An overview of data protection

General

The following gives a simple overview of what happens to your personal information when you visit our website. Personal information is any data with which you could be personally identified. Detailed information on the subject of data protection can be found in our privacy policy found below.

Responsability

Who is responsible for the data collection on this website?
The data collected on this website are processed by the website operator:

Hotel Bergkristall GmbH & Co. KG
Willis 8
87534 Oberstaufen
Tel.: +49 8386 911-0
Fax: +49 8386 911-150
Mail: wellness@bergkristall.de
Internet: www.bergkristall.de

Data protection officer required by law
We have appointed a data protection officer for our company:
Marc Sohler | securo
Im Lehen 12/2
88097 Eriskirch
Deutschland
Tel: +49 75 22 – 90 91 00
Mail: sohler@sicherheitsberatung.pro

SSL and TLS-encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Encrypted payment transactions on this website

If there is an obligation to provide us with your payment details (e.g. account number for direct debit authorisation) after the conclusion of a chargeable contract, this data is required for payment processing.

Payment transactions via the usual means of payment (Visa/MasterCard, direct debit) are made exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

With encrypted communication, the payment data you transmit to us cannot be read by third parties.

Data acquisition on this website

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This may be data that you enter in a contact form, for example.

Other data is collected automatically by our IT systems when you visit the website. This is primarily technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter our website.

What do we use your data for?

Some of the data is collected to ensure that the website is provided without errors. Other data may be used to analyse your user behaviour.

Cookies

Some of our web pages use cookies. Cookies do not harm your computer and do not contain any viruses. Cookies help make our website more user-friendly, efficient, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit. Other cookies remain in your device's memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.

Necessary data storage includes cookies that are absolutely essential for the functions of a website. This means, for example, the storage of log-in data, the shopping basket or the language selection by so-called session cookies (which are deleted when the browser is closed).

On the other hand, text files that do not solely serve the functionality of the website, but also collect other data, are considered non-essential cookies. These include the following cookies:

  • Tracking cookies
  • Targeting cookies
  • Analysis cookies
  • Cookies from social media website

Necessary cookies may be set from the outset, i.e. even without the user's prior consent. In contrast, website visitors must give their consent before cookies store non-essential data.

Our website uses the cookie consent technology of vioma GmbH to obtain your consent to the storage of certain cookies in your browser and to document this in accordance with data protection regulations. The provider of this technology is vioma GmbH ("vioma"), Industriestraße 27, 77656 Offenburg, Germany. When you enter our website, a vioma cookie is stored in your browser, in which the consents you have given or the revocation of these consents are stored. This data will not be passed on to us.

The consent you have given in the cookie consent dialogue to the storage of certain cookies, or the revocation of this consent, can be revoked at any time with effect for the future. If you would like to change your selection in the cookie consent dialogue, please click here. Once you have clicked on the link, the cookie consent dialogue will reappear and you can change your selection. Alternatively, you can ask us to delete it or delete the vioma consent cookie yourself in your browser. From this point on, we no longer process your data. The logging of your consent/non-consent is based on a legal obligation in accordance with § 76 Federal Data Protection Act (BDSG), Art. 6 para. 1 sentence 1 lit. c GDPR. Mandatory legal retention periods remain unaffected.

Conclusion of a contract on simmissioned processing

In order to ensure data protection-compliant processing, we have concluded an order processing contract with vioma.

Server log files

The website provider automatically collects and stores information that your browser automatically transmits to us in "server log files". These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP adress

These data will not be combined with data from other sources.

The basis for data processing is Art. 6 (1) (f) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.

By e-mail, contact form, telephone or fax

Enquiry

If you contact us by e-mail, contact form, telephone or fax, your enquiry including all personal data (name, e-mail, enquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR, insofar as your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures, or on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR), as we have a legitimate interest in the effective processing of the enquiries addressed to us.

The data you send to us via contact requests will remain with us until the purpose for data storage no longer applies (e.g. after your request has been processed) or you request us to delete it. Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

One page booking of HotelNetSolutions

Online bookings

Our website uses the booking technology One Page Booking, provided by HotelNetSolutions GmbH, Genthiner Straße 8, 10785 Berlin ("HNS"). We have concluded an order processing agreement with HNS.

If you make an online booking via our website, we need your e-mail address, your telephone number, your travel dates, the product booked and your full address with first and last name for processing.

The dates of your stay, the product selected and the number of people travelling are required to calculate the valid travel price. If you are travelling with children, please make a booking request by telephone on +49 8386 - 9110 or by e-mail to wellness@bergkristall.de. Further information in the form is provided on a voluntary basis.

The processing of your data for the online booking is based on Art. 6 para. 1 lit. b GDPR and serves the fulfilment of a contract.

The data you transmit to us will remain with us until the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

Conclusion of a contract for oder processing

In order to ensure data protection-compliant processing, we have concluded an order processing contract with HNS.

What's App

Messenger & communication tools

What are messenger & communication functions?
We offer the instant messaging service What'sApp on our website. The service provider is the American company What'sApp Inc, a subsidiary of Meta Platforms Inc. WhatsApp Ireland Limeted, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is responsible for the European region. Your data will also be processed and stored in the above-mentioned messenger tool to the extent necessary to answer your enquiry and our subsequent actions. If content is end-to-end encrypted, this will be indicated in the individual data protection texts or in the privacy policy of the respective provider. End-to-end encryption means that the content of a message itself is not visible to the provider. However, information about your device, location settings and other technical data can still be processed and stored.

Why are we using messenger & communication functions?
Communication options with you are of great importance to us. After all, we want to talk to you and answer all possible questions about our service in the best possible way. Well-functioning communication is an important part of our service. With the practical messenger & communication functions, you can always choose those that are most convenient for you. In exceptional cases, however, we may not be able to answer certain questions via chat or messenger. This is the case, for example, when it comes to internal contractual matters. In such cases, we recommend other means of communication such as email or telephone. As a rule, we assume that we remain responsible under data protection law, even if we use the services of a social media platform. However, the European Court of Justice has ruled that in certain cases the operator of the social media platform may be jointly responsible with us within the meaning of Art. 26 GDPR. If this is the case, we will point this out separately and work on the basis of an agreement to this effect. The essence of the agreement is set out below for the platform concerned.

Please note that when using our built-in elements, your data may also be processed outside the European Union, as many providers, such as Facebook Messenger or WhatsApp, are American companies. As a result, you may no longer be able to claim or enforce your rights in relation to your personal data as easily.

What data is processed?
Exactly which data is stored and processed depends on the respective provider of the messenger & communication functions. Basically, it is data such as name, address, telephone number, e-mail address and content data such as all information that you enter in a contact form. In most cases, information about your device and IP address is also stored. Data collected via a messenger & communication function is also stored on the provider's servers. If you want to know exactly what data is stored and processed by the respective providers and how you can object to data processing, you should carefully read the respective company's privacy policy.

How safe is the data transfer with WhatsApp?
WhatsApp also processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks for the legality and security of data processing.
 WhatsApp uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 GDPR) as the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or data transfer to these countries. Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, WhatsApp undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
Information on data transmission at WhatsApp, which corresponds to the standard contractual clauses, can be found at https://www.whatsapp.com/legal/business-data-transfer-addendum-20210927

Right to object
You also have the right and the option to withdraw your consent to the use of cookies or third-party providers at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating or deleting cookies in your browser. For more information, please refer to the section on consent.

As cookies may be used for messenger & communication functions, we also recommend that you read our general privacy policy on cookies. To find out exactly what data of yours is stored and processed, you should read What's App's privacy policy.

Legal basis
If you have consented to your data being processed and stored by integrated messenger & communication functions, this consent is the legal basis for data processing (Art. 6 Abs. 1 lit. a DSGVO). We process your enquiry and manage your data in the context of contractual or pre-contractual relationships in order to fulfil our pre-contractual and contractual obligations or to answer enquiries. The basis for this is Art. 6 Abs. 1 S. 1 lit. b. DSGVO. In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 Abs. 1 lit. f DSGVO) in fast and good communication with you or other customers and business partners if consent has been given.

Voucher sales and voucher management

vioma voucher

Our website uses the Software vioma VOUCHER, provided by vioma GmbH ("vioma"), Industriestrasse 27, 77656 Offenburg, Germany for the sale, redemption, and management of online vouchers.

If you purchase an online voucher via our website, we need your e-mail address for processing your voucher purchase and the first and last name of the voucher recipient. We will also ask for your preferred shipping method so we can deliver the voucher according to your wishes. If you choose to send the voucher by e-mail, we process the e-mail address of the recipient. If you choose to send it by post, we process the postal address of the recipient for delivery by post.

In the voucher management system, the remaining value of the voucher, redemptions, and the current status (open, paid, redeemed, etc.) is also recorded.

The processing of your data for the online purchase of vouchers takes place on the basis of Art. 6 para. 1 lit. b GDPR and serves the fulfillment of a contract or the implementation of pre-contractual measures. The processing of your data in the voucher management is based on Art. 6 para. 1 lit. c GDPR and serves the fulfillment of the legal storage obligations.

The data you transmit to us will remain with us until the purpose for storing the data no longer applies (e.g. after processing your request has been completed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

Execution of a data processing agreement

In order to guarantee processing in compliance with data protection regulations, we have concluded a data processing agreement with vioma.

On this website

Registration

You can register on our website in order to access additional functions offered here. The input data will only be used for the purpose of using the respective site or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration.

To inform you about important changes such as those within the scope of our site or technical changes, we will use the email address specified during registration.

We will process the data provided during registration only based on your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

We will continue to store the data collected during registration for as long as you remain registered on our website. Statutory retention periods remain unaffected.

Openstreetmap

Mapping service

We are using the mapping service provided by OpenStreetMap ("OSM") to display the route to our company for you and to make it easier for you to plan your journey.

We embed the map data from OSM on the server of the OpenStreetMap Foundation ("OSMF"), St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. The United Kingdom is considered a secure third country under data protection law. This means that the United Kingdom has a level of data protection that is equivalent to the level of data protection in the European Union.

When using the OSM maps, a connection is established to the servers of the OSMF. In the process and among other things, your IP address and other information about your behavior on this website may be forwarded to the OSMF. OSM may store cookies in your browser or use similar recognition technologies for this purpose. Further information on how OSM handles your personal data can be found here:
https://wiki.osmfoundation.org/wiki/Privacy_Policy

The use of OSM is exclusively based on Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time.

Usage of external tracking services

Analytics and advertising

When you visit our website, your surfing behaviour may be statistically evaluated. This is primarily done using cookies and so-called analysis programmes. The analysis of your surfing behaviour is usually anonymous; the surfing behaviour cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. You can find detailed information on this in the following data protection information.

You can object to this analysis. We will inform you about the objection options in this privacy policy.

This website uses the following external tracking services:

  • Google Analytics 4, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, IE
  • Google Analytics, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, IE
  • Google Ads, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, IE
  • Facebook Pixel Tracking, Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, IE

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, length of stay, operating systems used and the origin of the user. This data may be summarised by Google in a profile that is assigned to the respective user or their end device.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.

The data processing by this analysis tool is based on your consent, Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

IP anonymization

We have activated the IP anonymisation function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en. For more information on how Google Analytics handles user data, please see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

Demographic characteristics with Google Analytics

This website uses the "demographic characteristics" function of Google Analytics in order to be able to display suitable advertisements to website visitors within the Google advertising network. This allows reports to be generated that include statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google as well as visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as shown in the item "Browser Plugin".

Google Analytics e-commerce tracking

This website uses the "e-commerce tracking" function of Google Analytics. With the help of e-commerce tracking, the website operator can analyse the purchasing behaviour of website visitors in order to improve his online marketing campaigns. Information such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product is recorded. This data can be summarised by Google under a transaction ID, which is assigned to the respective user or their device.

Storage duration

Data stored by Google at user and event level that is linked to cookies, user identifiers (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) will be anonymised or deleted after 14 months. For details, please see the following link: https://support.google.com/analytics/answer/7667196?hl=en.

Conclusion of an order processing contract

We have concluded an order processing contract with Google and implement the requirements of the German data protection authorities when using Google Analytics. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

Google Analytics 4 (without Google-Signals)

This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior patterns of website visitors. To that end, the website operator receives a variety of user data, such as pages accessed, time spent on the page, theutilized operating system and the user’s origin. This data is assigned to the respective end device of the user. An assignment to a device-ID does not take place.

Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Google Analytics uses various modeling approaches to augment the collected data sets and uses machine learning technologies in data analysis.

Google Analytics uses technologies that make the recognition of the user for the purpose of analyzing the user behavior patterns (e.g., cookies or device fingerprinting). The website use information recorded by Google is, as a rule transferred to a Google server in the United States, where it is stored.

The use of these services occurs on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR a. You may revoke your consent at any time.

Browser plug-in

You can prevent the recording and processing of your data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en. For more information about the handling of user data by Google Analytics, please consult Google’s Data Privacy Declaration at: https://support.google.com/analytics/answer/6004245?hl=en.

Google Analytics e-commerce-tracking

This website uses the “E-Commerce-Tracking” function of Google Analytics. With the assistance of E-Commerce-Tracking, the website operator is in a position to analyze the purchasing patterns of website visitors with the aim of improving the operator’s online marketing campaigns. In this context, information, such as the orders placed, the average order values, shipping costs and the time from viewing the product to making the purchasing decision are tracked. These data may be consolidated by Google under a transaction ID, which is allocated to the respective user or the user’s device.

Conclusion of an order processing contract

We have concluded an order processing contract with Google and implement the requirements of the German data protection authorities when using Google Analytics. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

The website operator uses Google Ads. Google Ads is an online promotional program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display ads in the Google search engine or on third-party websites, if the user enters certain search terms into Google (keyword targeting). It is also possible to place targeted ads based on the user data Google has in its possession (e.g. location data and interests; target group targeting). As the website operator, we can analyze these data quantitatively, for instance by analyzing which search terms resulted in the display of our ads and how many ads led to respective clicks.

The use of Google Ads is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in marketing the operator’s services and products as effectively as possible.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

Google conversion tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google conversion tracking, Google and we can recognise whether the user has carried out certain actions. For example, we can analyse which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We find out the total number of users who have clicked on our adverts and what actions they have taken. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification purposes.

The use of this analysis tool is based on your consent, Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission.

You can find more information about Google Conversion Tracking in Google's privacy policy: https://policies.google.com/privacy?hl=de.

Facebook Pixel

To measure conversion rates, this website uses the visitor activity pixel of Facebook. The provider of this service is Facebook Ireland Limited (“Facebook”), 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook’s statement the collected data will be transferred to the USA and other third-party countries too.

This tool allows the tracking of page visitors after they have been linked to the website of the provider after clicking on a Facebook ad. This makes it possible to analyze the effectiveness of Facebook ads for statistical and market research purposes and to optimize future advertising campaigns.

For us as the operators of this website, the collected data is anonymous. We are not in a position to arrive at any conclusions as to the identity of users. However, Facebook archives the information and processes it, so that it is possible to make a connection to the respective user profile and Facebook is in a position to use the data for its own promotional purposes in compliance with the Facebook Data Usage Policy (https://www.facebook.com/policy.php). This enables Facebook to display ads on Facebook pages as well as in locations outside of Facebook. We as the operator of this website have no control over the use of such data.

The use of Facebook Pixel is based on your consent, Art. 6 para. 1 lit. a GDPR; the given consent may be revoked at any time.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

In Facebook’s Data Privacy Policies, you will find additional information about the protection of your privacy at: https://www.facebook.com/about/privacy/.

You also have the option to deactivate the remarketing function “Custom Audiences” in the ad settings section under https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you first have to log into Facebook.

If you do not have a Facebook account, you can deactivate any user based advertising by Facebook on the website of the European Interactive Digital Advertising Alliance: https://www.youronlinechoices.com/uk/your-ad-choices.

Hotjar

This website uses Hotjar. The provider is Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: https://www.hotjar.com).

Hotjar is a tool for analysing your user behaviour on this website. Hotjar allows us to record your mouse and scroll movements and clicks, among other things. Hotjar can also determine how long you remain with the mouse pointer in a certain position. Hotjar uses this information to create so-called heat maps, which can be used to determine which website areas are favoured by website visitors. Furthermore, we can determine how long you stayed on a page and when you left it. We can also determine at which point you cancelled your entries in a contact form (so-called conversion funnels). In addition, Hotjar can be used to obtain direct feedback from website visitors. This function serves to improve the website operator's web offerings.

Hotjar uses cookies. Cookies are small text files that are stored on your computer and saved by your browser. They are used to make our website more user-friendly, effective and secure. In particular, these cookies can be used to determine whether this website has been visited with a specific end device or whether the Hotjar functions have been deactivated for the browser in question. Hotjar cookies remain on your device until you delete them. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

The use of Hotjar and the storage of Hotjar cookies are based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

Deactivating Hotjar

If you wish to deactivate data collection by Hotjar, click on the following link and follow the instructions there: https://www.hotjar.com/opt-out Please note that Hotjar must be deactivated separately for each browser or end device. For more information about Hotjar and the data collected, please refer to Hotjar's privacy policy at the following link: https://www.hotjar.com/privacy

Newsletter tool of vioma

Newsletter

This website uses vioma NEWSLETTER to send out newsletters. The provider is vioma GmbH, Industriestraße 17, 77656 Offenburg ("vioma"). Vioma NEWSLETTER is a service that organises and analyses the sending of newsletters.

If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information which allows us to check that you are the owner of the specified e-mail address and that you agree to receive the newsletter. No further data is collected or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

Our newsletters sent with vioma NEWSLETTER enable us to analyse the behaviour of the newsletter recipients. Among other things, we can analyse how many and which recipients have opened the newsletter message and how often and by whom which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analysed whether a predefined action (e.g. booking a stay on this website) has taken place after clicking on the link in the newsletter.

The processing of the data entered in the newsletter registration form and the evaluation of individual opening and click rates are carried out exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

If you do not want vioma NEWSLETTER to analyse your data, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.

The data you provide us with for the purpose of receiving the newsletter will be stored by us or by the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe. Data that has been stored by us for other purposes remains unaffected by this.

After you have unsubscribed from the newsletter distribution list, your e-mail address will be stored by us or the newsletter service provider in an exclusion list, if necessary, in order to prevent future mailings. The data from the exclusion list will only be used for this purpose and will not be merged with other data.

This serves your interest as well as our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). The storage in the exclusion list is not limited in time. If you wish a complete deletion of all data, please contact wellness@bergkristall.de.

YouTube with enhanced data protection

Video platforms

This website embeds videos from the YouTube website. YouTube is operated by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video.

As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, YouTube can store various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent attempts at fraud.

If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no influence.

The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

Further information about data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=de.

Information, deletion and correction

Your rights

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if applicable, the right to correction or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the imprint.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time at the address given in the imprint. The right to restriction of processing exists in the following cases:

If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
If the processing of your personal data happened/is happening unlawfully, you can request the restriction of data processing instead of erasure.

If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request restriction of the processing of your personal data instead of erasure.
If you have lodged an objection pursuant to Art. 21 para 1 GDPR, a balancing of your and our interests must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to demand the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

Withdrawal of your consent of data processing

Many data processing operations are only possible with your explicit consent. You can revoke the consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation

Right to object to date collection in special cases and to direct marketing (Art. 21 DSGVO)

If data processing is carried out on the basis of Art. 6 Abs. 1 LIT. E or F DSGVO, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the purpose of asserting, exercising or defending legal claims (objection under Art. 21 Abs. 1 DSGVO).

If your personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 Abs. 2 DSGVO).

Right to appeal to the competent supervisory authority

In the event of breaches of the GDPR, data subjects have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged breach. The right of appeal is without prejudice to any other administrative or judicial remedy.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in performance of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another person responsible, this will only be done insofar as it is technically feasible.