Data protection information
Broermann Health & Heritage Hotels GmbH takes the protection of your personal data very seriously and strictly adheres to the rules of the relevant data protection laws, especially the Regulation (EU) 2016/679 (General Data Protection Regulation) (hereinafter referred to as “GDPR”) and this data protection information.
This data protection information covers the use of the digital services of Broermann Health & Heritage Hotels GmbH including our social media profiles via PC, smartphones, tablets and all other internet-enabled mobile devices.
The digital services may contain links to other third party services or websites which are not covered by our data protection information.
1. Note on the data controller - Who is responsible for the collection of data?
1.1 Data processing in our area of responsibility
Responsible for the processing of your personal data on our website otherwise is:
Broermann Health & Heritage Hotels GmbH
represented by the managing director Dr. Jan Liersch
Debusweg 6-18
61462 Königstein/Falkenstein im Taunus
You can contact our data protection officer at the above-mentioned postal address, with the addition "To the data protection officer" or at the e-mail address datenschutz@broermann-hotels.com.
2. Purpose and legal basis of data processing – What do we use your data for?
2.1 Data processing for the provision of contractual services
We process personal data in order to process our contractual relationships, in particular the booking of hotel rooms and the sale of vouchers, and in order to provide contractual offers tailored to requirements. The collection of the data takes place in particular for the completion of a contract.
We collect with all forms obligatorily only those personal data, which are necessary for the completion of the contractual relations and/or for your information inquiry. This questions may be marked with an asterisk. The collection of data, which is not absolutely necessary, but is of interest to us in order to optimise the fulfilment of our services, is only optional. In this case you decide on a voluntary basis if and which data you want to provide. For your order we may need your correct name, address and payment data. We ask for your e-mail address and telephone number so that we can contact you with questions or problems regarding the service you have requested.
The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the provision of a contract or pre-contractual measures.
2.2 Data processing for communication with you
In addition to the contract data, we process your communication data (address, telephone number, e-mail address) in order to be able to contact you. Personal data that you provide to us by e-mail or via the contact form on this website will only be processed for correspondence with you or only for the purpose for which you have made the data available to us.
The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.
2.3 Comment function, guestbook
On some of our websites we offer you the opportunity to leave your opinion in the form of comments. When you submit a comment, your comment will be stored along with information about the time the comment was created, your IP address, your website URL if applicable, your email address if applicable, and the name you provided. Since we do not check comments on our site before activating them, we need this data in order to be able to take action against the author in the event of violations such as insults or propaganda.
The comments and the related data mentioned above will be stored until the commented content has been completely deleted or the comments have to be deleted for legal reasons.
The comments are stored on the basis of your consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time. For this purpose, an informal notification by e-mail to us is sufficient. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
2.4 Newsletter
With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers. The respective content of a newsletter is explained in the respective declaration of consent. If you would like to receive a newsletter offered by us, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. For this purpose, we will send you an e-mail with a confirmation link (double opt-in) to the e-mail address you have entered. If you do not confirm your registration within [24 hours], your information will be blocked and automatically deleted after one month.
Your e-mail address is the only mandatory information for sending the newsletter. The indication of further, separately marked data is voluntary and will be used to address you personally. In addition, we store the IP addresses you use and the dates of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to clarify any possible misuse of your personal data. We do not collect any further data in this context. We use these data exclusively for the dispatch of the requested newsletter. As far as we use an order processor for the dispatch of the newsletter, we will of course comply with the applicable data protection laws.
Data processing takes place on the basis of your consent pursuant to Art. 6 Para. 1 lit. a GDPR. You can revoke your consent to the sending of a newsletter at any time and cancel the respective subscription. You can declare your revocation by clicking on the link provided in every e-mail or by sending us a message under the contact details mentioned under point 1. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
2.5 Cookies
We use so-called cookies on some of our websites, among other things to be able to offer you website-specific services, to recognize you when you visit our website again, and/or to adjust our offer to your personal preferences.
Cookies are small text files that are stored on a user's computer and contain data about the respective user in order to enable access to various functions. Both session cookies and permanent cookies are used on our website. A session cookie is temporarily stored on your computer as you navigate through the site. A session cookie is deleted as soon as you close your Internet browser or as soon as your session has expired after a certain period of time. A permanent cookie remains on your computer until it is deleted. The storage of a cookie ensures that you do not have to repeatedly enter your personal settings and preferences every time you visit our website. This saves you time and makes using our website more convenient for you.
You can delete permanently installed cookies via the settings of your browser. Most browsers accept cookies automatically - so if you want to deactivate the use of cookies, you may have to actively delete or block cookies or prevent the storage of cookies by changing the settings in your browser software. Please note, however, that if you choose not to accept cookies, you may still be able to visit our website, but some features may not work as intended.
The use of the aforementioned cookies is in the interest of a consistent presentation and functionality of our websites. The data processing is based on Art. 6 para. 1 lit. f GDPR, which permits the processing of data to uphold the legitimate interests of the data controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail.
2.6 Google Analytics
This website uses Google Analytics, a web analysis service provided by Google Inc. (hereinafter referred to as "Google"). Google Analytics uses cookies (see above) to help the website analyze how users use the site. The information generated by the cookie about your use of this website will generally be transmitted to and stored by Google on servers in the United States.
However, because IP anonymization is enabled on our website, Google will previously truncate your IP address within member states of the European Union or other states party to the European Economic Area Agreement. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. We also use the "demographic features" function of Google Analytics. This allows reports to be created that contain statements about the age, gender and interests of the site visitors. This data comes from interest-related advertising by Google and from visitor data from third parties. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google Account or generally prohibit the collection of your data by Google Analytics as described under "Objection to data collection".
Google has carried out the certification according to the current EU-US Privacy Shield (see https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI) and thus created the legal prerequisites for the adequacy of the data protection level also for the provision of the service Google Analytics by way of order processing. We have concluded a contract with Google for order processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Further information on the terms of use and data protection can be found at http://www.google.com/analytics/terms/en.html and https://www.google.de/intl/de/policies/.
The data transmitted by your browser within the framework of Google Analytics is not combined with other data from Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your anonymised IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en. You can also prevent Google Analytics from collecting this information by clicking on the following link. An opt-out cookie is set to prevent your data from being collected in the future when you visit this website: [insert a link about the code here]
Google cookies are stored and evaluated for statistical purposes on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in analysing user behaviour in order to optimise both our offer and, where appropriate, advertising for our offer.
2.7 Google Remarketing Tags
We use Google Remarketing Tags. These services provided by Google use cookies that are stored on your computer to help the website analyze how users use the site. The information collected by the cookie about your use of this website will be transmitted to and stored by Google on servers in the United States. The IP address is then shortened by Google by the last three digits, a distinct assignment of the IP address is therefore no longer possible. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Third parties, including Google, place ads on websites on the Internet. Third parties, including Google, use stored cookies to serve ads based on a user's previous visits to this website. Google will not associate your IP address with any other data held by Google. The collection and storage of data may be revoked at any time with effect for the future. You can disable the use of cookies by Google by visiting the Google Advertising Disable page. However, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. The collection and storage of data may be revoked at any time with effect for the future. More information about Google's terms and conditions can be found here. As an alternative to the browser plug-in or within browsers on mobile devices, please click the following link to set an opt-out cookie that will prevent Google Analytics from collecting cookies from this site in the future (this opt-out cookie only works in this browser and only for this domain, delete your cookies in this browser, you must click this link again): Deactivate Google Analytics. (set Link)
You can find more information on terms of use and data protection at http://www.google.com/analytics/terms/de.html and https://www.google.de/intl/de/policies/.
Google cookies are stored and evaluated for statistical purposes on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in analysing user behaviour in order to optimise both our offer and, where appropriate, advertising for our offer.
2.8 Google reCAPTCHA
In the context of the comment function, we use "Google reCAPTCHA" (hereinafter "reCAPTCHA") from Google on our websites. With reCAPTCHA it is checked whether the data input is done by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor on the basis of various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For analysis, reCAPTCHA evaluates various information (e.g. IP address, length of stay of the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run completely in the background. Website visitors are not advised that an analysis is taking place.
For more information about Google reCAPTCHA and Google's privacy policy, please see the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.
Data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in protecting your websites from abusive automated spying and from so-called SPAM.
2.9 Google Double-Click (including Floodlight and Spotlight), Google AdWords Conversion, Google Dynamic Remarketing
We also use Google Analytics to evaluate data from the Google services AdWords and DoubleClick for statistical purposes. In order to improve our offers, we can analyse what happens after a user clicks on our ad, e.g. whether the user has purchased our product or accessed the ad from a mobile phone. You also receive interest-related advertising by means of these services. If you don't want this to happen, you can turn it off using Google's Preferences Manager.
DoubleClick places a cookie on your computer in order to record your surfing behaviour on various websites (tracking) and to play out interest-related advertising. If you want to prevent this permanently, you can download a plug-in from the following link to deactivate the DoubleClick cookie.
Information collected using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. This tells us the total number of users who clicked on one of our ads and were redirected to a page with a conversion tracking tag. We do not receive any information with which users can be personally identified. If you do not wish to participate in tracking, you can object to this use by easily deactivating the Google Conversion Tracking cookie in your Internet browser under User Settings or by deactivating it using the aforementioned plug-ins or settings.
Google cookies are stored and evaluated for statistical purposes on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in analysing user behaviour in order to optimise both our offer and, where appropriate, advertising for our offer.
2.10 Google Maps
This website uses the Google Maps service via an API. Provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
You can find more information about the handling of user data in Google's privacy policy: https://www.google.de/intl/de/policies/privacy/.
The use of Google Maps is in the interest of easy locating of the places indicated by us on the website. The data processing is based on Art. 6 para. 1 lit. f GDPR, which permits the processing of data to safeguard the legitimate interests of the data controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail.
2.11 Log-files
Each time our websites are accessed, usage data is transmitted by the respective web browser and stored in log files, the so-called server log files. The stored data records contain the following data: Browser type and browser version, operating system used, referrer URL, time of server request, shortened IP address.
These data cannot be assigned to specific persons. This data will not be merged with other data sources. We do reserve the right to subsequently check this data if we become aware of concrete indications of illegal use.
The data processing is based on Art. 6 para. 1 lit. f GDPR, which permits the processing of data to safeguard the legitimate interests of the data controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail.
2.12 Zendesk
This website uses the ticket system and/or the chat Zendesk or Zendesk Chat, a customer service platform of Zendesk Inc., 1019 Market Street, San Francisco, CA 94103, USA, to process customer enquiries. For this purpose, personal data such as name, first name, address, telephone number, e-mail address are collected via our website in order to answer your support ticket or chat request. Before using your data, we may obtain your consent. Zendesk is certified according to the Privacy Shield set by the US Department of Commerce. Further information on data processing by Zendesk can be found in Zendesk's privacy policy at: https://www.zendesk.de/company/customers-partners/privacy-policy and privacy@zendesk.com.
The data processing is based on Art. 6 para. 1 lit. f GDPR, which permits the processing of data to safeguard the legitimate interests of the data controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail.
2.13 Data Processing in the context of our Facebook Corporate Website
We run a corporate site (fanpage) in the social network facebook.com. We are jointly responsible with Facebook for the operation of the Facebook fan page within the meaning of Art. 26 GDPR The agreement on joint responsibility can be found here: https://www.facebook.com/legal/terms/page_controller_addendum. The primary data controller is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").
The nature and extent of your information provided to Facebook, the related purposes of Facebook's data processing, its legality, and information regarding the exercise of your rights can be found in the Data Policy and other information provided by Facebook regarding the processing of "Insights Data". https://de-de.facebook.com/policy.php
Facebook provides us with so-called page insights for our page. Page Insights (https://www.facebook.com/business/a/page/page-insights) is aggregated information that can help us understand how people interact with our site. The creation and provision of these page insights is the responsibility of Facebook, we have no influence on it. This also applies to data processing, which is carried out exclusively for the purposes of Facebook. Facebook also assumes all obligations under the GDPR with regard to the processing of Insights data (including Articles 12 and 13 GDPR, Articles 15 to 22 GDPR and Articles 32 to 34 GDPR).
The purpose of the data processing of the data provided by Facebook by us is the statistical evaluation of the use of our fan page. For example, we can determine our users' preferred visiting and contribution times and use them to optimize our contributions and our fan page. In addition, we process personal data made publicly accessible by you on Facebook (e.g. clear names in the user profile) as well as data directly connected with activities on our fan page (e.g. contributions, posts, likes, tags), also for the purpose of communicating with you.
The basis for data processing is Art. 6 Para. 1 S. 1 lit. a GDPR, insofar as you have given Facebook the corresponding consent. You can revoke your consent to Facebook at any time with effect for the future. Otherwise, the basis for our data processing is Art. 6 Para. 1 S. 1 lit. f GDPR, which permits the processing of data to safeguard the legitimate interests of the person responsible, provided that the interests or fundamental rights and freedoms of the data subject do not predominate. We are interested in providing content and communicating with Facebook users and improving the reach and effectiveness of our contributions.
Please assert your rights to information, correction, deletion, restriction of processing and data transferability of your stored Insights data vis-à-vis Facebook, as Facebook has assumed the corresponding obligations:
Facebook Inc.
1601 S. California Ave
Palo Alto, CA 94304, USA
Privacy Information: https://www.facebook.com/about/privacy/
Opt-out: https://www.facebook.com/settings?tab=ads
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
2.14 Online presences in other social networks
We have established online presences in various social networks in order to be able to communicate with you, interested parties and customers and to inform you about our services and current offers. In addition to our interaction with you, the social networks process data from visitors to their websites for the purpose of market research and advertising, i.e. a user profile may be created by the respective operator of the social network from the respective visit or usage behaviour and the preferences and interests of a visitor derived from this. Such user profiles can be used, among other things, to display advertisements within the respective social network and possibly on other websites that are individually adapted to the respective user profile. Cookies (see above) may be stored on visitors' devices, which can be used to collect data on user behaviour. The collection of this data can also be carried out across several browsers and/or end devices used by a user, especially for logged-in members of the respective social network. Even if a visitor does not have a profile with the respective social network, it cannot be ruled out that personal data relating to this visitor will be stored through the visit of the respective website. Requests for information regarding the data stored via our online presence in social networks or the use of other relevant rights (see below) can be addressed to the provider of the respective service. Only the providers of the social networks have access to the respective data stored there and can give the appropriate information. With regard to the purpose and scope of data processing by the various social networks, we refer you to their respective data protection notices and contact details:
Instagram
Facebook Ireland Ltd.
4 Grand Canal Square
Dublin 2, Ireland
Data Protection Declaration: https://www.facebook.com/about/privacy/
Contact: https://www.facebook.com/help/contact/540977946302970
Opt-out: https://www.facebook.com/settings?tab=ads
Twitter Inc.
795 Folsom St., Suite 600
San Francisco, CA 94107, USA
Data Protection Declaration: https://twitter.com/de/privacy
Opt-out: https://twitter.com/personalization
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active
XING AG
Dammtorstraße 29-32
20354 Hamburg, Germany
Data Protection Declaration: https://privacy.xing.com/de/datenschutzerklaerung
LinkedIn Ireland Unlimited Company
Wilton Place
Dublin 2, Irland
Data Protection Declaration https://www.linkedin.com/legal/privacy-policy
Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
YouTube LLC
901 Cherry Ave.
San Bruno, CA 94066
USA
Represented by:
Google Inc.
1600 Amphitheatre Parkway
Mountain View, CA 94043, USA
Data Protection Declaration: https://policies.google.com/privacy?hl=de&gl=de
Opt-out: https://adssettings.google.com/authenticated
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Pinterest Europe Ltd.
Palmerston House, 2nd Floor
Fenian Street
Dublin 2, Ireland
Data Protection Declaration: https://policy.pinterest.com/de/privacy-policy
Snap Group Limited
7-11 Lexington Street
London, United Kingdom, W1F 9AF
Data Protection Declaration: https://www.snap.com/en-US/privacy/privacy-policy/
The processing of data in the context of our online presence in social networks is based on our legitimate interest in effective information and direct communication with interested parties and customers of our company. Basis for the data processing is art. 6 Abs. 1 lit. f GDPR, which permits the processing of data for the protection of legitimate interests of the responsible person, provided that the interests or fundamental rights and freedoms of the person concerned do not outweigh.
2.15 Data processing for applications
You can send us applications for jobs in our company via our websites and the contact data we have provided there. Insofar as personal data is transferred to us by you in this way or in any other way during applications, we process your data for the purpose of examining, processing and responding to your application and, if necessary, preparing the employment relationship.
Basis for the data processing is Art. 6 Para. 2 GDPR, § 26 Para. 1 BDSG (new) which permits the processing of data for the decision on the establishment, for the establishment as well as for the implementation of employment relationships.
2.16 Data processing for processing payments by credit card
We offer payment by credit card. We process credit card payments via the payment service provider ConCardis GmbH (hereinafter referred to as "ConCardis"), Helfmann-Park 7, 65760 Eschborn, Germany, to whom we pass on the information you provide during the payment process as well as information about your order.
The transmission of your data to ConCardis takes place on the basis of Art. 6 Para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
2.17 Credit assessment
Our company regularly checks the creditworthiness when concluding contracts and in certain cases of existing customers if there is a legitimate interest, in order to protect us against the occurrence of payment defaults.
For this purpose, we cooperate with Verband der Vereine Creditreform e.V. (hereinafter referred to as "Creditreform"), Hellersbergstraße 11, 41460 Neuss, Germany, and IHD Gesellschaft für Kredit und Forderungsmanagement mbH (hereinafter referred to as "IHD"), Augustinusstr. 11 B, 50226 Frechen, Germany, from which we receive the necessary data. For this purpose, we may provide names and contact information to one of the above credit rating service providers. The information according to Art. 14 GDPR on data processing at Creditreform can be found at https://en.creditreform.de/eu-gdpr.html. Within the scope of our cooperation with the IHD, we also use automatically generated probability values for the purpose of deciding on the establishment, execution or termination of the contractual relationship, the calculation of which may include address data, among other things. The information according to art. 14 GDPR to the data processing taking place with the IHD is provided at www.ihd.de/datenschutz/Artikel14.html. You can find information about their contractual partners in the field of credit agencies at: www.ihd.de/datenschutz#vertragspartner.
We can decide whether to reject a customer's order as part of the credit check by using an automated process. For example, when a negative credit report is transmitted by a credit agency, the desired order can be rejected automatically. This occurs in particular if the information indicates that the customer has insufficient creditworthiness to meet its payment obligations. You may exercise the right to ask us to manually review the automated decision.
The processing of your data in this context takes place on the legal basis in Art 6 para. 1 lit. b GDPR or the legal basis in Art 6 para. 1 lit. f GDPR, which allows the processing of data to safeguard the legitimate interests of the responsible person, provided that the interests or fundamental rights and freedoms of the person concerned do not prevail.
2.18 Transmission of data on outstanding claims to collection agencies
If open invoices/rates are not paid despite repeated reminders, we can transmit the data necessary for the execution of a collection (name, address, e-mail address, information on the company and if necessary contract and debt data) to a collection agency for the purpose of the sale of the open claims as well as for the purpose of the debt collection processing. When the outstanding claims are sold, the latter then becomes the holder of the claim and asserts the claim in his own name. We work together with the following collection agencies: Verband der Vereine Creditreform e.V., Hellersbergstraße 12, 41460 Neuss and IHD Gesellschaft für Kredit- und Forderungsmanagement mbH, Augustinusstraße 11b, 50226 Frechen. The processing of the data takes place on the legal basis in art. 6 Abs. 1 lit. b and art. 6 Abs. 1 lit. f GDPR.
The processing of the data takes place on the legal basis in Art. 6 Para. 1 lit. b and Art. 6 Para. 1 lit. f GDPR. Transmissions on the basis of Art. 6 Para. 1 lit. f GDPR may take place insofar as this is necessary to safeguard the legitimate interests of our company and does not outweigh the interests of the person concerned, which require the protection of personal data.
2.19 Data processing to protect legitimate interests
We also process your data if it is necessary to protect the legitimate interests of us or of third parties. This may be the case to guarantee IT security and IT operation; for support inquiries; in the event of legal disputes, to be able to understand and prove the facts of the case; for market and opinion polls; to statistically evaluate the use of our website; to promote other products from us or our cooperation partners.
The basis for data processing is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the data processing listed above.
2.20 Data processing for advertising purposes and for recommendations and enquiries
If your data is used for advertising purposes for our offers and products and for other offers and products of our cooperation partners, we may ask for your consent. The data processing then takes place on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time with effect for the future.
In addition, we use your e-mail address for recommendations if you have already booked with us. You will receive these recommendations from us regardless of whether you have subscribed to a newsletter or not. In this way, we would like to provide you with information about our services that may be of interest to you on the basis of your most recent bookings with us. We strictly adhere to the legal requirements. If you do not wish to receive any recommendations and offers or any advertising messages from us, you can object to this at any time. A text message to the contact data mentioned under point 1 (e.g. e-mail, fax, letter) is sufficient for this purpose.
Basis for the data processing is art. 6 Abs. 1 lit. f GDPR, which permits the processing of data for the protection of legitimate interests of the responsible person, provided that the interests or fundamental rights and freedoms of the person concerned do not outweigh.
2.21 Data processing for market research and public opinion polling
We also use your data for market and opinion research. Of course we use them exclusively anonymously for statistical purposes and only for Broermann Health & Heritage Hotels GmbH. Your responses to surveys will not be shared with third parties or published.
Basis for the data processing is art. 6 Abs. 1 lit. f GDPR, which permits the processing of data for the protection of legitimate interests of the responsible person, provided that the interests or fundamental rights and freedoms of the person concerned do not outweigh.
2.22 Data processing for the fulfilment of legal obligations
In addition, we process your data to fulfil legal obligations (e.g. regulatory requirements, commercial and tax storage and proof obligations).
Basis for the data processing is Art. 6 Para. 1 lit. c GDPR, which permits the processing for the fulfilment of a legal obligation.
3. Categories of receipt of personal data
Your personal data will only be passed on to third parties or otherwise transmitted if this is necessary for the purpose of contract processing or billing or if you have given your prior consent or if there is a legal basis for the transfer.
Insofar as it is necessary for the purpose of contract processing or for the dispatch and delivery of products, data will be passed on to partner companies which have been commissioned to support contract processing. Our partners undertake to comply with and observe the provisions of data protection law. Furthermore, our partners are not permitted to use the data in any other way than to process the contract.
Service providers who support us in providing our services to you are sales and marketing companies, file destruction, software (SaaS) providers, IT service providers, in particular service providers for software and hardware maintenance, social media management providers, hosting providers and e-mail service providers.
4. Duration of data storage
In principle, we delete your data as soon as they are no longer required for the respective purpose, unless temporary storage is still necessary. For example, we store your data on the basis of legal proof and storage obligations, which arise from the German Commercial Code and the German Tax Code. The storage periods are then up to ten full years. We also retain your data for the period in which claims can be made against our company (statutory limitation period of three or up to thirty years).
5. Data security
Your personal data will be transmitted securely by us through encryption. We use the coding system SSL (Secure Socket Layer). You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. Furthermore, we secure our websites and other systems by technical and organizational measures against loss, destruction, access, alteration or distribution of your data by unauthorized persons.
6. Data subject rights
You can request information about your personal data stored by us and under certain conditions request the correction or deletion of your data by contacting us via our contact data given above. You may also have the right to restrict the processing of your data and to have the data you provide disclosed in a structured, common and machine-readable format. If you have given us your consent to process personal data for specific purposes, you can revoke your consent at any time with effect for the future. You may object to the processing of your data for direct marketing purposes. If we process your data to protect legitimate interests, you may object to such processing for reasons arising from your particular situation. You can also contact a data protection supervisory authority.