Protezione dati

Data protection Best Western Hotel Arabellapark, Munich

General information about the processing of your data
We are legally obliged to inform you about the processing of your personal data (hereinafter referred to as “data”) when you use our website. We take the protection of your personal data very seriously. This data protection notice informs you about the details of the processing of your data and your legal rights in this regard. For terms such as “personal data” or “processing”, the legal definitions from Art. 4 GDPR are authoritative. We reserve the right to adapt the privacy policy with effect for the future, in particular in the event of further development of the website, the use of new technologies or changes to the legal basis or the corresponding case law. We recommend that you read the privacy policy from time to time and take a printout or copy for your records.
Scope of application
The privacy policy applies to all pages of www.hotel-arabellapark.de. It does not extend to any linked websites or internet presences of other providers.
Controller
Responsible for the processing of personal data within the scope of this privacy policy is
Best Western Hotel Arabellapark
B.W. Hotel am Arabellapark Munich GmbH
Arabellastr 15
81925 Munich
Phone: +49 89 380 336 0 / Fax: +49 89 380 33

E-Mail: info@arabellapark.bestwestern.de
Questions about data protection
If you have any questions about data protection with regard to our company or our website, please contact our data protection officer:
SPIRIT LEGAL Fuhrmann Hense Partnerschaft von Rechtsanwälten
Lawyer and data protection officer
Peter Hense
Postal address:
Data Protection Officer
c/o B. W. Hotel am Arabellapark München GmbH, Arabellastr 15, 81925 Munich, Germany
Contact via the encrypted online form:
Contact data protection officer
Data security
We have taken comprehensive technical and organizational precautions to protect your personal data from unauthorized access, misuse, loss and other external interference. To this end, we regularly review our security measures and adapt them to the state of the art.

Your rights
You have the following rights with regard to the personal data concerning you, which you can assert against us:
– Right to information: You can request information in accordance with Art. 15 GDPR about your personal data that we process.
– Right to rectification: If the information concerning you is not (or no longer) accurate, you can request rectification in accordance with Art. 16 GDPR. If your data is incomplete, you can request that it be completed.
– Right to erasure: You can request the erasure of your personal data in accordance with Art. 17 GDPR.
– Right to restriction of processing: In accordance with Art. 18 GDPR, you have the right to request the restriction of your personal data.
– Right to object to processing: You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Art. 6 para. 1 sentence 1 lit. e) or lit. f) GDPR in accordance with Art. 21 para. 1 GDPR. In this case, we will no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, including where the processing serves the establishment, exercise or defense of legal claims (Art. 21 (1) GDPR). In addition, according to Art. 21 para.2 GDPR, you have the right to object at any time to the processing of personal data concerning you for the purpose of direct marketing; this also applies to any profiling, insofar as it is associated with such direct marketing. We draw your attention to the right to object in this privacy policy in connection with the respective processing.
– Right to withdraw your consent: If you have given your consent for processing, you have the right to withdraw your consent in accordance with Art. 7 (3) GDPR.
– Right to data portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format (“data portability”) and the right to transmit this data to another controller if the requirements of Art. 20 para. 1 lit. a, b GDPR are met (Art. 20 GDPR).

You can assert your rights by notifying us using the contact details provided in the “Controller” section or by contacting the data protection officer appointed by us.
If you believe that the processing of your personal data violates data protection law, you also have the right to lodge a complaint with a data protection supervisory authority of your choice in accordance with Art. 77 GDPR. This also includes the data protection supervisory authority responsible for the controller: The State Commissioner for Data Protection of Lower Saxony, P.O. Box 221, 30002 Hanover, Tel.: 0511/120-4500, Fax: 0511 120-4599, e-mail: poststelle@lfd.niedersachsen.de.
Use of our website
In principle, you can use our website for purely informational purposes without disclosing your identity. When accessing the individual pages of the website in this sense, only access data is transmitted to our web space provider so that the website can be displayed to you. The following data is processed:
– Browser type/browser version,
– Operating system used,
– Language and version of the browser software,
– Date and time of access,
– Host name of the accessing end device,
– IP address,
– Content of the request (specific website),
– Access status/HTTP status code,
– Websites accessed via the website,
– Referrer URL (the previously visited website),
– Message as to whether the request was successful,
– time zone difference to GMT and
– amount of data transferred.

The temporary processing of this data is necessary to technically enable the course of a website visit and delivery of the website to your end device. The access data is not used to identify individual users and is not merged with other data sources. Further storage in log files takes place in order to ensure the functionality of the website and the security of the information technology systems. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interests lie in ensuring the functionality of the website and the integrity and security of the website. Storing access data in log files, in particular the IP address, for a longer period of time enables us to detect and prevent misuse. This includes, for example, the defense against requests that overload the service or any bot usage. The access data is deleted as soon as it is no longer required to achieve the purpose for which it was processed. In the case of the collection of data for the provision of the website, this is the case when you end your visit to the website. The log data is always stored directly and only accessible to administrators and is deleted after seven days at the latest. After that, they are only available indirectly via the reconstruction of backup tapes and are deleted after a maximum of four weeks.

You can object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the “Controller” section.
Tracking
In addition to the aforementioned access data, so-called cookies, pixels, browser fingerprinting or other tracking technologies are used when using the website. Cookies are small text files with a sequence of numbers that are stored locally in the cache of the browser used. Pixels are one-pixel images that are not transparent or are created in the background color of the website and are therefore not visible to the user. The pixel also records information about your user behavior on the website. Fingerprinting technologies generate a unique fingerprint based on the browser settings and thus identify an individual browser. Using a script that every Internet browser automatically executes, information such as the screen resolution, fonts used, operating system, hardware information and integrated browser plug-ins can be collected, which in their specific combination can ultimately be traced back to a specific user. Tracking technologies are used to make our website more user-friendly. The use of tracking technologies may be technically necessary.

Technically necessary elements
Some elements of our website require that the accessing browser can be identified even after a page change. The following data is processed in the technically necessary elements, such as cookies or similar methods of terminal device access in particular, for the purpose of carrying out or facilitating electronic communication and providing an information society service requested by the user:
– Language settings,
– Items in the shopping cart,
– log-in information.

The user data collected by technically necessary elements are not processed to create user profiles. We also use so-called “session cookies”, which store a session ID that can be used to assign various requests from your browser to the joint session. “Session cookies” are necessary for the use of the website. In particular, they allow us to recognize the device you are using when you return to the website. We use this cookie to recognize you on subsequent visits to the website. The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interests in the processing are to provide the aforementioned special functionalities and thereby make the use of the website more attractive and effective. The “session cookies” are deleted when you close the browser, depending on which browser you are using and which browser settings you have made.

You can object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the “Controller” section.
Tracking that is not technically necessary
We also use cookies, pixels, browser fingerprinting and other tracking technologies on the website to enable an analysis of users’ surfing behavior. For example, the following data is stored and processed
– Frequency of page views,
– use of website functions.
The legal basis for this processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. Cookies, pixels and other tracking technologies that are not technically necessary are automatically deleted after a specified period, which may vary depending on the tracking method. Insofar as we integrate third-party cookies or pixels and similar tracking technologies into our website, we will inform you of this separately below.

You can withdraw your consent to the processing of the respective provider at any time by moving the slider back in the “Individual data protection settings” of the consent tool. The lawfulness of the processing remains unaffected until the revocation is exercised.
Consent management tool “Borlabs Cookie”
In order to obtain consent on our website for the processing of your end device information and personal data using cookies or other tracking technologies, we use the consent tool “Borlabs Cookie” from the provider “Borlabs – Benjamin A. Bornschein” (Rübenkamp 32, 22305 Hamburg, Germany). With the help of “Borlabs Cookie”, you have the option of consenting to or rejecting the processing of your end device information and personal data by means of cookies or other tracking technologies for the purposes listed in the “Borlabs Cookie” tool. Such processing purposes may include the integration of external elements, the integration of streaming content, statistical analysis, reach measurement or personalized advertising. You can use “Borlabs Cookie” to give or refuse your consent for all processing purposes or to give or refuse your consent for individual purposes or individual third-party providers. You can also change the settings you have made at a later date. The purpose of integrating “Borlabs Cookie” is to allow you as a user of our website to decide on the setting of cookies and similar functionalities and to offer you the opportunity to change settings already made during the further use of our website. In the course of using “Borlabs Cookie”, we process personal data and information about the end devices used. Your data will also be sent to “Borlabs Cookie”. The information about the settings you have made is also stored on your device.

The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. c) GDPR in conjunction with Art. 7 para. 1 GDPR. Art. 7 para. 1 GDPR, insofar as the processing serves to fulfil the legally standardized obligations to provide evidence for the granting of consent. Otherwise, Art. 6 para. 1 sentence 1 lit. f) GDPR is the relevant legal basis. Our legitimate interests in the processing lie in the storage of user settings and preferences in relation to the use of cookies and the evaluation of consent rates. 1 year after the user settings have been made, consent is requested again. The user settings made will then be stored again for this period, unless you delete the information about your user settings in the terminal device capacities provided for this purpose yourself beforehand.
You can object to the processing insofar as the processing is based on Art. 6 para. 1 sentence 1 lit. f) GDPR. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the “Controller” section.

Contacting our company
When you contact our company, e.g. by email or via the contact form on the website, the personal data you provide will be processed by us in order to respond to your inquiry. It is mandatory to provide a first name and surname or a pseudonym and a valid e-mail address in order to process inquiries via the contact form on the website. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f) GDPR or Art. 6 para. 1 sentence 1 lit. b) GDPR if the contact is aimed at concluding a contract. If the request is aimed at concluding a contract, the provision of your data is necessary and mandatory for the conclusion of a contract. If the data is not provided, it will not be possible to conclude or execute a contract in the form of establishing contact or processing the inquiry. The processing of personal data from the input screen is solely for the purpose of processing the contact. If contact is made by email, this also constitutes the necessary legitimate interest in processing the data. The other data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems. No data is passed on to third parties in this context. We delete the data arising in this context after the processing is no longer necessary – usually two years after the end of the communication – or, if necessary, restrict the processing to compliance with the existing mandatory statutory retention obligations.

You can object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the “Controller” section.
Processing for contractual purposes
We process your personal data if and insofar as this is necessary for the initiation, establishment, execution and/or termination of a legal transaction with our company. The legal basis for this results from Art. 6 para. 1 sentence 1 lit. b) GDPR. The provision of your data is then necessary for the conclusion of the contract and you are contractually obliged to provide your data, e.g. if you wish to register as a guest or speaker for an event at our company. If you do not provide your data, it will not be possible to conclude and/or execute a contract. Once the purpose has been achieved (e.g. execution of the contract), the personal data will be blocked for further processing or deleted, unless we are authorized to further processing on the basis of consent given by you (e.g. consent to the processing of the e-mail address for the sending of electronic advertising mail), a contractual agreement, a legal authorization (e.g. authorization to send direct advertising) or on the basis of legitimate interests (e.g. retention for the enforcement of claims).

Your personal data will be passed on to third parties if
– it is necessary for the establishment, execution or termination of legal transactions with our company (e.g. when passing on data to a payment service provider/shipping company to process a contract with you), (Art. 6 para. 1 sentence 1 lit. b) GDPR), or
– a subcontractor or vicarious agent that we use exclusively in the context of providing the offers or services requested by you requires this data (unless you are expressly informed otherwise, such auxiliary persons are only authorized to process the data to the extent that this is necessary for the provision of the offer or service), or
– there is an enforceable official order (Art. 6 para. 1 sentence 1 lit. c) GDPR), or
– there is an enforceable court order (Art. 6 para. 1 sentence 1 lit. c) GDPR), or
– we are obliged to do so by law (Art. 6 para. 1 sentence 1 lit. c) GDPR), or
– processing is necessary in order to protect the vital interests of the data subject or of another natural person (Art. 6 para. 1 sentence 1 lit. d) GDPR), or
– it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority (Art. 6 para. 1 sentence 1 lit. e) GDPR), or
– we rely on our overriding legitimate interests or those of a third party to pass on the data.

Your personal data will not be passed on to other persons, companies or bodies unless you have effectively consented to such a transfer. The legal basis for processing is then Art. 6 para. 1 sentence 1 lit. a) GDPR. We will inform you of the respective recipients in the context of this data protection information with regard to the respective processing procedure.
Online booking
If you would like to book a hotel room on our website in our online booking system, we process your first and last name, your address, your e-mail address, your travel dates and the desired room category. To initiate and conclude the contract, it is necessary and mandatory for you to provide personal data such as your name, address, the duration of the trip, payment details and your e-mail address. The mandatory information required for booking and contract processing is marked separately; other information is provided voluntarily. We process your data to process the booking and for this purpose we will in particular

payment data to the payment service provider you have chosen or to our house bank. We use the booking system of BWH Hotel Group Central Europe GmbH (Frankfurter Straße 10 -14, 65760 Eschborn; hereinafter: Best Western). By using the online booking system on the website, “Best Western” receives the information required to process the booking (e.g. length of stay, reservation number, accommodation). The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b) GDPR. The provision of your data is necessary and mandatory for the conclusion or execution of the contract. If you do not provide your data, it will not be possible to conclude and/or execute the contract. To prevent unauthorized third parties from accessing your personal data, the booking process on the website is encrypted using SSL technology. We delete the data collected in this context after storage is no longer required, or restrict processing if there are statutory retention obligations. Due to mandatory commercial and tax regulations, we are obliged to store your address, payment and booking data for a period of up to ten years. Two years after termination of the contract, we restrict processing and reduce processing to compliance with existing legal obligations. Further information on data processing you find under https://www.bestwestern.de/agb-datenschutz.html.

Processing of personal data in accordance with Section 30 of the Federal Registration Act (BMG)
Accommodation establishments, in particular hotels, are obliged under Section 30 of the Federal Registration Act (BMG) to collect the following data from the guest on the day of arrival and to have the guest sign the registration form by hand or to have the data collected electronically confirmed by special authentication procedures in accordance with Section 29 (5) BMG:
– Date of arrival and expected departure,
– surnames,
– first names,
– date of birth,
– nationalities,
– address,
– number of fellow travelers and their nationality in the cases of Section 29 (2) sentences 2 and 3 BMG,
– serial number of the recognized and valid passport or passport replacement document for foreign persons,
– other data for the collection of tourist and spa taxes.

For tour groups of more than 10 people, however, only the personal data of the tour guide is required. The tour guide must state the number of fellow travelers and their nationality. We are obliged to collect, process and pass on this data within the framework of the BMG. The legal basis for the processing results from Art. 6 para. 1 sentence 1 lit. c) GDPR in conjunction with. § 30 para. 1, para. 4, § 29 para. 2 to 5 BMG. As our guest, you are legally obliged to provide your data. If you do not provide your data, the conclusion or execution of the contract in the form of accommodation is impossible. The completed registration forms must be kept by us as an accommodation facility for submission to the responsible local regulatory authorities in order to fulfill their duties. We delete the data processed by you 1 year and 3 months after the day of your arrival or restrict the processing as soon as it is permitted under the provisions of the BMG and provided that there is no consent on your part pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR and no other legitimate interest on our part in the continued processing.

Voucher shop
If you would like to purchase a voucher in our voucher store on the website, it is necessary and mandatory for the initiation and conclusion of the contract that you provide personal data such as your first and last name, your address and your e-mail address. The mandatory information required for order and contract processing is marked separately, other information is provided voluntarily. If you do not provide this information, it will not be possible to conclude a contract in the form of purchasing a voucher via the voucher store. In addition, we also process the message you may have noted as part of the voucher purchase as well as any data you may have provided in order to display it on the voucher. We process the data you provide in this context for order processing and fulfillment. For this purpose, we will in particular forward payment data to the payment service provider you have chosen or to our house bank. We use the “VoucherBooking” ordering system of the provider HotelNetSolutions (Hotel Net Solutions GmbH, Genthiner Str. 8, 10785 Berlin; hereinafter referred to as “VoucherBooking”) for the voucher store: VoucherBooking) in order to provide you with an optimal ordering process. Your order data is processed on the VoucherBooking servers. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b) GDPR. In order to prevent unauthorized third parties from accessing your personal data the ordering process on the website is encrypted using SSL technology. We delete the data collected in this context after storage is no longer required, or restrict processing if there are statutory retention obligations. Due to mandatory commercial and tax regulations, we are obliged to store your address, payment and order data for a period of up to ten years. Two years after termination of the contract, we restrict processing and reduce processing to compliance with existing legal obligations.

E-mail marketing
Advertising to existing customers
We reserve the right to use the e-mail address provided by you when booking a hotel room or registering for an event in accordance with the statutory provisions in order to send you the following content by e-mail during or following the booking, provided that you have not already objected to this processing of your e-mail address:

– Information about your stay and other travel-related offers from our hotel,
– Information about current special offers,
– Information about our hotel and other services,
– Individual guest advice and support,
– Guest satisfaction inquiries following your stay / event visit,
– Overview of possible leisure activities and events at our hotel,
– Information on arrival and departure in preparation for your stay,
– invitations to events organized by our company.
If the sending of electronic information is necessary for the execution of the contract, the processing is based on the legal basis of Art. 6 para. 1 sentence 1 lit. b) GDPR. In these cases, you are contractually obliged to provide your data. If you do not provide your data, it will not be possible to send electronic information by email as part of the execution of the contract.

If the sending of electronic information via email is not necessary for the execution or implementation of the contract (e.g. email for information purposes), the processing of your data is based on the legal basis of Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interests in the aforementioned processing lie in the improvement and optimization of our services, the sending of direct advertising and ensuring guest satisfaction. We delete your data when you end the usage process, but no later than three years after the end of the contract.
We use the services of BWH Hotel Group Central Europe GmbH (Frankfurter Straße 10 -14, 65760 Eschborn; hereinafter: Best Western) to send e-mails, in particular guest satisfaction surveys by e-mail. If you have made a booking via the online booking system, the personal data you provide, in particular your name, the duration of your stay, the name of the hotel and your e-mail address, will be processed by Best Western in order to send you a guest satisfaction survey following your stay. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interest lies in the use of a service provider for the optimization and targeted sending and management of guest feedback. Further information, including on the storage period, can be found in the privacy policy of “Best Western” under ttps://www.bestwestern.de/agb-datenschutz.html.

We would like to point out that you can object to the receipt of direct advertising and processing for the purpose of direct advertising at any time without incurring any costs other than the transmission costs according to the basic rates. You have a general right to object without giving reasons (Art. 21 (2) GDPR). To do this, click on the unsubscribe link in the respective email or send us your objection to the contact details given in the “Controller” section.
Payment service provider (PSP)/ payment service provider

Law Enforcement / Address Determination / Debt Collection
In the event of non-payment, we reserve the right to pass on the data provided at the time of order to a lawyer and/or external companies (e.g. Verband der Vereine Creditreform e.V., Hellersbergstraße 12, D-41460 Neuss) for the purpose of determining the address and/or enforcing the law. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interests lie in the prevention of fraud and the avoidance of default risks. In addition, we may pass on your data in order to ensure the exercise of our rights, as well as the rights of our affiliates, our cooperation partners, our employees and/or the users of our website, and the processing is necessary in this respect. Under no circumstances will we sell or rent your data to third parties. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. We have a legitimate interest in processing for law enforcement. We delete the resulting data after storage is no longer necessary, or restrict processing if there are statutory retention obligations.
You can object to the processing. You have the right to object for reasons relating to your particular situation. You can send us your objection using the contact details provided in the “Controller” section.
Hosting
We use external hosting services provided by Jäger IT-Solutions (Hauptstraße 19, 37127 Niemetal, Germany), which provide the following services: infrastructure and platform services, computing capacity, storage resources and database services, security and technical maintenance services. For these purposes, all data – including the access data mentioned under “Use of our website” – that are necessary for the operation and use of our website are processed. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. With the use of external hosting services, we pursue an efficient and secure provision of our website.
You can object to the processing. You have the right to object for reasons relating to your particular situation. You can send us your objection using the contact details provided in the “Controller” section.
Integration of third-party content
Third-party content, such as videos, maps or graphics from other websites, is integrated into the website. This integration always presupposes that the providers of this content (“third-party providers”) are aware of the IP addresses of the users. Without the IP address, they cannot send the content to the user’s browser. The IP address is therefore required for the display of this content. In the following, we inform you about the services of external providers currently used on our website as well as about the respective processing in individual cases and about your existing objection or revocation options.
Google Maps
This website uses the “Google Maps” service provided by “Google” (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA) for the purpose of displaying maps or map sections and thus enables you to use the map function on the website comfortably. When you visit the website, “Google” receives the information that you have accessed the corresponding sub-page of our website. In addition, some of the data mentioned in the section “Use of our website” and “Cookies” will be transmitted to “Google”. This happens regardless of whether “Google” provides a user account through which you are logged in, or whether there is no user account. If you are logged in to “Google”, your data will be assigned directly to your account. If you do not wish to be associated with your profile on “Google”, you must log out before activating the button. “Google” stores your data as user profiles and processes them independently of the existence of a user account with “Google” for the purposes of advertising, market research and/or needs-based design of its website. The legal basis for the processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. “Google” also processes your data on servers in the United States. There is no adequacy decision by the EU Commission for the transfer of data to the USA. The legal basis is your consent in accordance with Art. 49 (1) (a) GDPR. Your data in connection with “Google Maps” will be deleted after thirty days at the latest. Further information on the purpose and scope of processing at “Google Maps” can be found under https://policies.google.com/privacy?hl=de.
It is possible to revoke your consent to the processing of the respective provider at any time by moving back the slider in the “Individual data protection settings” of the consent tool. The lawfulness of the processing remains unaffected until the revocation is exercised.
Google Tag Manager
We use the “Google Tag Manager” of “Google” (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA) on our website. “Google Tag Manager” is a solution that allows website tags and other third-party elements to be managed through an interface.
On the one hand, when the website is accessed with Google Tag Manager, an http request (request) is sent to Google. As a result, endpoint information and personal data such as your IP address and information about your browser settings are transmitted to Google. We use the Google Tag Manager for the purpose of facilitating electronic communication by transferring information to third-party providers, including via programming interfaces. In the Google Tag Manager, the respective tracking codes of the third-party providers are implemented without us having to change the source code of the website ourselves. Instead, the integration is done by a container, which places a so-called “placeholder” code in the source code. In addition, Google Tag Manager allows users to exchange data parameters in a specific order, in particular by organizing and systematizing the data packets. In some cases, your data will also be transferred to the USA. So-called “standard contractual clauses” have been concluded with Google to ensure compliance with an adequate level of data protection. Upon request, we will provide you with a copy of the Standard Contractual Clauses. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interests in processing are to facilitate and carry out electronic communications by identifying communication endpoints, controlling the exchange of data elements in a specified order, and identifying transmission errors. Google Tag Manager does not initiate any data storage. For more information on data protection at Google, please visit: http://www.google.de/intl/de/policies/privacy.
You can object to the processing if the processing is based on the legal basis of Art. 6 para. 1 sentence 1 lit. f) GDPR. You have the right to object for reasons relating to your particular situation. You can send us your objection using the contact details provided in the “Controller” section.
On the other hand, Google Tag Manager integrates third-party tags such as tracking codes or tracking pixels on our website. The tool triggers other tags, which in turn collect your data; We will explain this to you separately within the framework of this privacy policy. The Google Tag Manager itself does not evaluate the device information and personal data of the users collected by the tags. Rather, your data will be forwarded to the respective third-party service for the purposes stated in our consent management tool. We have tuned Google Tag Manager to our consent management tool so that the triggering of certain third-party services in Google Tag Manager is dependent on your selection in our consent management tool, so that only those third-party tags for which you have given consent trigger data processing. The use of Google Tag Manager is included in the consent for the respective third-party service. The legal basis for the processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. In some cases, your data will also be transferred to the USA. The legal basis for the transfer to the USA is your consent in accordance with Art. 49 para. 1 sentence 1 lit. a) GDPR. The storage period of your data can be found in the following descriptions of the individual third-party services. For more information on data protection at Google, please visit: http://www.google.de/intl/de/policies/privacy.
It is possible to revoke your consent to the processing of the respective provider at any time by moving back the slider in the “Individual data protection settings” of the consent tool. The lawfulness of the processing remains unaffected until the revocation is exercised.
Statistical, analytical and marketing services
We also use third-party services for statistical, analytical and marketing purposes. In this way, we are able to provide you with a user-friendly, optimized use of the website. The third-party service providers use cookies, pixels, browser fingerprinting, or other tracking technologies to control their services. In the following, we will inform you about the services of external providers currently used on our website as well as about the respective processing in individual cases and about your existing revocation options.
Google Analytics
In order to be able to optimally tailor our website to user interests, we use “Google Analytics”, a web analysis service provided by “Google” (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA). When using “Google Analytics”, technologies such as “cookies”, “tracking pixels” and “device fingerprinting” are used to track certain user behaviour on websites. This also involves processing information that is stored on users’ end devices. With the help of the “tracking pixels” integrated into websites and the “cookies” stored on users’ end devices, “Google” processes the information generated about the use of our website by users’ end devices and access data for the purpose of statistical analysis – e.g. whether a particular website has been accessed, which website areas are of particular interest to users or whether a newsletter subscription has taken place. For this purpose, it can also be determined whether different devices belong to you or your household. Access data includes, in particular, the IP address, browser information, the website previously visited, and the date and time of the server request. “Google Analytics” is used with the “anonymizeIp()” extension. As a result, IP addresses are processed in an abbreviated form in order to make it more difficult to identify them. According to Google, the IP addresses are shortened within member states of the European Union. Due to the “Google Analytics” tool used, the user’s browser automatically establishes a direct connection with Google’s server. If users are registered with a Google service, Google can assign the visit to the user account and create and evaluate user profiles across applications. The legal basis for the processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. “Google” also processes some of the data in the USA. There is no adequacy decision by the EU Commission for the transfer of data to the USA. The legal basis for the transfer to the USA is your consent in accordance with Art. 49 para. 1 sentence 1 lit. a) GDPR. Your data in connection with “Google Analytics” will be deleted after 30 days at the latest. For more information on data protection at Google, please visit: http://www.google.de/intl/de/policies/privacy.
It is possible to revoke your consent to the processing of the respective provider at any time by moving back the slider in the “Individual data protection settings” of the consent tool. The lawfulness of the processing remains unaffected until the revocation is exercised.
Google Analytics Advertising
We also use the web analysis service “Google Analytics” with the remarketing function “Google Analytics Advertising” from Google (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA). For this purpose, Google Analytics Advertising uses technologies such as “cookies”, “tracking pixels” and “device fingerprinting” to track certain user behaviour on websites. This also involves processing information that is stored on users’ end devices. With the help of the “tracking pixels” integrated into websites and the “cookies” stored on users’ end devices, Google processes the information generated about the use of our website by users’ end devices and access data for the purpose of statistical analysis – e.g. that a certain website has been accessed or newsletter registration has taken place – and for the purpose of displaying individualized advertisements based on this. For these purposes, it can also be determined whether different devices belong to you or to your household. With the help of the additional function “Google Analytics Advertising”, it is possible to create target groups for specific cookies or mobile advertising IDs and later use them for the renewed individualized advertising approach. Examples of audience criteria include: users who viewed products but didn’t add them to a shopping cart or added to a cart but didn’t complete the purchase, users who purchased specific items. A target group includes at least 100 users. With the help of the “Google Ads” tool, interest-based advertisements can then be displayed in search results. In this way, users of websites on other websites within the Google advertising network (in Google search or on “YouTube”, so-called “Google Ads” or on other websites) can be recognized and tailored advertisements can be presented based on the defined target group criteria. The advertisements may also refer to products and services that users have already viewed on our website. Access data includes, in particular, the IP address, browser information, the website previously visited, and the date and time of the server request. “Google Analytics” is used with the “anonymizeIp()” extension. As a result, IP addresses are processed in an abbreviated form in order to make it more difficult to identify them. Due to the Google Analytics Advertising tool used, the user’s browser automatically establishes a direct connection with Google’s server. If users are registered with a Google service, Google can assign the visit to the user account and create and evaluate user profiles across applications. The legal basis for the processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. “Google” also processes some of the data in the USA. There is no adequacy decision by the EU Commission for the transfer of data to the USA. The legal basis for the transfer to the USA is your consent in accordance with Art. 49 para. 1 sentence 1 lit. a) GDPR. Your data in connection with “Google Analytics” will be deleted after 30 days at the latest. For more information on data protection at Google, please visit: http://www.google.de/intl/de/policies/privacy.
It is possible to revoke your consent to the processing of the respective provider at any time by moving back the slider in the “Individual data protection settings” of the consent tool. The lawfulness of the processing remains unaffected until the revocation is exercised.
Google Ads Remarketing
We use the “Google Ads” tool with the “Dynamic Remarketing” function from “Google” (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA). This is a procedure that we would like to use to address you again. With the “Dynamic Remarketing” function, we can recognize users of our website on other websites within the “Google” advertising network (in the “Google” search or on “YouTube”, so-called “Google Ads” or on other websites) and present advertisements tailored to their interests. The advertisements may also refer to products and services that you have already viewed on our website. For this purpose, the interaction of users on our website is analysed, e.g. which offers the user has been interested in, in order to be able to display targeted advertising to users on other pages even after visiting our website. If you visit our website, “Google Ads” will store a cookie on your device. With the help of cookies, “Google” processes the information generated by your device about the use of our website and interactions with our website, as well as the data mentioned in the section “Use of our website”, in particular your IP address, browser information, the website previously visited and the date and time of the server request, for the purpose of displaying personalized advertisements. For this purpose, it can also be determined whether different devices belong to you or to your household. The data collected in the context of “Google Ads” is not combined with data from other “Google” products. The legal basis for the processing of your data is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. “Google” also processes some of the data in the USA. There is no adequacy decision by the EU Commission for a data transfer to the USA. The legal basis for the transfer to the USA is your consent in accordance with Art. 49 para. 1 sentence 1 lit. a) GDPR. Your data in connection with “Google Ads Remarketing” will be deleted after 30 days at the latest. You can find more information about data protection and the storage period at “Google” at: https://policies.google.com/privacy.
It is possible to revoke your consent to the processing of the respective provider at any time by moving back the slider in the “Individual data protection settings” of the consent tool. The lawfulness of the processing remains unaffected until the revocation is exercised.
Google Ads Conversion
We use the offer of “Google Ads” from “Google” (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA) to draw attention to our attractive offers with the help of advertising media (formerly so-called “Google AdWords”) on external websites. We can determine how successful the individual advertising measures are in relation to the data from the advertising campaigns. These advertising materials are delivered by “Google” via so-called “ad servers”. For this purpose, we use “ad server” cookies, which can be used to measure certain parameters for measuring reach, such as the display of ads or clicks by users. If you access our website via a “Google” ad, a cookie will be stored on your device by “Google Ads”. With the help of cookies, “Google” processes the information generated by your device about interactions with our advertising media (calling up a certain website or clicking on an advertising material), the data mentioned in the section “Use of our website”, in particular your IP address, browser information, the website previously visited and the date and time of the server request, for the purpose of analysing and visualising the reach measurement of our advertisements. For this purpose, it can also be determined whether different devices belong to you or to your household. Due to the marketing tools used, your browser automatically establishes a direct connection with the “Google” server. If you are registered with a “Google” service, “Google” can assign the visit to your account. Even if you are not registered with “Google” or have not logged in, there is a possibility that the provider will find out and process your IP address. We only receive statistical evaluations from “Google” to measure the success of our advertising materials. The legal basis for the processing of your data is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. “Google” also processes some of the data in the USA. There is no adequacy decision by the EU Commission for a data transfer to the USA. The legal basis for the transfer to the USA is your consent in accordance with Art. 49 para. 1 sentence 1 lit. a) GDPR. The storage period of your data at “Google” is 30 days. You can find more information about data protection and the storage period at “Google” at: https://policies.google.com/privacy.
It is possible to revoke your consent to the processing of the respective provider at any time by moving back the slider in the “Individual data protection settings” of the consent tool. The lawfulness of the processing remains unaffected until the revocation is exercised.
Google AdSense
On our website, we also use the “GoogleAdSense” tool, an advertising service provided by “Google” (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA) for the marketing of advertisements. When using “Google AdSense”, technologies such as “cookies”, “tracking pixels” and “device fingerprinting” are used to track visitor traffic and user behaviour on our website and to show you topic-specific advertisements on our website that match our content and your interests. For this purpose, information stored on users’ end devices is also processed. With the help of the “tracking pixels” integrated into websites and the “cookies” stored on users’ end devices, “Google” processes the information generated about the use of our website by users’ end devices as well as access data after each impression (i.e. whenever you see or click on an advertisement, for example) for the purpose of cross-device statistical analysis, the display of individualized advertisements and to measure the effectiveness of an advertisement. Ad. “Google” can, for example, determine that and how often a certain website has been accessed in order to understand the quality of the advertising space on our website and to select the appropriate ad type. For this purpose, it can also be determined whether different devices belong to you or your household. Access data includes, in particular, the IP address, browser information, the website previously visited, and the date and time of the server request. As part of the use of “Google AdSense”, your browser automatically establishes a direct connection with the “Google” server. If users are registered with a Google service, Google can assign the visit to the user account and create and evaluate user profiles across applications. The legal basis for the processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. “Google” also processes some of the data in the USA. There is no adequacy decision by the EU Commission for the transfer of data to the USA. The legal basis for the transfer to the USA is your consent in accordance with Art. 49 para. 1 sentence 1 lit. a) GDPR. Google stores your data in connection with “Google AdSense” for a maximum of 24 months. For more information on data protection at Google, please visit: http://www.google.de/intl/de/policies/privacy.
It is possible to revoke your consent to the processing of the respective provider at any time by moving back the slider in the “Individual data protection settings” of the consent tool. The lawfulness of the processing remains unaffected until the revocation is exercised.
Copyright Ó by Spirit Legal

PayPal

On our website we offer you payment via “PayPal”. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: “PayPal”). To pay you must log in to your PayPal account. Your payment data provided to PayPal will be processed by PayPal for the purpose of payment processing. Further information on data processing by PayPal can be found here: https://www.paypal.com/de/webapps/mpp/ua/privacy-full. In order to be able to assign your payment, we process your delivery/billing address, e-mail address and the selected payment method. We delete the data collected in this context after storage is no longer necessary, or restrict processing if there are statutory retention obligations. Due to mandatory commercial and tax regulations, we are obliged to store your address, payment and order data for a period of up to ten years. Two years after the termination of the contract, we restrict the processing and reduce the processing to compliance with existing legal obligations.

The legal basis for this is Art. 6 para. 1 sentence 1 lit. b) GDPR. The provision of your payment data is necessary and obligatory for the conclusion or execution of the contract. If the payment data is not provided, it is not possible to conclude and/or execute the contract with the payment method “PayPal”.
PayPal Plus services without your own PayPal account
If you select the PayPal service “SEPA direct debit”, “credit card” or “purchase on account” as part of your payment, PayPal (Europe) S.àr.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”) uses the personal data collected for the purpose of payment processing. You do not need a PayPal account for this service. Further information about data processing at PayPal can be found here: https://www.paypal.com/de/webapps/mpp/ua/legalhub-full?locale.x=de_DE or https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE
We will process the payment method specified in this context for your booking. We delete the data collected in this context after storage is no longer necessary, or restrict processing if there are statutory retention obligations. Due to mandatory commercial and tax regulations, we are obliged to store your address, payment and order data for a period of up to ten years. Two years after the termination of the contract, we restrict the processing and reduce the processing to compliance with existing legal obligations.
The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b) GDPR. The provision of your payment data is necessary and obligatory for the conclusion or execution of the contract. If the payment data is not provided, it is not possible to conclude and/or execute the contract with the PayPal service you have chosen.
Credit card
For the purpose of payment processing, we pass on the payment data required for the credit card payment to the credit institution commissioned with the payment or to the payment and billing service provider commissioned by us, if applicable. The processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR. The provision of your payment data is necessary and mandatory for the conclusion or execution of the contract. If the payment data is not provided, it is impossible to conclude and/or execute the contract by means of a credit card payment. The data required for payment processing is transmitted securely via the “SSL” procedure and processed exclusively for payment processing. We delete the data collected in this context after storage is no longer necessary, or restrict processing if there are statutory retention obligations. Due to mandatory commercial and tax regulations, we are obliged to store your address, payment and order data for a period of up to ten years. Two years after the termination of the contract, we restrict the processing and reduce the processing to compliance with existing legal obligations.
Purchase on account
In the case of “purchase on account”, we reserve the right to forward your data, which you provide when ordering, to external companies (e.g. Verband der Vereine Creditreform e.V., Hellersbergstraße 12, D-41460 Neuss) for the purpose of carrying out a credit check. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interests lie in the prevention of fraud and the avoidance of default risks, because we make advance payments in the case of “purchase on account”.
We process the data transmitted to us by your credit institution as part of the “purchase on account” payment process for the purpose of invoice verification. The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. b) GDPR. The provision of your payment data is necessary and mandatory for the conclusion or execution of the contract. If the payment data is not provided, it is not possible to conclude and/or execute the contract by means of a “purchase on account”. We delete the data collected in this context after storage is no longer necessary, or restrict processing if there are statutory retention obligations. Due to mandatory commercial and tax regulations, we are obliged to store your address, payment and order data for a period of up to ten years. Two years after the termination of the contract, we restrict the processing and reduce the processing to compliance with existing legal obligations.
You can object to the processing if the processing is based on the legal basis of Art. 6 para. 1 sentence 1 lit. f) GDPR. You have the right to object for reasons relating to your particular situation. You can send us your objection using the contact details provided in the “Controller” section.