• This data protection information applies to data processing by:

  Controller: Gastronomiebetriebe Kampenwand GmbH, Bernauer Str. 1, 83229 Aschau im Chiemgau; info@gasthaus-kampenwand.de

When visiting the website

• When you simply visit our website www.agrad-chalets.de, the browser you are using automatically sends information to the server of our website, i.e. without any action on your part. This information is temporarily stored in a log file. The following information is collected without any action on your part and stored until it is automatically deleted

  IP address of the requesting computer, date and time of access, name and URL of the retrieved file, website from which the access is made (referrer URL), content of the request, browser used and, if applicable, the operating system of your computer and the name of your access provider, language and version of the browser software, time zone difference to Greenwich Mean Time (GMT).

  The aforementioned data is processed by us to technically enable the website to be viewed and to ensure its stability and security.

  The IP addresses are anonymised and stored in the log files. By deleting several last digits of the IP addresses, there is no longer any personal reference.

  The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the purposes for data collection listed above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person.

  According to Art. 6 para. 1 lit. c), Art. 32 GDPR, we are obliged to ensure data security and also base data processing on this aspect.

  Insofar as the sole purpose of storing information in the end user's terminal equipment (e.g. a cookie on the end user's computer) or the sole purpose of accessing information already stored in the end user's terminal equipment and access is absolutely necessary so that we can provide the telemedia service expressly requested by the user (e.g. our website/shop), Section 25 (2) TDDDG is the legal basis.

When using our contact form

• For questions of any kind, we offer you the opportunity to contact us via a form provided on the website. It is necessary to provide a valid e-mail address and your name so that we know who sent the enquiry and can answer it. Further information can be provided voluntarily.

  Data processing for the purpose of making initial contact with us is carried out in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR on the basis of our legitimate economic interest in enabling new customers to contact us in an uncomplicated manner. Furthermore, contacting us enables our customers and us to carry out pre-contractual measures and fulfil the contract in accordance with Art. 6 Para. 1 S. 1 lit. b) GDPR. In addition, the processing of data from the contact form may be based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, insofar as this is obtained.

  The personal data collected by us for the use of the contact form will be automatically deleted after your enquiry has been dealt with.

Use of our web shop and bookings

• If you wish to place an order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we require for the processing of your order. Mandatory information required for the processing of contracts is marked separately, other information is voluntary. We process the data you provide to fulfil your order. For this purpose, we may forward your payment data to our bank. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b GDPR.

  You can voluntarily create a customer account, which allows us to save your data for future purchases. When you create an account under ‘My account’, the data you provide will be stored on a revocable basis. You can delete all other data, including your user account, at any time in the customer area.

  We may also process the data you provide in order to inform you about other interesting products from our portfolio or to send you e-mails with technical information.

  Due to commercial and tax law requirements, we are obliged to store your address, payment and order data for a period of ten years. However, we restrict processing after three years, i.e. your data will only be used to comply with legal obligations.

  To prevent unauthorised access by third parties to your personal data, in particular financial data, the order process is encrypted using TLS technology.

Contact us by e-mail, telephone or fax

• If you contact us by e-mail, telephone or fax, your enquiry including all personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

  This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 para. 1 lit. a GDPR) and/or on our legitimate interests (Art. 6 para. 1 lit. f GDPR), as we have a legitimate interest in the effective processing of the enquiries addressed to us.

  The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

• Our website uses cookies. The use of cookies serves to make our offer more pleasant and, if necessary, to identify you for subsequent visits.

  You can find detailed general information on cookies at https://de.wikipedia.org/wiki/HTTP-Cookie

  Cookies are small text files that are stored on your hard drive and assigned to your browser. They provide information to the storage location. Cookies cannot execute programmes or transfer viruses to your computer. They serve to make the Intel website more user-friendly and effective overall.

  There are two different types of cookies, namely transient cookies and persistent cookies. These cookies differ firstly in the way they can be deleted and secondly in their function:

  Persistent cookies are automatically deleted after a specified period of time, how long depends on the cookie. You can delete persistent cookies at any time in the security settings of your browser.

  Transient cookies are automatically deleted when you close your browser. These include session cookies in particular. These store a so-called session ID, with which various requests from your browser can be assigned to the shared session. This allows your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.

  We recommend that you regularly delete your cookies and browser history manually to make it more difficult to monitor and track your page views.

  You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. However, you may not be able to use all the functions of this website.

  Cookies are generally stored on the legal basis of Art. 6 para. 1 sentence 1 lit. a GDPR, i.e. only with your consent. This consent to the storage of information on your end device is also required in accordance with Section 25 (1) TDDDG.

  The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR, whereby our legitimate interest arises from the purposes mentioned. In the context of contract fulfilment (shop), we can rely on Art. 6 para. 1 sentence 1 lit. b GDPR. Furthermore, storage in accordance with Section 25 (2) TDDDG is also possible if we can only provide our service under this condition.

  We use a consent manager to obtain consent. This records all cookies and plugins used.

  Our website uses Cookiebot, a service provided by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark, to obtain your consent to the storage of certain cookies on your end device and to document this in accordance with data protection regulations. Cookiebot enables us to create transparency about the cookies used on our website and to give you the opportunity to decide specifically about their use

Data processing by Cookiebot 

• Cookiebot collects the following data:

  • Your IP address (in anonymised form),
  • Date and time of your consent,
  • information about your browser and operating system
  • the URL from which the access was made
  • an anonymous, randomised and encrypted key number that documents your consent,
  • your consent status.
  • This data is required to prove the legally required consent and to be able to offer you your settings again on a subsequent visit. 

  The use of Cookiebot is based on Art. 6 para. 1 lit. c GDPR (fulfilment of a legal obligation), as we are legally obliged to document your consent. In addition, the use serves legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR in order to improve the user-friendliness of our website.

  Storage period The data collected by Cookiebot is stored until you ask us to delete it, delete the Cookiebot cookie yourself or the purpose for data storage no longer applies. Statutory retention obligations remain unaffected.

  Cookiebot stores the data exclusively within the European Union and does not pass it on to third parties. Further information on data protection at Cookiebot can be found in Cookiebot's privacy policy: https://www.cookiebot.com/de/privacy-policy/. 

• Your personal data will not be transferred to third parties for purposes other than those listed below.

  We only pass on your personal data to third parties if:

  • you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
  • the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defence of our legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
  • in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
  • this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR; this applies in particular to the transfer of data to mail order service providers, such as carriers, freight forwarders and postal and parcel service providers
  • To process payments, we pass on the necessary payment data to the credit institution commissioned with the payment and, if applicable, to the payment service provider commissioned by us or to the payment service selected by you in the ordering process. This is done to fulfil contractual obligations in accordance with Art. 6 para. 1 lit. b) GDPR if you select the corresponding payment method. 

• We use the services of incert eTourismus GmbH & Co KG, Leonfeldner Straße 328, 4040 Linz, Austria, to provide our voucher and ticket system on our website.

Data processing by incert

• When using the incert system, the following personal data is processed:

  • Information that you enter during the order process (e.g. name, e-mail address, billing data)
  • Technical data, such as IP address and browser information

  This data is required to process your orders, provide vouchers or tickets and handle the payment process.

Integration via consent management tool

• The integration of incert services on our website takes place via a Consent-Management-Tool. This means that data is only transferred to incert if you have expressly given your consent in accordance with Art. 6 para. 1 lit. a GDPR.

Legal basis for the processing

• The data is processed on the basis of your consent (Art. 6 para. 1 lit. a GDPR) and to fulfil the contract in accordance with Art. 6 para. 1 lit. b GDPR if you purchase a voucher or ticket.

Data transfer to third parties

• Your data may be forwarded to payment service providers (e.g. PayPal, Stripe) for payment processing. You can find the corresponding data protection provisions of these service providers on their websites.

Storage duration

• The data provided by you in the context of voucher or ticket processing will only be stored for as long as is necessary for the fulfilment of the purpose or as long as statutory retention periods exist.

Rights of objection and cancellation

• The data provided by you in the context of voucher or ticket processing will only be stored for as long as is necessary to fulfil the purpose or as required by statutory retention periods.

Further information

• Further information on data protection at incert can be found at: https://www.incert.at/datenschutz/ 

• We use CASABLANCA hotel software, developed by CASABLANCA Hotelsoftware GmbH, Öde 32, 6491 Schönwies, Austria, to manage our hotel operations. This software supports us in the management of reservations, guest data and other operational processes.

Data processing by CASABLANCA hotel software

• As part of the use of the CASABLANCA hotel software, personal data of our guests is processed, including

  • Master data: Name, address, contact details (e.g. e-mail address, telephone number)
  • Booking data: Arrival and departure dates, room category, booked services
  • Payment information: Invoice data, payment method

  This data is processed exclusively for the purpose of processing your stay and for the fulfilment of our contractual obligations.

Order processing in accordance with Art. 28 GDPR

• We have concluded an order processing contract with CASABLANCA Hotelsoftware GmbH in accordance with Art. 28 GDPR. This contract ensures that the processing of your personal data by CASABLANCA Hotelsoftware GmbH on our behalf is carried out in accordance with data protection regulations. 

Data transmission and storage

• Your data is processed on servers within the European Union. Your personal data will not be transferred to third countries.

Legal basis for the processing

• Your data is processed for the fulfilment of the accommodation contract in accordance with Art. 6 para. 1 lit. b GDPR and for the fulfilment of legal obligations in accordance with Art. 6 para. 1 lit. c GDPR.

Storage duration

• Your personal data will be stored for the duration of the statutory retention periods. After these periods have expired, the data will be deleted, provided there are no further statutory retention obligations.

Your rights

• You have the right to information about the personal data processed by us as well as the right to rectification, erasure, restriction of processing and data portability. You also have the right to object to the processing. 

Further information

• Details on data protection at CASABLANCA Hotelsoftware GmbH can be found at: https://www.casablanca.at/datenschutzerklaerung/.

• You can subscribe to our newsletter, with which we inform you about our current interesting offers, by giving your consent. The advertised goods and services are named in the declaration of consent.

  We use the so-called double opt-in procedure to subscribe to our newsletter. This means that after you have registered, we will send you an e-mail to the e-mail address provided, in which we ask you to confirm that you are the owner of the e-mail address provided and that you wish to receive the notifications. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store the IP addresses you use and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

  The only mandatory information for sending the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and is used to be able to address you personally. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.

  You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare your cancellation by clicking on the link provided in every newsletter email or by sending an email to info@ebrom.de or by sending a message to the contact details given in the legal notice.

Use of Mailchimp

• We use the ‘Mailchimp’ service, which is provided by Intuit Inc., 2700 Coast Avenue, Mountain View, CA 94043, USA, to send newsletters.

Data processing by Mailchimp

• Mailchimp enables us to send newsletters and analyse their success. When you register for our newsletter, the following personal data is processed:

  • Your e-mail address (mandatory)
  • Optional: Your name and other voluntarily provided information

  Mailchimp uses this data to send and analyse our newsletters. The analyses include, for example

  • Whether the newsletter was opened
  • Which links in the newsletter were clicked on
  • Device and browser information
• The data is stored on the Intuit/Mailchimp servers in the USA.

Data transfer to the USA in accordance with the EU-US Data Privacy Framework

• Intuit, the parent company of Mailchimp, is certified under the EU-US Data Privacy Framework (DPF). This certification ensures an adequate level of data protection for the transfer of personal data from the EU to the USA. Further information about the EU-US Data Privacy Framework can be found here:
   https://www.dataprivacyframework.gov.

Legal basis for the processing

• Your data will be processed on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time by using the unsubscribe link in the newsletter.

Storage duration

• The data stored by us for the purpose of subscribing to the newsletter will be stored for as long as you have subscribed to the newsletter. After cancellation, your data will be deleted both from our servers and from the Mailchimp servers.

Further information

• Details on data protection at Mailchimp can be found at: https://mailchimp.com/legal/privacy/

• Neben unserer Website betreiben wir im Bereich <a href="https://www.additive.eu/hotelmarketing-software-automation/online-marketing-hotel.html" target="_blank">Online Hotel Marketing</a> zusätzlich optimierte Verkaufs-Landingpages. Zur Bearbeitung Ihrer Anfrage, Buchung, Bestellung, Aktivierung, Anmeldung oder sonstigen Übermittlung eines Formulars auf einer solchen Landingpage sowie zur Speicherung und Aufbewahrung Ihrer Daten nutzen wir gängige Cloud-Dienste und CRM-Systeme sowie Software von ADDITIVE GmbH, 39011 Lana (BZ), Italien („ADDITIVE“), unserer betreuenden <a href="https://www.additive.eu" target="_blank">Hotel Marketing Agentur</a>. Das angemessene Datenschutzniveau ergibt sich dabei aus den abgeschlossenen Auftragsverarbeitungsvereinbarungen mit den jeweiligen Unternehmen.
  
  Unsere Landingpages verwenden Funktionen des Webanalysedienstes Google Analytics der Google Inc. („Google“). Google Analytics ermöglicht die Analyse der Benutzung der Website durch ihre Benutzer. Die dadurch erzeugten Informationen über Ihr Nutzerverhalten werden auf den Server des Anbieters übertragen und dort gespeichert.
   
• Ihre IP-Adresse wird erfasst, aber umgehend (z.B. durch Löschung der letzten 8 Bit) anonymisiert. Dadurch ist nur mehr eine grobe Lokalisierung möglich.
   
• Sie können die Übertragung der auf Ihre Nutzung des Onlineangebotes bezogenen Daten an Google sowie die Verarbeitung dieser Daten durch Google verhindern, indem Sie das unter dem folgenden Link verfügbare Browser-Plugin herunterladen und installieren:

https://chrome.google.com/webstore/detail/google-analytics-opt-out/fllaojicojecljbmefodhfapmkghcbnh

ADDITIVE hat Einblick in die mittels Google Analytics erhobenen Daten. Diese Daten werden nicht für andere Zwecke als der Analyse der Benutzung unserer Websites sowie der Auswertung unserer Marketing- und Vertriebsmaßnahmen genutzt.

Unsere Websites und Landingpages verwenden weiters Funktionen von ADDITIVE zur kanalübergreifenden Erfassung der Nutzung unserer Websites sowie Marketing- und Vertriebsmaßnahmen wie bspw. Landingpages, Newsletter und Social-Media-Präsenzen. Dabei werden Informationen zu Ihren Besuchen und abgeschickten Formularen auf unseren Websites auch an ADDITIVE übertragen, um unsere Marketing- und Vertriebsmaßnahmen auszuwerten und zu optimieren.

Die Datenverarbeitung erfolgt auf Basis der gesetzlichen Bestimmungen des Art 6 Abs 1 lit f (berechtigtes Interesse) der DSGVO.

Unser Anliegen im Sinne der DSGVO (berechtigtes Interesse) ist die Verbesserung unseres Angebots und unseres Webauftritts durch Analyse der Benutzung unserer Website sowie Vertriebs- und Marketingmaßnahmen.

Zudem verwenden unsere Landingpages sowie unsere Website Remarketing-Funktionen der Google Inc. („Google“) sowie der Meta Platforms Inc. („Meta“). Dabei wird an Meta und Google übermittelt, dass Sie diese Website besucht haben. Diese Funktionen dienen dazu, Besuchern der Landingpages interessenbezogene Werbeanzeigen im Werbenetzwerk von Google oder im Sozialen Netzwerk Facebook sowie Instagram zu präsentieren.

Die Datenverarbeitung im Zusammenhang mit diesen Remarketing-Funktionen erfolgt auf Basis der gesetzlichen Bestimmungen des Art 6 Abs 1 lit a (Einwilligung) der DSGVO.

Sie werden mittels eines Banners beim Besuch unserer Landingpages auf die Verwendung von Cookies für diese Remarketing-Funktionen hingewiesen. Erst durch einen bestätigenden Klick auf den entsprechenden Button stimmen Sie der Verwendung zu. Sie können jederzeit der Einwilligung widersprechen, indem Sie auf der jeweiligen Landingpage die Seite mit den Cookie-Informationen aufrufen und im erscheinenden Banner die Cookie-Verwendung ablehnen.

• Sie haben die Möglichkeit, über unsere Website unseren Newsletter zu abonnieren. Hierfür benötigen wir Ihre E-Mail-Adresse und Ihre Erklärung, dass Sie mit dem Bezug des <a href="https://www.additive.eu/hotelmarketing-software-automation/newsletter-marketing-hotel.html" target="_blank">Hotel Newsletter</a> über ADDITIVE GmbH, unseren Anbieter im Bereich <a href="https://www.additive.eu/hotelmarketing-software-automation/newsletter-marketing-hotel.html" target="_blank">E-Mail Marketing Hotel</a> einverstanden sind. 
   
• Um Sie zielgerichtet mit Informationen zu versorgen, erheben und verarbeiten wir mit unserem <a href="https://www.additive.eu/hotelmarketing-software-automation/hotel-newsletter-software.html" target="_blank">Newsletter System</a> außerdem freiwillig gemachte Angaben zu Interessengebieten, Name, Geburtstag und Herkunftsregion/-land.
  
  Sobald Sie sich für den Newsletter angemeldet haben, senden wir Ihnen ein Bestätigungs-E-Mail mit einem Link zur Bestätigung der Anmeldung.
  
  Das Abo des Newsletters können Sie jederzeit über den Abmelde-Link im jeweiligen Newsletter stornieren.
  
  Zur Verarbeitung Ihres Abos, zur Zustellung des Newsletters an Ihre E-Mail-Adresse sowie zur Ermittlung von Öffnungen und Klicks nutzen wir Software von ADDITIVE GmbH, 39011 Lana (BZ), Italien („ADDITIVE“). Zur Abwicklung der sicheren Zustellung des Newsletters greift ADDITIVE auf den Versanddienstleister “Sinch Mailjet”, Paris, Frankreich zurück. Mittels dieser Dienste und Systeme werden Ihre Daten zumindest zum Teil auch außerhalb der EU bzw. des EWR verarbeitet und gespeichert. Das angemessene Datenschutzniveau ergibt sich aus der abgeschlossenen Auftragsverarbeitungsvereinbarung.

• We use the services and content of the social networks Facebook and Instagram, which are provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Data processing by Facebook and Instagram

• When visiting our pages on Facebook or Instagram or when integrating content from these platforms (e.g. social media plugins, videos, posts), personal data may be processed. This includes

  Information about your visit to our website (e.g. IP address, date and time)
  If you are logged into your Facebook or Instagram account during your visit, the platforms can assign the visit to our pages to your user account.
  The processing is carried out by Meta Platforms. We have no influence on the type and scope of data processing by Meta. Further information can be found in Meta's privacy policy: https://www.facebook.com/privacy/explanation

Data transfer to the USA in accordance with the EU-US Data Privacy Framework

• Meta Platforms, Inc. is certified under the EU-US Data Privacy Framework. This ensures that an adequate level of data protection is guaranteed when personal data is transferred from the EU to the USA. Further information about the EU-US Data Privacy Framework can be found here: 
  https://www.dataprivacyframework.gov

Shared responsibility (Page Insights)

• For our Facebook page and Instagram page, we have concluded a joint responsibility agreement with Meta in accordance with Art. 26 GDPR. This regulates which data protection obligations we and Meta have, in particular with regard to the processing of Insights data:

  Meta assumes primary responsibility for the processing of Insights data and informs users of their rights.

  Further details on Page Insights can be found here: https://www.facebook.com/legal/terms/page_controller_addendum

Legal basis

• The use is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR to present our content and services on social media platforms. If consent is required (e.g. by clicking on embedded content), the processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR.

Rights of objection and cancellation

• You can object to the processing of your data at any time. You can make settings for processing by Meta in your Facebook or Instagram account:

  Facebook: https://www.facebook.com/settings

  Instagram: https://www.instagram.com/accounts/privacy_and_security/

• We use the Google Maps service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. With Google Maps, we can display interactive maps and enable convenient use of the map function on our website.

Data processing by Google Maps

• When using Google Maps, personal data may be processed, including:

  • IP address
  • Location data (if activated by the user)
  • Information about your usage behaviour

  This data is usually transferred to Google servers in the USA and stored there. Google may combine this information with other data that Google has stored about you (e.g. through your Google account).
   

Consent via consent management tool

• The integration of Google Maps on our website only takes place if you have given your express consent via our consent management tool (e.g. cookie banner) in accordance with Art. 6 para. 1 lit. a GDPR. Only after your consent will the content of Google Maps be loaded and data transmitted to Google.

  You can withdraw your consent at any time by adjusting the settings in the consent management tool. Without your consent, Google Maps will not be loaded and no data will be transferred to Google.

Data transfer to the USA in accordance with the EU-US Data Privacy Framework

• Google LLC, the parent company of Google Ireland Limited, is certified under the EU-US Data Privacy Framework. This certification ensures an adequate level of data protection when transferring personal data from the EU to the USA. Further information can be found here: https://www.dataprivacyframework.gov.

Legal basis for the processing

• Your data will be processed exclusively on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR.

Rights of objection and cancellation

• You can prevent Google from processing your data by deactivating JavaScript in your browser. In this case, however, no maps can be displayed.

Further information

• Details on data protection at Google can be found here:
  • Privacy policy of Google: https://policies.google.com/privacy
  • Settings for data processing: https://myaccount.google.com/

• We use the web analysis service Google Analytics, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We use Google Analytics to analyse user behaviour on our website in order to optimise our content and improve user-friendliness.

Data processing by Google Analytics

• Google Analytics uses cookies and similar technologies to collect usage data. This data includes:

  • Pages visited, length of stay and interactions (e.g. clicks, scrolling behaviour)
  • Technical information such as device type, browser and operating system
  • Approximate location data (e.g. country or region)

  The data collected by Google Analytics is processed anonymously by shortening your IP address. This means that it is not possible to identify you personally.

Consent via Cookiebot

• Google Analytics is only used if you have given your express consent via our cookie banner (Cookiebot) in accordance with Art. 6 para. 1 lit. a GDPR. Cookiebot enables you to:

  • Agree or decline the use of Google Analytics
  • Revoke or adjust your consent at any time

  No data will be collected or processed by Google Analytics without your consent.

Data transfer to the USA in accordance with the EU-US Data Privacy Framework

• Google LLC, the parent company of Google Ireland Limited, is certified under the EU-US Data Privacy Framework (DPF). This certification guarantees an adequate level of data protection for the transfer of personal data from the EU to the USA. Further information can be found here: https://www.dataprivacyframework.gov.

Storage duration and data security

• Storage duration: The data is stored for 14 months as standard and then automatically deleted.
• Anonymisation: Google Analytics anonymises the IP address before data is stored or processed.

Rights of cancellation and objection

• You can object to the processing of your data by Google Analytics at any time or revoke your consent by clicking on the following link:
  • Customise the cookie settings on our website via Cookiebot
  • Install a browser add-on to deactivate Google Analytics: 
    https://tools.google.com/dlpage/gaoptout?hl=de 

Further information

• Details on data processing by Google Analytics can be found in Google's privacy policy: https://policies.google.com/privacy and in the Google Analytics terms of use: https://marketingplatform.google.com/about/analytics/terms/de/.

• We use the analysis service etracker, which is provided by etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany, to analyse and continuously improve usage behaviour on our website.

Data processing by etracker

• etracker uses technologies that make it possible to analyse user behaviour in anonymised or pseudonymised form, including:

  • Collection and storage of data such as pages visited, dwell time and click behaviour
  • Use of cookies or pixels for data collection

  The processing takes place completely without the use of personal data such as IP addresses. All data is either anonymised or pseudonymised and cannot be assigned to a specific person.

Legal basis for the processing

• The use of etracker is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR to analyse and optimise the user-friendliness of our website. If consent is required (e.g. for the use of cookies), the processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR.

Waiver of data transfer to third parties

• The data is processed exclusively on servers in Germany and is therefore subject to the strict data protection standards of the European Union. Data is not transferred to third countries.

Storage period

• The stored data is deleted as soon as it is no longer required for the purposes of the analysis or you withdraw your consent.

Right to object

• You can object to the collection and storage of data by etracker at any time. To do so, click on the following link to set an opt-out cookie: https://www.etracker.de/privacy/ .

Further information

• Details on data protection at etracker can be found in etracker's privacy policy: https://www.etracker.de/datenschutz/ .

• We use the services of Amazon Web Services (AWS), provided by Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg, to operate our website, applications and IT infrastructure securely and efficiently.

Data processing by AWS

• AWS provides us with server and cloud services that we use to store and process data. As part of this use, personal data may be processed, including:
  • Master data (e.g. name, e-mail address)
  • Technical data (e.g. IP address, browser information, log data)
  • Data that you enter in our applications or provide as part of services
• The processing is carried out exclusively in accordance with our instructions and within the framework of an order processing contract in accordance with Art. 28 GDPR.

Data transfer to the USA in accordance with the EU-US Data Privacy Framework

• AWS is part of Amazon.com, Inc., which is certified under the EU-US Data Privacy Framework (DPF). This certification ensures an adequate level of data protection when transferring personal data from the EU to the USA. Further information on this certification can be found here: https://www.dataprivacyframework.gov.

Legal basis for the processing

• The processing of your data by AWS is based on:
  • Our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to make our IT infrastructure secure, efficient and scalable
  • Or for the fulfilment of a contract pursuant to Art. 6 para. 1 lit. b GDPR, insofar as the processing is necessary for the provision of our services

Data security

• AWS offers a high level of security through:
   
  • Data encryption during transmission and storage
  • Strict access controls
  • Certifications such as ISO 27001, SOC 2 and PCI DSS
     
• Further information on security at AWS can be found here: https://aws.amazon.com/de/security/.

Storage duration

• The data stored on AWS servers will only remain there for as long as is necessary to fulfil the respective purposes or to comply with statutory retention obligations.

Your rights

• You have the right to obtain information about the personal data processed by us and to request the rectification, erasure or restriction of processing. Please contact our data protection officer for this purpose.

Further information

• Details on data protection at AWS can be found in the AWS privacy policy: https://aws.amazon.com/privacy/.

• to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;

  in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us

  in accordance with Art. 17 GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims

  in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;

  in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller

  in accordance with Art. 7 para. 3 GDPR, to revoke your consent to us at any time. The consequence of this is that we may no longer continue the data processing that was based on this consent in the future and

  to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.

• If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation.

  If you would like to exercise your right of cancellation or objection, simply send an email to info@gasthaus-kampenwand.de.

• If the processing of your data is based on consent given to us, you can withdraw this consent at any time. Such a cancellation affects the permissibility of processing your personal data after you have given it to us.

  If you wish to exercise your right of cancellation, simply send an e-mail to info@gasthaus-kampenwand.de

• We use the widespread SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser when you visit our website. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can recognise whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.

  We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

• This privacy policy is currently valid. The status is 28/11/2024

  It may become necessary to amend this privacy policy as a result of the further development of our website and services or due to changes in legal or official requirements. You can access and print out the current privacy policy at any time on the website at https://www.agrad-chalets.de/datenschutz.