Data protection declaration
In the following, we would like to inform you about data protection on our website and about the type, scope and purpose of the personal data that we collect, use and process. Data protection is very important to us.
Personal data is any data that could be used to personally identify you, such as your name, IP address, telephone number, etc. This data is processed automatically when you visit the website (e.g. IP address, browser type, operating system, etc.), or if you give us your consent to process it, or if you voluntarily provide us with your data, e.g. by entering your data in a form on our website.
Furthermore, we would like to inform you about your rights under the GDPR.
You have the right to obtain information about the origin, recipients and purpose of your personal data processed by us free of charge at any time, as well as the right to correct or delete this data.
You also have the right to request the restriction of the processing of your personal data under certain circumstances. If you have given us your consent to process your data, you can revoke this consent at any time with future effect. Furthermore, you have the right to lodge a complaint with the competent data protection supervisory authority.
The data controller / data processor is
Dieter Hoppe
***S-AngerResidenz
Am Angerpark 16
94227 Zwiesel
Phone: +49 9922 84 20 0
Fax: +49 (0)9922 84 20 40
E-mail: info@angerresidenz.de
Processing of your data in the context of the services we provide
For our guests or business partners, or in the event that you are interested in our services, the type, scope and purpose of the processing of your personal data is based on the contractual or pre-contractual relationships that exist between us. In this context, we process personal data that we request from you or that you provide to us in order to answer your request, to create an offer for you or to process your order. The data subjects in this context are guests, interested parties, business and contractual partners. The purpose of processing is to provide contractual services, to communicate, to respond to contact requests and to carry out office and organizational procedures.
Unless otherwise stated in the further information in this data protection declaration, the processing of your data and its disclosure to third parties is limited to the data that is necessary and appropriate to answer your questions and/or fulfill the contract, to protect our rights and to fulfill legal obligations.
The data concerned are:
- Inventory data (e.g. names, addresses)
- Payment data (e.g. bank details, invoices)
- Contact details (e.g. e-mail address, telephone number, postal address)
- Contract data (e.g. subject matter of the contract, duration of the contract)
The legal basis for data processing is Art. 6 I 1 lit. b GDPR, the fulfillment of the contract or the fulfillment of pre-contractual inquiries.
Unless a specific storage period is specified in this data protection declaration, we will store your personal data until the purpose for which the data is processed no longer applies. We will delete your personal data when we no longer need it, i.e. after the end of the contractual relationship between us, or after our legitimate interest in further processing the data has ceased to apply, or if you request us to delete it. Mandatory legal provisions – in particular statutory retention periods – remain unaffected. Likewise, it may be necessary to process your personal data until these deadlines have expired in order to assert, exercise or defend legal claims arising from contractual relationships or to protect the rights of another natural or legal person. We will then delete the personal data required for this purpose only after these deadlines have expired. However, until these deadlines have expired, we will limit the processing of this data to these purposes.
Accessing the website – processing of personal data and the nature and purpose of its use
When you access our website, you transmit data (for technical reasons) to our web server via your internet browser. The following data is processed in the server log files during an active connection for communication between your internet browser and our web server:
- the page from which the file was requested – referrer URL
- the name of the file
- the date and time of the request
- a description of the type of web browser used / browser version and operating system
- IP address of the requesting computer
- Access status (file transferred, file not found, etc.)
- Amount of data transferred
For technical reasons (accessing the website), this data is stored for a short period of time. We are not able to draw any conclusions about individual persons from this data. After a maximum of 7 days, the IP addresses are deleted or anonymized.
The data is evaluated for internal purposes only and does not allow us to draw any conclusions about you as a person. It is not compared with other data sets.
The data mentioned is processed for the following purposes:
- Ensuring that the website can be accessed properly and without any problems,
- Ensuring that the website is easy to use,
- Evaluation of system security and stability
The legal basis for data processing is Art. 6 I S 1 lit. f GDPR. The legitimate interest follows from the above-listed purposes for data collection. In no case do we use the collected data for the purpose of drawing conclusions about your person. You can visit the website without providing any personal information.
Use of technically necessary cookies
We use technical necessary cookies on our website. Cookies are small files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your device and do not contain any viruses, Trojans or other malware.
The cookie stores information that is generated in connection with the specific device used. However, this does not mean that we thereby obtain direct knowledge of your identity. Cookies do not contain any personal data and can therefore not be directly assigned to a user.
The use of cookies is intended to make our services more convenient for you. We use technically necessary cookies in order to set the language of our Website. These cookies are automatically deleted after you close your browser or after one day. The data processed by cookies is necessary for the purposes mentioned to safeguard our legitimate interests and those of third parties in accordance with Art. 6 I S 1 lit. f GDPR.
Enquiries by e-mail, fax or telephone
If you contact us by e-mail, fax or telephone, your request, including all personal data arising from it (e.g. name, request), will be stored and processed by us for the purpose of processing your request. We will not pass on your data without your consent. There is no legal or contractual obligation to provide your data, but it is not possible to process your request without providing your data.
This data is processed on the basis of Art. 6 I S lit. b GDPR, provided that your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 I S 1 lit. a GDPR) and / or on our legitimate interest (Art. 6 I S 1 lit. f GDPR), as we have a legitimate interest in the effective processing of the requests addressed to us.
The data sent to us by contact requests (e-mail) will be stored by us until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular legal retention periods – remain unaffected.
Contact form/booking request
If you send us a message using our contact form, the mandatory fields are those on the form. You must enter an e-mail address so that we can contact you by e-mail. There is no legal or contractual obligation to provide your data, but it is not possible to process your request without providing your data.
The data you enter in the contact form will be used by us exclusively to answer your request for information. We will not pass on the data you enter in the contact form to third parties or use it for any other purpose than to answer your request. The data processing for the purpose of contacting us is carried out in accordance with Art. 6 I S 1 1 lit. a GDPR on the basis of your voluntarily given consent and, in the case of booking enquiries, on the basis of Art. I S 1 lit. b for the purpose of carrying out pre-contractual measures.
Your data will be deleted after your request has been processed, provided that there are no legal obligations to retain the data.
E-mail advertising and your right to object
If we have received your e-mail address in connection with a booking or service that has been made and you have not objected, we reserve the right to send you our offers for similar services on a regular basis on the basis of § 7 III UWG. The legal basis is our legitimate interest in addressing our customers in a promotional manner and the processing of the data is permissible under Art. 6 I S 1 lit f DSGVO in the context of a balancing of interests.
You can object to the use of your e-mail address at any time by sending us a message or using the corresponding link in the advertising e-mail. After the legal basis for data processing for advertising e-mails has ceased to exist, your e-mail address will be deleted, unless there are legal retention obligations (e.g. from tax or commercial law retention obligations) to the contrary.
We would also like to point out that you can object to the future processing of your personal data at any time in accordance with the legal requirements of Art. 21 GDPR. In particular, you can object to the processing of your data for direct marketing purposes.
Postal advertising and your right to object
We reserve the right to use your first and last name and your postal address, which you have provided to us in the context of bookings, for our own advertising purposes, e.g. to send you interesting offers by post. This serves to safeguard our legitimate interests in addressing our customers for advertising purposes, which outweigh the interests of the data subject in accordance with Art. 6 I S 1 lit. f GDPR.
You can object to the storage and use of your data for these purposes at any time by sending us a message. In particular, you can object to the processing of your data for the purposes of direct marketing. After the legal basis for data processing for postal advertising has ceased to exist, your address data will be deleted, unless there are legal obligations to retain it.
Data protection when sending application documents
If you send us your application documents, we will use them exclusively to decide on your application and will not pass your data on to third parties. We would like to point out that we do not currently offer any encryption of your data when you send us your application documents by e-mail. However, you can send us your attachments in encrypted form by e-mail, for example using the 7ZIP program (http://www.7-zip.de/), and then send us your password separately, for example by telephone. You will receive an e-mail from us at your e-mail address to confirm that we have received your application. You can also send us your application by post at any time.
Application data is stored and managed separately from other data sets.
If we conclude an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with the applicant, the application documents will be automatically deleted no later than 6 months after notification of the rejection decision, provided that no other legitimate interests of the data controller prevent deletion or the applicant has expressly consented to longer storage and retention of his or her application, e.g. for possible later contact in the event of vacancies. Other legitimate interests in this sense include, for example, the obligation to provide evidence in proceedings under the German General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz, AGG).
The data processing for the purpose of contacting you and processing your application data is carried out in accordance with Art. 6 I S 1 lit. a,b DSGVO on the basis of your voluntarily given consent, as well as for the purpose of carrying out pre-contractual measures.
Online presence in social networks
We operate an online presence on Facebook for advertising purposes.
In addition to the site operator, Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is in this case responsible for the company’s presence on social networks in accordance with the GDPR and other data protection regulations
We would like to point out that you use social services and their functions at your own risk. This applies in particular to the use of interactive functions (e.g. sharing, rating).
If you visit our online presence on social media, personal data will be collected and processed by the respective provider for advertising and market research purposes. In general, user profiles are also created in this process. This is particularly the case if you are a member of the respective platform and are logged in to it. The providers can use the user profiles to display interest-based advertising to you. To avoid social media operators collecting information about you while you are visiting our website, you should log out of the respective social media before visiting our website and delete any cookies from the social media that may be present in your browser.
Social network links
No social plugins from Facebook or other social networks are integrated into these web pages. Therefore, no program code from a social network is active on our pages. The icons for Facebook, etc. on our website are merely linked images.
Data protection notice – online presence on Facebook (META)
Facebook Ireland (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland – hereinafter referred to as Facebook) and the page administrator (we) are jointly responsible for the processing of personal data for the purposes of the Terms of Use for Covered Products on the Facebook account of the page administrator, which is collected in connection with a visit or interaction with a page (including its content).
Covered Products are all Facebook products, Facebook Pages and Page Insights. Facebook products include Facebook itself (including the Facebook mobile app and the browser in the app), Messenger, Instagram (including apps such as Direct and Boomerang), Portal-branded devices, Bonfire, Facebook Mentions, Facebook Shops, Spark AR Studio, Audience Network, NPE Team Apps, and any other features, apps, technologies, software products, products or services offered by Facebook, Inc. or Facebook Ireland Limited. In addition, Facebook Business Tools are also considered Facebook Products.
The scope of joint processing and the supplement for controllers covers the collection of personal data as defined in the terms of use for Covered Products and its transmission to Facebook. The subsequent processing of data by Facebook is not part of the joint processing. Similarly, if personal data is processed exclusively by us, this is not part of the joint processing – in this case, we are the sole controller of the data processing.
You can find the information required under Article 13 I a, b GDPR in Facebook’s data policy at https://www.facebook.com/about/privacy. Further information on joint processing can be found in the respective terms of use for the products.
For the use of certain Facebook products (so-called “Facebook Business Tools”) and the associated data processing, the additional agreement between us and Facebook as joint controllers in accordance with Art. 26 GDPR applies, which you can view at https://www.facebook.com/legal/controller_addendum.
The Site Administrator and Facebook have entered into this Addendum for Controllers to determine the respective responsibilities for fulfilling the obligations under the GDPR with respect to joint processing (as set forth in the Terms of Use for Covered Products).
Furthermore, we have agreed that between the parties, Facebook is responsible for enabling the rights of data subjects under Articles 15-20 of the GDPR with respect to the personal data stored by Facebook after joint processing.
Any transfer of personal data to the United States will be based on the adequacy decision of the EU Commission (EU-U.S. Data Privacy Framework). Based on adequacy decisions, personal data can flow freely and securely from the European Economic Area to the third country in question without any further conditions or authorizations being required. This means that data can be transferred to the third country in the same way as within the EU.
Data processing conditions at Facebook
We would like to expressly point out that the use of certain Facebook products may involve the transmission of personal information to Facebook. Taking the circumstances into account, it is also possible that Facebook may transmit EU data to Facebook Inc./META in the USA for storage and further processing. By using Facebook products, the user agrees to the Facebook data processing conditions. These can be found at https://www.facebook.com/legal/terms/dataprocessing/update .
The Facebook EU data transfer addendum can be found at https://www.facebook.com/legal/EU_data_transfer_addendum
Facebook’s data policy can be found at https://www.facebook.com/about/privacy/
Information on cookies and other storage technologies on Facebook can be found at https://www.facebook.com/policies/cookies/
You can view Facebook’s data security conditions at https://www.facebook.com/legal/terms/data_security_terms .
Facebook’s terms of use for commercial use can be found at https://www.facebook.com/legal/commercial_terms/update
You can contact Facebook’s data protection officer at https://www.facebook.com/help/contact/540977946302970 .
Further information on Page Insights data
Facebook continues to provide us with so-called Page Insights for the Facebook page. Insights data is summarized data that provides us with information on how users interact with the Facebook page. The legal basis for data processing is Art. 6 I S 1 lit. f GDPR, the protection of our legitimate interests in an optimized presentation of the website and effective communication with users.
The data processing is based on an agreement between the joint controllers in accordance with Art. 26 GDPR, which you can view at https://www.facebook.com/legal/terms/page_controller_addendum .
For more information on page insights data on Facebook, please visit https://www.facebook.com/legal/terms/information_about_page_insights_data
Data processing when you contact us via Facebook Products
We collect personal data when you contact us, e.g. via the contact form or via Messenger. This data is stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for the processing of the data is our legitimate interest in answering your request in accordance with Art. 6 I S lit. f GDPR. Your data will be deleted after your request has been processed, provided that there are no legal obligations to the contrary.
Your rights
Facebook and we have agreed that Facebook is primarily responsible for providing you with information about the joint processing and for enabling you to exercise your rights under the GDPR. Under the GDPR, you have the right to access, rectify, transfer and delete your data, as well as to object to the processing of your data and to restrict the processing. You can find out more about these rights in your Facebook settings. For more information on your rights, see also “Rights of data subjects” in this data protection declaration.
Facebook and we have agreed that the Irish Data Protection Commission is the authority that will exercise lead supervision over the processing under joint responsibility. You have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or with your local supervisory authority.
Right to object to advertising
You can object to the processing of your data for advertising purposes on Facebook at any time by changing your advertising settings in your Facebook user account at https://www.facebook.com/settings?tab=ads .
We operate the Facebook page for advertising purposes for our services. The processing of personal data is based on Art. 6 I S 1 lit f GDPR.
Data security – SSL encryption
We use the SSL (Secure Socket Layer) procedure on our website to encrypt and protect the transmission of confidential content. When SSL encryption is activated, the data you send to us cannot be read by third parties. You can tell whether a particular page of our website is being transmitted in encrypted form by the closed padlock or key symbol in the status bar of your browser – the address bar of your browser will show “https://” if SSL encryption is in use.
Processing/forwarding of data
Your personal data will not be transmitted to third parties for any other purposes than those listed above or below.
We only pass on your personal data to third parties if:
you have given your express consent in accordance with Art. 6 I S 1 lit. a GDPR,
- this is legally permissible and, in accordance with Art. 6 I S. 1 lit. b GDPR, is necessary for the fulfillment of contractual relationships or for the implementation of pre-contractual measures with you,
- in the event that we are legally obliged to disclose your personal data in accordance with Art. 6 I S 1 lit. c GDPR
- the processing is necessary for the purposes of our legitimate interests or those of a third party pursuant to Art. 6 I S 1 lit f GDPR, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
Your Rights
You have the right:
- to request information about your personal data processed by us in accordance with Art. 15 GDPR;
- in accordance with Art. 16 GDPR, to request the immediate correction of incorrect or incomplete personal data stored by us;
- to request the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
- to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR;
- in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller;
- to withdraw your consent to us at any time in accordance with Art. 7 III GDPR. This means that we may no longer continue the data processing based on this consent in the future;
- to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR if you consider that the processing of personal data relating to you infringes the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or work or of our registered office. A list of data protection officers in Germany and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Right to object to data collection in special cases and to direct marketing (Art. 21 GDPR)
If we process your personal data in accordance with Art. 6 I S lit f GDPR in order to safeguard our legitimate interests, which are deemed to outweigh your interests, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR with effect for the future. If the processing is for the purposes of direct marketing, you can exercise this right at any time. This also applies to profiling insofar as it is associated with such direct marketing. If the processing is carried out for other purposes, you only have the right to object if there are reasons arising from your particular situation.
If you wish to exercise your right to object, simply send us an e-mail.
After you have exercised your right to object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
If you object to the processing of your personal data for direct marketing purposes, your personal data will no longer be processed for these purposes.
No automatic decision-making or profiling takes place on our websites.
Amendment of this data protection declaration
As a result of the further development of our website and offers on it, or due to changes in legal or regulatory requirements, it may become necessary to amend this data protection declaration in accordance with the applicable data protection regulations. The current data protection declaration can be accessed and printed out by you at any time on our website under the link Data privacy.
June 2024