Hotel Filser Füssen aussen Sommer

Data protection

in accordance with the GDPR (General Data Protection Regulation)

The protection of personal data is an important concern for us. Therefore, the processing of personal data is carried out in accordance with the applicable European and national legislation.
You can of course revoke your declaration(s) of consent at any time with effect for the future. To do so, please contact the controller in accordance with § 1.
The following declaration provides an overview of what type of data is collected, how this data is used and passed on, what security measures we take to protect your data and how you can obtain information about the information provided to us.

Legal foundation

for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 sentence 1 lit. a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis. When processing personal data that is necessary for the fulfilment of a contract to which the data subject is a party, Art. 6 para. 1 sentence 1 lit. b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. Insofar as the processing of personal data is necessary to fulfil a legal obligation to which we are subject, Art. 6 para. 1 sentence 1 lit. c) GDPR serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 sentence 1 lit. f) GDPR serves as the legal basis for the processing.

Data erasure & storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which we are subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

DATA PROTECTION WIDGET USE

This page integrates a widget from HOTELCLASS to display the current star category of a hotel. The provider is DEHOGA Deutsche Hotelklassifizierung GmbH, Am Weidendamm 1A, 10117 Berlin, Germany (https://hotelclass.info/imprint.php).

This allows guests to see at a glance that a hotel has been reliably classified and complies with the official guidelines of the German Hotel Classification. The protection of personal data is an important concern for us. The HOTELCLASS widget of DEHOGA Deutsche Hotelklassifizierung GmbH is used in accordance with the applicable legal provisions on the protection of personal data and data security. This data protection notice provides you with information on how DEHOGA Deutsche Hotelklassifizierung GmbH handles information that is collected when you use the HOTELCLASS widget.

Collection and processing of personal data
The use of the HOTELCLASS widget of DEHOGA Deutsche Hotelklassifizierung GmbH is possible without providing personal data. Personal data is all information about your identity, such as your name, your e-mail address or your postal address. Such data is neither collected nor stored when you use HOTELCLASS widgets.

Server log files
The provider of our website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. The data in the log files include
Referrer URL (the website you came from)
browser type
Browser version and language Operating system used and its interface IP address (anonymised)
Time of the server request
http status code
Access status of the transferred data volume
Storage period is 7 days
This data is not merged with other data sources.
The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, which permits the processing of data to optimise the presentation and security of the website on the basis of our legitimate interest, without your interests in excluding data collection outweighing ours.

Storage location of the data
This information is usually transmitted to a server of
MINDSTREAM - Christian Klar,
Maria-Theresien-Straße 21,
6020 Innsbruck
at the Data Centre Park Falkenstein location and stored there.

Security
DEHOGA Deutsche Hotelklassifizierung GmbH takes precautions to protect your personal data from loss, destruction, falsification, manipulation and unauthorised access. The statutory data protection regulations of the Federal Republic of Germany are of course observed.

Right to information
If you have any questions regarding the processing of your personal data, please contact info@hotelstars.eu or

DEHOGA Deutsche Hotelklassifizierung GmbH
Am Weidendamm 1A
10117 Berlin

Authorised managing director: Markus Luthe

§ 1 The controller and the data protection officer

(1) Name and address of the controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is

Hotel Filser GmbH
Karin Thanner
Säulingstraße 3
Phone: +49 (0) 83 62 / 9125-0
Mail: info@hotel-filser.de

(2) Name and address of the data protection officer

The data protection officer of the controller is

Dieter Grohmann
Akwiso Datenschutz und Audit
Beethovenstraße 23, 87435 Kempten

Phone: +49 (0) 83 1 / 51 24 70 30
www.akwiso.de

§ 2 Definition of terms

The data protection declaration is based on the terms used by the European legislator for the adoption of the EU General Data Protection Regulation (hereinafter referred to as ‘GDPR’). The privacy policy should be easy to read and understand. To ensure this, the most important terms are explained below:

a) Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as ‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.
c) Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.d) Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
e) Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person

f) Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
g) Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
h) Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients.
i) Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
j) Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

§ 3 Provision of the website and creation of log files

  1. When using the website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we automatically collect the following data and information from the computer system of the accessing computer each time the website is accessed:
    a) The IP address of the user
    b) Information about the browser type and version used
    c) The user's operating system
    d) The user's internet service provider
    e) Date and time of access
    f) Websites from which the user's system accesses the website
    g) Websites that are accessed by the user's system via our website
    h) Pages accessed
    i) Amount of data transferred in each case
    j) Language and version of the browser software
    k) Search engines used
    The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
  2. The legal basis for the temporary storage of log files is Article 6(1)(f) GDPR.
  3. The temporary storage of the IP address by the system is necessary in order to
    a) enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
    b) optimise the content of our website and the advertising for it
    c) to ensure the functionality of our information technology systems and the technology of our website
    d) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. Data is stored in log files to ensure the functionality of the website. We also use the data to optimise the website and to ensure the security of our information technology systems. The data is not analysed for marketing purposes in this context.
    These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR.
  4. The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected - in this case at the end of the usage process.
    The IP addresses are stored in anonymised form. For this purpose, the last three digits are removed, i.e. 127.0.0.1 becomes 127.0.0.*. IPv6 addresses are also anonymised. Details of the directory protection user used are anonymised after one day. Error logs, which record incorrect page views, are deleted after seven days. In addition to the error messages, these contain the accessing IP address and, depending on the error, the website accessed.
  5. The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website, which is why there is no possibility of objection.

§ 4 Use of cookies

  1. this website uses so-called cookies.

Below you will find a list of cookies with a description of which ones are used. Cookies are small text files that are sent from a web server to your browser as soon as you visit a website and are stored locally on your end device (PC, notebook, tablet, smartphone, etc.) and stored on your computer and provide the user (i.e. us) with certain information. Cookies are used to make the website more customer-friendly and secure, in particular to collect usage-related information, such as frequency of use and number of users of the pages and behaviour patterns of page use. Cookies do not cause any damage to the computer and do not contain viruses. This cookie contains a characteristic character string (so-called cookie ID) that enables the browser to be uniquely identified when the website is called up again.
Cookies used:

  1. Google Analytics
  2. Hotjar

2. Cookies remain stored even if the browser session is ended and can be called up again when you visit the site again. However, cookies are stored on your computer and transmitted from it to our site. You therefore have full control over the use of cookies. If you do not wish data to be collected via cookies, you can set your browser via the menu under ‘Settings’ so that you are informed about the setting of cookies or generally exclude the setting of cookies or can also delete cookies individually. However, please note that deactivating cookies may limit the functionality of this website. As far as session cookies are concerned, these will be automatically deleted after leaving the website anyway.

§ 5 Newsletter

  1. With your consent, you can subscribe to our free newsletter, with which we inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent. We use the so-called double opt-in procedure to subscribe to our newsletter. This means that after you have registered, we will send you an e-mail to the e-mail address you have provided in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within [24 hours], your information will be blocked and automatically deleted after one month. We also store the IP addresses you use and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data. The only mandatory information for sending the newsletter is your e-mail address. The provision of other data (title, first name, surname) is voluntary and is used to be able to address you personally. If you purchase goods or services on our website and enter your e-mail address, we may subsequently use it to send you a newsletter. In such a case, only direct advertising for our own similar goods or services will be sent via the newsletter. The data will be used exclusively for sending the newsletter.
  2. The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 sentence 1 lit. a) GDPR if consent has been given. The legal basis for sending the newsletter is Art. 7 para. 3 UWG.
  3. The purpose of collecting the user's email address is to deliver the newsletter.
    The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used.
  4. The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. Your e-mail address will therefore be stored for as long as the subscription to the newsletter is active.
  5. You can cancel the receipt of our newsletter at any time and thus revoke your consent by clicking on the ‘Unsubscribe from newsletter’ field in our newsletter unsubscriber or by sending us an e-mail to (info@filserhotel.de) or a message to the contact details given in the imprint. This also enables you to withdraw your consent to the storage of the personal data collected during the registration process.

§ 6 Disclosure of personal data to third parties

(1) Links to external websites

This website contains links to external sites. We are responsible for our own content. We have no influence on the contents of external links and are therefore not responsible for them, in particular we do not adopt their contents as our own. If you are directed to an external site, the data protection declaration provided there applies. If you notice any illegal activities or content on this site, you are welcome to notify us. In this case, we will check the content and respond accordingly (notice and take down procedure).

(2) OpenStreetMap

This site uses the open source mapping tool ‘OpenStreetMap’ (OSM) via an API. The provider is the OpenStreetMap Foundation. To use the functions of OpenStreetMap, it is necessary to save your IP address. This information is usually transmitted to an OpenStreetMap server and stored there. The provider of this site has no influence on this data transfer. The use of OpenStreetMap is in the interest of an appealing presentation of our online offers and to make it easy to find the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. You can find more information on the handling of user data on the OpenStreetMap data protection page.

§ 7 Contact form and e-mail contact

1. a contact form is available on our website, which can be used for electronic contact. If you use this option, the data entered in the input mask will be transmitted to us and stored. This data is:

Your consent is obtained for the processing of the data as part of the sending process and reference is made to this privacy policy. Alternatively, you can contact us via the email address provided. In this case, the personal data transmitted with the e-mail will be stored. If this involves information on communication channels (e.g. e-mail address, telephone number), you also consent to us contacting you via this communication channel in order to respond to your enquiry. No data will be passed on to third parties in this context. The data will only be used to process the conversation.

  • Salutation
  • First name & surname
  • Street, postcode, city
  • e-mail address
  • Telephone and fax
  • Desired arrival / desired departure
  • Number of persons / including children aged
  • Desired type of accommodation (room category)
  • Any interest in an offer / interests in an offer
  • Any incompatibilities
  • How do you know the Hotel Filser?
  • Request for brochure delivery or callback service
  • Any individual message

2. the legal basis for the processing of the data is Art. 6 Para. 1 S. lit. a) GDPR if the user has given consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 sentence 1 lit. f) GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. 1 lit. b) GDPR.

3. the processing of the personal data from the input mask serves us solely to process the contact. We will, of course, use the data from your e-mail enquiry exclusively for the purpose for which you provide it to us when contacting us. If you contact us by e-mail, we also have the necessary legitimate interest in processing the data in order to respond to your enquiry. The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.
4. the data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

5. you have the option to revoke your consent to the processing of your personal data at any time. If you contact us by e-mail, you can object to the storage of your personal data at any time. In such a case, the conversation cannot be continued. With regard to the revocation of consent/objection to storage, we ask you to contact the person responsible or the data protection officer in accordance with § 1 by e-mail or post. All personal data stored in the course of contacting us will be deleted in this case.

§ 8 Web analysis through Google Analytics

(with pseudonymisation)

1. we use the service of Google LLC (Google LLC, 1600 Amphitheatre Parkway Monutain View, CA 94043, USA) on our website to analyse the surfing behaviour of our users. The software places a cookie on your computer (for cookies, see above). If individual pages of our website are accessed, the following data is stored:

a) Two bytes of the IP address of the user's accessing system

b) The website accessed

c) Entry pages, exit pages,

d) The time spent on the website and the cancellation rate

e) The frequency with which the website is accessed

f) Country and regional origin, language, browser, operating system, screen resolution, use of Flash or Java

g) Search engines used and search terms used

The information generated by the cookie about the use of this website by users is generally transmitted to a Google server in the USA and stored there. This website uses Google Analytics with the extension ‘_anonymiseIp()’. The software is set so that the IP addresses are not stored in full, but only in abbreviated form. In this way, it is no longer possible to assign the truncated IP address to the accessing computer. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. However, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

2 The legal basis for the processing of personal data is Art. 6 para. 1 sentence 1 lit. a) GDPR.
3. on our behalf, Google will use this information to analyse your use of the website and to compile reports on website activity. By analysing the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. These purposes also constitute our legitimate interest in processing the data in accordance with Art. 6 para. 1 lit. f) GDPR. By anonymising the IP address, the interest of users in the protection of their personal data is adequately taken into account.

4. the data is deleted as soon as it is no longer required for our recording purposes.

5. the cookies used are stored on your computer and transmitted from it to our site. If you do not agree to the collection and analysis of usage data, you can prevent this by setting your browser software accordingly by deactivating or restricting the use of cookies. Cookies that have already been saved can be deleted at any time. However, in this case you may not be able to use all the functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link. The current link is: https://tools.google.com/dlpage/gaoptout?hl=de

You can prevent the collection of data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent the future collection of your data when you visit this website: Deactivate Google Analytics.

6. third party provider is Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. further information can be found in the user conditions at https://www.google.com/analytics/terms/de.html, in the overview of data protection at https://www.google.com/intl/de/analytics/learn/privacy.html and in the data protection declaration at https://www.google.de/intl/de/policies/privacy.

§ 9 Privacy policy social networks

We maintain online presences on various social networks and platforms. In the following, we would like to inform you about the data collected by these and by us, their purposes, the legal basis, recipients and your rights.

§ 1 Controller and data protection officer

Joint controllers within the meaning of Article 26 of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations for our social platforms are

Filser GmbH
Säulingstr. 3
87629 Füssen
08362/91250
info@hotel-filser.de
www.hotel-filser.de

The data protection officer is Dieter Grohmann, 0831/5124-7030, info@akwiso.de

as well as the companies named below for the respective network

  1. Meta: Meta Platforms, Inc, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The supervisory authority is the Data Protection Commission, Canal House, Station Road, Portarlington, R32 AP23 Co Laois, https://www.dataprotection.ie/docs/Contact-us/b/11.htm. Further information on data protection can be found at https://www.facebook.com/policy.php.

§ 2 Data collected by us in general

2.1 Meta

  1. We ourselves use the respective statistical analyses that the social network makes available to us. We are currently unable to switch this off or modify it. We collect the following data as a result:
    a) Demographic data (gender, age, country, place of residence, language): We collect this data as part of our paid promotions, as part of advertised events and as part of the statistical analysis on our fans, subscribers and people reached.
    b) Statistical figures on the number of subscribers, reactions to our posts, reach of our posts, fans (people who like our page), access times (days, times), page views, actions on the page (comments, partial actions, clicks, negative feedback), on the performance of our posts and on different types of posts (photo, video, etc.), events (tickets sold, people reached, interactions), on entertainment and on any stories posted.
    We receive the analyses in anonymised form.
    The legal basis for the collection of the above-mentioned data is Art. 6 para. 1 lit. f) GDPR, so that we can provide our interested parties with interesting events, information, etc. in a personalised manner and so that we know which measures are worthwhile on our part. This enables us to optimise our content. As these analyses are carried out anonymously by us and can only be used by the social network on a personalised basis (within the framework of their terms of use), we believe that the interests of our fans, subscribers, etc. are protected.
  2. We also collect data from our fans (likes) and from people who have commented on or shared something. For this purpose, we learn the name (possibly the user name of the account), the profile picture and, in turn, the information made publicly available by the persons. The comments also tell us something about the opinion or the person themselves.
    The legal basis for the collection of the aforementioned data is Art. 6 para. 1 lit. a) GDPR. Subscribers, fans, post sharers and commenters give their consent to the collection by accepting the terms of use of the respective social network and the posts based on these (like clicks, share clicks, comments).
  3. You can also send us messages via the social network. In this case, the personal data transmitted with the message (name/user name; profile picture) will be stored. In this case, you agree that we may also contact you via this communication channel in order to respond to your enquiry. No data will be passed on to third parties in this context. The data will only be used to process the conversation.
    The legal basis for the processing of the data transmitted in the course of sending a message is Art. 6 para. 1 sentence 1 lit. f) GDPR. The legitimate interest lies in processing your enquiry. If the message/contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b) GDPR.
  4. We collect and process the statistical and demographic data in accordance with paragraph (1) and the messages in accordance with paragraph (3). In addition, this data is processed by the social network and its associated partners/companies etc. (see § 4) The data in accordance with paragraph (2) can be viewed not only by us and the social network and its associated partners/companies, but also by all subscribers, fans, contributors, commentators and other persons who click on our site or surf on the pages of our subscribers, fans, contributors and commentators.
  5. If we have posted offers or discounts, both Meta and we may collect information about the person who saved the offer or discount as interesting. You will then receive a notification from Meta before the offer expires. The legal basis for the collection of this data is Art. 6 para. 1 sentence 1 lit. a) GDPR.
  6. Information about our job adverts:
    1. We publish job adverts on our fan page. You can apply accordingly by e-mail.
    2. When you apply to us, we process the information that we receive from you as part of the application process, i.e. information from the

  • cover letter
  • curriculum vitae
  • photo
  • references
  • Correspondence
  • If you apply by e-mail, we will also process
  • e-mail address
  • Any other information that is transmitted via e-mail

We do not carry out research about you on the Internet (so-called background checks).

7. In the application process, we will not use any information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, health data or data concerning sex life, sexual orientation, pregnancy or family planning, age or gender. We ask you not to provide us with any such information from the outset. Exceptions to this are information on gender and any severe disability. This information is necessary for us to take and comply with the legal requirements for protective measures etc.. However, under no circumstances are you obliged to provide us with such information.

8. Your data will initially be processed exclusively for the purpose of carrying out the application procedure. If your application is successful, the data will become part of your personnel file and may be used to implement and terminate the employment relationship. If we are currently unable to offer you employment, we will process your data in order to defend ourselves against any legal claims, in particular due to alleged discrimination in the application process. The legal basis for data processing is therefore Art. 6 para. 1 lit. b) GDPR, insofar as the data processing serves to decide on the establishment of an employment relationship and insofar as the data is then included in the employment relationship. If the storage serves to secure claims, the legal basis is Art. 6 para. 1 lit. f) GDPR. The legitimate interest here is the preservation of evidence documents for possible defence. We process information and documents that are not required for the aforementioned purposes on the basis of your implied consent pursuant to Art. 6 para. 1 lit. a) GDPR, which you have given us by sending it to us.

9. The statistical data in accordance with paragraph (1) will be deleted after 7 days (actions on the site, page views) or after 2 months. The other data in accordance with paragraph (2) will be irrevocably deleted when our website is deleted or temporarily deleted if it is deactivated. The data from the message in accordance with paragraph (3) will be deleted when the respective conversation has ended. However, if the conversation is aimed at concluding a contract, the data will be deleted in accordance with the statutory retention periods; this is usually 10 years.
We store the data required for a successful application and for the employment relationship until the end of the employment relationship and for a period of up to 3 years thereafter. We will continue to process the data relating to an application that we had to reject for a period of 6 months after sending the rejection in order to safeguard our legitimate interests. If claims are made against us as part of a process, we store the data until the process is concluded. This also applies accordingly to data received voluntarily

10. As already communicated, the statistical data is collected without us currently being able to opt out. For this reason, we are unable to honour your right to object for technical reasons. We therefore ask you to contact the social network directly at the addresses stated in § 1. There is a cancellation option with regard to the messages in accordance with paragraph (3), provided that the message does not serve the preparation or execution of a contract. Please note that the enquiry may not be processed in this case. You can also delete your connections to us by deactivating the Like buttons again. If we receive a cancellation and we have the option to delete your data (e.g. comments on our noticeboard, application documents, etc.), we will take the necessary steps to do so. The revocation does not affect the legality of the processing of your data carried out on the basis of your consent until any revocation.

§ Section 10 Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

  1. Right of access,
  2. Right to rectification
  3. Right to restriction of processing,
  4. Right to erasure
  5. Right to information
  6. Right to data portability.
  7. Right to object to processing
  8. Right to withdraw consent under data protection law
  9. Right not to be subject to an automated decision
  10. Right to lodge a complaint with a supervisory authority

(1) Right to information

  1. You can request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you can request information free of charge from the controller at any time about the personal data stored about you and about the following information:

(a) the purposes for which the personal data are processed;

b) the categories of personal data that are processed

c) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed

d) the envisaged period for which the personal data concerning you will be stored, or, if specific information on this is not possible, the criteria used to determine that period

e) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing

f) the existence of a right to lodge a complaint with a supervisory authority

g) all available information about the origin of the data if the personal data is not collected from the data subject

h) the existence of automated decision-making including profiling in accordance with Art. 22 (1) and (4) GDPR and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.

(2) Right to rectification

You have the right to obtain from the controller without undue delay the rectification and/or completion of inaccurate or incomplete personal data concerning you.

(3) Right to restriction of processing

1. You have the right to obtain from the controller restriction of processing of personal data concerning you without undue delay where one of the following applies

a) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;

b) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead

c) the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or

d) if you have objected to the processing pursuant to Art. 21 para. 1 GDPR and it is not yet certain whether the legitimate reasons of the controller outweigh your reasons.

2. If the processing of personal data concerning you has been restricted, this data - apart from its storage - may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

(4) Right to erasure

  1. You have the right to obtain from the controller the erasure of personal data concerning you without undue delay where one of the following grounds applies

a) The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

b) You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.

c) You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR.

d) The personal data concerning you have been processed unlawfully.

e) The deletion of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.

f) The personal data concerning you have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

2. If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Art. 17 (1) GDPR, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

3. the right to erasure does not exist insofar as the processing is necessary

a) for exercising the right of freedom of expression and information;

b) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller

c) for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;

d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

e) for the establishment, exercise or defence of legal claims.

(5) Right to information

If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification/erasure/restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right vis-à-vis the controller to be informed about these recipients.

(6) Right to data portability

1. You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where
a) the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
b) the processing is carried out by automated means.

2. in exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be affected by this.

3. the right to data portability shall not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

4. In order to assert the right to data portability, the data subject may at any time contact the controller.

(7) Right to object

1. You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.

2. the controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

3. where the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

4.you have the possibility to exercise your right of objection in connection with the use of information society services - notwithstanding Directive 2002/58/EC - by means of automated procedures using technical specifications.

5.to exercise the right to object, the data subject may contact the controller directly.

(8) Right to revoke the declaration of consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. You can contact the controller for this purpose.

(9) Automated decision in individual cases including profiling

1. you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
a) is necessary for the conclusion or performance of a contract between you and the controller
b) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
c) is made with your express consent.

2. however, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.

3. in the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

4) If the data subject wishes to assert rights relating to automated decisions, they can contact the controller at any time.

(10) Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

§ 11 Changes to the privacy policy

We reserve the right to change our privacy practices and this policy to reflect changes in relevant laws or regulations or to better meet your needs. Possible changes to our data protection practices will be announced here accordingly. Please note the current version date of the privacy policy.

Zum Seitenanfang