Privacy policy for our website

We provide this information to explain transparently how we handle your personal data (which, according to the highest court rulings, also includes your IP address) when you visit our website. According to Art. 4 No. 1 GDPR, personal data means any information relating to an identified or identifiable natural person.

We take the protection of your data and your privacy very seriously and comply with our data protection obligations. We collect and process your personal data in line with European and national statutory provisions. We expressly explain in this privacy policy how and in what form we process your data.

When you visit our website, we are required to collect various items of personal data – on the one hand to ensure the functionality of our website, and on the other hand to enhance the appeal of our site by using various tools.

However, we would still like to point out that data transmission over the internet is not possible without potentially accepting existing security gaps. We cannot therefore guarantee complete protection of your data, but we make every possible effort to protect it as comprehensively as we can.

Your data is collected so that we can display our website without errors. Other data may be used to analyse your user behaviour.

Data is also collected on a legal basis:

If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) subpara. 1 (a) GDPR and, where sensitive data within the meaning of Art. 9 (1) GDPR is processed, on the basis of Art. 9 (2) (a) GDPR. Processing of data under Art. 9 GDPR is only permitted in certain cases.

If you have consented to the storage of cookies or to access to information on your end device, for example through device fingerprinting, data processing is carried out on the basis of § 25 (1) TDDDG.

You may withdraw consent at any time with effect for the future. You can exercise your right of withdrawal by sending us an informal notification by e-mail. You can also contact our data protection officer; they will forward your request to us. The lawfulness of the data processing carried out up to the time of withdrawal remains unaffected by your withdrawal of consent.

If we collect your data to perform a contract or to take steps prior to entering into a contract, your data is processed on the basis of Art. 6 (1) subpara. 1 (b) GDPR. If your data is required to comply with a legal obligation, we process your data on the basis of Art. 6 (1) subpara. 1 (c) GDPR.

Data processing may also take place where we process data in order to perform one of our public tasks. In this case, data processing is based on Art. 6 (1) subpara. 1 (e), (3) subpara. 1 (b) GDPR in conjunction with the relevant federal or state-specific legislation.

We will state the specific legal basis applicable in each individual case in the relevant section.

We, as the website operator, are the controller responsible under data protection law for data processing on our website in accordance with Art. 4 No. 7 GDPR. You can reach us using the following contact details:

Tanneck Hotelbetriebs GmbH

Patricia Fischer-Schwegler, Thomas Fischer

Maderhalm 20, 87538 Fischen im Allgäu

Tel: +49 8326 999 - 0

Fax: +49 8326 999 – 133

Email: info@hotel-tanneck.de

#KOMM#IT, Funke Solution GmbH & Co. KG, Salmas 52, 87534 Oberstaufen

Tel: +49 8325 927050, dsb@komm-it.info

When it comes to the maximum storage period for your personal data, we comply with the respective statutory retention period. We only store your data for as long as we need it for our data processing purposes. We are bound by the purpose for which we collected your data when storing it. If no specific storage period is stated in this information, your personal data will remain with us until the purpose for the data processing no longer applies.

If you submit a legitimate request for erasure or withdraw your consent to data processing, we must delete your data, provided no other legally permissible grounds exist for the continued storage of your data, such as statutory commercial or tax retention periods. We can only comply with your request for erasure once these grounds no longer apply.

We collect your data because you provide it to us via a contact form or in another way. There is also data that is collected automatically, or only after you have given your consent, when you visit our website. This primarily concerns technical data such as your operating system and the time of your page view.

We use tools from third-party providers based both within and outside the EU and EEA. Your personal data may be transferred to these third parties if you have activated these tools – unless they are required for the basic functionality of the website.

We also use tools from companies based in the USA or other third countries that are not considered safe in terms of data protection law. Your personal data may also be transferred to these providers if you have activated the relevant tools. These countries do not offer a level of data protection comparable to that of the EU.

Such a data transfer requires an adequacy decision by the EU Commission, guaranteeing a comparable level of protection for your personal data. If no such adequacy decision exists, other appropriate safeguards pursuant to Art. 44 et seq. GDPR must be put in place.

We offer you the option of concluding a fee-based contract directly via our website. In order to be able to fulfil this contract and process your payment, you are required to provide us with your payment details. Payment data includes account number, IBAN, BIC, account holder, credit card number, expiry date and any other information required to process the payment.

Payment transactions using common means of payment such as Visa, Mastercard or direct debit are carried out exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection by the fact that the browser’s address bar changes to https://. You can also recognise it by the padlock symbol in your browser bar. With encrypted communication, your payment data generally cannot be read by third parties.

You can exercise your rights under Art. 12 et seq. GDPR.

In some cases, we process your data on the basis of your explicit consent. You may withdraw the consent you have already given at any time with effect for the future. You can exercise your right of withdrawal by sending us an informal notification by e-mail. You can also contact our data protection officer; they will forward your request to us. The lawfulness of the data processing carried out up to the time of withdrawal remains unaffected by your withdrawal of consent.

If data processing is carried out on the basis of Art. 6 (1) subpara. 1 (f) GDPR, you have the right to object to the processing of your personal data on grounds relating to your particular situation. This also applies to any profiling – the legal basis on which such profiling is carried out can be found in this information. If you exercise your right to object, your affected personal data will no longer be processed unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims pursuant to Art. 21 (1) GDPR.

If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing. This also applies to profiling, insofar as it is connected with such direct marketing. If you object, your personal data will thereafter no longer be used for direct marketing purposes in accordance with Art. 21 (2) GDPR.

You have the right to receive data that we process automatically, in a commonly used, machine-readable format, either yourself or to have it transmitted to a third party. If you request the direct transfer of the data to another controller, this will only take place where it is technically feasible.

Under Art. 15 (1) GDPR, you have the right to obtain, free of charge, information about your stored personal data, its origin, recipients and the purpose of the data processing. You may also, where applicable, exercise a right to rectification or erasure of this data. If you have any questions about your rights, you can contact us or our data protection officer at any time.

You may also request the restriction of the processing of your personal data. If you have any questions about this right, you can contact us or our data protection officer at any time. The right to restriction exists in the cases specified by law. If you contest the accuracy of your data, we need time to verify this. For the duration of this verification, you have the right to request restriction of the processing of your data. If the processing of your data is unlawful, you may request restriction of processing instead of erasure. If we no longer need your personal data, but you wish to exercise, defend or assert legal claims, you have the right to request at least the restriction of data processing. If you have lodged an objection under Art. 21 (1) GDPR, we must weigh up your interests against ours; for the duration of this assessment you have the right to request restriction of your data.

If you have restricted the processing of your personal data, this data – apart from its storage – may only be processed with your consent or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or of a Member State.

As a data subject, you also have the right to lodge a complaint with a supervisory authority in the event of breaches of the GDPR. This must be the competent data protection supervisory authority in your federal state. You always have the right to lodge a complaint, regardless of any other measures you take.

We expressly object to the use of our contact details for sending unsolicited advertising and information material. We expressly reserve the right to take legal action against the unsolicited sending of advertising, such as spam e-mails.

For security reasons, and to protect the transmission of confidential content, we use an SSL or TLS connection. You can recognise an encrypted connection by the fact that the browser address bar changes from "http://" to "https://" and by the padlock symbol in your browser bar.

The site provider collects and stores information in server log files that your browser automatically transmits to us. This includes the following data: Browser type and browser version, operating system used, referrer URL, hostname of the accessing computer, time of the server request and also your IP address.

Your data is not merged with data from other data sources. The legal basis for data processing is Art. 6 (1) subpara. 1 (f) GDPR, as we, as the website operator, have a legitimate interest in the technically error-free presentation and optimisation of our website. For this purpose, server log files must be collected.

We host our website with an external provider.

All personal data collected on the website – such as your IP address, metadata and communication data, contract data, contact details, names, access details and any other data generated via a website – is stored on the host’s servers.

The legal basis for processing your personal data is Art. 6 (1) subpara. 1 (f) GDPR. Our legitimate interest lies in the most reliable possible presentation of our website.

If we have obtained your consent, your data is processed on the basis of Art. 6 (1) subpara. 1 (a) GDPR and § 25 (1) TDDDG where the use of data is subject to consent to the storage of cookies or access to information on the user’s end device, such as device fingerprinting, within the meaning of the TDDDG. You may withdraw consent at any time with effect for the future. You can exercise your right of withdrawal by sending us an informal notification by e-mail. You can also contact our data protection officer; they will forward your request to us. The lawfulness of the data processing carried out up to the time of withdrawal remains unaffected by your withdrawal of consent.

To demonstrate data protection-compliant processing and to set out our respective obligations, we have concluded a data processing agreement. This is a contract required under data protection law pursuant to Art. 28 (3) GDPR, which ensures that our processor processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR. Our hosting provider is: Vioma GmbH, Industriestraße 27, 77656 Offenburg

We use cookies on our website. These are small text files and data packets that are placed on end devices but do not cause any damage there. Cookies are stored on your end device either temporarily for the duration of a session as session cookies, or permanently as persistent cookies. Session cookies are automatically deleted at the end of your session, whereas persistent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser.

In some cases, cookies from third-party providers may also be stored on your devices; these are known as third-party cookies. They enable you to use this company’s services, for example by using cookies to process payment services.

Cookies perform different functions. Some are technically necessary to ensure that certain applications on the website function at all, such as the shopping basket feature. Other cookies are used to analyse user behaviour on our site or to display advertising. Cookies that are technically essential, and therefore regarded as necessary cookies, are stored on the basis of §25 (2) TDDDG, unless another legal basis is explicitly stated. Storing these cookies is absolutely essential in order to create the technical conditions for an error-free and optimised website. For cookies that are not technically essential, consent is obtained in accordance with §25 (1) TDDDG. In this case, cookies are stored solely on the basis of this consent. You may withdraw consent at any time with effect for the future. You can exercise your right of withdrawal by sending us an informal notification by e-mail. You can also contact our data protection officer; they will forward your request to us. The lawfulness of the data processing carried out up to the time of withdrawal remains unaffected by your withdrawal of consent.

You can set your browser so that you are informed when cookies are placed and only allow them in individual cases. You can also generally exclude the storage of cookies and activate the automatic deletion of cookies when you close your browser. We would recommend this approach. If you disable cookies completely, the functionality and display of our website may be restricted. When we use cookies from third-party providers and for analysis purposes, we will inform you about this separately. In such cases, we will also obtain your consent.

Our cookie banner on the homepage (consent request) is provided by a third-party provider.

We use the cookie banner to obtain your consent for certain cookies that are not required for the technical display of the website to be stored on your device. We need this consent in order to have a legal basis for storing these cookies.

When you visit our website, personal data is transmitted to our cookie banner provider. This includes the following data: Your response to our consent request within the cookie banner, your IP address, information about your browser and your device, and the time of your visit to our website.

When you access our website, a connection is established to the provider’s servers to obtain your consent or other declarations regarding the setting of cookies. Once you have given your declaration, our provider stores a cookie in your web browser so that it can identify whether you have consented to or rejected the setting of cookies. It also serves to assign any withdrawal that may occur at a later date. This data is stored until you ask us to delete it, you delete the cookie yourself, or the purpose for data processing no longer applies. Statutory retention obligations that conflict with deletion remain unaffected.

The legal basis for obtaining consent is §25 (1) TDDDG. You can withdraw your consent at any time with effect for the future. If you would like to change your settings, please contact us or follow the instructions on our website. You can exercise any withdrawal of consent by sending us an informal notification by e-mail. You can also contact our data protection officer; they will forward your request to us. The lawfulness of the data processing carried out up to the time of withdrawal remains unaffected by your withdrawal of consent.

To demonstrate data protection-compliant processing and to set out our respective obligations, we have concluded a data processing agreement. This is a contract required under data protection law pursuant to Art. 28 (3) GDPR, which ensures that our processor processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR. The provider of the cookie banner is: Vioma GmbH, Industriestraße 27, 77656 Offenburg

On our website we offer services that are specifically tailored to our sector. These services include the following:

We use an external booking platform to offer you online bookings, booking enquiries and reservations.

If you would like to make an online booking, a booking enquiry or a reservation on our website, we need your data. To be able to process your enquiry, we need your e-mail address, your travel dates, the product booked, your first and last name and, if you wish, your title. In certain cases, we also ask for your telephone number so that we can contact you in the event of unforeseen circumstances requiring short-notice notification, insofar as these may affect your booking.

In order to calculate your travel price, we need your dates of stay, the selected product, the number of travellers and an indication of whether the travellers are children or adults. If you are travelling with children, we also request the exact age in order to calculate the price. So that the booking can be completed, we require your chosen method of payment for the trip. If you wish to make an advance payment, we will redirect you to your chosen payment service provider to process the payment. Any further details you enter in the booking form are provided voluntarily and are not required by us for the online booking, booking enquiry or reservation.

The legal basis for data processing in connection with an online booking, booking enquiry or reservation is Art. 6 (1) subpara. 1 (b) GDPR, for the performance of a contract or in order to take steps prior to entering into a contract. The data collected in connection with your enquiry is stored in a system. If you provide special categories of personal data relevant to the performance of our services, such as allergy-related intolerances, these will also be stored. The data transmitted to us will remain with us until the purpose for storing the data ceases to apply, for example once your request has been fully processed. However, statutory retention obligations may prevent your data from being deleted.

To demonstrate data protection-compliant processing and to set out our respective obligations, we have concluded a data processing agreement. This is a contract required under data protection law pursuant to Art. 28 (3) GDPR, which ensures that our processor processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR. This booking platform is provided by: Vioma GmbH, Industriestraße 27, 77656 Offenburg

On our website we offer the option of purchasing vouchers as well as managing vouchers online.

If you would like to purchase a voucher online via our website, we need your data in order to process your request. To process your request, we handle the following data: your e-mail address and title as well as the first and last name of the voucher recipient. We also ask which delivery method you would like so that we can issue the voucher in line with your wishes. If you choose delivery by e-mail, we process the e-mail address of the recipient. If you choose postal delivery, we additionally require the recipient’s postal address so that we can send you the voucher. In the voucher management system, we store the remaining balance of the voucher, any redemptions already made and the current status of the voucher (open, paid, redeemed, etc.).

The legal basis for data processing for voucher purchase and voucher management is Art. 6 (1) subpara. 1 (b) GDPR, for the performance of a contract or in order to take steps prior to entering into a contract. The data transmitted to us will remain with us until the purpose for storing the data no longer applies. However, statutory retention obligations may prevent your data from being deleted.

To demonstrate data protection-compliant processing and to set out our respective obligations, we have concluded a data processing agreement. This is a contract required under data protection law pursuant to Art. 28 (3) GDPR, which ensures that our processor processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR. For this service we use the provider: VOUCHER by Softtec GmbH, Hindelanger Straße 35, 87527 Sonthofen.

On our website we offer various ways for you to get in touch with us.

You have the option to register on our website. You can use this registration to unlock additional functions on our site. We use the data you enter in the registration form solely for the purposes for which you have registered. We can only complete the registration if you provide all information that is absolutely necessary for registration. Otherwise, we unfortunately have to decline your registration. In the event of changes that are absolutely necessary, we use the e-mail address you have provided in order to contact you.

We process the data you enter on the basis of your consent in accordance with Art. 6 (1) subpara. 1 (a) GDPR. You may withdraw the consent you have given at any time with effect for the future. You can exercise your right of withdrawal by sending us an informal notification by e-mail. You can also contact our data protection officer; they will forward your request to us. The lawfulness of the data processing carried out up to the time of withdrawal remains unaffected by your withdrawal of consent. We store your data for as long as you are registered on our website. Your data is then deleted, without prejudice to any statutory retention obligations.

You can choose to subscribe to our newsletter on a voluntary basis. To do so, we process the data you enter in the registration form, as well as your e-mail address, so that we can manage your subscription and, if necessary, contact you with any follow-up questions. We will not pass your data on to third parties without your consent.

The legal basis for processing your data is your consent pursuant to Art. 6 (1) subpara. 1 (a) GDPR and §25 (1) TDDDG. You can withdraw your consent at any time with effect for the future. An informal notification by e-mail to us is sufficient for this. However, the lawfulness of the data processing carried out up to the time of withdrawal remains unaffected.

The data you provide will remain with us until you ask us to delete it or withdraw your consent to its storage. Mandatory statutory provisions, such as statutory retention periods, remain unaffected by this.

You can use our contact form at any time to send us enquiries. To do so, we process the data you enter in the contact form, as well as your e-mail address, so that we can handle your enquiry and, if necessary, contact you with any follow-up questions. We will not pass your data on to third parties without your consent.

The legal basis for processing your data is Art. 6 (1) subpara. 1 (b) GDPR, provided your enquiry is related to the performance of a contract or is necessary for taking steps prior to entering into a contract.

In all other cases, processing is based on our legitimate interest in the efficient handling of your enquiry pursuant to Art. 6 (1) subpara. 1 (f) GDPR

or on your consent pursuant to Art. 6 (1) subpara. 1 (a) GDPR, where this has been obtained from you. You can withdraw your consent at any time with effect for the future. An informal notification by e-mail to us is sufficient for this. However, the lawfulness of the data processing carried out up to the time of withdrawal remains unaffected.

The data you provide will remain with us until you ask us to delete it or withdraw your consent to its storage. Mandatory statutory provisions, such as statutory retention periods, remain unaffected by this.

You can contact us at any time by email, telephone or fax. To do so, we process the data you provide to us so that we can handle your enquiry. We will not pass your data on to third parties without your consent.

The legal basis for processing your data is Art. 6 (1) subpara. 1 (b) GDPR, provided your enquiry is related to the performance of a contract or is necessary for taking steps prior to entering into a contract, or your consent pursuant to Art. 6 (1) subpara. 1 (a) GDPR, where this has been obtained from you. You can withdraw your consent at any time with effect for the future. An informal notification by e-mail to us is sufficient for this. However, the lawfulness of the data processing carried out up to the time of withdrawal remains unaffected.

The data you provide will remain with us until you ask us to delete it or withdraw your consent to its storage. Mandatory statutory provisions, such as statutory retention periods, remain unaffected by this.

In all other cases, processing is based on our legitimate interest in the efficient handling of your enquiry pursuant to Art. 6 (1) subpara. 1 (f) GDPR

We use your postal address to send you advertising by post.

The legal basis for processing your data is our legitimate interest in direct advertising pursuant to Art. 6 (1) subpara. 1 (f) GDPR in conjunction with Recital 47 of the GDPR.

If we have obtained your consent, data processing is carried out solely on the basis of Art. 6 (1) subpara. 1 (a) GDPR. You can withdraw your consent at any time with effect for the future. An informal notification by e-mail to us is sufficient for this. However, the lawfulness of the data processing carried out up to the time of withdrawal remains unaffected.

The data you provide will remain with us until you ask us to delete it or withdraw your consent to its storage. Mandatory statutory provisions, such as statutory retention periods, remain unaffected by this.

We maintain publicly accessible profiles on various social networks.

The social networks may analyse your behaviour even when you are merely visiting our website, as we have integrated plug-ins or other links to these social networks. Personal data may be collected even if you are not logged in as a user, or do not have an account with the respective provider at all. Your data is collected via cookies stored on your end device or by recording your IP address.

The social networks use this to create user profiles. These profiles store your interests and preferences so that interest-based advertising can be displayed to you. If you have a profile with the respective provider, advertising will be displayed on all devices on which you are or were logged in.

The data you provide will remain with us until you ask us to delete it or withdraw your consent to its storage. Mandatory statutory provisions, such as statutory retention periods, remain unaffected by this. Stored cookies, unless they are session cookies, remain on your device until you delete them.

To demonstrate data protection-compliant processing and to set out our respective obligations, we have concluded a data processing agreement with the respective provider. This is a contract required under data protection law pursuant to Art. 28 (3) GDPR, which ensures that our processor processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

We operate a profile on Meta (formerly Facebook). The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter: "Meta"). We have also integrated a Meta plug-in into our website. You can recognise this by the Meta profile button or the “Like” button. You can find an overview of the Facebook/Meta plug-ins at: https://developers.facebook.com/docs/plugins/?locale=de_DE.

The mere integration of the plug-in does not in itself result in a direct transfer of data to Meta. Processing of personal data only takes place when you access information that goes beyond the homepage of a Meta profile; as the website operator, we can no longer be held responsible for this processing, as by giving your consent via the “two-click solution” you have voluntarily placed the data under Meta’s control.

The legal basis for our data processing is our legitimate interest in achieving the widest possible visibility on social media pursuant to Art. 6 (1) subpara. 1 (f) GDPR.

Where the corresponding consent has been obtained, Meta processes data on the basis of your consent pursuant to Art. 6 (1) subpara. 1 (a) GDPR. You can withdraw your consent at any time with effect for the future. You can exercise your right of withdrawal by sending us an informal notification by e-mail. You can also contact our data protection officer; they will forward your request to us. The lawfulness of the data processing carried out up to the time of withdrawal remains unaffected by your withdrawal of consent.

Using a Meta profile does not give rise to joint controllership for any processing of personal data within the meaning of Art. 26 GDPR. By means of the “two-click solution” we use, you voluntarily decide to place your data under Meta’s control. Accordingly, and contrary to the ECJ judgment of 05/06/2018, C-210/16, there is no joint responsibility based on a shared decision on the purposes and means of the processing, as Meta only processes personal data once you have already voluntarily placed the data under Meta’s control. We are not responsible for any processing of personal data carried out after you have been redirected to Meta. Moreover, and purely as a precaution, in the event that joint controllership does exist, the required agreement under Art. 26 (3) GDPR is set out in the addendum provided by Meta: https://www.facebook.com/legal/controller_addendum. Under this agreement, we are obliged to provide the privacy information pursuant to Art. 13 et seq. GDPR and to integrate the Meta tool into our website in compliance with data protection law. You can exercise your data subject rights directly against Meta. If you assert your data subject rights with us in relation to the use of Meta, we are obliged to forward your request to Meta.

The data processed by Meta is also transferred to the USA and other third countries. The transfer of data to the USA is once again based on an adequacy decision of the EU Commission. Meta is a certified partner under the EU–US Privacy Framework. You can find details at: https://facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and https://facebook.com/policy.php. Further information can be found in the terms of use and privacy policy. These are available at: https://de-de.facebook.com/about/privacy/ and https://de-de.facebook.com/legal/terms/.

We operate a profile on Instagram. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter: “Meta”). We have also integrated an Instagram plug-in into our website. You can recognise this by the Instagram profile button.

The mere integration of the plug-in does not in itself result in a direct transfer of data to Meta. Processing of personal data only takes place when you access information that goes beyond the homepage of an Instagram profile; as the website operator, we can no longer be held responsible for this processing, as by giving your consent via the “two-click solution” you have voluntarily placed the data under Meta’s control.

The legal basis for our data processing is our legitimate interest in achieving the widest possible visibility on social media pursuant to Art. 6 (1) subpara. 1 (f) GDPR.

Where the corresponding consent has been obtained, Meta processes data on the basis of your consent pursuant to Art. 6 (1) subpara. 1 (a) GDPR. You can withdraw your consent at any time with effect for the future. You can exercise your right of withdrawal by sending us an informal notification by e-mail. You can also contact our data protection officer; they will forward your request to us. The lawfulness of the data processing carried out up to the time of withdrawal remains unaffected by your withdrawal of consent.

Using an Instagram profile does not give rise to joint controllership for any processing of personal data within the meaning of Art. 26 GDPR. By means of the “two-click solution” we use, you voluntarily decide to place your data under Meta’s control. Accordingly, and contrary to the ECJ judgment of 05/06/2018, C-210/16, there is no joint responsibility based on a shared decision on the purposes and means of the processing, as Meta only processes personal data once you have already voluntarily placed the data under Meta’s control. We are not responsible for any processing of personal data carried out after you have been redirected to Meta. Moreover, and purely as a precaution, in the event that joint controllership does exist, the required agreement under Art. 26 (3) GDPR is set out in the addendum provided by Meta: https://www.facebook.com/legal/controller_addendum. Under this agreement, we are obliged to provide the privacy information pursuant to Art. 13 et seq. GDPR and to integrate the Meta tool into our website in compliance with data protection law. You can exercise your data subject rights directly against Meta. If you assert your data subject rights with us in relation to the use of Instagram, we are obliged to forward your request to Meta.

The data processed by Meta is also transferred to the USA and other third countries. The transfer of data to the USA is once again based on an adequacy decision of the EU Commission. Meta is a certified partner under the EU–US Privacy Framework. You can find details at: https://facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381 and https://facebook.com/policy.php. Further information can be found in the terms of use and privacy policy. You can find these at: https://de-de.facebook.com/about/privacy/ und https://de-de.facebook.com/legal/terms/.

We use various analytics and advertising tools.

To demonstrate data protection-compliant processing and to set out our respective obligations, we have concluded a data processing agreement with the respective provider. This is a contract required under data protection law pursuant to Art. 28 (3) GDPR, which ensures that our processor processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

We use the web analytics services of Google Analytics to analyse user behaviour. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: “Google”).

To analyse user behaviour, Google collects personal data that is stored on our server, whereby IP addresses are stored only in anonymised form. Google helps us record data on when our site was accessed from which region and whether, and which, purchases were made via the website. To carry out this analysis, Google stores log files such as IP address, referrer, and the browser and operating system used. In addition, Google may also record your mouse and scrolling movements and your clicks.

The legal basis for data processing is our legitimate interest in anonymised analysis to improve our services pursuant to Art. 6 (1) subpara. 1 (f) GDPR.

Where the corresponding consent has been obtained, Google processes data on the basis of your consent pursuant to Art. 6 (1) subpara. 1 (a) GDPR. You can withdraw your consent at any time with effect for the future. You can exercise your right of withdrawal by sending us an informal notification by e-mail. You can also contact our data protection officer; they will forward your request to us. The lawfulness of the data processing carried out up to the time of withdrawal remains unaffected by your withdrawal of consent.

The data processed by Google is also transferred to the USA and other third countries. The transfer of data to the USA is once again based on an adequacy decision of the EU Commission. Google is a certified partner under the EU–US Privacy Framework. You can find details at: https://privacy.google.com/businesses/controllerterms/mccs/

Google stores the data for two months, after which it is anonymised. You can find further details at the following link: https://support.google.com/analytics/answer/7667196?hl=de

Use of Google Signals: When Google Signals is used, Google Analytics also records your location, search history and, where applicable, your YouTube history, as well as demographic data such as visitor statistics. Google Signals uses this data to deliver personalised advertising to you. If you have a Google account and are logged into it, Google Signals will also draw on data from your Google account. Google also uses the data to create anonymised user profiles and to present user behaviour in statistics.

“E-commerce measurement”: With this measurement we analyse the purchasing behaviour of visitors to our website in order to improve the services we offer there. Google stores information such as completed orders, average order values, shipping costs and the time between viewing and purchasing a product. Google then aggregates this information and assigns it to the respective user.

We use YouTube videos for visual presentation. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: “Google”).

YouTube transmits data to its partners and, due to its integration on our website, establishes a connection to Google regardless of whether a video is viewed or not. If you do watch a video, YouTube connects to its servers and informs them which page you are visiting. If you are logged into your account, YouTube creates a profile of you. To prevent this, you must log out of your account.

Once a video has been started, various cookies are stored on your device in order to obtain information about visitors to our website. We have no influence over data processing by YouTube.

The legal basis for data processing is our legitimate interest in an attractive and consistent presentation of our online offering in accordance with Art. 6 (1) subpara. 1 (f) GDPR.

Where the corresponding consent has been obtained, data processing is based on your consent pursuant to Art. 6 (1) subpara. 1 (a) GDPR. You can withdraw your consent at any time with effect for the future. You can exercise your right of withdrawal by sending us an informal notification by e-mail. You can also contact our data protection officer; they will forward your request to us. The lawfulness of the data processing carried out up to the time of withdrawal remains unaffected by your withdrawal of consent.

The data processed by YouTube is also transferred to the USA and other third countries. The transfer of data to the USA is once again based on an adequacy decision of the EU Commission. Google is a certified partner under the EU–US Privacy Framework. You can find details at:https://privacy.google.com/businesses/controllerterms/mccs/. You can find further information at the following link: https://policies.google.com/privacy?hl=de.

For consistent font display, we use web fonts provided by Google. The fonts are installed locally; as a result, no connection is made to Google’s servers.

We use the web design service from Tramino. The provider is Tramino, Weststraße 30, 87561 Oberstdorf, Germany (hereinafter: “Tramino”).

When you visit our website, we use Tramino for the visual and geographical presentation of our offering. In this context, your IP address and other information about your behaviour on this website are transmitted to Tramino, among other data. For this purpose, Tramino may store cookies in your browser or use comparable recognition technologies. Your location may also be recorded if you have allowed this in your device settings – for example on your smartphone. As the provider of this site, we have no influence on the data transfers carried out by Tramino. For details, please refer to Tramino’s privacy policy at the following link: https://tramino.de/datenschutz.html.

The legal basis for data processing is our legitimate interest in an attractive presentation of our online offering in accordance with Art. 6 (1) subpara. 1 (f) GDPR.

Where the corresponding consent has been obtained, data processing is based on your consent pursuant to Art. 6 (1) subpara. 1 (a) GDPR. You can withdraw your consent at any time with effect for the future. You can exercise your right of withdrawal by sending us an informal notification by e-mail. You can also contact our data protection officer; they will forward your request to us. The lawfulness of the data processing carried out up to the time of withdrawal remains unaffected by your withdrawal of consent.

We use Google Maps to show our location. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: “Google”).

Google Maps stores your IP address, which is transmitted to Google’s servers. We have no influence over data processing by Google. Google may also integrate Google Web Fonts when you use Google Maps.

The legal basis for data processing is our legitimate interest in an attractive presentation of our online offering in accordance with Art. 6 (1) subpara. 1 (f) GDPR.

Where the corresponding consent has been obtained, Google processes data on the basis of your consent pursuant to Art. 6 (1) subpara. 1 (a) GDPR. You can withdraw your consent at any time with effect for the future. You can exercise your right of withdrawal by sending us an informal notification by e-mail. You can also contact our data protection officer; they will forward your request to us. The lawfulness of the data processing carried out up to the time of withdrawal remains unaffected by your withdrawal of consent.

The data processed by Google is also transferred to the USA and other third countries. The transfer of data to the USA is once again based on an adequacy decision of the EU Commission. Google is a certified partner under the EU–US Privacy Framework. You can find details at: https://privacy.google.com/businesses/controllerterms/mccs/

We have integrated an online shop into our website and therefore use online payment methods.

In this context, we only process your personal data where this is necessary in connection with contract execution or with pre-contractual measures pursuant to Art. 6 (1) subpara. 1 (b) GDPR. We process your usage data where this is required in order to offer you our online service in connection with an online payment.

Your data will be deleted once the business relationship has ended or the order has been completed, provided there are no statutory retention obligations preventing deletion.

When you order goods or we provide services, your personal data is passed on to our transport company, any other partners and the payment service provider we use. Data is only disclosed to the extent that it is absolutely necessary to fulfil the respective task.

The legal basis for data processing is Art. 6 (1) subpara. 1 (b) GDPR. If you have given consent pursuant to Art. 6 (1) subpara. 1 (a) GDPR, your e-mail address will be passed on to our transport company so that you can track the shipping status of your order. You can withdraw your consent at any time with effect for the future. You can exercise your right of withdrawal by sending us an informal notification by e-mail. You can also contact our data protection officer; they will forward your request to us. The lawfulness of the data processing carried out up to the time of withdrawal remains unaffected by your withdrawal of consent.

We use various payment service providers to process our contracts. The payment service provider receives from us those parts of your personal data that are required for it to perform its tasks, namely your name, payment amount, bank details and credit card information. The legal basis for data processing is Article 6 (1), first subparagraph, point (b) of the GDPR as well as

our legitimate interest in smooth, convenient and secure payment processing pursuant to Art. 6 (1) subpara. 1 (f) GDPR.

Where the corresponding consent has been obtained, data processing is based on your consent pursuant to Art. 6 (1) subpara. 1 (a) GDPR. You can withdraw your consent at any time with effect for the future. You can exercise your right of withdrawal by sending us an informal notification by e-mail. You can also contact our data protection officer; they will forward your request to us. The lawfulness of the data processing carried out up to the time of withdrawal remains unaffected by your withdrawal of consent.

If the respective provider also transfers the data it processes to the USA or other third countries, this transfer to the USA is based on an adequacy decision of the EU Commission. The decisive factor is whether the respective partner is certified under the EU–US Privacy Framework. You can find details in the information provided by each individual provider.

To demonstrate data protection-compliant processing and to set out our respective obligations, we have concluded a data processing agreement with the respective provider. This is a contract required under data protection law pursuant to Art. 28 (3) GDPR, which ensures that our processor processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

We offer convenient payment by Mastercard credit card. The provider is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter: “Mastercard”). Data transfer:https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf - Details of the privacy policy: https://www.mastercard.de/de-de/datenschutz.html.

We offer convenient payment by VISA credit card. The provider is Visa Europe Service Inc., London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter: “VISA”). Data transfer: https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zuzustandigkeitsfragen-fur-den-ewr.html - Details of the privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

You can submit an application to us at any time, either speculatively or for an advertised position. We accept applications by e-mail, by post and via our online application form. Below, we would like to inform you about data processing in the context of the application process.

We process your personal data, such as contact and communication details, application documents and notes from interviews, insofar as they are required to establish an employment relationship.

If we offer you a position, your data will be further processed for the performance of your employment relationship.

If we are unable to offer you a position, you decline our offer or you withdraw your application, we reserve the right to retain your documents for up to six months after the end of the application process. After this period has expired, your data will be deleted and destroyed. Mandatory statutory retention obligations remain unaffected by this. If you have given us your consent to longer storage, your data may be retained for a longer period.

The legal basis for our data processing is Art. 6 (1) subpara. 1 (b) GDPR in conjunction with § 26 BDSG. Where you have given consent pursuant to Art. 6 (1) subpara. 1 (a) GDPR, data processing is based on your consent. You can withdraw your consent at any time with effect for the future. You can exercise your right of withdrawal by sending us an informal notification by e-mail. You can also contact our data protection officer; they will forward your request to us. The lawfulness of the data processing carried out up to the time of withdrawal remains unaffected by your withdrawal of consent.

You may choose to have us include you in our applicant pool. This includes all documents and information from your application so that we can contact you if suitable vacancies arise. The legal basis for this data processing is your explicit consent pursuant to Art. 6 (1) subpara. 1 (a) GDPR. You can withdraw your consent at any time with effect for the future. You can exercise your right of withdrawal by sending us an informal notification by e-mail. You can also contact our data protection officer; they will forward your request to us. The lawfulness of the data processing carried out up to the time of withdrawal remains unaffected by your withdrawal of consent.