Privacy Policy

Privacy Policy

Thank you for visiting our website. We would like to inform you below about the processing of your personal data on our website.

 

Responsible party

Rommelag ETL GmbH
Talstrasse 22-30
74429 Sulzbach-Laufen
Germany

House address:

Hotel Restaurant Krone
Main street 44
74429 Sulzbach-Laufen
E-Mail: info@krone-sulzbach.com
Phone: 07976 911 910

 

Terms

The technical terms used in this privacy policy are to be understood as legally defined in Art. 4 GDPR. The terms "user" and "website visitor" are used synonymously in our privacy policy.

 

Recipients of data

Recipients of data are named in our privacy policy under the respective category/heading.

 

Categories of data subjects

The categories of data subjects are website visitors and other users of online services.

 

General information on data processing on the website

Automated data processing (log files etc.)

Our website can be visited without actively entering personal data. However, we automatically store access data (server log files) such as the name of the Internet service provider, the operating system used, the website from which the user visits us, the date and duration of the visit or the name of the requested file, as well as the IP address of the end device used for a period of 7 days for security reasons, e.g. to detect attacks on our website. This data is not merged with other data sources. We process and use the data for the following purposes: provision of the website, prevention and detection of errors/malfunctions, and misuse of the website.

Data categories:Meta and communication data (e.g. IP address, date and time of access, time, type of HTTP request, website from which the access is made (referrer URL), browser used and, if applicable, operating system of the accessing computer (user agent)

Purpose of processing:Prevention and detection of errors/malfunctions, detection of misuse of the website

Legal basis: Legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR

Legitimate interests: Fraud prevention to detect misuse of the website

 

Required cookies (functionality, opt-out links, etc.)

In order to enable the use of the basic functions on our website and to provide the service requested by the user, we use so-called cookies on our website. Cookies are a standard Internet technology for storing and retrieving information for website users. Cookies represent information and/or data that can be stored on the user's end device, for example. With classic cookie technology, the user's browser is instructed to store certain information on the user's device when a specific website is accessed.

Strictly necessary cookies are used to provide a telemedia service expressly requested by the user, e.g:

  • Cookies for error analysis and security purposes
  • Cookies for storing logins
  • Cookies to store data in online forms if the form extends over several pages
  • Cookies for storing (language) settings
  • Cookies to store items placed in the shopping cart by users in order to complete the purchase
  • Cookies for storing consent or revocation (opt-in, opt-out)

Some of the cookies used (so-called session cookies) are deleted after the end of the browser session, i.e. after closing the browser.

Cookies can be deleted retrospectively by users in order to remove data that the website has stored on the user's computer.

The data processing described above may also relate to information that is not personal but constitutes information within the meaning of the TTDSG. In these cases, too, this information may be required for the use of an expressly requested service and may therefore be stored in accordance with Section 25 TTDSG.

Opt-out:

Firefox: https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen

Google Chrome: https://support.google.com/chrome/answer/95647?hl=de

Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/inprivate-browsen-in-microsoft-edge-cd2c9a48-0bc4-b98e-5e46-ac40c84e27e2

Opera: https://help.opera.com/en/latest/security-and-privacy/

Safari: https://support.apple.com/de-de/HT201265

Legal basis:Legitimate interests (Art. 6 para. 1 lit. f) GDPR in conjunction with § 25 para. 2 no. 2 TTDSG), consent (Art. 6 para. 1 lit. a) GDPR in conjunction with § 25 para. 1 TTDSG)

Legitimate interests: Storage of opt-in preferences, ensuring the functionality of the website, maintaining user status across the entire website

 

Storage and processing of unnecessary information and data

Beyond the required scope, user data may be processed by means of cookies, similar technologies or application-related technologies, e.g. for the purpose of (cross-website) tracking or personalized advertising. Data may be transmitted to third-party providers. The storage and further processing of user data that is not absolutely necessary to provide the telemedia service is then carried out on the basis of consent within the meaning of Art. 6 para. 1 lit. a) GDPR (if applicable in conjunction with § 25 para. 1 sentence 2 TTDSG).

 

Consent management platforms (consent management)

We use a consent management process on our website to store and manage the consent given by website visitors in a verifiable manner in accordance with data protection requirements. The consent management platform used helps us to recognize all cookies and tracking technologies and to control them based on the consent status. At the same time, visitors to our website can use the consent management service we have integrated to manage the consents and preferences granted (optional setting of cookies and other technologies that are not required) or revoke consent at any time using the button.

The status of the consent is stored on the server and/or in a cookie (so-called opt-in cookie) or a comparable technology in order to be able to assign the consent to a user or their device. The time of the declaration of consent is also recorded.

Data categories: Consent data (consent ID and number, time consent was given, opt-in or opt-out), meta and communication data (e.g. device information, IP addresses)

Purposes of processing:fulfillment of accountability, consent management

Legal bases:Legal obligation (Art. 6 para. 1 lit. c) GDPR in conjunction with Art. 7 GDPR)

Consent management/withdrawal

 

HubSpot

Recipient: HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA

Third country transfer: On the basis of the adequacy decision of the European Commission for the USA.

Privacy Policy: https://legal.hubspot.com/de/privacy-policy

 

Hosting (incl. Content Delivery Network)

Our website is hosted by an external service provider. Data of visitors to our website, in particular so-called log files, are stored on the servers of our service provider. By using a specialized service provider, we can provide our website efficiently. The hosting provider we use does not process the data for its own purposes.

We also use a so-called Content Delivery Network (CDN) in order to be able to provide the content of our website more quickly. When website visitors access graphics, scripts or other content, for example, these are provided quickly and in an optimized manner with the help of regionally and internationally distributed servers. When the files are retrieved, a connection is established to the servers of a CDN provider, whereby personal data of visitors to our website is processed, such as the IP address and browser data.

Data categories: User data (e.g. websites visited, interest in content, access times), meta and communication data (e.g. device information, IP addresses)

Purposes of processing: Proper presentation and optimization of the website, faster and location-independent accessibility of the website,

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR); legitimate interests (Art. 6 para. 1 lit. f) GDPR)

Legitimate interests: Avoidance of downtime, high scalability, reduction of the bounce rate on the website

 

HubSpot

Recipient: HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA

Legal basis: legitimate interests (Art. 6 para. 1 lit. f) GDPR)

Third country transfer: On the basis of the adequacy decision of the European Commission for the USA.

Privacy policy: https://legal.hubspot.com/de/privacy-policy

 

CloudFlare

Recipient: Cloudflare GmbH, Rosental 7, 80331 Munich, Germany

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)

Third country transfer: Does not take place.

Privacy policy: https://www.cloudflare.com/de-de/privacypolicy/

 

Web analysis and optimization

We use procedures on our website to analyze user behavior and measure reach. For this purpose, information about the behaviour, interests or demographic information of visitors is collected in order to determine whether and where our website needs to be optimized or adapted (e.g. forms on the website, improved placement of buttons or call-to-action buttons, etc.).

We can also measure the click and scroll behavior of website visitors. Among other things, this helps us to recognize at what time our website, its functions or content are most frequented.

The collection of this data is made possible by the use of certain technologies (e.g. cookies). These are stored on users' end devices as part of client-side tracking when they visit our website.

We take precautions to protect the identity of our website visitors. We process the clear data of website visitors for the purposes described.

Data categories: Usage data (e.g. websites visited, interest in content, access times), demographic characteristics (age, gender), meta and communication data (e.g. device information, anonymized IP addresses, location data), contact data (e.g. email address), content data (e.g. text details)

Purposes of processing: Checking the status of target achievement (performance review) of all online activities Analysis of user behaviour on the website (website interaction) for web optimization and reach measurement, checking the utilization of the website, lead evaluation, sales increase, budget control

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)

 

Google Analytics

Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)

Third country transfer: On the basis of the adequacy decision of the European Commission for the USA.

Privacy policy: https://policies.google.com/privacy?hl=en-US

 

Google Tag Manager

Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)

Third country transfer: On the basis of the adequacy decision of the European Commission for the USA.

Privacy policy: https://policies.google.com/privacy?hl=en-US

 

Online marketing

Search Engine Marketing (advertising in search engines)

We use search engine marketing methods. Search engine marketing includes all measures that are suitable for improving the visibility of our website in the organic or non-organic search results of search engines, increasing our reach and thus increasing traffic (visitor traffic) to our website. We can also use search engine marketing to generate new leads.

Search engine advertising can take place on various external platforms or websites. The advertising is shown to users in the form of text, display or video ads.

We first create a campaign for search engine advertising using our tracking tool and store various dimensions there that are to be recorded by the search engine provider selected by us, e.g. user location, device information and target groups (demographic characteristics). This enables us to gain further insights into the interests in our content/products and, if necessary, to recognize trends.

Conversion measurement (measurement of the success of our advertisements)

We can determine the success of our advertisements on the basis of summarized data made available to us by the search engine provider (so-called conversion measurement). This allows us to track whether a marketing measure has led to a so-called event (e.g. downloading a PDF or playing a video) or a conversion (e.g. purchase of a product or registration on our website). The evaluation is provided to us in the form of statistics via our tracking tool and serves to analyze the success of our online activities (success control). It helps us to derive measures to improve the customer journey.

Note:

Website visitor data (e.g. name and email address) can be assigned directly if they are logged into their account with the search engine provider. If assignment via the profile is not desired, the website visitor must log out of the search engine provider before visiting our website.

Data categories: User and interaction data (e.g. websites visited, interest in content, access times), meta and communication data (e.g. device information, anonymized IP addresses), location data if applicable, contact data (e.g. email addresses)

Purposes of processing: Increase in sales and reach, conversion measurement, target group formation, identification of trends for the development of marketing strategies

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)

Google DoubleClick

Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)

Third country transfer: On the basis of the adequacy decision of the European Commission for the USA.

Privacy policy: https://policies.google.com/privacy?hl=en-US

 

Social media presences

We maintain a company profile on social networks in order to increase our visibility among potential customers and interested parties and to make our company visible to the public.

Social networks help us to increase our reach and actively promote interaction and communication with users. Activity and communication on social media plays a key role in attracting new customers and employees. Social media and the website can be used to share relevant information about our company, publicize events and communicate important short-term announcements and job vacancies. They also help us to get in touch with users quickly and easily.

Social media platform operators create so-called user profiles based on the usage behavior of users, for example the indication of interests (likes, shares). These are used to adapt advertisements to the interests of target groups. When users are active on social media channels, cookies or other technologies are regularly stored on users' end devices, in some cases regardless of whether they are registered users of the social network.

Insights (statistics)

The data evaluated by the social media platform operators are provided to us in the form of anonymized statistics, which means that they no longer contain any personal data of users. We can use the statistics to see, for example, how often and at what time our social media profile was visited. It is currently not possible for fan page operators to deactivate this function. We therefore have no influence on the extent to which data is processed by social media platforms.

Depending on where the social network is operated, user data may be processed outside the European Union or outside the European Economic Area. This may result in risks for users because it makes it more difficult to enforce their rights.

Data categories: user names (e.g. surname, first name), contact data (e.g. email address), content data (e.g. text details, photographs, videos), usage and interaction data (e.g. websites visited, interests, likes, shares, access times), meta and communication data (e.g. device information, IP address, location data if applicable)

Purposes of processing: Increasing reach, raising awareness, rapid networking

Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR), consent (Art. 6 para. 1 lit. a) GDPR)

Legitimate interests: Interaction and communication on social media presence, profit increase, insights into target groups

 

Facebook

Recipient: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland

Opt-out link: https://www.facebook.com/policies/cookies/

Third country transfer: Based on the adequacy decision of the European Commission for the USA.

Privacy Policy: https://www.facebook.com/privacy/explanation

 

Plugins and integrated third-party content

Our website includes functions and elements that are obtained from third-party providers. These are, for example, videos, presentations, buttons, map services (maps) or contributions (hereinafter referred to as content ). If this third-party content is accessed by website visitors (e.g. click, play, etc.), information and data are collected and linked to the website visitor's end device in the form of cookies or other technologies (e.g. pixels, Java Script commands or web assembly) and transmitted to the server of the third-party provider used. The third-party provider thereby receives usage and interaction data from the website visitor and makes this available to us in the form of statistics via a dashboard. The statistics we receive contain dimensions and metrics and no clear user data.

It is not possible to load and display this third-party content without this processing operation.

In order to protect the personal data of website visitors, we have taken protective measures to prevent the automatic transmission of this data to the third-party provider. This data is only transmitted when users actively use the buttons and click on the third-party content.

 

Data categories: Usage data (e.g. websites visited, interests, access time), meta and communication data (e.g. device information, anonymized IP address)

Purposes of processing: Sharing posts and content, interest- and behavior-based marketing, evaluation of statistics, cross-device tracking, increasing the reach of advertisements in social media

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)

 

OpenStreetMap

Recipient: OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road, Cambridge CB4 0WS, United Kingdom

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)

Third country transfer: On the basis of the adequacy decision of the European Commission for the United Kingdom

Privacy policy: https://wiki.osmfoundation.org/wiki/Privacy_Policy

 

DATA PROTECTION WIDGET USE

This page integrates a widget from HOTELCLASS to display the current star category of a hotel. The provider is DEHOGA Deutsche Hotelklassifizierung GmbH, Am Weidendamm 1A, 10117 Berlin, Germany (https://hotelclass.info/imprint.php). This allows guests to see at a glance that a hotel has been classified and complies with the official guidelines of the German Hotel Classification. The protection of personal data is an important concern for us. The use of the HOTELCLASS widget of DEHOGA Deutsche Hotelklassifizierung GmbH is in accordance with the applicable legal provisions for the protection of personal data and data security. This data protection notice provides you with information on how DEHOGA Deutsche Hotelklassifizierung GmbH handles information that is collected when you use the HOTELCLASS widget.

Collection and processing of personal data
The use of the HOTELCLASS widget of DEHOGA Deutsche Hotelklassifizierung GmbH is possible without providing personal data. Personal data is all information about your identity such as your name, your e-mail address or your postal address. Such data is neither collected nor stored when you use the HOTELCLASS widget.

Server log files
The provider of our website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. The data in the log files include
Referrer URL (the website you came from)
browser type
Browser version and language Operating system used and its interface IP address (anonymized)
Time of the server request
http status code
Access status of the transferred data volume
Storage period is 7 days
This data is not merged with other data sources.
The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, which permits the processing of data for the optimal presentation and security of the website based on our legitimate interest, without your interests in the exclusion of data collection prevailing.

Storage location of the data
This information is usually transmitted to a server of
MINDSTREAM - Christian Klar,
Maria-Theresien-Straße 21,
6020 Innsbruck
at the Data Center Park Falkenstein location and stored there.

Security
DEHOGA Deutsche Hotelklassifizierung GmbH takes precautions to protect your personal data from loss, destruction, falsification, manipulation and unauthorized access. The statutory data protection regulations of the Federal Republic of Germany are of course observed.

Right to information
If you have any questions regarding the processing of your personal data, please contact info@hotelstars.eu or

DEHOGA Deutsche Hotelklassifizierung GmbH
Am Weidendamm 1A
10117 Berlin

Authorized managing director: Markus Luthe

 

Newsletter and broad communication (with tracking)

On our website, users have the option of subscribing to our newsletter or any notifications via various channels (hereinafter referred to as " newsletter"). We only send newsletters in accordance with the statutory provisions to recipients who have consented to receiving the newsletter. We use a selected service provider to send our newsletter.

To subscribe to our newsletter, you must provide an e-mail address. We may also collect additional data, such as the name, in order to personalize our newsletter.

Our newsletter is only sent after the double opt-in procedure has been completed. If website visitors decide to subscribe to our newsletter, they will receive a confirmation e-mail, which serves to prevent the misuse of false e-mail addresses and to prevent the newsletter from being sent by a simple, possibly inadvertent click. You can unsubscribe from our newsletter at any time in the future. An unsubscribe link (opt-out link) is included at the end of each newsletter.

We are also obliged to provide proof that our subscribers actually wanted to receive the newsletter. For this purpose, we collect and store the IP address and the time of subscription and unsubscription.

Newsletter tracking

Our newsletters are designed in such a way that it is possible for us to gain insights into improvements, target groups or the reading behavior of our subscribers. This is made possible by a so-called web beacon or tracking pixel, which reacts to interactions with the newsletter, for example whether links are clicked on, whether the newsletter is opened at all or at what time the newsletter is read. We can assign this information to individual subscribers for technical reasons.

Data categories: Master data (e.g. name, address), contact data (e.g. email address, telephone number), meta and communication data (e.g. device information, IP address), usage data (e.g. interests, access times)

Purposes of processing: Marketing, customer retention and new customer acquisition, analysis and evaluation of the success of the campaign

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR)

 

HubSpot

Recipient: HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA

Legal basis: legitimate interests (Art. 6 para. 1 lit. f) GDPR)

Third country transfer: On the basis of the adequacy decision of the European Commission for the USA.

Privacy policy: https://legal.hubspot.com/de/privacy-policy

 

Advertising communication

We also use data provided to us, which we have received, for example, as part of an order, for advertising purposes, in particular to inform you on various channels about news from us or from our product portfolio. Advertising on our part takes place within the framework of the legal requirements and - if necessary - after obtaining consent. If the recipients of our advertising do not wish to receive it, they can inform us of this at any time and object or withdraw their consent. The unsubscribe button in our email can be used for this purpose. Only those users who have not objected to receiving our advertising in advance will receive it.

We have commissioned a service provider to send the advertising messages. This service provider acts exclusively on our instructions. The data will not be processed for purposes other than sending.

Data categories: Master data (e.g. name, address), contact data (e.g. email address, telephone number if applicable)

Purposes of processing: Direct marketing

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR), legitimate interests (Art. 6 para. 1 lit. f) GDPR)

Legitimate interests: Retention of existing and acquisition of new contacts or contractual partners, information about similar goods and services

 

Making contact

We offer website visitors the opportunity to contact us directly or to obtain information via various contact options. We use a management tool/our CRM system to process corresponding inquiries in order to have an overview of contacts made with us.

If contact is made, we process the data of the person making the inquiry to the extent necessary to answer or process the inquiry. The data processed may vary depending on how we are contacted.

Data categories: Master data (e.g. name, address), contact data (e.g. email address, telephone number), content data (e.g. text entries, photographs, videos), usage data (e.g. interests, access times), meta and communication data (e.g. device information, IP address).

Purposes of processing: Processing of inquiries

Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR), fulfillment or initiation of a contract (Art. 6 para. 1 lit. b) GDPR)

 

HubSpot Forms

Recipient: HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA

Legal basis: legitimate interests (Art. 6 para. 1 lit. a) GDPR)

Third country transfer: On the basis of the adequacy decision of the European Commission for the USA.

Privacy policy: https://legal.hubspot.com/de/privacy-policy

 

Further mandatory information on data processing

Data transmission

We transfer the personal data of website visitors for internal purposes (e.g. for internal administration or to the HR department in order to comply with legal or contractual obligations). The internal data transfer or disclosure of data takes place to the extent necessary in compliance with the relevant data protection regulations.

It may be necessary for us to pass on personal data in order to execute contracts or to fulfill a legal obligation. If we are not provided with the data required in this respect, it may not be possible to conclude the contract with the data subject.

If your data is processed outside the EU/EEA, in so-called third countries (e.g. USA), we ensure that this is done in accordance with the requirements of Art. 44 et seq. GDPR. We take additional measures to ensure the highest possible level of protection for the personal data of data subjects. The guarantee applicable to the transfer to third countries is specified in our privacy policy for the respective recipients.

 

Legal basis: Legitimate interests (Art. 6 para. 1 lit. f) GDPR)

Legitimate interests: So-called. Small group privilege, centralized management and administration within the company to exploit synergy effects, cost savings, increase effectiveness

 

Order processing

Recipients may work for us as so-called processors. We have concluded so-called "order processing contracts" with them in accordance with Art. 28 para. 3 GDPR. This means that the processors may only process your personal data in a way that we have explicitly instructed them to do so. Processors take adequate technical and organizational measures to process your data securely and in accordance with our instructions.

 

Storage period

We store the data of visitors for as long as is necessary to provide our services or if this has been provided for by the European legislator or another legislator in laws or regulations to which we are subject. In all other cases, we delete the personal data after the purpose has been fulfilled, with the exception of data that we must continue to store in order to fulfill legal obligations (e.g. we are obliged to retain documents such as contracts and invoices for a certain period of time due to retention periods under tax and commercial law).

Storage period for required cookies: 30 days

Storage period for non-essential cookies/technologies: After expiry of the session and upon revocation by the data subject

 

Automated decision-making (including profiling)

We do not use automated decision-making or profiling in accordance with Art. 22 GDPR.

 

Legal basis

The relevant legal bases are primarily derived from the GDPR. These are supplemented by national laws of the member states and may apply together with or in addition to the GDPR.

 

Consent: Art. 6 para. 1 lit. a) GDPR serves as the legal basis for processing operations for which we have obtained consent for a specific processing purpose.

Performance of a contract: Art. 6(1)(b) GDPR serves as the legal basis for processing operations that are necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Legal obligation: Art. 6 para. 1 lit. c) GDPR serves as the legal basis for processing operations that are necessary for compliance with a legal obligation.

Vital interests: Art. 6 para. 1 lit. d) GDPR serves as the legal basis if the processing is necessary to protect the vital interests of the data subject or another natural person.

Public interest: Art. 6 para. 1 lit. e) GDPR serves as the legal basis for processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Legitimate interest: Art. 6 para. 1 lit. f) GDPR serves as the legal basis for processing that is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

 

Rights of the data subject

Right to information: Pursuant to Art. 15 GDPR, data subjects have the right to request confirmation as to whether we are processing data concerning them. They can request information about this data as well as the further information listed in Art. 15 para. 1 GDPR and a copy of their data.

Right to rectification: Pursuant to Art. 16 GDPR, data subjects have the right to request the rectification or completion of data concerning them and processed by us.

Right to erasure: Pursuant to Art. 17 GDPR, data subjects have the right to obtain the erasure of personal data concerning them without undue delay. Alternatively, they can request that we restrict the processing of their data in accordance with Art. 18 GDPR.

Right to data portability: Pursuant to Art. 20 GDPR, data subjects have the right to request the provision of the data they have provided to us and to request that it be transferred to another controller.

Right to lodge a complaint: Data subjects also have the right to lodge a complaint with the supervisory authority responsible for them in accordance with Art. 77 GDPR.

Right to object: If personal data are processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f) GDPR, data subjects have the right to object to the processing of their personal data pursuant to Art. 21 GDPR, provided that there are reasons for this arising from their particular situation or the objection is directed against direct advertising. In the latter case, data subjects have a general right to object, which is implemented by us without specifying a particular situation.

 

Revocation

Some data processing operations are only possible with the express consent of the data subject. You have the option of withdrawing your consent at any time without giving reasons. All you need to do is send an informal email to info@krone-sulzbach.com. Consent to data processing operations on our website can be adjusted and revoked directly in our Consent Manager. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

 

External links

Our website contains links to the online offerings of other providers. We would like to point out that we have no influence on the content of the linked websites and the compliance with data protection regulations by their providers.

 

Changes

We reserve the right to adapt the data protection information on our website at any time in the event of changes and in compliance with the applicable data protection regulations so that it complies with data protection requirements.

 

Information on the processing of hotel visitors

GENERAL

Rommelag ETL GmbH takes the protection of your personal data very seriously. Your privacy is an important concern for us. We process your personal data in accordance with the applicable statutory data protection requirements for the purposes listed below. Personal data within the meaning of this data protection information is all information that relates to you personally.

Responsible body for data processing:

Rommelag ETL GmbH
Talstrasse 22-30
74429 Sulzbach-Laufen

House address:

Hotel Restaurant Krone
Main street 44
74429 Sulzbach-Laufen

E-Mail: info@krone-sulzbach.com
Phone: 07976 911 910
https://www.krone-sulzbach.com

 

PROCESSING FRAMEWORK

Source and origin of data collection

We process personal data that we have collected directly from you. We record this data digitally in a software solution for the hotel industry.

In order to make it as easy as possible for you to register with us on arrival, we may process data that your company has provided to us in advance.

Types of data

Relevant personal data may include in particular

  • Master/contact data (e.g. first and last name, address)
  • Contact data (e.g. e-mail address, telephone number, fax)

Purposes and legal bases of the processed data

We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other applicable data protection regulations (details below).

Purposes for the fulfillment of a contract or pre-contractual measures (Art. 6 para. 1 b) GDPR)

The processing of personal data takes place for the execution of our contracts with you and the execution of your stay in our house.

Purposes in the context of a legitimate interest of us or third parties (Art. 6 para. 1 f) GDPR)

We process your personal data for the purpose of the organizational handling of your stay, the protection of domiciliary rights and thus in the exercise of our legitimate interests (Art. 6 para. 1 f) GDPR) to comply with applicable safety standards (e.g. fire protection, etc.).

Existence of automated decision-making in individual cases

We do not use purely automated decision-making processes in accordance with Art. 22 GDPR.

Consequences of not providing data

As part of your stay, you must provide the personal data required to record/verify your stay. Without this data, we will not be able to process your booking and protect our legitimate interests in safeguarding domiciliary rights and meeting applicable security standards.

Recipients of the data

Within the EU/EEA

All data that we collect in connection with your stay with us remains with us in the company. The data is only processed by employees who are bound to confidentiality and data secrecy.

We also use a specialized software provider for visitor management. This provider acts as a service provider for us and may also gain knowledge of your personal data in connection with the maintenance and care of the systems. We have concluded a so-called order processing contract with this provider, which ensures that the data processing is carried out in a permissible manner.

Outside the EU/EEA

Data is not transferred to locations in countries outside the European Union (EU) or the European Economic Area (EEA).

Creditworthiness

Our company regularly checks and monitors your creditworthiness when contracts are concluded and, in certain cases where there is a legitimate interest, also for existing customers. For this purpose, we work together with Creditreform Boniversum GmbH, Hammfelddamm 13, 41460 Neuss, from whom we receive the necessary data. For this purpose, we transmit your name, address and date of birth to Creditreform Boniversum GmbH. The information pursuant to Art. 14 of the EU General Data Protection Regulation on the data processing taking place at Creditreform Boniversum GmbH can be found here: https://www.boniversum.de/eudsgvo/informationen-nach-eu-dsgvo-fuer-verbraucher/

 

STORAGE PERIODS

We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.

In addition, we are subject to various retention and documentation obligations arising from the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The retention and documentation periods specified there are up to ten years to the end of the calendar year after the end of the business relationship or the pre-contractual legal relationship.

Furthermore, special statutory provisions may require a longer retention period, e.g. the preservation of evidence within the framework of statutory limitation periods. According to Sections 195 et seq. of the German Civil Code (BGB), the regular limitation period is three years; however, limitation periods of up to 30 years may also be applicable.

If the data is no longer required for the fulfillment of contractual or legal obligations and rights, it is regularly deleted, unless its - temporary - further processing is necessary to fulfill the purposes for an overriding legitimate interest. Such an overriding legitimate interest also exists, for example, if deletion is not possible or only possible with disproportionately high effort due to the special type of storage and processing for other purposes is excluded by suitable technical and organizational measures

 

Your rights

Under certain circumstances, you can assert your data protection rights against us. If possible, your requests to exercise your rights should be addressed in writing or by e-mail to the address given above or directly in writing or by e-mail to our data protection officer.

  • You have the right to receive information from us about your data stored by us in accordance with the rules of Art. 15 GDPR (possibly with restrictions according to § 34 BDSG).
  • At your request, we will correct the data stored about you in accordance with Art. 16 GDPR if it is inaccurate or incorrect.
  • If you wish, we will delete your data in accordance with the principles of Art. 17 GDPR, provided that other legal regulations (e.g. statutory retention obligations or the restrictions according to § 35 BDSG) or an overriding interest on our part (e.g. to defend our rights and claims) do not conflict with this.
  • Taking into account the requirements of Art. 18 GDPR, you can request that we restrict the processing of your data.
  • If your personal data are processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR or if they are necessary for the performance of a task carried out in the public interest or in the exercise of official authority, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation.
  • You also have the right to receive your data in a structured, commonly used and machine-readable format or to transmit it to a third party in accordance with the requirements of Art. 20 GDPR.
  • In addition, you have the right to withdraw your consent to the processing of personal data at any time with effect for the future.
  • You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). However, we recommend that you always address a complaint to our data protection officer first.

You can contact the supervisory authority responsible for us at

The State Commissioner for Data Protection and Freedom of Information

Baden-Württemberg
P.O. Box 10 29 32
70025 Stuttgart

Phone: 0711/615541-0
Fax: 0711/615541-15
E-mail: poststelle@lfdi.bwl.de

STAY UP TO DATE.

We will keep you informed about menu updates, events, and promotions.