Terms & conditions and data privacy

Scope of data protection

General information about the processing of your data

We are legally obliged to inform you about the processing of your personal data (hereinafter referred to as “data”) when you use our website. We take the protection of your personal data very seriously. This data protection notice informs you about the details of the processing of your data and your legal rights in this regard. For terms such as “personal data” or “processing”, the legal definitions from Art. 4 GDPR are authoritative. We reserve the right to adapt the privacy policy with effect for the future, in particular in the event of further development of the website, the use of new technologies or changes to the legal basis or the corresponding case law. We recommend that you read the privacy policy from time to time and take a printout or copy for your records.

Scope of application

The privacy policy applies to all pages of www.hotel-zurpost-bremen.de. It does not extend to any linked websites or internet presences of other providers.

Controller

The controller responsible for the processing of personal data within the scope of this privacy policy is:
Best Western Hotel zur Post
B.W. Hotel zur Post Bremen GmbH
Bahnhofsplatz 11, 28195 Bremen
Tel.: +49 (0)421 30590/ Fax: +49 (0)421 3059591
Email: info@zurpost.bestwestern.de

Questions about data protection

If you have any questions about data protection with regard to our company or our website, please contact our data protection officer:
SPIRIT LEGAL Fuhrmann Hense Partnerschaft von Rechtsanwälten
Lawyer and data protection officer Peter Hense
Postal address:
Data Protection Officer
c/o B. W. Hotel zur Post Bremen GmbH; Bahnhofsplatz 11, 28195 Bremen
Contact via the encrypted online form.

Data security

We have taken comprehensive technical and organizational precautions to protect your personal data from unauthorized access, misuse, loss and other external interference. To this end, we regularly review our security measures and adapt them to the state of the art.

Your rights

You have the following rights with regard to the personal data concerning you, which you can assert against us:

Right to information: You can request information in accordance with Art. 15 GDPR about your personal data that we process.
Right to rectification: If the information concerning you is not (or no longer) accurate, you can request rectification in accordance with Art. 16 GDPR. If your data is incomplete, you can request that it be completed.
Right to erasure: You can request the erasure of your personal data in accordance with Art. 17 GDPR.
Right to restriction of processing: In accordance with Art. 18 GDPR, you have the right to request the restriction of your personal data.
Right to object to processing: You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Art. 6 para. 1 sentence 1 lit. e) or lit. f) GDPR in accordance with Art. 21 para. 1 GDPR. In this case, we will no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, including where the processing serves the establishment, exercise or defense of legal claims (Art. 21 (1) GDPR). You also have the right to object at any time to the processing of personal data concerning you for the purpose of direct marketing in accordance with Art. 21 para. 2 GDPR; this also applies to any profiling insofar as it is associated with such direct marketing. We draw your attention to the right to object in this privacy policy in connection with the respective processing.
Right to withdraw your consent: If you have given your consent for processing, you have the right to withdraw your consent in accordance with Art. 7 (3) GDPR.
Right to data portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format (“data portability”) and the right to transmit this data to another controller if the requirements of Art. 20 para. 1 lit. a, b GDPR are met (Art. 20 GDPR).

You can assert your rights by sending a message to the contact details listed in the “Controller” section or to the data protection officer appointed by us.

If you believe that the processing of your personal data violates data protection law, you also have the right to lodge a complaint with a data protection supervisory authority of your choice in accordance with Art. 77 GDPR. This also includes the data protection supervisory authority responsible for the controller: The State Commissioner for Data Protection of Lower Saxony, P.O. Box 221, 30002 Hannover, Tel.: 0511/120-4500, Fax: 0511 120-4599, Email: poststelle@lfd.niedersachsen.de.

Use of our website

In principle, you can use our website for purely informational purposes without disclosing your identity. When accessing the individual pages of the website in this sense, only access data is transmitted to our web space provider so that the website can be displayed to you. The following data is processed:

Browser type/browser version,
Operating system used,
Language and version of the browser software,
Date and time of access,
Host name of the accessing end device,
IP address,
Content of the request (specific website),
Access status/HTTP status code,
Websites accessed via the website,
Referrer URL (the previously visited website),
Message as to whether the request was successful,
time zone difference to GMT and
amount of data transferred.

The temporary processing of this data is necessary to technically enable the process of a website visit and delivery of the website to your end device. The access data is not used to identify individual users and is not merged with other data sources. Further storage in log files takes place in order to ensure the functionality of the website and the security of the information technology systems. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interests lie in ensuring the functionality of the website and the integrity and security of the website. Storing access data in log files, in particular the IP address, for a longer period of time enables us to detect and prevent misuse. This includes, for example, the defense against requests that overload the service or any bot usage. The access data is deleted as soon as it is no longer required to achieve the purpose for which it was processed. In the case of the collection of data for the provision of the website, this is the case when you end your visit to the website. The log data is always stored directly and only accessible to administrators and is deleted after seven days at the latest. After that, it is only available indirectly via the reconstruction of backup tapes and is permanently deleted after a maximum of four weeks.

You can object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the “Controller” section.

Tracking

In addition to the aforementioned access data, so-called cookies, pixels, browser fingerprinting or other tracking technologies are used when using the website. Cookies are small text files with a sequence of numbers that are stored locally in the cache of the browser used. Pixels are one-pixel images that are not transparent or are created in the background color of the website and are therefore not visible to the user. The pixel also records information about your user behavior on the website. Fingerprinting technologies generate a unique fingerprint based on the browser settings and thus identify an individual browser. Using a script that every Internet browser executes automatically, information such as the screen resolution, fonts used, operating system, hardware information and integrated browser plug-ins can be collected, which in their specific combination can ultimately be traced back to a specific user. Tracking technologies are used to make our website more user-friendly. The use of tracking technologies may be technically necessary or for other purposes (e.g. analysis/evaluation of website use).

Technically necessary elements
Some elements of our website require that the accessing browser can be identified even after a page change. The following data is processed in the technically necessary elements, such as cookies or similar methods of terminal device access in particular, for the purpose of carrying out or facilitating electronic communication and providing an information society service requested by the user:

Language settings,
Items in the shopping cart,
log-in information.

The user data collected by technically necessary elements are not processed to create user profiles. We also use so-called “session cookies”, which store a session ID that can be used to assign various requests from your browser to the joint session. “Session cookies” are necessary for the use of the website. In particular, they allow us to recognize the device you are using when you return to the website. We use this cookie to recognize you on subsequent visits to the website. The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interests in the processing are to provide the aforementioned special functionalities and thereby make the use of the website more attractive and effective. The “session cookies” are deleted depending on which browser you use and which browser settings you have made when you close the browser.

You can object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the “Controller” section.

Technically unnecessary tracking
We also use cookies, pixels, browser fingerprinting and other tracking technologies on the website to enable an analysis of users' surfing behavior. For example, the following data is stored and processed:

Frequency of page views,
use of website functions.

The legal basis for this processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. Cookies, pixels and other tracking technologies that are not technically necessary are automatically deleted after a specified period, which may vary depending on the tracking method. If we integrate third-party cookies or pixels and similar tracking technologies into our website, we will inform you of this separately below.

You can withdraw your consent to the processing of the respective provider at any time by moving back the slider in the “Individual data protection settings” of the consent tool. The legality of the processing remains unaffected until the revocation is exercised.

Consent management tool “Borlabs Cookie”
In order to obtain consent on our website for the processing of your end device information and personal data using cookies or other tracking technologies, we use the consent tool “Borlabs Cookie” from the provider “Borlabs - Benjamin A. Bornschein” (Rübenkamp 32, 22305 Hamburg, Germany). With the help of “Borlabs Cookie”, you have the option of consenting to or rejecting the processing of your end device information and personal data using cookies or other tracking technologies for the purposes listed in the “Borlabs Cookie” tool. Such processing purposes may include the integration of external elements, the integration of streaming content, statistical analysis, reach measurement or personalized advertising. You can use “Borlabs Cookie” to give or refuse your consent for all processing purposes or to give or refuse your consent for individual purposes or individual third-party providers. You can also change the settings you have made at a later date. The purpose of integrating “Borlabs Cookie” is to allow you, as a user of our website, to decide on the setting of cookies and similar functionalities and to offer you the opportunity to change settings already made during the further use of our website. In the course of using “Borlabs Cookie”, we process personal data and information about the end devices used. Your data will also be sent to “Borlabs Cookie”. The information about the settings you have made is also stored on your device.

The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. c) GDPR in conjunction with Art. 7 para. 1 GDPR. Art. 7 para. 1 GDPR, insofar as the processing serves to fulfil the legally standardized obligations to provide evidence for the granting of consent. Otherwise, Art. 6 para. 1 sentence 1 lit. f) GDPR is the relevant legal basis. Our legitimate interests in the processing lie in the storage of user settings and preferences in relation to the use of cookies and the evaluation of consent rates. 1 year after the user settings have been made, consent is requested again. The user settings made will then be stored again for this period, unless you delete the information about your user settings in the terminal device capacities provided for this purpose yourself beforehand.
You can object to the processing insofar as the processing is based on Art. 6 para. 1 sentence 1 lit. f) GDPR. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the “Controller” section.

Verarbeitung von personenbezogenen Daten gemäß § 30 Bundesmeldegesetz (BMG)

Beherbergungsstätten wie insbesondere Hotels sind nach § 30 Bundesmeldegesetz (BMG) verpflichtet, vom Gast am Tag der Ankunft folgende Daten zu erheben und den Meldeschein vom Gast handschriftlich unterschreiben bzw. die ggf. elektronisch erhobenen Daten durch spezielle Authentifizierungsverfahren in Sinne von § 29 Abs. 5 BMG bestätigen zu lassen:

Datum der Ankunft und der voraussichtlichen Abreise,
Familiennamen,
Vornamen,
Geburtsdatum,
Staatsangehörigkeiten,
Anschrift,
Zahl der Mitreisenden und ihre Staatsangehörigkeit in den Fällen des § 29 Absatz 2 Satz 2 und 3 BMG,
Seriennummer des anerkannten und gültigen Passes oder Passersatzpapiers bei ausländischen Personen,
weitere Daten zur Erhebung von Fremdenverkehrs- und Kurbeiträgen.

Bei Reisegesellschaften von mehr als 10 Personen bedarf es hingegen nur der personenbezogenen Daten des Reiseleiters. Dieser hat die Anzahl der Mitreisenden und seine Staatsangehörigkeit anzugeben. Wir sind zur Erhebung, Verarbeitung und Weitergabe dieser Daten im Rahmen des BMG verpflichtet. Die Rechtgrundlage der Verarbeitung ergibt sich aus Art. 6 Abs. 1 S. 1 lit. c) DSGVO i.V.m. § 30 Abs. 1, Abs. 4, § 29 Abs. 2 bis 5 BMG. Sie sind zur Bereitstellung Ihrer Daten als unser Gast gesetzlich verpflichtet Ihre Daten anzugeben. Bei Nichtbereitstellung Ihrer Daten ist der Vertragsabschluss bzw. die -durchführung in Gestalt der Beherbergung unmöglich. Die ausgefüllten Meldescheine sind zur Vorlage bei den zuständigen örtlichen Ordnungsbehörden zur Erfüllung ihrer Aufgaben von uns als Beherbergungsstätte vorzuhalten. Wir löschen von Ihnen verarbeiteten Daten 1 Jahr und 3 Monate nach dem Tag Ihrer Anreise bzw. schränken die Verarbeitung ein, sobald es nach den Vorschriften des BMG zulässig ist und sofern keine Einwilligung Ihrerseits gemäß Art. 6 Abs. 1 S. 1 lit. a) DSGVO und kein sonstiges berechtigtes Interesse unsererseits an der fortgesetzten Verarbeitung besteht.

Gutscheinshop

Wenn Sie in unserem Gutscheinshop auf der Website einen Gutschein erwerben möchten, ist es für die Vertragsanbahnung und den Vertragsschluss erforderlich und verpflichtend, dass Sie personenbezogene Daten, wie Ihren Vor- und Nachnamen, Ihre Anschrift und Ihre E-Mail-Adresse angeben. Die für die Bestell- und Vertragsabwicklung notwendigen Pflichtangaben sind gesondert markiert, weitere Angaben erfolgen freiwillig. Für den Fall der Nichtbereitstellung ist der Vertragsabschluss in Gestalt des Erwerbs eines Gutscheins mittels des Gutscheinshops nicht möglich. Darüber hinaus verarbeiten wir auch die von Ihnen im Rahmen des Gutscheinkaufs ggf. vermerkte Botschaft sowie die hierbei gegebenenfalls mitgeteilten Daten, um diese auf dem Gutschein abzubilden. Die in diesem Zusammenhang von Ihnen angegebenen Daten verarbeiten wir zur Bestellabwicklung und -durchführung. Zu diesem Zweck werden wir insbesondere Zahlungsdaten an den von Ihnen gewählten Zahlungsdienstleister bzw. an unsere Hausbank weiterleiten. Wir nutzen für den Gutscheinshop das Bestellsystem „VoucherBooking“ des Anbieters HotelNetSolutions (Hotel Net Solutions GmbH, Genthiner Str. 8, 10785 Berlin; im Folgenden: VoucherBooking), um Ihnen einen optimalen Bestellprozess zu ermöglichen. Die Verarbeitung Ihrer Bestelldaten erfolgt auf den Servern von VoucherBooking. Rechtsgrundlage für die Verarbeitung ist Art. 6 Abs. 1 S. 1 lit. b) DSGVO. Um einen Zugriff auf Ihre persönlichen Daten durch unbefugte Dritte zu verhindern, ist der Bestellvorgang auf der Website mit SSL-Technik verschlüsselt. Die in diesem Zusammenhang anfallenden Daten löschen wir, nachdem die Speicherung nicht mehr erforderlich ist, oder schränken die Verarbeitung ein, falls gesetzliche Aufbewahrungspflichten bestehen. Aufgrund zwingender handels- und steuerrechtlicher Vorschriften sind wir verpflichtet, Ihre Adress-, Zahlungs- und Bestelldaten für die Dauer von bis zu zehn Jahren aufzubewahren. Zwei Jahre nach Vertragsbeendigung nehmen wir eine Einschränkung der Verarbeitung vor und reduzieren die Verarbeitung auf die Einhaltung der bestehenden gesetzlichen Verpflichtungen.

E-Mail-Marketing

Bestandskundenwerbung

Wir behalten uns vor, die von Ihnen im Rahmen der Buchung eines Hotelzimmers bzw. Anmeldung zu einer Veranstaltung mitgeteilte E-Mail-Adresse entsprechend den gesetzlichen Vorschriften dazu zu verwenden, um Ihnen während bzw. im Anschluss an die Buchung per E-Mail folgende Inhalte zu übersenden, sofern Sie dieser Verarbeitung Ihrer E-Mail-Adresse nicht bereits widersprochen haben:

Informationen zu Ihrem Aufenthalt und sonstigen reisebezogenen Angeboten unseres Hauses,
Informationen über aktuelle Sonderangebote,
Informationen zu unseren Hotel- und Servicedienstleistungen,
Individuelle Gästeberatung und -betreuung,
Gästezufriedenheitsanfragen im Nachgang Ihres Aufenthaltes / des Veranstaltungsbesuchs,
Überblick über mögliche Freizeitangebote und Veranstaltungen unseres Hotels,
Informationen zu An- und Abreise in Vorbereitung Ihres Aufenthaltes,
Einladungen zu Veranstaltungen unseres Unternehmens.

Sofern die Zusendung elektronischer Informationen für die Vertragsabwicklung erforderlich ist, beruht die Verarbeitung auf der Rechtsgrundlage aus Art. 6 Abs. 1 S. 1 lit. b) DSGVP. In diesen Fällen sind Sie vertraglich zur Bereitstellung Ihrer Daten verpflichtet. Bei Nichtbereitstellung Ihrer Daten ist das Zusenden elektronischer Informationen im Rahmen der Vertragsdurchführung mittels E-Mail-Versand nicht möglich.

Sofern die Zusendung elektronischer Informationen via E-Mail nicht zur Vertragsabwicklung bzw. -durchführung erforderlich ist (z. B. E-Mail in informatorischer Ausgestaltung) beruht die Verarbeitung Ihrer Daten auf der Rechtsgrundlage aus Art. 6 Abs. 1 S. 1 lit. f) DSGVO. Unsere berechtigten Interessen an der genannten Verarbeitung liegen in der Steigerung und Optimierung unserer Serviceleistungen, der Versendung von Direktwerbung und der Sicherstellung der Gästezufriedenheit. Wir löschen Ihre Daten, wenn Sie den Nutzungsvorgang beenden, spätestens jedoch drei Jahre nach Vertragsbeendigung.

Für den Versand der E-Mails, insbesondere von Gästezufriedenheitsbefragungen per E-Mail, bedienen wir uns der Dienste der BWH Hotel Group Central Europe GmbH (Frankfurter Straße 10 -14, 65760 Eschborn; im Folgenden: Best Western). Sofern Sie eine Buchung über das Onlinebuchungssystem vorgenommen haben, werden die von Ihnen angegebenen personenbezogenen Daten, insbesondere Ihr Name, die Dauer des Aufenthalts, der Name des Hotels und Ihre E-Mail-Adresse von Best Western verarbeitet, um Ihnen im Nachgang zu Ihrem Aufenthalt eine Gästezufriedenheitsbefragung zuzusenden. Rechtsgrundlage der Verarbeitung ist Art. 6 Abs. 1 S. 1 lit. f) DSGVO. Unser berechtigtes Interesse besteht in der Nutzung eines Dienstleisters zur Optimierung und des gezielten Versands und der Verwaltung des Gästefeedbacks. Weitere Informationen auch zur Speicherdauer finden Sie in den Datenschutzbestimmungen von „Best Western” unter https://www.bestwestern.de/agb-datenschutz.html.

Wir weisen Sie darauf hin, dass Sie dem Erhalt von Direktwerbung sowie der Verarbeitung zum Zwecke der Direktwerbung jederzeit widersprechen können, ohne dass Ihnen hierfür andere als die Übermittlungskosten nach den Basistarifen entstehen. Dabei stehen Ihnen ein generelles Widerspruchsrecht ohne Angaben von Gründen zu (Art. 21 Abs. 2 DSGVO). Klicken Sie hierzu auf den Abmeldelink in der jeweiligen E-Mail oder übersenden Sie uns Ihren Widerspruch an die im Abschnitt „Verantwortlicher“ genannten Kontaktdaten.

Contacting our company

When you contact our company, e.g. by email or via the contact form on the website, the personal data you provide will be processed by us in order to respond to your inquiry. It is mandatory to provide a first name and surname or a pseudonym and a valid e-mail address in order to process inquiries via the contact form on the website. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f) GDPR or Art. 6 para. 1 sentence 1 lit. b) GDPR if the contact is aimed at concluding a contract. If the request is aimed at concluding a contract, the provision of your data is necessary and mandatory for the conclusion of a contract. If the data is not provided, it will not be possible to conclude or execute a contract in the form of establishing contact or processing the inquiry. The processing of personal data from the input screen is solely for the purpose of processing the contact. If contact is made by email, this also constitutes the necessary legitimate interest in processing the data. The other data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems. No data is passed on to third parties in this context. We delete the data collected in this context after the processing is no longer necessary - usually two years after the end of the communication - or, if necessary, restrict the processing to compliance with the existing mandatory statutory retention obligations.

You can object to the processing. You have the right to object on grounds relating to your particular situation.You can send us your objection using the contact details provided in the “Controller” section.

Processing for contractual purposes

We process your personal data if and insofar as this is necessary for the initiation, establishment, execution and/or termination of a legal transaction with our company.The legal basis for this arises from Art. 6 para. 1 sentence 1 lit. b) GDPR. The provision of your data is then necessary for the conclusion of the contract and you are contractually obliged to provide your data, e.g. if you wish to register as a guest or speaker for an event at our company. If you do not provide your data, it will not be possible to conclude and/or execute a contract. Once the purpose has been achieved (e.g. execution of the contract), the personal data will be blocked for further processing or deleted, unless we are authorized to further processing on the basis of consent given by you (e.g. consent to the processing of the e-mail address for the sending of electronic advertising mail), a contractual agreement, a legal authorization (e.g. authorization to send direct advertising) or on the basis of legitimate interests (e.g. retention for the enforcement of claims).

Your personal data will be passed on to third parties if

it is necessary for the establishment, execution or termination of legal transactions with our company (e.g. when passing on data to a payment service provider/shipping company to process a contract with you), (Art. 6 para. 1 sentence 1 lit. b) GDPR), or
a subcontractor or vicarious agent that we use exclusively in the context of providing the offers or services requested by you requires this data (unless you are expressly informed otherwise, such auxiliary persons are only authorized to process the data to the extent that this is necessary for the provision of the offer or service), or
there is an enforceable official order (Art. 6 para. 1 sentence 1 lit. c) GDPR), or
there is an enforceable court order (Art. 6 para. 1 sentence 1 lit. c) GDPR), or
we are obliged to do so by law (Art. 6 para. 1 sentence 1 lit. c) GDPR), or
processing is necessary in order to protect the vital interests of the data subject or of another natural person (Art. 6 para. 1 sentence 1 lit. d) GDPR), or
it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority (Art. 6 para. 1 sentence 1 lit. e) GDPR), or
we can rely on our overriding legitimate interests or those of a third party for disclosure (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Your personal data will not be passed on to other persons, companies or bodies unless you have effectively consented to such a transfer. The legal basis for processing is then Art. 6 para. 1 sentence 1 lit. a) GDPR. We will inform you of the respective recipients in the context of this data protection information with regard to the respective processing procedure.

Online booking

If you would like to book a hotel room on our website in our online booking system, we process your first and last name, your address, your e-mail address, your travel dates and the desired room category. To initiate and conclude the contract, it is necessary and mandatory for you to provide personal data such as your name, address, the duration of the trip, payment details and your e-mail address. The mandatory information required for booking and contract processing is marked separately, other information is provided voluntarily. We process your data to process the booking and will forward payment data in particular to the payment service provider you have chosen or to our house bank for this purpose. We use the booking system of BWH Hotel Group Central Europe GmbH (Frankfurter Straße 10 -14, 65760 Eschborn; hereinafter: Best Western). By using the online booking system on the website, “Best Western” receives the information required to process the booking (e.g. length of stay, reservation number, accommodation). The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b) GDPR. The provision of your data is necessary and mandatory for the conclusion or execution of the contract. If you do not provide your data, it will not be possible to conclude and/or execute the contract. To prevent unauthorized third parties from accessing your personal data, the booking process on the website is encrypted using SSL technology. We delete the data collected in this context after storage is no longer required, or restrict processing if there are statutory retention obligations. Due to mandatory commercial and tax regulations, we are obliged to store your address, payment and booking data for a period of up to ten years. Two years after termination of the contract, we restrict processing and reduce processing to compliance with existing legal obligations. Further information on data processing at “Best Western” can be found at https://www.bestwestern.de/agb-datenschutz.html.

Payment Service Provider (PSP)/ Payment service provider

PayPal
On our website we offer you payment via “PayPal”. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: “PayPal”). To pay, you must log into your PayPal account. The payment data you provide to PayPal will be processed by PayPal for the purpose of payment processing. Further information on data processing by PayPal can be found here: https://www.paypal.com/de/webapps/mpp/ua/privacy-full. In order to be able to assign your payment, we process your delivery/billing address, e-mail address and the selected payment method. We delete the data arising in this context after storage is no longer required, or restrict processing if there are statutory retention obligations. Due to mandatory commercial and tax regulations, we are obliged to store your address, payment and order data for a period of up to ten years. Two years after termination of the contract, we restrict the processing and reduce the processing to compliance with existing legal obligations.

The legal basis is Art. 6 para. 1 sentence 1 lit. b) GDPR. The provision of your payment data is necessary and mandatory for the conclusion and performance of the contract. If the payment data is not provided, it will not be possible to conclude and/or execute a contract with the payment method “PayPal”.

PayPal Plus Services without your own PayPal account
If you select the PayPal service “SEPA direct debit”, “credit card” or “purchase on account” as part of your payment, PayPal (Europe) S.àr.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”) processes the personal data collected for the purpose of payment processing. You do not need a PayPal account for this service. Further information about data processing at PayPal can be found here: https://www.paypal.com/de/webapps/mpp/ua/legalhub-full?locale.x=de_DE or https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE

We process the payment method specified in this context for your booking. We delete the data arising in this context after storage is no longer required, or restrict processing if there are statutory retention obligations. Due to mandatory commercial and tax regulations, we are obliged to store your address, payment and order data for a period of up to ten years. Two years after termination of the contract, we restrict the processing and reduce the processing to compliance with existing legal obligations.

The legal basis for processing is Art. 6 para. 1 sentence 1 lit. b) GDPR. The provision of your payment data is necessary and mandatory for the conclusion or execution of the contract. If the payment data is not provided, it will not be possible to conclude and/or execute a contract with the PayPal service you have selected.

Credit card payment
For the purpose of payment processing, we pass on the payment data required for the credit card payment to the credit institution commissioned with the payment or to the payment and billing service provider commissioned by us, if applicable. The processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR. The provision of your payment data is necessary and mandatory for the conclusion or execution of the contract. If the payment data is not provided, it will not be possible to conclude and/or execute the contract by means of a credit card payment. The data required for payment processing is transmitted securely via the “SSL” procedure and processed exclusively for payment processing. We delete the data arising in this context after storage is no longer required, or restrict processing if there are statutory retention obligations. Due to mandatory commercial and tax regulations, we are obliged to store your address, payment and order data for a period of up to ten years. Two years after termination of the contract, we restrict the processing and reduce the processing to compliance with existing legal obligations.

Purchase on account
In the case of “purchase on account”, we reserve the right to forward your data, which you provide when ordering, to external companies (e.g. Verband der Vereine Creditreform e.V., Hellersbergstraße 12, D-41460 Neuss) for the purpose of carrying out a credit check. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interests lie in the prevention of fraud and the avoidance of default risks, because we make advance payments for “purchase on account”.

We process the data transmitted to us by your bank as part of the “purchase on account” payment process for the purpose of invoice verification. The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. b) GDPR. The provision of your payment data is necessary and mandatory for the conclusion and performance of the contract. If the payment data is not provided, it is not possible to conclude and/or execute a contract by means of a “purchase on account”. We delete the data arising in this context after storage is no longer required, or restrict processing if there are statutory retention obligations. Due to mandatory commercial and tax regulations, we are obliged to store your address, payment and order data for a period of up to ten years. Two years after termination of the contract, we will restrict processing and reduce processing to compliance with existing legal obligations.

You can object to the processing insofar as the processing is based on the legal basis of Art. 6 para. 1 sentence 1 lit. f) GDPR. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the “Controller” section.

Enforcement of rights / address investigation / debt collection
In the event of non-payment, we reserve the right to forward the data provided when ordering to a lawyer and/or external companies (e.g. Verband der Vereine Creditreform e.V., Hellersbergstraße 12, D-41460 Neuss) for the purposes of address investigation and/or legal enforcement. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interests lie in the prevention of fraud and the avoidance of default risks. In addition, we may pass on your data to ensure the exercise of our rights, as well as the rights of our affiliated companies, our cooperation partners, our employees and/or the users of our website and the processing is necessary in this respect. Under no circumstances will we sell or rent your data to third parties. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. We have a legitimate interest in processing for law enforcement purposes. We delete the data once it no longer needs to be stored or restrict processing if there are statutory retention obligations.

You can object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the “Controller” section.

Hosting

We use external hosting services from the provider Jager IT-Solutions (Hauptstraße 19, 37127 Niemetal, Germany), which serve to provide the following services: Infrastructure and platform services, computing capacity, storage resources and database services, security and technical maintenance services. For these purposes, all data - including the access data mentioned under “Use of our website” - that is required for the operation and use of our website is processed. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. We use external hosting services to ensure the efficient and secure provision of our website.
You can object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the “Controller” section.

Integration of third-party content

Third-party content such as videos, maps or graphics from other websites are integrated on the website. This integration always presupposes that the providers of this content (“third-party providers”) are aware of the IP addresses of the users. Without the IP address, they cannot send the content to the respective user's browser. The IP address is therefore required to display this content. We will inform you below about the services of external providers currently used on our website as well as about the respective processing in individual cases and about your existing options for objection or revocation.

Google Maps
This website uses the “Google Maps” service from “Google” (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA) for the purpose of displaying maps or map sections and thus enables you to conveniently use the map function on the website. When you visit the website, “Google” receives the information that you have accessed the corresponding subpage of our website. In addition, some of the data mentioned in the section “Use of our website” and “Cookies” is transmitted to “Google”. This takes place regardless of whether “Google” provides a user account that you are logged in to or whether no user account exists. If you are logged in to “Google”, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google profile, you must log out before activating the button. “Google stores your data as a user profile and processes it for the purposes of advertising, market research and/or the needs-based design of its website, regardless of whether you have a user account with Google. The legal basis for the processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. “Google” also processes your data on servers in the USA. There is no adequacy decision by the EU Commission for the transfer of data to the USA. The legal basis is your consent in accordance with Art. 49 para. 1 lit. a) GDPR. Your data in connection with “Google Maps” will be deleted after thirty days at the latest. Further information on the purpose and scope of processing by “Google Maps” can be found at https://policies.google.com/privacy?hl=de.

You can withdraw your consent to the processing of the respective provider at any time by moving the slider back in the “Individual data protection settings” of the consent tool. The legality of the processing remains unaffected until the revocation is exercised.

Google Tag Manager
We use the “Google Tag Manager” from “Google” (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA) on our website. “Google Tag Manager” is a solution with which website tags and other elements from third-party providers can be managed via an interface.

On the one hand, an http request is sent to Google when the website is accessed with Google Tag Manager. This transmits end device information and personal data such as your IP address and information about your browser settings to Google. We use Google Tag Manager for the purpose of facilitating electronic communication by transferring information to third-party providers via programming interfaces, among other things. The respective tracking codes of the third-party providers are implemented in the Google Tag Manager without us having to change the source code of the website ourselves. Instead, the integration takes place via a container that places a so-called “placeholder” code in the source code. In addition, Google Tag Manager allows the data parameters of users to be exchanged in a specific order, in particular by ordering and systematizing the data packets. In some cases, your data is also transmitted to the USA. So-called “standard contractual clauses” have been concluded with Google to ensure compliance with an appropriate level of data protection. We will provide you with a copy of the standard contractual clauses on request. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interests in the processing lie in the facilitation and execution of electronic communication by identifying communication endpoints, control options, exchanging data elements in a defined sequence and identifying transmission errors. The Google Tag Manager does not initiate any data storage. Further information on data protection at “Google” can be found at: http://www.google.de/intl/de/policies/privacy.

You can object to the processing insofar as the processing is based on the legal basis of Art. 6 para. 1 sentence 1 lit. f) GDPR. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the “Controller” section.

On the other hand, Google Tag Manager integrates third-party tags such as tracking codes or counting pixels on our website. The tool triggers other tags, which in turn collect your data; we will inform you about this separately in this privacy policy. The Google Tag Manager itself does not evaluate the end device information and personal data of users collected by the tags. Rather, your data is forwarded to the respective third-party service for the purposes specified in our consent management tool. We have adapted the Google Tag Manager to our consent management tool in such a way that the triggering of certain third-party services in the Google Tag Manager is made dependent on your selection in our consent management tool, so that only those third-party tags trigger data processing for which you have given your consent. The use of Google Tag Manager is covered by the consent for the respective third-party service. The legal basis for the processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. In some cases, your data will also be transferred to the USA. The legal basis for the transfer to the USA is your consent in accordance with Art. 49 para. 1 sentence 1 lit. a) GDPR. The storage duration of your data can be found in the following descriptions of the individual third-party services. Further information on data protection at “Google” can be found at: http://www.google.de/intl/de/policies/privacy.

You can withdraw your consent to the processing of the respective provider at any time by moving the slider back in the “Individual data protection settings” of the consent tool. The legality of the processing remains unaffected until the revocation is exercised.

Services for statistical, analytical and marketing purposes

We also use third-party services for statistical, analytical and marketing purposes. This enables us to provide you with a user-friendly, optimized use of the website. The third-party providers use cookies, pixels, browser fingerprinting or other tracking technologies to control their services. We will inform you below about the services of external providers currently used on our website as well as about the respective processing in individual cases and about your existing revocation options.

Google Analytics
We use “Google Analytics”, a web analysis service from “Google” (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA), in order to be able to tailor our website optimally to user interests. When using “Google Analytics”, technologies such as “cookies”, “tracking pixels” and “device fingerprinting” are used to track specific user behavior on websites. This also involves processing information that is stored on users' end devices. With the help of the “tracking pixels” integrated into websites and the “cookies” stored on users' end devices, “Google” processes the information generated about the use of our website by users' end devices and access data for the purpose of statistical analysis - e.g. that a certain website has been accessed, which website areas users are particularly interested in or whether a newsletter subscription has taken place. For this purpose, it can also be determined whether different end devices belong to you or your household. The access data includes, in particular, the IP address, browser information, the previously visited website and the date and time of the server request. “Google Analytics” is used with the extension ‘anonymizeIp()’. This means that IP addresses are further processed in abbreviated form to make it more difficult to identify individuals. According to Google, IP addresses are truncated within the member states of the European Union. Due to the “Google Analytics” tool used, the user's browser automatically establishes a direct connection with the Google server. If users are registered with a Google service, Google can assign the visit to the user account and create and evaluate cross-application user profiles. The legal basis for the processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. “Google” also processes some of the data in the USA. There is no adequacy decision by the EU Commission for the transfer of data to the USA. The legal basis for the transfer to the USA is your consent in accordance with Art. 49 para. 1 sentence 1 lit. a) GDPR. Your data in connection with “Google Analytics” will be deleted after 30 days at the latest. Further information on data protection at “Google” can be found at: http://www.google.de/intl/de/policies/privacy.

You can withdraw your consent to the processing of the respective provider at any time by moving the slider back in the “Individual data protection settings” of the consent tool. The legality of the processing remains unaffected until the revocation is exercised.

Google Analytics Advertising
We also use the web analysis service “Google Analytics” with the remarketing function “Google Analytics Advertising” from Google (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA). Google Analytics uses advertising technologies such as “cookies”, “tracking pixels” and “device fingerprinting” to track specific user behavior on websites. This also involves processing information that is stored on users' end devices. With the help of the “tracking pixels” integrated into websites and the “cookies” stored on users' end devices, Google processes the information generated about the use of our website by users' end devices and access data for the purpose of statistical analysis - e.g. that a certain website has been accessed or newsletter registration has taken place - and for the purpose of displaying individualized advertisements based on this. For these purposes, it can also be determined whether different end devices belong to you or your household. The additional function “Google Analytics Advertising” makes it possible to create target groups for certain cookies or mobile advertising IDs and to use them later for the renewed individualized advertising approach. Target group criteria include, for example: Users who have viewed products but not added them to a shopping cart or added them to a shopping cart but not completed the purchase, users who have purchased certain items. A target group comprises at least 100 users. The “Google Ads” tool can then be used to display interest-based advertisements in search results. In this way, users of websites can be recognized on other websites within the Google advertising network (in Google Search or on “YouTube”, so-called “Google Ads” or on other websites) and presented with tailored advertisements based on the defined target group criteria. The advertisements may also relate to products and services that users have already viewed on our website. The access data includes, in particular, the IP address, browser information, the previously visited website and the date and time of the server request. “Google Analytics” is used with the extension ‘anonymizeIp()’. This means that IP addresses are further processed in abbreviated form to make it more difficult to identify individuals. Due to the Google Analytics Advertising tool used, the user's browser automatically establishes a direct connection with the Google server. If users are registered with a Google service, Google can assign the visit to the user account and create and evaluate cross-application user profiles. The legal basis for the processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. “Google” also processes some of the data in the USA. There is no adequacy decision by the EU Commission for the transfer of data to the USA. The legal basis for the transfer to the USA is your consent in accordance with Art. 49 para. 1 sentence 1 lit. a) GDPR. Your data in connection with “Google Analytics” will be deleted after 30 days at the latest. Further information on data protection at “Google” can be found at: http://www.google.de/intl/de/policies/privacy.

You can withdraw your consent to the processing of the respective provider at any time by moving the slider back in the “Individual data protection settings” of the consent tool. The legality of the processing remains unaffected until the revocation is exercised.

Google Ads Remarketing
We use the “Google Ads” tool with the “Dynamic Remarketing” function from “Google” (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA). This is a procedure with which we would like to address you again. With the “Dynamic Remarketing” function, we can recognize users of our website on other websites within the “Google” advertising network (in the “Google” search or on “YouTube”, so-called “Google ads” or on other websites) and present advertisements tailored to their interests. The advertisements may also relate to products and services that you have already viewed on our website. For this purpose, the interaction of users on our website is analyzed, e.g. which offers the user was interested in, in order to be able to display targeted advertising to users on other sites even after they have visited our website. If you visit our website, “Google Ads” will store a cookie on your device. With the help of the cookies, “Google” processes the information generated by your device about the use of our website and interactions with our website as well as the data mentioned in the section “Use of our website”, in particular your IP address, browser information, the previously visited website and the date and time of the server request, for the purpose of displaying personalized advertisements. For this purpose, it can also be determined whether different end devices belong to you or your household. The data collected in the context of “Google Ads” is not merged with data from other “Google” products. The legal basis for the processing of your data is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. “Google” also processes some of the data in the USA. There is no adequacy decision by the EU Commission for data transfer to the USA. The legal basis for the transfer to the USA is your consent in accordance with Art. 49 para. 1 sentence 1 lit. a) GDPR. Your data in connection with “Google Ads Remarketing” will be deleted after 30 days at the latest. Further information on data protection and the storage period at “Google” can be found at: https://policies.google.com/privacy.

You can withdraw your consent to the processing of the respective provider at any time by moving the slider back in the “Individual data protection settings” of the consent tool. The legality of the processing remains unaffected until the revocation is exercised.

Google Ads Conversion
We use the “Google Ads” service from “Google” (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA) to draw attention to our attractive offers on external websites with the help of advertising material (formerly known as “Google AdWords”). We can determine how successful the individual advertising measures are in relation to the advertising campaign data. These advertising materials are delivered by “Google” via so-called “Ad Servers”. For this purpose, we use “Ad Server” cookies, through which certain parameters for measuring reach, such as the display of ads or clicks by users, can be measured. If you access our website via a “Google” ad, “Google Ads” will store a cookie on your end device. With the help of the cookies, “Google” processes the information generated by your device about interactions with our advertising material (calling up a specific website or clicking on an advertising material), the data mentioned in the section “Use of our website”, in particular your IP address, browser information, the previously visited website and the date and time of the server request, for the purpose of analyzing and visualizing the reach measurement of our advertisements. For this purpose, it can also be determined whether different end devices belong to you or your household. Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. If you are registered with a “Google” service, “Google” can assign the visit to your account. Even if you are not registered with “Google” or have not logged in, there is a possibility that the provider will find out your IP address and process it. We only receive statistical evaluations from “Google” to measure the success of our advertising material. The legal basis for the processing of your data is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. “Google” also processes some of the data in the USA. There is no adequacy decision by the EU Commission for data transfer to the USA. The legal basis for the transfer to the USA is your consent in accordance with Art. 49 para. 1 sentence 1 lit. a) GDPR. The storage period of your data at “Google” is 30 days. Further information on data protection and the storage period at “Google” can be found at: https://policies.google.com/privacy.

You can withdraw your consent to the processing of the respective provider at any time by moving the slider back in the “Individual data protection settings” of the consent tool. The legality of the processing remains unaffected until the revocation is exercised.

Google AdSense
On our website, we also use the “GoogleAdSense” tool, an advertising service provided by “Google” (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA) to market advertisements. When using “Google AdSense”, technologies such as “cookies”, “tracking pixels” and “device fingerprinting” are used to track visitor traffic and user behavior on our website and to show you topic-specific advertisements on our website that match our content and your interests. Information stored on users' end devices is also processed for this purpose. With the help of the “tracking pixels” integrated into websites and the “cookies” stored on users' end devices, “Google” processes the information generated about the use of our website by users' end devices as well as access data after each impression (i.e. whenever you see or click on an advertisement, for example) for the purpose of cross-device statistical analysis, the display of individualized advertisements and to measure the effectiveness of an advertisement. For example, “Google” can determine from this that a certain website has been accessed and how often, in order to understand the quality of the advertising space on our website and to select the appropriate ad type. For this purpose, it can also be determined whether different end devices belong to you or your household. The access data includes, in particular, the IP address, browser information, the previously visited website and the date and time of the server request. When using “Google AdSense”, your browser automatically establishes a direct connection with the “Google” server. If users are registered with a Google service, Google can assign the visit to the user account and create and evaluate cross-application user profiles. The legal basis for the processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. “Google” also processes some of the data in the USA. There is no adequacy decision by the EU Commission for the transfer of data to the USA. The legal basis for the transfer to the USA is your consent in accordance with Art. 49 para. 1 sentence 1 lit. a) GDPR. Google stores your data in connection with “Google AdSense” for a maximum of 24 months. Further information on data protection at “Google” can be found at: http://www.google.de/intl/de/policies/privacy.

You can withdraw your consent to the processing of the respective provider at any time by moving the slider back in the “Individual data protection settings” of the consent tool. The legality of the processing remains unaffected until the revocation is exercised.