• This data protection information applies to data processing by:

  Controller: Gastronomiebetriebe Kampenwand GmbH, Bernauer Str. 1, 83229 Aschau im Chiemgau; info@gasthaus-kampenwand.de

When visiting the website

• When you simply visit our website www.agrad-chalets.de/en, the browser you are using automatically sends information to the server of our website, i.e. without any action on your part. This information is temporarily stored in a log file. The following information is collected without any action on your part and stored until it is automatically deleted

  IP address of the requesting computer, date and time of access, name and URL of the retrieved file, website from which the access is made (referrer URL), content of the request, browser used and, if applicable, the operating system of your computer and the name of your access provider, language and version of the browser software, time zone difference to Greenwich Mean Time (GMT).

  The aforementioned data is processed by us to technically enable the website to be viewed and to ensure its stability and security.

  The IP addresses are anonymised and stored in the log files. By deleting several last digits of the IP addresses, there is no longer any personal reference.

  The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the purposes for data collection listed above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person.

  According to Art. 6 para. 1 lit. c), Art. 32 GDPR, we are obliged to ensure data security and also base data processing on this aspect.

  Insofar as the sole purpose of storing information in the end user's terminal equipment (e.g. a cookie on the end user's computer) or the sole purpose of accessing information already stored in the end user's terminal equipment and access is absolutely necessary so that we can provide the telemedia service expressly requested by the user (e.g. our website/shop), Section 25 (2) TDDDG is the legal basis.

When using our contact form

• For questions of any kind, we offer you the opportunity to contact us via a form provided on the website. It is necessary to provide a valid e-mail address and your name so that we know who sent the enquiry and can answer it. Further information can be provided voluntarily.

  Data processing for the purpose of making initial contact with us is carried out in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR on the basis of our legitimate economic interest in enabling new customers to contact us in an uncomplicated manner. Furthermore, contacting us enables our customers and us to carry out pre-contractual measures and fulfil the contract in accordance with Art. 6 Para. 1 S. 1 lit. b) GDPR. In addition, the processing of data from the contact form may be based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, insofar as this is obtained.

  The personal data collected by us for the use of the contact form will be automatically deleted after your enquiry has been dealt with.

Use of our web shop and bookings

• If you wish to place an order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we require for the processing of your order. Mandatory information required for the processing of contracts is marked separately, other information is voluntary. We process the data you provide to fulfil your order. For this purpose, we may forward your payment data to our bank. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b GDPR.

  You can voluntarily create a customer account, which allows us to save your data for future purchases. When you create an account under ‘My account’, the data you provide will be stored on a revocable basis. You can delete all other data, including your user account, at any time in the customer area.

  We may also process the data you provide in order to inform you about other interesting products from our portfolio or to send you e-mails with technical information.

  Due to commercial and tax law requirements, we are obliged to store your address, payment and order data for a period of ten years. However, we restrict processing after three years, i.e. your data will only be used to comply with legal obligations.

  To prevent unauthorised access by third parties to your personal data, in particular financial data, the order process is encrypted using TLS technology.

Contact us by e-mail, telephone or fax

• If you contact us by e-mail, telephone or fax, your enquiry including all personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

  This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 para. 1 lit. a GDPR) and/or on our legitimate interests (Art. 6 para. 1 lit. f GDPR), as we have a legitimate interest in the effective processing of the enquiries addressed to us.

  The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

• Our website uses cookies. The use of cookies serves to make our offer more pleasant and, if necessary, to identify you for subsequent visits.

  You can find detailed general information on cookies at https://de.wikipedia.org/wiki/HTTP-Cookie

  Cookies are small text files that are stored on your hard drive and assigned to your browser. They provide information to the storage location. Cookies cannot execute programmes or transfer viruses to your computer. They serve to make the Intel website more user-friendly and effective overall.

  There are two different types of cookies, namely transient cookies and persistent cookies. These cookies differ firstly in the way they can be deleted and secondly in their function:

  Persistent cookies are automatically deleted after a specified period of time, how long depends on the cookie. You can delete persistent cookies at any time in the security settings of your browser.

  Transient cookies are automatically deleted when you close your browser. These include session cookies in particular. These store a so-called session ID, with which various requests from your browser can be assigned to the shared session. This allows your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.

  We recommend that you regularly delete your cookies and browser history manually to make it more difficult to monitor and track your page views.

  You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. However, you may not be able to use all the functions of this website.

  Cookies are generally stored on the legal basis of Art. 6 para. 1 sentence 1 lit. a GDPR, i.e. only with your consent. This consent to the storage of information on your end device is also required in accordance with Section 25 (1) TDDDG.

  The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR, whereby our legitimate interest arises from the purposes mentioned. In the context of contract fulfilment (shop), we can rely on Art. 6 para. 1 sentence 1 lit. b GDPR. Furthermore, storage in accordance with Section 25 (2) TDDDG is also possible if we can only provide our service under this condition.

  We use a consent manager to obtain consent. This records all cookies and plugins used.

  Our website uses Cookiebot, a service provided by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark, to obtain your consent to the storage of certain cookies on your end device and to document this in accordance with data protection regulations. Cookiebot enables us to create transparency about the cookies used on our website and to give you the opportunity to decide specifically about their use

Data processing by Cookiebot 

• Cookiebot collects the following data:

  • Your IP address (in anonymised form),
  • Date and time of your consent,
  • information about your browser and operating system
  • the URL from which the access was made
  • an anonymous, randomised and encrypted key number that documents your consent,
  • your consent status.
  • This data is required to prove the legally required consent and to be able to offer you your settings again on a subsequent visit. 

  The use of Cookiebot is based on Art. 6 para. 1 lit. c GDPR (fulfilment of a legal obligation), as we are legally obliged to document your consent. In addition, the use serves legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR in order to improve the user-friendliness of our website.

  Storage period The data collected by Cookiebot is stored until you ask us to delete it, delete the Cookiebot cookie yourself or the purpose for data storage no longer applies. Statutory retention obligations remain unaffected.

  Cookiebot stores the data exclusively within the European Union and does not pass it on to third parties. Further information on data protection at Cookiebot can be found in Cookiebot's privacy policy: https://www.cookiebot.com/de/privacy-policy/. 

• Your personal data will not be transferred to third parties for purposes other than those listed below.

  We only pass on your personal data to third parties if:

  • you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
  • the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defence of our legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
  • in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
  • this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR; this applies in particular to the transfer of data to mail order service providers, such as carriers, freight forwarders and postal and parcel service providers
  • To process payments, we pass on the necessary payment data to the credit institution commissioned with the payment and, if applicable, to the payment service provider commissioned by us or to the payment service selected by you in the ordering process. This is done to fulfil contractual obligations in accordance with Art. 6 para. 1 lit. b) GDPR if you select the corresponding payment method. 

• We use the services of incert eTourismus GmbH & Co KG, Leonfeldner Straße 328, 4040 Linz, Austria, to provide our voucher and ticket system on our website.

Data processing by incert

• When using the incert system, the following personal data is processed:

  • Information that you enter during the order process (e.g. name, e-mail address, billing data)
  • Technical data, such as IP address and browser information

  This data is required to process your orders, provide vouchers or tickets and handle the payment process.

Integration via consent management tool

• The integration of incert services on our website takes place via a Consent-Management-Tool. This means that data is only transferred to incert if you have expressly given your consent in accordance with Art. 6 para. 1 lit. a GDPR.

Legal basis for the processing

• The data is processed on the basis of your consent (Art. 6 para. 1 lit. a GDPR) and to fulfil the contract in accordance with Art. 6 para. 1 lit. b GDPR if you purchase a voucher or ticket.

Data transfer to third parties

• Your data may be forwarded to payment service providers (e.g. PayPal, Stripe) for payment processing. You can find the corresponding data protection provisions of these service providers on their websites.

Storage duration

• The data provided by you in the context of voucher or ticket processing will only be stored for as long as is necessary for the fulfilment of the purpose or as long as statutory retention periods exist.

Rights of objection and cancellation

• The data provided by you in the context of voucher or ticket processing will only be stored for as long as is necessary to fulfil the purpose or as required by statutory retention periods.

Further information

• Further information on data protection at incert can be found at: https://www.incert.at/datenschutz/ 

• We use CASABLANCA hotel software, developed by CASABLANCA Hotelsoftware GmbH, Öde 32, 6491 Schönwies, Austria, to manage our hotel operations. This software supports us in the management of reservations, guest data and other operational processes.

Data processing by CASABLANCA hotel software

• As part of the use of the CASABLANCA hotel software, personal data of our guests is processed, including

  • Master data: Name, address, contact details (e.g. e-mail address, telephone number)
  • Booking data: Arrival and departure dates, room category, booked services
  • Payment information: Invoice data, payment method

  This data is processed exclusively for the purpose of processing your stay and for the fulfilment of our contractual obligations.

Order processing in accordance with Art. 28 GDPR

• We have concluded an order processing contract with CASABLANCA Hotelsoftware GmbH in accordance with Art. 28 GDPR. This contract ensures that the processing of your personal data by CASABLANCA Hotelsoftware GmbH on our behalf is carried out in accordance with data protection regulations. 

Data transmission and storage

• Your data is processed on servers within the European Union. Your personal data will not be transferred to third countries.

Legal basis for the processing

• Your data is processed for the fulfilment of the accommodation contract in accordance with Art. 6 para. 1 lit. b GDPR and for the fulfilment of legal obligations in accordance with Art. 6 para. 1 lit. c GDPR.

Storage duration

• Your personal data will be stored for the duration of the statutory retention periods. After these periods have expired, the data will be deleted, provided there are no further statutory retention obligations.

Your rights

• You have the right to information about the personal data processed by us as well as the right to rectification, erasure, restriction of processing and data portability. You also have the right to object to the processing. 

Further information

• Details on data protection at CASABLANCA Hotelsoftware GmbH can be found at: https://www.casablanca.at/datenschutzerklaerung/.

• To increase customer loyalty and to sell services and add-ons, we use 
  https://www.additive.eu/ hotel marketing automation software from ADDITIVE GmbH, 39011 Lana (BZ), Italy (“ADDITIVE”) in the area of https://www.additive.eu/  marketing and sales automation for hotels. In this context, data that we collect and process in connection with your inquiry, booking, order, activation, registration, or other submission of a form on the website is analyzed and used to automatically provide you with offers for services and additional services via ADDITIVE+ MARKETING AUTOMATION. The appropriate level of data protection is ensured by the data processing agreement that has been concluded.

  You may object to the use of your data for this purpose at any time via the unsubscribe link in the respective message.
  
  Data processing is based on the legal provisions of Article 6(1)(f) (legitimate interest) of the GDPR.
  
  Our objective under the GDPR (legitimate interest) is to avoid disadvantages compared to our competitors, improve our brand awareness, and maximize our economic success through the best possible commercial use of the contacts obtained.

• In addition to our website, we operate optimized sales landing pages in the field of  https://www.additive.eu/glossar/hotel-marketing-online.html online hotel marketing. To process your inquiry, booking, order, activation, registration, or other submission of a form on such a landing page, as well as to store and retain your data, we use standard cloud services and CRM systems, as well as software from ADDITIVE GmbH, 39011 Lana (BZ), Italy (“ADDITIVE”), our managing https://www.additive.eu/ hotel marketing agency. The appropriate level of data protection is ensured by the data processing agreements concluded with the respective companies.
  
  Our landing pages use features of the web analytics service Google Analytics, provided by Google Inc. (“Google”). Google Analytics enables the analysis of how users interact with the website. The information generated about your user behavior is transmitted to the provider’s server and stored there.
   
• Your IP address is recorded but immediately anonymized (e.g., by deleting the last 8 bits). As a result, only a rough location can be determined.
   
• You can prevent the transmission of data related to your use of the online service to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: https://chromewebstore.google.com/detail/deaktivierungs-add-on-von/fllaojicojecljbmefodhfapmkghcbnh?pli=1
   
• ADDITIVE has access to the data collected via Google Analytics. This data is not used for any purpose other than analyzing the use of our websites and evaluating our marketing and sales activities.
   
• Our websites and landing pages also use ADDITIVE features for cross-channel tracking of website usage as well as marketing and sales activities, such as landing pages, newsletters, and social media presence. In this process, information regarding your visits and submitted forms on our websites is also transmitted to ADDITIVE to evaluate and optimize our marketing and sales activities.
   
• Data processing is based on the legal provisions of Article 6(1)(f) (legitimate interest) of the GDPR.
   
• Our objective within the meaning of the GDPR (legitimate interest) is to improve our offerings and our website by analyzing the use of our website as well as sales

• You have the option to subscribe to our newsletter via our website. To do so, we need your email address and your consent to receive the https://www.additive.eu/ from ADDITIVE GmbH, our provider for 
  https://www.additive.eu/ email marketing. 
   
• To provide you with targeted information, we also collect and process voluntarily provided information regarding areas of interest, name, birthday, and region/country of origin using our https://www.additive.eu/ newsletter system.
   
• Once you have subscribed to the newsletter, we will send you a confirmation email with a link to confirm your subscription.
   
• You can cancel your newsletter subscription at any time via the unsubscribe link in the respective newsletter.
   
• To process your subscription, deliver the newsletter to your email address, and track opens and clicks, we use software from ADDITIVE GmbH, 39011 Lana (BZ), Italy (“ADDITIVE”). To ensure the secure delivery of the newsletter, ADDITIVE uses the mailing service provider “Sinch Mailjet,” Paris, France. Through these services and systems, your data is processed and stored, at least in part, outside the EU or the EEA. The appropriate level of data protection is ensured by the data processing agreement that has been concluded.

• We use the chatlyn service provided by chatlyn GmbH, Renngasse 4 / R4-4, 1010 Vienna (“chatlyn”) to send and receive messages via our various communication channels, including WhatsApp [, ...]. The data is stored by chatlyn on servers in Germany on our behalf.
   
• You can contact us on our website via the chatlyn web widget (“WebChat”) and ask questions. This is provided by chatlyn GmbH, Renngasse 4 / R4-4, 1010 Vienna, Austria (“chatlyn”). When you visit the website, the chat widget is loaded as a JavaScript file.
   
• When you use the chatlyn WebChat on our website, the following personal data is processed:
   
• Date and time of the visit
• Browser type, browser version, and browser language
• Your IP address
• Session ID
• Operating system used
• URL of the website where WebChat is used
• Content you send
  
  Depending on the course of the conversation in our WebChat, additional personal data may be processed if you provide it. The nature of this data depends on your inquiry or the issue you describe to us. Data is only transmitted once you actually start a conversation.
  
  The data is processed for the purpose of communicating with you and handling and responding to your inquiry.
  
  The legal basis for the processing of your personal data is our legitimate interest in communicating with you and responding to inquiries pursuant to Article 6(1)(f) of the GDPR.
  
  We store the data we process in the course of communicating with you for as long as it is necessary to handle the conversation with you or until the termination of a potential business relationship with you. In addition, we retain personal data for as long as statutory retention obligations apply or until any deadlines for asserting legal claims for which the data might be required have expired.
  
  Your personal data is not transferred to third countries; the data is stored on servers in Germany by chatlyn on our behalf.
  
  To provide the WebChat, the following cookies are stored on your device:
  
  Name: cw_conversation, cw_snooze_campaigns_till
  Content: Randomly generated session ID, UNIX timestamp
  Purpose: Enables a conversation to continue across multiple page views; prevents widget pop-up notifications from being displayed repeatedly
  Storage duration: 1 year, 1 hour
  
  These cookies are technically necessary to provide the WebChat. They are not used for tracking, and other websites do not have access to them.
  
  You can contact us in various ways. You can reach us via WhatsApp, Telegram, Facebook Messenger,... (“communication channels”). To send and receive messages through our various communication channels, we use the chatlyn service provided by chatlyn GmbH, Renngasse 4 / R4-4, 1010 Vienna (“chatlyn”).
  
  When communicating with us via our communication channels, personal data may be processed if you provide it. The nature of this data depends on your inquiry or the issue you describe to us.
  
  The data is processed for the purpose of communicating with you and handling and responding to your inquiry.
  
  The legal basis for processing your personal data is our legitimate interest in communicating with you and responding to inquiries pursuant to Article 6(1)(f) of the GDPR, or the necessity of processing to fulfill a contract concluded with you or to take pre-contractual measures at your request pursuant to Article 6(1)(b) of the GDPR.
  
  We store the data we process in the course of communicating with you for as long as it is necessary to handle the conversation with you or until the termination of a potential business relationship with you. In addition, we retain personal data for as long as statutory retention obligations apply or until any time limits for asserting legal claims for which the data might be required have expired.
  
  We do not transfer your personal data to third countries; the data is stored on servers in Germany by chatlyn on our behalf, and we have entered into a data processing agreement with chatlyn.
  
  You can contact us in various ways. You can contact us on our website via the chatlyn web widget (“WebChat”) or on WhatsApp, Telegram, Facebook Messenger,... (“communication channels”). For sending and receiving messages via our various communication channels, including the provision of WebChat, we use the chatlyn service provided by chatlyn GmbH, Renngasse 4 / R4-4, 1010 Vienna (“chatlyn”).
  
  When using the chatlyn WebChat on our website, the following personal data is processed, although data is only transmitted once you actually start a conversation:
  
  Name: cw_conversion, cw_snooze_campagins_till
  Content: Randomly generated session ID, UNIX timestamp
  Purpose: Enables the continuation of a conversation across multiple page views; prevents widget pop-up notifications from being displayed repeatedly
  Retention period: 1 year, 1 hour
  
  These cookies are technically necessary to provide the WebChat. They are not used for tracking, and other websites do not have access to them.

• We use the services and content of the social networks Facebook and Instagram, which are provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Data processing by Facebook and Instagram

• When visiting our pages on Facebook or Instagram or when integrating content from these platforms (e.g. social media plugins, videos, posts), personal data may be processed. This includes

  Information about your visit to our website (e.g. IP address, date and time)
  If you are logged into your Facebook or Instagram account during your visit, the platforms can assign the visit to our pages to your user account.
  The processing is carried out by Meta Platforms. We have no influence on the type and scope of data processing by Meta. Further information can be found in Meta's privacy policy: https://www.facebook.com/privacy/explanation

Data transfer to the USA in accordance with the EU-US Data Privacy Framework

• Meta Platforms, Inc. is certified under the EU-US Data Privacy Framework. This ensures that an adequate level of data protection is guaranteed when personal data is transferred from the EU to the USA. Further information about the EU-US Data Privacy Framework can be found here: 
  https://www.dataprivacyframework.gov

Shared responsibility (Page Insights)

• For our Facebook page and Instagram page, we have concluded a joint responsibility agreement with Meta in accordance with Art. 26 GDPR. This regulates which data protection obligations we and Meta have, in particular with regard to the processing of Insights data:

  Meta assumes primary responsibility for the processing of Insights data and informs users of their rights.

  Further details on Page Insights can be found here: https://www.facebook.com/legal/terms/page_controller_addendum

Legal basis

• The use is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR to present our content and services on social media platforms. If consent is required (e.g. by clicking on embedded content), the processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR.

Rights of objection and cancellation

• You can object to the processing of your data at any time. You can make settings for processing by Meta in your Facebook or Instagram account:

  Facebook: https://www.facebook.com/settings

  Instagram: https://www.instagram.com/accounts/privacy_and_security/

• We use the Google Maps service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. With Google Maps, we can display interactive maps and enable convenient use of the map function on our website.

Data processing by Google Maps

• When using Google Maps, personal data may be processed, including:

  • IP address
  • Location data (if activated by the user)
  • Information about your usage behaviour

  This data is usually transferred to Google servers in the USA and stored there. Google may combine this information with other data that Google has stored about you (e.g. through your Google account).
   

Consent via consent management tool

• The integration of Google Maps on our website only takes place if you have given your express consent via our consent management tool (e.g. cookie banner) in accordance with Art. 6 para. 1 lit. a GDPR. Only after your consent will the content of Google Maps be loaded and data transmitted to Google.

  You can withdraw your consent at any time by adjusting the settings in the consent management tool. Without your consent, Google Maps will not be loaded and no data will be transferred to Google.

Data transfer to the USA in accordance with the EU-US Data Privacy Framework

• Google LLC, the parent company of Google Ireland Limited, is certified under the EU-US Data Privacy Framework. This certification ensures an adequate level of data protection when transferring personal data from the EU to the USA. Further information can be found here: https://www.dataprivacyframework.gov.

Legal basis for the processing

• Your data will be processed exclusively on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR.

Rights of objection and cancellation

• You can prevent Google from processing your data by deactivating JavaScript in your browser. In this case, however, no maps can be displayed.

Further information

• Details on data protection at Google can be found here:
  • Privacy policy of Google: https://policies.google.com/privacy
  • Settings for data processing: https://myaccount.google.com/

• We use the web analysis service Google Analytics, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We use Google Analytics to analyse user behaviour on our website in order to optimise our content and improve user-friendliness.

Data processing by Google Analytics

• Google Analytics uses cookies and similar technologies to collect usage data. This data includes:

  • Pages visited, length of stay and interactions (e.g. clicks, scrolling behaviour)
  • Technical information such as device type, browser and operating system
  • Approximate location data (e.g. country or region)

  The data collected by Google Analytics is processed anonymously by shortening your IP address. This means that it is not possible to identify you personally.

Consent via Cookiebot

• Google Analytics is only used if you have given your express consent via our cookie banner (Cookiebot) in accordance with Art. 6 para. 1 lit. a GDPR. Cookiebot enables you to:

  • Agree or decline the use of Google Analytics
  • Revoke or adjust your consent at any time

  No data will be collected or processed by Google Analytics without your consent.

Data transfer to the USA in accordance with the EU-US Data Privacy Framework

• Google LLC, the parent company of Google Ireland Limited, is certified under the EU-US Data Privacy Framework (DPF). This certification guarantees an adequate level of data protection for the transfer of personal data from the EU to the USA. Further information can be found here: https://www.dataprivacyframework.gov.

Storage duration and data security

• Storage duration: The data is stored for 14 months as standard and then automatically deleted.
• Anonymisation: Google Analytics anonymises the IP address before data is stored or processed.

Rights of cancellation and objection

• You can object to the processing of your data by Google Analytics at any time or revoke your consent by clicking on the following link:
  • Customise the cookie settings on our website via Cookiebot
  • Install a browser add-on to deactivate Google Analytics: 
    https://tools.google.com/dlpage/gaoptout?hl=de 

Further information

• Details on data processing by Google Analytics can be found in Google's privacy policy: https://policies.google.com/privacy and in the Google Analytics terms of use: https://marketingplatform.google.com/about/analytics/terms/de/.

• We use the analysis service etracker, which is provided by etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany, to analyse and continuously improve usage behaviour on our website.

Data processing by etracker

• etracker uses technologies that make it possible to analyse user behaviour in anonymised or pseudonymised form, including:

  • Collection and storage of data such as pages visited, dwell time and click behaviour
  • Use of cookies or pixels for data collection

  The processing takes place completely without the use of personal data such as IP addresses. All data is either anonymised or pseudonymised and cannot be assigned to a specific person.

Legal basis for the processing

• The use of etracker is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR to analyse and optimise the user-friendliness of our website. If consent is required (e.g. for the use of cookies), the processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR.

Waiver of data transfer to third parties

• The data is processed exclusively on servers in Germany and is therefore subject to the strict data protection standards of the European Union. Data is not transferred to third countries.

Storage period

• The stored data is deleted as soon as it is no longer required for the purposes of the analysis or you withdraw your consent.

Right to object

• You can object to the collection and storage of data by etracker at any time. To do so, click on the following link to set an opt-out cookie: https://www.etracker.de/privacy/ .

Further information

• Details on data protection at etracker can be found in etracker's privacy policy: https://www.etracker.de/datenschutz/ .

• We use the services of Amazon Web Services (AWS), provided by Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg, to operate our website, applications and IT infrastructure securely and efficiently.

Data processing by AWS

• AWS provides us with server and cloud services that we use to store and process data. As part of this use, personal data may be processed, including:
  • Master data (e.g. name, e-mail address)
  • Technical data (e.g. IP address, browser information, log data)
  • Data that you enter in our applications or provide as part of services
• The processing is carried out exclusively in accordance with our instructions and within the framework of an order processing contract in accordance with Art. 28 GDPR.

Data transfer to the USA in accordance with the EU-US Data Privacy Framework

• AWS is part of Amazon.com, Inc., which is certified under the EU-US Data Privacy Framework (DPF). This certification ensures an adequate level of data protection when transferring personal data from the EU to the USA. Further information on this certification can be found here: https://www.dataprivacyframework.gov.

Legal basis for the processing

• The processing of your data by AWS is based on:
  • Our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to make our IT infrastructure secure, efficient and scalable
  • Or for the fulfilment of a contract pursuant to Art. 6 para. 1 lit. b GDPR, insofar as the processing is necessary for the provision of our services

Data security

• AWS offers a high level of security through:
   
  • Data encryption during transmission and storage
  • Strict access controls
  • Certifications such as ISO 27001, SOC 2 and PCI DSS
     
• Further information on security at AWS can be found here: https://aws.amazon.com/de/security/.

Storage duration

• The data stored on AWS servers will only remain there for as long as is necessary to fulfil the respective purposes or to comply with statutory retention obligations.

Your rights

• You have the right to obtain information about the personal data processed by us and to request the rectification, erasure or restriction of processing. Please contact our data protection officer for this purpose.

Further information

• Details on data protection at AWS can be found in the AWS privacy policy: https://aws.amazon.com/privacy/.

• to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;

  in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us

  in accordance with Art. 17 GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims

  in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;

  in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller

  in accordance with Art. 7 para. 3 GDPR, to revoke your consent to us at any time. The consequence of this is that we may no longer continue the data processing that was based on this consent in the future and

  to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.

• If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation.

  If you would like to exercise your right of cancellation or objection, simply send an email to info@gasthaus-kampenwand.de.

• If the processing of your data is based on consent given to us, you can withdraw this consent at any time. Such a cancellation affects the permissibility of processing your personal data after you have given it to us.

  If you wish to exercise your right of cancellation, simply send an e-mail to info@gasthaus-kampenwand.de

• We use the widespread SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser when you visit our website. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can recognise whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.

  We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

• This privacy policy is currently valid. The status is 28/11/2024

  It may become necessary to amend this privacy policy as a result of the further development of our website and services or due to changes in legal or official requirements. You can access and print out the current privacy policy at any time on the website at https://www.agrad-chalets.de/datenschutz.