Privacy Policy
An overview of data protection
General
The following gives a simple overview of what happens to your personal information when you visit our website. Personal information is any data with which you could be personally identified. Detailed information on the subject of data protection can be found in our privacy policy found below.
Data collection on our website
Who is responsible for the data collection on this website?
The data collected on this website are processed by the website operator. The operator's contact details can be found in the website's required legal notice.
How do we collect your data?
Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form.
Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.
What do we use your data for?
Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.
Analytics and third-party tools
When visiting our website, statistical analyses may be made of your surfing behavior. This happens primarily using cookies and analytics. The analysis of your surfing behavior is usually anonymous, i.e. we will not be able to identify you from this data. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following privacy policy.
You can object to this analysis. We will inform you below about how to exercise your options in this regard.
General information and mandatory information
Data protection
The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this privacy policy.
If you use this website, various pieces of personal data will be collected. Personal information is any data with which you could be personally identified. This privacy policy explains what information we collect and what we use it for. It also explains how and for what purpose this happens.
Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.
Notice concerning the party responsible for this website
The party responsible for processing data on this website is:
Hotel Bergkristall GmbH & Co. KG
Willis 8
87534 Oberstaufen
Deutschland
Telephone: +49 8386 911-0
Email: wellness@bergkristall.de
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).
Data protection officer
Statutory data protection officer
We have appointed a data protection officer for our company.
Marc Sohler
securo
Im Lehen 12/2
88097 Eriskirch
Deutschland
Telephone: +49 75 22 – 90 91 00
Email: sohler@sicherheitsberatung.pro
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar.
If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
Data collection on our website
Cookies
Some of our web pages use cookies. Cookies do not harm your computer and do not contain any viruses. Cookies help make our website more user-friendly, efficient, and secure. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit. Other cookies remain in your device's memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.
You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.
Cookies which are necessary to allow electronic communications or to provide certain functions you wish to use (such as the shopping cart) are stored pursuant to Art. 6 paragraph 1, letter f of DSGVO. The website operator has a legitimate interest in the storage of cookies to ensure an optimized service provided free of technical errors. If other cookies (such as those used to analyze your surfing behavior) are also stored, they will be treated separately in this privacy policy.
Server log files
The website provider automatically collects and stores information that your browser automatically transmits to us in "server log files". These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
These data will not be combined with data from other sources.
The basis for data processing is Art. 6 (1) (f) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
Contact form
Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
vioma VOUCHER – Voucher sales and Voucher management
Our website uses the Software vioma VOUCHER, provided by vioma GmbH ("vioma"), Industriestrasse 27, 77656 Offenburg, Germany for the sale, redemption, and management of online vouchers.
If you purchase an online voucher via our website, we need your e-mail address for processing your voucher purchase and the first and last name of the voucher recipient. We will also ask for your preferred shipping method so we can deliver the voucher according to your wishes. If you choose to send the voucher by e-mail, we process the e-mail address of the recipient. If you choose to send it by post, we process the postal address of the recipient for delivery by post.
In the voucher management system, the remaining value of the voucher, redemptions, and the current status (open, paid, redeemed, etc.) is also recorded.
The processing of your data for the online purchase of vouchers takes place on the basis of Art. 6 para. 1 lit. b GDPR and serves the fulfillment of a contract or the implementation of pre-contractual measures. The processing of your data in the voucher management is based on Art. 6 para. 1 lit. c GDPR and serves the fulfillment of the legal storage obligations.
The data you transmit to us will remain with us until the purpose for storing the data no longer applies (e.g. after processing your request has been completed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.
Execution of a data processing agreement
In order to guarantee processing in compliance with data protection regulations, we have concluded a data processing agreement with vioma.
vioma INTERACTIVE
We use the vioma INTERACTIVE module on our website. The provider is vioma GmbH ("vioma"), Industriestr. 27, 77656 Offenburg. This module allows us to implement special overlays and dialog boxes within our website.
If you attempt to leave the current browser window of our website with your mouse or input device, or if you have spent a predefined amount of time on a section of our website, overlays with content specified by us may appear.
To ensure the protection of your personal data and your device, when using vioma INTERACTIVE, only when you actively interact with the respective overlay is this information stored in your session storage. This prevents the clicked overlay from being displayed again during your website visit. No additional processing of personal data takes place. It is not possible for either us or vioma to draw any conclusions about you as a visitor to our website through the mere use of vioma INTERACTIVE.
Registration on this website
You can register on our website in order to access additional functions offered here. The input data will only be used for the purpose of using the respective site or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration.
To inform you about important changes such as those within the scope of our site or technical changes, we will use the email address specified during registration.
We will process the data provided during registration only based on your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will continue to store the data collected during registration for as long as you remain registered on our website. Statutory retention periods remain unaffected.
Cookie consent
Our website uses the cookie consent technology of vioma GmbH to obtain your consent to the storage of certain cookies in your browser and to document this in accordance with data protection regulations. The provider of this technology is vioma GmbH ("vioma"), Industriestraße 27, 77656 Offenburg, Germany. When you enter our website, a vioma cookie is stored in your browser, in which the consents you have given or the revocation of these consents are stored. This data will not be passed on to us.
Revocation of your consent
The consent you have given in the cookie consent dialogue to the storage of certain cookies, or the revocation of this consent, can be revoked at any time with effect for the future. If you would like to change your selection in the cookie consent dialogue, please click here. Once you have clicked on the link, the cookie consent dialogue will reappear and you can change your selection. Alternatively, you can ask us to delete it or delete the vioma consent cookie yourself in your browser. From this point on, we no longer process your data. The logging of your consent/non-consent is based on a legal obligation in accordance with § 76 Federal Data Protection Act (BDSG), Art. 6 para. 1 sentence 1 lit. c GDPR. Mandatory legal retention periods remain unaffected.
Conclusion of a contract on commissioned processing
In order to ensure data protection-compliant processing, we have concluded an order processing contract with vioma.
OpenStreetMap - mapping service
We are using the mapping service provided by OpenStreetMap ("OSM") to display the route to our company for you and to make it easier for you to plan your journey.
We embed the map data from OSM on the server of the OpenStreetMap Foundation ("OSMF"), St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. The United Kingdom is considered a secure third country under data protection law. This means that the United Kingdom has a level of data protection that is equivalent to the level of data protection in the European Union.
When using the OSM maps, a connection is established to the servers of the OSMF. In the process and among other things, your IP address
and other information about your behavior on this website may be forwarded to the OSMF. OSM may store cookies in your browser or use
similar recognition technologies for this purpose. Further information on how OSM handles your personal data can be found here:
https://wiki.osmfoundation.org/wiki/Privacy_Policy
The use of OSM is exclusively based on Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time.
Analytics and advertising
Usage of external tracking services
This websites uses the following external tracking services:
- Google Analytics 4 Signals, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, IE
- Google Ads, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, IE
- Facebook Pixel Tracking, Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, IE
- Google Tag Manager, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, IE
- Hotjar Tracking, Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, MT
- Pinterest Tracking, Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, IE
Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, length of stay, operating systems used and the origin of the user. This data may be summarised by Google in a profile that is assigned to the respective user or their end device.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.
The data processing by this analysis tool is based on your consent, Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
IP anonymization
We have activated the IP anonymisation function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Browser plugin
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
For more information on how Google Analytics handles user data, please see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.
Demographic characteristics with Google Analytics
This website uses the "demographic characteristics" function of Google Analytics in order to be able to display suitable advertisements to website visitors within the Google advertising network. This allows reports to be generated that include statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google as well as visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as shown in the item "Browser Plugin".
Google Analytics e-commerce tracking
This website uses the "e-commerce tracking" function of Google Analytics. With the help of e-commerce tracking, the website operator can analyse the purchasing behaviour of website visitors in order to improve his online marketing campaigns. Information such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product is recorded. This data can be summarised by Google under a transaction ID, which is assigned to the respective user or their device.
Storage duration
Data stored by Google at user and event level that is linked to cookies, user identifiers (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) will be anonymised or deleted after 14 months. For details, please see the following link: https://support.google.com/analytics/answer/7667196?hl=en.
Conclusion of an order processing contract
We have concluded an order processing contract with Google and implement the requirements of the German data protection authorities when using Google Analytics.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
Google Analytics 4 (with Google-Signals)
This website uses functions of the web analysis service Google Analytics. The provider of this service is
Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior patterns of website visitors. To that
end, the website operator receives a variety of user data, such as pages accessed, time spent on the page, theutilized operating system and the user’s origin. This data is assigned to the respective end device of the user. An assignment to a device-ID does not take place.
Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among
other things. Google Analytics uses various modeling approaches to augment the collected data sets and
uses machine learning technologies in data analysis.
Google Analytics uses technologies that make the recognition of the user for the purpose of analyzing the
user behavior patterns (e.g., cookies or device fingerprinting). The website use information recorded by Google is, as a rule transferred to a Google server in the United States, where it is stored.
The use of these services occurs on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR a. You may revoke your consent at any time.
Browser plug-in
You can prevent the recording and processing of your data by Google by downloading and installing the
browser plugin available under the following link:
https://tools.google.com/dlpage/gaoptout?hl=en.
For more information about the handling of user data by Google Analytics, please consult Google’s Data
Privacy Declaration at:
https://support.google.com/analytics/answer/6004245?hl=en.
Google Signals
We use Google Signals. Whenever you visit our website, Google Analytics records, among other things, your
location, the progression of your search and YouTube progression as well as demographic data (site visitor
data). This data may be used for customized advertising with the assistance of Google Signal. If you have a
Google account, your site visitor information will be linked to your Google account by Google Signal and
used to send you customized promotional messages. The data is also used to compile anonymized statistics
of our users’ online patterns
Google Analytics E-Commerce-Tracking
This website uses the “E-Commerce-Tracking” function of Google Analytics. With the assistance of E-Commerce-Tracking, the website operator is in a position to analyze the purchasing patterns of website
visitors with the aim of improving the operator’s online marketing campaigns. In this context, information,
such as the orders placed, the average order values, shipping costs and the time from viewing the product to
making the purchasing decision are tracked. These data may be consolidated by Google under a transaction
ID, which is allocated to the respective user or the user’s device.
Conclusion of an order processing contract
We have concluded an order processing contract with Google and implement the requirements of the German data protection authorities when using Google Analytics.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
Google Tag Manager
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store cookies, and does not carry out any independent analyses. It only manages and runs the tools integrated via it. However, the Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States.
The use of Google Tag Manager is based on your consent Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
Google Ads
The website operator uses Google Ads. Google Ads is an online promotional program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to display ads in the Google search engine or on third-party websites, if the user enters certain search terms into Google (keyword targeting). It is also possible to place targeted ads based on the user data Google has in its possession (e.g. location data and interests; target group targeting). As the website operator, we can analyze these data quantitatively, for instance by analyzing which search terms resulted in the display of our ads and how many ads led to respective clicks.
The use of Google Ads is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in marketing the operator’s services and products as effectively as possible.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
Facebook Pixel
To measure conversion rates, this website uses the visitor activity pixel of Facebook. The provider of this service is Facebook Ireland Limited (“Facebook”), 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook’s statement the collected data will be transferred to the USA and other third-party countries too.
This tool allows the tracking of page visitors after they have been linked to the website of the provider after clicking on a Facebook ad. This makes it possible to analyze the effectiveness of Facebook ads for statistical and market research purposes and to optimize future advertising campaigns.
For us as the operators of this website, the collected data is anonymous. We are not in a position to arrive at any conclusions as to the identity of users. However, Facebook archives the information and processes it, so that it is possible to make a connection to the respective user profile and Facebook is in a position to use the data for its own promotional purposes in compliance with the Facebook Data Usage Policy (https://www.facebook.com/policy.php). This enables Facebook to display ads on Facebook pages as well as in locations outside of Facebook. We as the operator of this website have no control over the use of such data.
The use of Facebook Pixel is based on your consent, Art. 6 para. 1 lit. a GDPR; the given consent may be revoked at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
In Facebook’s Data Privacy Policies, you will find additional information about the protection of your privacy at: https://www.facebook.com/about/privacy/.
You also have the option to deactivate the remarketing function “Custom Audiences” in the ad settings section under https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you first have to log into Facebook.
If you do not have a Facebook account, you can deactivate any user based advertising by Facebook on the website of the European Interactive Digital Advertising Alliance: https://www.youronlinechoices.com/uk/your-ad-choices.
Hotjar
This website uses Hotjar. The provider is Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: https://www.hotjar.com).
Hotjar is a tool to analyze your user behavior on this website. With Hotjar we can, among other things, record your mouse and scroll movements and clicks. Hotjar is also able to determine how long you stayed with the mouse pointer in a certain position. Hotjar uses this information to create so-called heat maps, which can be used to determine which areas of the website are preferred by website visitors.
We can also determine how long you stayed on a page and when you left it. Furthermore, we can determine at which point you have stopped filling out a contact form (so-called conversion tunnels).
In addition, Hotjar can be used to obtain direct feedback from website visitors. This function serves to improve the website operator's web offerings.
Hotjar uses cookies. Cookies are small text files that are stored on your computer and saved by your browser. They serve to make our site more user-friendly, effective, and secure. In particular, these cookies can be used to determine whether this website has been visited with a particular terminal device or whether Hotjar's functions have been deactivated for the browser in question. Hotjar cookies remain on your end device until you delete them.
You can set your browser to inform you about the placement of cookies and to allow cookies only in individual cases, to exclude the acceptance of cookies for certain cases or in general, and to activate the automatic deletion of cookies when closing the browser.
The use of Hotjar and the storage of Hotjar cookies shall be exclusively on the basis of EU GDPR Art. 6 (1) lit. a; consent may be revoked at any time.
Deactivating Hotjar
If you wish to disable Hotjar data collection, click on the following link and follow the instructions: https://www.hotjar.com/opt-out
Please note that Hotjar must be deactivated separately for each browser or end device.
For more information about Hotjar and the data collected, please refer to Hotjar's privacy policy which can be found here: https://www.hotjar.com/privacy
Contract for order processing
We have entered into a contract for order processing with Hotjar in order to implement the European General Data Protection Regulation (GDPR).
vioma NEWSLETTER
This website uses vioma NEWSLETTER to send out newsletters. The provider is vioma GmbH, Industriestraße 17, 77656 Offenburg ("vioma"). Vioma NEWSLETTER is a service that organises and analyses the sending of newsletters.
If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information which allows us to check that you are the owner of the specified e-mail address and that you agree to receive the newsletter. No further data is collected or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.
Our newsletters sent with vioma NEWSLETTER enable us to analyse the behaviour of the newsletter recipients. Among other things, we can analyse how many and which recipients have opened the newsletter message and how often and by whom which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analysed whether a predefined action (e.g. booking a stay on this website) has taken place after clicking on the link in the newsletter.
The processing of the data entered in the newsletter registration form and the evaluation of individual opening and click rates are carried out exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
If you do not want vioma NEWSLETTER to analyse your data, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.
The data you provide us with for the purpose of receiving the newsletter will be stored by us or by the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe. Data that has been stored by us for other purposes remains unaffected by this.
After you have unsubscribed from the newsletter distribution list, your e-mail address will be stored by us or the newsletter service provider in an exclusion list, if necessary, in order to prevent future mailings. The data from the exclusion list will only be used for this purpose and will not be merged with other data.
This serves your interest as well as our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). The storage in the exclusion list is not limited in time. If you wish a complete deletion of all data, please contact wellness@bergkristall.de.
Pinterest plug-in
We use social plug-ins of the social network Pinterest on this website. The network is operated by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.
If you access a site or page that contains such a plug-in, your browser will establish a direct connection with Pinterest’s servers. During this process, the plug-in transfers log data to Pinterest’s servers in the United States. The log data may possibly include your IP address, the address of the websites you visited, which also contain Pinterest functions. The information also includes the type and settings of your browser, the data and time of the inquiry, how you use Pinterest and cookies.
The use of the Pinterest plug-in is based on your consent, Art. 6 para. 1 lit. a DGDPR. Any such consent may be revoked at any time.
For more information concerning the purpose, scope and continue processing and use of the data by Pinterest as well as your affiliated rights and options to protect your private information, please consult the data privacy information of Pinterest at: https://about.pinterest.com/en/privacy-policy.
Your rights
Information, deletion and correction
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if applicable, the right to correction or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the imprint.
Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time at the address given in the imprint. The right to restriction of processing exists in the following cases:
If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
If the processing of your personal data happened/is happening unlawfully, you can request the restriction of data processing instead of erasure.
If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request restriction of the processing of your personal data instead of erasure.
If you have lodged an objection pursuant to Art. 21 para 1 GDPR, a balancing of your and our interests must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to demand the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, this data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.
Withdrawal of your consent to data processing
Many data processing operations are only possible with your explicit consent. You can revoke the consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation
Right to object to data collection in special cases and to direct marketing (Art. 21 GDPR)
IF DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6 PARA. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS DATA PROTECTION DECLARATION. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS (OBJECTION UNDER ARTICLE 21 PARA1 GDPR).
IF YOUR PERSONAL DATA ARE PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ARTICLE 21 PARA 2 GDPR).
Right of appeal to the competent supervisory authority
In the event of breaches of the GDPR, data subjects have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged breach. The right of appeal is without prejudice to any other administrative or judicial remedy.
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in performance of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another person responsible, this will only be done insofar as it is technically feasible.
One page booking from HotelNetSolutions
If you make an online booking via our website, we need your e-mail address, your telephone number, your travel dates, the product booked and your full address with first and last name for processing.
The dates of your stay, the product selected and the number of people traveling are required to calculate the valid travel price. If you are traveling with children, please make a booking request by telephone on +49 8386 - 9110 or by e-mail to wellness@bergkristall.de. Further information in the form is provided on a voluntary basis.
The processing of your data for the online booking is based on Art. 6 para. 1 lit. b GDPR and serves the fulfillment of a contract.
The data you transmit to us will remain with us until the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.
What's App
We offer the instant messaging service What'sApp on our website. The service provider is the American company What'sApp Inc, a subsidiary of Meta Platforms Inc. WhatsApp Ireland Limeted, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is responsible for the European region.
With the above-mentioned messenger tool, your data will also be processed and stored to the extent necessary to answer your request and our subsequent actions. If content is end-to-end encrypted, this will be indicated in the individual data protection texts or in the privacy policy of the respective provider. End-to-end encryption means that the content of a message itself is not visible to the provider. However, information about your device, location settings and other technical data can still be processed and stored.
Why do we use messenger & communication functions?
Communication options with you are very important to us. After all, we want to talk to you and answer all possible questions about our service in the best possible way. Well-functioning communication is an important part of our service. With the practical messenger & communication functions, you can choose the ones you prefer at any time. In exceptional cases, however, we may not be able to answer certain questions via chat or messenger. This is the case, for example, when it comes to internal contractual matters. In this case, we recommend other means of communication such as e-mail or telephone. As a rule, we assume that we remain responsible under data protection law, even if we use the services of a social media platform. However, the European Court of Justice has ruled that in certain cases the operator of the social media platform may be jointly responsible with us within the meaning of Art. 26 GDPR. If this is the case, we will point this out separately and work on the basis of an agreement to this effect. The essence of the agreement is set out below for the platform concerned.
What data is processed?
Exactly which data is stored and processed depends on the respective provider of the messenger & communication functions. Basically, it is data such as name, address, telephone number, email address and content data such as all information that you enter in a contact form. In most cases, information about your device and IP address is also stored. Data collected via a messenger & communication function is also stored on the provider's servers. If you want to know exactly what data is stored and processed by the respective providers and how you can object to data processing, you should carefully read the respective company's privacy policy.
How secure is data transfer with WhatsApp?
WhatsApp also processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks for the legality and security of data processing.
WhatsApp uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 GDPR) as the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or data transfer there. Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through these clauses, WhatsApp undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
Information on data transmission at WhatsApp, which corresponds to the standard contractual clauses, can be found at https://www.whatsapp.com/legal/business-data-transfer-addendum-20210927
Right of object
You also have the right and the option to withdraw your consent to the use of cookies or third-party providers at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating or deleting cookies in your browser. For more information, please refer to the section on consent.
As cookies may be used for messenger & communication functions, we also recommend that you read our general privacy policy on cookies. To find out exactly what data of yours is stored and processed, you should read What's App's privacy policy.
Legal basis
If you have consented to your data being processed and stored by integrated messenger & communication functions, this consent is the legal basis for data processing (Art. 6 para. 1 lit. a GDPR). We process your request and manage your data in the context of contractual or pre-contractual relationships in order to fulfill our pre-contractual and contractual obligations or to answer inquiries. The basis for this is Art. 6 para. 1 sentence 1 lit. b. GDPR. In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR) in fast and good communication with you or other customers and business partners if you have given your consent.
Travel assistant (click advisor)
A travel assistant (hereinafter referred to as “click advisor”) is used on our website to provide our visitors with interactive advice. The click advisor software is operated by five digital GmbH. The company is based in Germany (https://www.five-digital.de/impressum). The data entered when using click advisors is transmitted via SSL encryption and stored in a database to enable any contact to be made or the desired information to be sent. Hotel Bergkristall GmbH & Co. KG is responsible for this data within the meaning of Art. 24 GDPR. five digital GmbH is merely the developer and operator of the software and, in this context, a processor in accordance with Art. 28 GDPR. The basis for the processing by five digital GmbH is an order processing contract between Hotel Bergkristall GmbH & Co. KG and five digital GmbH. In addition, five digital GmbH processes further data, some of which may also be personal data, in order to provide its services, in particular for the operation of the click consultants. Further information can be found at https://www.five-digital.de/datenschutz/. In order to ensure data protection-compliant processing, we have concluded an order processing contract with HNS.Deletion of data
We generally delete personal data when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfill contractual services, to check and grant or defend against warranty and guarantee claims. In the case of statutory retention obligations, deletion will only be considered after the respective retention obligation has expired.
Bluedrop (hotel marketing agency as part of our recruiting activities)
As part of our recruiting activities, we work together with the hotel marketing agency Bluedrop GmbH. This agency supports us in the implementation of targeted recruiting campaigns, in particular on social networks and digital platforms.Personal data, such as name, contact details or professional qualifications, may be processed in the process. This data is used exclusively for the purpose of processing applications and filling vacancies. Bluedrop GmbH acts as a processor in accordance with Art. 28 GDPR and is contractually obliged to process the data exclusively in accordance with our instructions and to comply with data protection requirements.
The processing by Bluedrop GmbH includes in particular:
- the placement of targeted advertisements in social networks,
- the management and analysis of applicant data,
- forwarding relevant data to us for processing the application process
The data will not be passed on to unauthorized third parties. All personal data will be treated in accordance with the applicable data protection regulations and deleted after completion of the application process or at the express request of the person concerned, provided that there are no statutory retention obligations.
Delection of dataIf you have any questions about the processing of your data as part of our recruiting activities, you can contact us at any time at r konstantin@bluedrop.at.