are obliged to provide us with your payment details. The payment details are the account number, IBAN, BIC, account holder, credit card number, validity period and other details required for the payment.

Payment transactions via common means of payment such as Visa, MasterCard or direct debit are made exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes to https://. You can also recognize it by the lock symbol in your browser line. With encrypted communication, your payment data cannot usually be read by third parties.

What rights do you have? - Your rights as a data subject

You can assert your rights in accordance with Art. 12 et seq. GDPR.

Withdrawal of consent to data processing

In some cases, we process your data with your express consent. You can revoke any consent you have already given at any time with effect for the future. You can revoke your consent by sending us an informal e-mail. You can also contact our data protection officer, who will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.

Objection in special cases / against direct advertising, Art. 21 GDPR

If the data processing is carried out on the basis of Art. 6 para. 1 subpara. 1 lit. f GDPR, you can object to the processing of your personal data for reasons arising from your particular situation. This also applies to any profiling - the legal basis on which such profiling is carried out can be found in this information. If you exercise your right to object, your personal data will no longer be processed unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims pursuant to Art. 21 (1) GDPR.

If we process your personal data for direct marketing purposes, you have the right to object to the processing of personal data concerning you for the purpose of such marketing. This also applies to profiling insofar as it is associated with direct advertising. If you object, your personal data will subsequently no longer be sent for the purpose of direct advertising in accordance with Art. 21 para. 2 GDPR.

Right to data portability

You have the right to have data that we process automatically handed over to you or to a third party in a commonly used, machine-readable format. If you request the transfer of the data to another controller, this will only take place if it is technically feasible.

Right to information, erasure and rectification

In accordance with Art. 15 (1) GDPR, you have the right to request information free of charge about your stored personal data, its origin, recipients and the purpose of data processing. You may also have the right to have this data rectified or erased. If you have any questions about your rights, you can contact us or our data protection officer at any time.

Right to restriction of processing

You can also request the restriction of the processing of your personal data. If you have any questions about this right, you can contact us or our data protection officer at any time. A right to restriction exists in the cases specified by law. If you dispute the accuracy of your data, we need time to verify this. For this period, you have the right to demand the restriction of your data. In the event that the processing of your data is unlawful, you can request the restriction of processing instead of erasure of the data. If we no longer need your personal data, but you wish to exercise, defend or assert legal claims, you have the right to at least request the restriction of data processing. If you have lodged an objection in accordance with Art. 21 para. 1 GDPR, we must weigh up your interests against ours, during which time you have the right to request the restriction of the data.

If you have restricted the processing of your personal data, this data - apart from its storage - may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

Right to lodge a complaint with a competent supervisory authority

As a data subject, you also have the right to lodge a complaint with a supervisory authority in the event of breaches of the GDPR. This must be the competent data protection supervisory authority in your federal state. You always have the right to lodge a complaint, regardless of what other measures you take.

Further information

We expressly object to the sending of unsolicited advertising and information material to our contact details. We expressly reserve the right to take legal action against the unsolicited sending of advertising, such as spam e-mails.

For security reasons and to protect the transmission of confidential content, we use an SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

Server log files

The website provider collects and stores information in server log files that your browser automatically transmits to us. This includes the following data: Browser type and browser version, operating system used, referrer URL, host name of the accessing computer, time of the server request and also your IP address.

Your data will not be merged with data from other data sources. The legal basis for data processing is Art. 6 para. 1 subpara. 1 lit. f GDPR, as we as the website operator have a legitimate interest in the technically error-free presentation and optimization of our website. Server log files must be recorded for this purpose.

Hosting of our website

We host our website with an external provider.

Strato GmbH, Otto-Ostrowski-Straße 7, 10249 Berlin

All personal data collected on the website - such as your IP address, meta and communication data, contract data, contact data, names, accesses and other data generated via a website - is stored on the hoster's servers.

The legal basis for the processing of your personal data is Art. 6 para. 1 subpara. 1 lit. f GDPR. Our legitimate interest lies in the most reliable presentation of our website.

In the event that we have requested your consent, your data will be processed on the basis of Art. 6 para. 1 subpara. 1 lit. a GDPR and Section 25 para. 1 TDDDG if the use of data is subject to consent to the storage of cookies or access to information in the user's terminal device, such as device fingerprinting, within the meaning of the TDDDG. Consent can be revoked at any time with effect for the future. You can revoke your consent by sending us an informal e-mail. You can also contact our data protection officer, who will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.

We have concluded an agreement on commissioned processing to provide evidence of data protection-compliant processing and to outline our respective obligations. This is a contract prescribed by data protection law in accordance with Art. 28 (3) GDPR, which ensures that our processor only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Setting of cookies

We use cookies on our website. These are small text files and data packets that are placed on the end devices, but do not cause any damage there. The cookies are either stored temporarily for a session as session cookies or permanently as permanent cookies on your end device. Session cookies are automatically deleted at the end of the session, whereas permanent cookies are stored on the end device until you delete them yourself or they are automatically deleted by your web browser.

In some cases, cookies from third-party companies may also be stored on your end devices; these are third-party cookies. They enable the use of services from this company, such as cookies for processing payment services.

Cookies fulfill different functions. Some of them are technically necessary for certain applications on the website to function at all, such as the shopping cart function. Other cookies are used to evaluate user behavior on our website or to display advertising. Cookies that are technically absolutely necessary and are therefore to be regarded as necessary cookies are stored on the basis of Section 25 (2) TDDDG, unless another legal basis is explicitly stated. The storage of cookies is absolutely necessary in order to create the technical prerequisites for an error-free and optimized website. For cookies that are not technically necessary, consent is requested in accordance with Section 25 (1) TDDDG. Cookies are then only stored on the basis of this consent. Consent can be revoked at any time with effect for the future. You can revoke your consent by sending us an informal e-mail. You can also contact our data protection officer, who will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.

You can set your browser so that you are informed about the setting of cookies and only allow them in individual cases. You can also generally exclude the storage of cookies and activate the automatic deletion of cookies when closing the browser. We would recommend this procedure. If you generally deactivate cookies, the functionality of our website and its display may be restricted. If we use cookies from third-party companies and for analysis purposes, we will inform you again separately. In this case, we will also ask for your consent.

Cookie banner on the homepage:

Our cookie banner on the homepage (request for consent) comes from a third-party provider.

We use the cookie banner to obtain your consent for certain cookies that are not required for the technical display of the website to be stored on your end device. We require this consent in order to be able to provide a legal basis for the storage.

When you visit our website, personal data is transmitted to our cookie banner provider. This involves the following data: Your response to our request for consent in the context of the cookie banner, your IP address, information about your browser and your end device as well as the time of your visit to our website.

When you enter our website, a connection is established to the provider's servers so that your consent or other declarations regarding the setting of cookies can be obtained. Once you have given your consent, our provider stores a cookie in your Internet browser so that it can assign whether you have consented to the setting of cookies or rejected them. It is also used to assign any revocation that may have been made later. This data is stored until you ask us to delete the data, delete the cookie yourself or the purpose for the data processing no longer applies. If the deletion conflicts with statutory retention periods, these remain unaffected.

The legal basis for obtaining consent is Section 25 (1) TDDDG. You can withdraw your consent at any time with effect for the future. If you wish to change your settings, please contact us or follow the instructions on our website. You can revoke your consent by sending us an informal e-mail. You can also contact our data protection officer, who will inform us of your request. However, the legality of the data processing carried out up to the time of revocation remains unaffected by your revocation.

We have concluded an agreement on commissioned processing to provide evidence of data protection-compliant processing and to outline our respective obligations. This is a contract prescribed by data protection law in accordance with Art. 28 (3) GDPR, which guarantees that our processor will only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR. The provider of the cookie banner is:

Complianz B.V.

Kalmarweg 14-5, 9723 JG Groningen

Special offers on our website

We offer services on our website that are specially tailored to our industry. These are the following services:

Online bookings, booking inquiries and reservations

We use an external booking platform to offer you online bookings, booking inquiries and reservations.

If you would like to make an online booking, a booking inquiry or a reservation on our website, we need your data. In order to process your request, we need your e-mail address, your travel dates, the product you have booked, your first and last name and, if you wish, your title. In certain cases, we will also ask for your telephone number so that we can contact you in the event of unforeseen events that require notification at short notice if these could affect your booking.

So that we can calculate your travel price, we need your dates of stay, the selected product, the number of travelers and whether the travelers are children or adults. If you are traveling with children, the specific age will also be requested in order to calculate the price. In order for the booking to be completed, we need the desired means of payment for the trip. If you would like to make an advance payment, we will forward you to your desired payment service provider to process the payment. Further information in the booking form is provided on a voluntary basis and is of no importance to us for the online booking, the booking request or the reservation.

The legal basis for data processing in the context of an online booking, booking request or reservation is Art. 6 para. 1 subpara. 1 lit. b GDPR for the fulfillment of a contract or the implementation of pre-contractual measures. The data collected during the inquiry is stored in a system. If you provide special personal data that is relevant to the fulfillment of our services, e.g. allergy-related intolerances, this data will also be stored. The data transmitted to us will remain with us until the purpose for storing the data no longer applies, for example after your request has been processed. However, mandatory statutory retention periods prevent your data from being deleted.

We have concluded an agreement on commissioned processing to provide evidence of data protection-compliant processing and to outline our respective obligations. This is a contract prescribed by data protection law in accordance with Art. 28 (3) GDPR, which guarantees that our processor will only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR. This booking platform is provided by

CDSoft Vertriebs GmbH

Halde 10, 87471 Durach

Contact options on our website

We offer various ways of contacting us on our website.

Possibility to register on our website

You have the option of registering on our website. You can use this registration to activate additional functions on our website. We will only use the data you enter in the registration form for the purposes for which you have registered. We can only proceed with registration if all the information required for registration is provided. Otherwise we will unfortunately have to refuse registration. If changes are absolutely necessary, we will use the e-mail address you have provided so that we can contact you.

We process the data you have entered on the basis of your consent in accordance with Art. 6 para. 1 subpara. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future. You can revoke your consent by sending us an informal email. You can also contact our data protection officer, who will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you. Your data will be stored by us for as long as you are registered on our website. Your data will then be deleted, whereby statutory retention periods remain unaffected.

Sign up for our newsletter

You can subscribe to our newsletter voluntarily. We will process the data you provide in the registration form as well as your e-mail address in order to process your registration and in case we have any follow-up questions for you. However, we will not pass on your data to third parties without your consent.

The legal basis for the processing of your data is your consent in accordance with Art. 6 para. 1 subpara. 1 lit. a GDPR and §25 para. 1 TDDDG. You can withdraw your consent at any time with effect for the future. All you need to do is send us an informal email. However, this will not affect the lawfulness of our data processing until you withdraw your consent.

The data you provide will remain with us until you ask us to delete it or revoke your consent to its storage. Mandatory statutory provisions such as statutory retention periods remain unaffected.

Inquiries via contact form

You can use our contact form at any time to send us inquiries. We will process the data you provide in the contact form, as well as your e-mail address, in order to be able to process your request and in case we have any follow-up questions for you. However, we will not pass on your data to third parties without your consent.

The legal basis for the processing of your data is Art. 6 para. 1 subpara. 1 lit. b GDPR, provided that your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures.

In other cases, the processing is based on our legitimate interest in the effective processing of your request in accordance with Art. 6 para. 1 subpara. 1 lit. f GDPR

or on your consent in accordance with Art. 6 para. 1 subpara. 1 lit. a GDPR, if this was requested by us. You can withdraw your consent at any time with effect for the future. All you need to do is send us an informal email. However, this will not affect the lawfulness of our data processing until you withdraw your consent.

The data you provide will remain with us until you ask us to delete it or revoke your consent to its storage. Mandatory statutory provisions such as statutory retention periods remain unaffected.

Inquiries by e-mail, telephone and fax

You can contact us at any time by e-mail, telephone and fax. We process the data that you have provided to us in order to process your request. However, we will not pass on your data to third parties without your consent.

The legal basis for the processing of your data is Art. 6 para. 1 subpara. 1 lit. b GDPR, provided that your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures or on your consent pursuant to Art. 6 para. 1 subpara. 1 lit. a GDPR, if this was requested by us. You can withdraw your consent at any time with effect for the future. All you need to do is send us an informal email. However, this will not affect the lawfulness of our data processing until you withdraw your consent.

The data you provide will remain with us until you ask us to delete it or revoke your consent to its storage. Mandatory statutory provisions such as statutory retention periods remain unaffected.

In other cases, the processing is based on our legitimate interest in the effective processing of your request in accordance with Art. 6 para. 1 subpara. 1 lit. f GDPR

Dispatch of postal advertising

We use your address to send you postal advertising.

The legal basis for the processing of your data is our legitimate interest in direct advertising in accordance with Art. 6 para. 1 subpara. 1 lit. f GDPR in conjunction with EW 47 of the GDPR.

In the event that we have requested consent, data processing will only take place on the basis of Art. 6 para. 1 subpara. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future. All you need to do is send us an informal email. However, this will not affect the lawfulness of our data processing until you withdraw your consent.

The data you provide will remain with us until you ask us to delete it or revoke your consent to its storage. Mandatory statutory provisions such as statutory retention periods remain unaffected.

Data processing by social networks

We use a publicly accessible profile in various social networks.

The social networks may already analyze your behavior when you visit our website, as we have integrated social network plug-ins or other links. Personal data is also collected even if you are not logged in as a user or do not have an account with the respective provider. Your data is collected via cookies that are stored on your end device or by recording your IP address.

The social networks create user profiles. They store your interests and preferences in these profiles so that interest-based advertising is displayed to you. If you have a profile with the respective provider, the advertising will be displayed on all devices on which you are or have been logged in.

The data you provide will remain with us until you ask us to delete it or revoke your consent to its storage. Mandatory statutory provisions such as statutory retention periods remain unaffected. Stored cookies, unless they are session cookies, remain on your device until you delete them.

We have concluded an agreement on commissioned processing with the respective provider as proof of data protection-compliant processing and to demonstrate our respective obligations. This is a contract prescribed by data protection law in accordance with Art. 28 (3) GDPR, which ensures that our processor only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Meta Plug-In and Meta Profile

We maintain a profile on Meta (formerly Facebook). The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter: "Meta"). We have also integrated a Meta plug-in on our website. You can recognize these by the Meta profile button or the "Like" button. You can find an overview of the Facebook/Meta plug-ins at: https://developers.facebook.com/docs/plugins/?locale=de_DE.

The integration of the plug-in alone does not lead to any direct data transfer to Meta. Personal data is only processed when information is accessed that goes beyond the start page of a Meta profile; this processing is no longer attributable to us as the operator, as you have voluntarily transferred your data to Meta's data sovereignty by giving your consent through the "two-click solution".

The legal basis for our data processing is our legitimate interest in the greatest possible visibility in social media in accordance with Art. 6 para. 1 subpara. 1 lit. f GDPR.

If a corresponding consent has been requested, Meta's data processing is based on your consent in accordance with Art. 6 para. 1 subpara. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future. You can withdraw your consent by sending us an informal email. You can also contact our data protection officer, who will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.

The use of a Meta profile does not result in joint responsibility for any data processing of personal data in accordance with Art. 26 GDPR. By using our "two-click solution", you voluntarily decide to place yourself under Meta's data sovereignty. Contrary to the ECJ ruling of 05.06.2018, C-210/16, there is therefore no responsibility based on a joint decision on the purposes and means of data processing, as Meta only processes personal data at the point in time when you have already voluntarily transferred to Meta's data sovereignty. The processing of personal data that takes place after the transfer to Meta is not attributable to us. In addition, in the event of joint responsibility, the required agreement pursuant to Art. 26 para. 3 GDPR can be found in the addendum provided by Meta: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are obliged to provide the data protection information in accordance with Art. 13 f. GDPR and to integrate the Meta tool on our website in compliance with data protection regulations. You can assert your data subject rights directly with Meta. In the event that you assert your data subject rights with us in relation to the use of Meta, we are obliged to forward your request to Meta.

The data processed by Meta is also transferred to the USA and other third countries. The data transfer to the USA is again based on an adequacy decision by the EU Commission. Meta is a certified partner for the EU-US Privacy Framework. Details can be found at: https://facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and https://facebook.com/policy.php. Further information can be found in the Terms of Use and the Privacy Policy. These can be found at: https://de-de.facebook.com/about/privacy/ and https://de-de.facebook.com/legal/terms/.

Instagram plug-in and Instagram profile

We maintain a profile on Instagram. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter: "Meta"). We have also integrated an Instagram plug-in on our website. You can recognize this by the Instagram profile button.

The integration of the plug-in alone does not lead to any direct data transfer to Meta. Personal data is only processed when information is called up that goes beyond the start page of an Instagram profile; this processing is no longer attributable to us as the operator, as you have voluntarily transferred your data to Meta's data sovereignty with your consent through the "two-click solution".

The legal basis for our data processing is our legitimate interest in the greatest possible visibility in social media in accordance with Art. 6 para. 1 subpara. 1 lit. f GDPR.

If a corresponding consent has been requested, Meta's data processing is based on your consent in accordance with Art. 6 para. 1 subpara. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future. You can withdraw your consent by sending us an informal email. You can also contact our data protection officer, who will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.

The use of an Instagram profile does not result in joint responsibility for any data processing of personal data in accordance with Art. 26 GDPR. By using the "two-click solution" we have implemented, you voluntarily decide to place yourself under Meta's data sovereignty. Contrary to the ECJ ruling of 05.06.2018, C-210/16, there is therefore no responsibility based on a joint decision on the purposes and means of data processing, as Meta only processes personal data at the point in time when you have already voluntarily transferred to Meta's data sovereignty. The processing of personal data that takes place after the transfer to Meta is not attributable to us. In addition, in the event of joint responsibility, the required agreement pursuant to Art. 26 para. 3 GDPR can be found in the addendum provided by Meta: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are obliged to provide the data protection information in accordance with Art. 13 f. GDPR and to integrate the Meta tool on our website in compliance with data protection regulations. You can assert your data subject rights directly with Meta. In the event that you assert your data subject rights with us in relation to the use of Instagram, we are obliged to forward your request to Meta.

The data processed by Meta is also transferred to the USA and other third countries. The data transfer to the USA is again based on an adequacy decision by the EU Commission. Meta is a certified partner for the EU-US Privacy Framework. Details can be found at: https://facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and https://facebook.com/policy.php. Further information can be found in the Terms of Use and the Privacy Policy. These can be found at: https://de-de.facebook.com/about/privacy/ and https://de-de.facebook.com/legal/terms/.

Integration of analysis tools and plug-ins

We use various analysis and advertising tools.

We have concluded an agreement on commissioned processing with the respective provider as proof of data protection-compliant processing and to demonstrate our respective obligations. This is a contract prescribed by data protection law in accordance with Art. 28 (3) GDPR, which ensures that our processor only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Integration of Google Tag Manager

We use Google Tag Manager to integrate tracking or statistical tools on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: "Google Tag Manager").

The technology does not create a user profile, does not store cookies and does not carry out any analyses itself; it only stores your IP address. The Google Tag Manager manages the integrated tools.

The data processed by Google is also transferred to the USA and other third countries. The data transfer to the USA is again based on an adequacy decision by the EU Commission. Google is a certified partner for the EU-US Privacy Framework. You can find details at: https://privacy.google.com/businesses/controllerterms/mccs/

Integration of YouTube

We use YouTube videos for visual presentation. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: "Google").

YouTube transmits data to its partners and establishes a connection to Google due to the integration on our website, regardless of whether a video is viewed or not. However, if you watch a video, YouTube connects to the YouTube servers, which are informed which page you are visiting. If you are logged into your account, YouTube will carry out profiling. To prevent this, you must log out of your account.

After starting a video, various cookies are stored on your end device in order to obtain information about our website visitors. We have no influence on data processing by YouTube.

The legal basis for data processing is our legitimate interest in an appealing and uniform presentation of our online offer in accordance with Art. 6 para. 1 subpara. 1 lit. f GDPR.

If a corresponding consent has been requested, the data processing is based on your consent in accordance with Art. 6 para. 1 subpara. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future. You can revoke your consent by sending us an informal email. You can also contact our data protection officer, who will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.

The data processed by YouTube is also transferred to the USA and other third countries. The data transfer to the USA is again based on an adequacy decision by the EU Commission. Google is a certified partner for the EU-US Privacy Framework. Details can be found at:https://privacy.google.com/businesses/controllerterms/mccs/. Further information can be found at the following link: https://policies.google.com/privacy?hl=de.

Integration of Google Fonts

We use web fonts provided by Google for the uniform display of fonts. The fonts are installed locally, which is why no connection to Google's servers is established.

Integration of Google Maps

We use Google Maps to display our location. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: "Google").

Google Maps stores your IP address, which is transmitted to Google's servers. We have no influence on data processing by Google. Google may also integrate Google Web Fonts when using Google Maps.

The legal basis for data processing is our legitimate interest in an appealing presentation of our online offer in accordance with Art. 6 para. 1 subpara. 1 lit. f GDPR.

If a corresponding consent has been requested, Google's data processing is based on your consent in accordance with Art. 6 para. 1 subpara. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future. You can revoke your consent by sending us an informal email. You can also contact our data protection officer, who will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.

The data processed by Google is also transferred to the USA and other third countries. The data transfer to the USA is again based on an adequacy decision by the EU Commission. Google is a certified partner for the EU-US Privacy Framework. You can find details at: https://privacy.google.com/businesses/controllerterms/mccs/

Integration of Google reCAPTCHA

We use the website analysis service Google reCAPTCHA. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: "Google").

Google reCAPTCHA is used to check whether data for forms can be entered by a human or automatically. Google analyzes the behavior of website visitors as soon as they enter our website. For the analyses, Google evaluates information such as the IP address, time spent on the website or mouse movements made. The data collected is forwarded to Google. We have no influence on Google's data processing.

The legal basis for data processing is our legitimate interest in analyzing our website to protect against SPAM or spying in accordance with Art. 6 para. 1 subpara. 1 lit. f GDPR.

If a corresponding consent has been requested, Google's data processing is based on your consent in accordance with Art. 6 para. 1 subpara. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future. You can revoke your consent by sending us an informal email. You can also contact our data protection officer, who will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.

The data processed by Google is also transferred to the USA and other third countries. The data transfer to the USA is again based on an adequacy decision by the EU Commission. Google is a certified partner for the EU-US Privacy Framework. You can find details at: https://privacy.google.com/businesses/controllerterms/mccs/

Integration of Gravator

On our website, we use the Gravatar service provided by Automattic Inc, 60 29th Street #343, San Francisco, CA 94110, USA. Gravatar enables registered users to have their profile picture displayed automatically when using comment functions.

It is used to improve user interaction and recognition, based on our legitimate interest in accordance with Art. 6 para. 1 subpara. 1 lit. f GDPR.

When you send a comment, a hash value (MD5) of your e-mail address is sent to Gravatar to check whether a suitable profile picture is stored there. If a corresponding avatar is available, it will be displayed. Data may be transferred to the USA in the process. If you do not wish this to happen, please use an email address that is not registered with Gravatar or deactivate JavaScript. Further information can be found in Automattic's privacy policy: https://automattic.com/privacy.

Integration of Weglot

Our website uses the "Weglot" plugin from Weglot SAS, 138 Rue Pierre Joigneaux, 92270 Bois-Colombes, France, to provide content in several languages.

The processing is carried out to improve user-friendliness and barrier-free communication on the basis of our legitimate interest pursuant to Art. 6 para. 1 subpara. 1 lit. f GDPR.

When using language switching, your IP address is transmitted to Weglot in order to correctly display and save the language preference. Weglot may use cookies to remember the selected language setting. No further profiling or analysis of user behavior takes place. Data is generally transferred within the EU; according to the provider, no transfer to third countries is planned. Further information can be found in Weglot's privacy policy.

Integration of Elementor

On our website, we use the Elementor plugin, a website builder from Elementor Ltd, Tuval 40, Ramat Gan, 5252247, Israel, for the visual design and presentation of content.

The plugin is integrated locally into our WordPress installation and does not process any personal data itself, unless additional functions such as external add-ons are used. Elementor does not set cookies for tracking or marketing purposes. However, if third-party content such as Google Maps, YouTube or social media feeds are integrated via corresponding widgets, personal data - such as your IP address - may be transmitted to the respective providers. Such content is only loaded if it is configured accordingly and, if applicable, your consent has been obtained. The processing serves the appealing and technically functional presentation of our website and is based on our legitimate interest in accordance with Art. 6 para. 1 subpara. 1 lit. f GDPR. Elementor itself does not store any personal data.

Payment transactions on our website

We have integrated an online store on our website and therefore use online payments.

General information

In this context, we only process your personal data if it is necessary in connection with the execution of the contract or in the context of pre-contractual measures in accordance with Art. 6 para. 1 subpara. 1 lit. b GDPR. We process your usage data if it is necessary in order to be able to offer you our online service in connection with an online payment.

Your data will be deleted after termination of the business relationship or after completion of the order, provided that no statutory retention periods prevent deletion.

When ordering goods or providing services, your personal data will be passed on to our transport company, any other partners and the payment service provider we use. The transfer of data is limited to the data that is absolutely necessary to fulfill the respective task.

The legal basis for data processing is Art. 6 para. 1 subpara. 1 lit. b GDPR. If you have given your consent in accordance with Art. 6 para. 1 subpara. 1 lit. a GDPR, your e-mail address will be passed on to our transport company so that you can track the shipping status of your order. You can withdraw your consent at any time with effect for the future. You can revoke your consent by sending us an informal email. You can also contact our data protection officer, who will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.

Payment service provider

We use various payment service providers to process our contracts. The payment service provider receives parts of your personal data from us that are necessary for the fulfillment of its tasks, namely name, payment amount, account details and credit card information. The legal basis for data processing is Art. 6 para. 1 subpara. 1 lit. b GDPR and

Furthermore, the legal basis is our legitimate interest in smooth, convenient and secure payment processing in accordance with Art. 6 para. 1 subpara. 1 lit. f GDPR.

If a corresponding consent has been requested, the data processing is based on your consent in accordance with Art. 6 para. 1 subpara. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future. You can revoke your consent by sending us an informal email. You can also contact our data protection officer, who will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.

If the respective provider also transfers the processed data to the USA and other third countries, this data transfer to the USA is based on an adequacy decision by the EU Commission. The decisive factor is whether the respective partner is certified for the EU-US Privacy Framework. Details can be found in the information on the respective provider.

We have concluded an agreement on commissioned processing with the respective provider as proof of data protection-compliant processing and to demonstrate our respective obligations. This is a contract prescribed by data protection law in accordance with Art. 28 (3) GDPR, which ensures that our processor only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Maestro

We offer uncomplicated payment via the Mastercard debit card. The provider is Mastercard Europe SA, Chausée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter: "Mastercard"). Data transfer:https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf - Details of the privacy policy: https://www.mastercard.de/de-de/datenschutz.html.

Paypal

We offer uncomplicated payment via PayPal. The provider is PayPal (Europe) S.a.r.l. et Cie. S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: "PayPal"). Data transfer: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full - Details of the privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Giropay

We offer uncomplicated payment via giropay. The provider is paydirekt GmbH, Stephanstr. 14-16 in 60313 Frankfurt am Main ("giropay").

Mastercard

We offer uncomplicated payment via your Mastercard credit card. The provider is Mastercard Europe SA, Chausée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter: "Mastercard"). Data transfer:https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf - Details of the privacy policy: https://www.mastercard.de/de-de/datenschutz.html.

VISA

We offer uncomplicated payment via your VISA credit card. The provider is Visa Europe Service Inc, London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter: "VISA"). Data transfer: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zuzustandigkeitsfragen-fur-den-ewr.html - Details of the privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

Our own services - Dealing with applicants

You have the opportunity to send us an unsolicited application or apply for an advertised position at any time. We accept applications by e-mail, post and via our online application form. In the following, we would like to inform you about data processing as part of the application process.

We process your personal data such as contact and communication data, application documents and notes in the context of job interviews, insofar as they are necessary for the establishment of an employment relationship.

In the event that we introduce you to an employment relationship, your data will be processed for the purpose of implementing your employment relationship.

If we are unable to offer you a position, you reject our offer or withdraw your application, we reserve the right to retain your documents for up to six months after the end of the application process. After this period has expired, your data will be deleted and destroyed. Mandatory statutory retention periods remain unaffected by this. If you have given us your consent to retain your data for a longer period, we may retain your data for a longer period.

The legal basis for our data processing is Art. 6 para. 1 subpara. 1 lit. b GDPR in conjunction with. § SECTION 26 BDSG. If you have given your consent in accordance with Art. 6 para. 1 subpara. 1 lit. a GDPR, the data processing is based on your consent. You can withdraw your consent at any time with effect for the future. You can withdraw your consent by sending us an informal email. You can also contact our data protection officer, who will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.

You have the option of being included in our applicant pool. This includes all documents and information from your application so that we can contact you if there are suitable vacancies. The legal basis for this data processing is your express consent in accordance with Art. 6 para. 1 subpara. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future. You can revoke your consent by sending us an informal email. You can also contact our data protection officer, who will inform us of your request. However, the legality of the data processing carried out until the revocation remains unaffected by the revocation exercised by you.