Preliminary remarks on data protection

We are delighted that you have visited our website and have shown interest in our company. We take the protection of your personal information very seriously – and we are committed to protecting your privacy and keeping your information confidential.
Our company wishes to use this data protection statement to inform the public about the nature, scope and purpose of the personal data we collect, use and process. The statement also informs the persons concerned about their rights.

As the body responsible for processing, our company has implemented numerous technical and organisational measures to ensure that the personal data processed via this website is protected as completely as possible.

However, Internet-based data transmissions can in principle have security loopholes (e.g. when communicating by e-mail), so absolute protection cannot be guaranteed. For this reason, every person concerned is free to transmit personal data to us by alternative means, such as by telephone.

1. Name and address of the person responsible

The organisation responsible within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other provisions of data protection law is:

Ralf Treutlein
Neue Straße 64
97299 Würzburg-Zell

2. Scope of the processing of personal data

Browsing our Internet pages is generally possible without having to provide any personal data. However, if a person wishes to make use of the special services of our company via our website, it may be necessary to process his or her personal data.

If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the person concerned.

We also process personal information in the course of our daily business. This data is communicated to us by enquiries and orders by telephone, e-mail and at our trade fairs. It is stored for the purpose of the (pre-)contractual task for as long as such storage is necessary to fulfil the tasks and the legal requirements.

The processing of personal data, such as the name, address, e-mail address or telephone number of a person concerned, is always carried out in accordance with the GDPR, and with other data protection regulations and the country-specific data protection regulations which apply for our company.

3. Legal basis for the processing of personal data

If we obtain the consent of the person(s) concerned for the processing of personal data, §6, para. 1, letter a of the GDPR serves as the legal basis.

§6, para. 1, letter b of the GDPR serves as a legal basis for the processing of personal data required for the performance of a contract in which the person concerned is a party. This also applies to processing operations necessary for the implementation of pre-contractual measures.
If the processing of personal data is necessary to fulfil a legal obligation that we have to fulfil, §6, para. 1, letter c of the GDPR serves as the legal basis. In the event that vital interests of the person concerned or another natural person necessitate the processing of personal data, §6, para. 1, letter d of the GDPR serves as the legal basis.
If data processing is necessary to safeguard a legitimate interest of our company or that of a third party, and if the interests, basic rights and fundamental freedoms of the person concerned do not outweigh the stated interest, §6 para. 1, letter f of the GDPR serves as the legal basis for the processing.

4. Data erasure and storage duration

The personal data of the person concerned will be deleted and blocked whenever the purpose of the storage no longer applies. Storage may also take place if the European or national legislator has provided for this in union regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked and deleted if a storage period prescribed by the above standards expires, unless further storage of the data is necessary to conclude or fulfil a contract.

5. Availability of the website and creation of log files

Each time you access our website, the provider of our web pages automatically collects and stores a set of general data and information, which your browser automatically transmits in the form of “log files”.

The server automatically logs:

  • Information about the browser used and the version used
  • the operating system of the user
  • the IP address of the user
  • the date and time the site was accessed

This data is not stored in our system, but on the server of our provider. We have access to the stored log files and these are evaluated at regular intervals to create a statistic from them. These files will also be deleted if this is not prevented by legal storage obligations.
This information is needed to provide law enforcement agencies with the information they need to prosecute a cyber attack.

6. Use of cookies

Some of our Internet pages use “cookies”. Cookies are text files that are stored in the Internet browser or by the Internet browser on the computer system of the user.
Many Internet pages and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the visited Internet pages and servers to distinguish the individual browser of the person concerned from other Internet browsers that contain other cookies. A specific Internet browser can be recognised and identified via the unique cookie ID.
Cookies enable us to recognise the users of our website. The purpose of this recognition is to make it easier for users to use our website.

So-called “session cookies” are predominantly used on our site. They are automatically deleted at the end of your visit. Other cookies remain on your device memory until you delete them.
We do not use cookies that allow an analysis of the surfing behaviour of the users.
Cookies are stored on the user’s computer and transmitted to our website by the user, so you as a user also have full control over the use of cookies.

You can make settings on your browser to inform you about the use of cookies, to only enable them in individual cases, to generally exclude them or to activate their automatic deletion when you close the browser. If you deactivate cookies in the Internet browser you use, not all functions of our website may be fully usable under certain circumstances.

7. Possibility of contacting us via the website

You can contact us directly via e-mail from our website. If you contact us by e-mail, the data will only be stored or used by us for the purpose of communication within the scope of your contact. This personal data will not be passed on to third parties.

8. Online reservations

We use your personal data to process your online reservations. We also use your personal data to process your payments and we use your information to process complaints. Your information is also used to determine your identity and to ensure that you have reached the legal minimum age for online reservations.
We process the following categories of personal data:

  • Contact details such as name, address, e-mail address and telephone number
  • Payment information and history
  • Credit information
  • Reservation information

If you have an account with us, we also process your personal information that you submitted in connection with the account or membership, including

  • your account or customer number
  • reservation history

We only disclose personal data to third parties for the purpose of providing the above services, i.e. to companies to verify your address, or to communication agencies to send you reservation confirmations, or to payment service providers for your payment. Please note that many of these recipients also have an independent right or obligation to process your personal data.
We retain your data for as long as you are an active customer.

9. SSL encryption

Our website uses SSL encryption for security reasons and to protect the transmission of confidential content. You can recognise an encrypted connection by the fact that the address line of the browser changes from http:// to https:// and by the lock symbol in your browser line. If SSL encryption is activated, the data that you transmit to us cannot be read by third parties. The data is only stored and used by us for the purpose of communication in the context of your establishment of contact.

10. Google Maps

We use Google Maps on our website to display interactive maps and to create maps. Google Maps is a map service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.
By using Google Maps, information about the use of this website, including your IP address and the start address entered as part of the route planner function, may be transmitted to Google in the USA. When you call up a web page of our Internet presence that contains Google Maps, your browser establishes a direct connection with the servers of Google. Google transmite the map content directly to your server and integrates it into the website, so we have no influence on the extent of the data collected in this way by Google. According to our state of knowledge, the data in question consists at least of the following:
  • the date and time of the visit to the website concerned
  • the Internet address or URL of the accessed website
  • the IP address
  • the start address entered during route planning
We have no influence on the further processing and use of the data by Google and can therefore assume no responsibility for this.

If you do not want Google to collect, process or use data about you via our website, you can deactivate JavaScript in your browser settings.
If you do this, however, you cannot use the map display.

The purpose and scope of the data collection, further processing and use of the data by Google, your rights in this regard and how to set options to protect your privacy can be found in Google’s data protection information.

By using our website, you consent to the collection, processing and use of your data by Google Maps in the manner and for the purposes described above.
11. Rights of the person(s) concerned

In accordance with the GDPR, we hereby draw your attention to your rights. You have the following rights:

a. Right to confirmation

The person(s) concerned shall have the right, granted by the European directive and regulation maker, to obtain confirmation from the data processing company or person (controller) as to whether personal data relating to him or her is being processed. If the person(s) concerned wish to exercise this right of confirmation, he or she can contact an employee of the controller.

b. Right of the person concerned to obtain information

The person concerned has the right to receive free information about the personal data stored about him or her and a copy of this information from the responsible person in our company. You are also entitled to the following information regarding the following:

  • the purposes of processing
  • the categories of personal data processed
  • the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations
  • the planned duration for which the personal data will be stored if possible or, if that is not possible, the criteria for determining that duration
  • the existence of the right to correct or erase the personal data relating to the person concerned, or the right to limit the processing carried out by the controller or to limit the right to object to such processing
  • the existence of a right of appeal to a supervisory authority
  • if the personal data is not collected from the person concerned: all available information on the origin of the data
  • the existence of automatic decision-making, including profiling, in accordance with §22, paras. 1 and 4 of the GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended impact of such processing on the person(s) concerned.
The person(s) concerned also has a right of access to whether personal data have been transferred to a third country or to an international organisation. If this is the case, the person concerned shall also have the right to obtain information on the appropriate safeguards in connection with the transfer.

The controller shall provide a copy of the personal data to be processed. For any further copies requested by the person concerned, the controller may charge a reasonable fee based on the administrative costs. Where the person concerned submits the application by electronic means, the information shall be made available in a common electronic format, unless the person concerned indicates otherwise. The right to receive a copy shall not affect the rights and freedoms of any other person.

c.  Right to correction

The person concerned has the right to demand that we immediately correct any incorrect personal data concerning him/her. Taking into account the purposes of the processing, the person concerned shall have the right to request the completion of incomplete personal data, also by means of a supplementary statement.

d. The right to deletion (“The right to be forgotten”)

The person concerned has the right to demand that we immediately delete personal data concerning him/her. We are also obliged to immediately delete personal data if one of the following reasons applies:
  • personal data is no longer necessary for the purposes for which it was collected or otherwise processed
  • the person concerned recalls his/her consent on which the processing was based pursuant to §6, para 1, letter a of the GDPR or §9, para. 2, letter a of the GDPR, and there is no other legal basis for the processing
  • the person concerned objects to the processing under §21, para. 1 of the GDPR and there are no overriding legitimate reasons for the processing, or the person concerned objects to the processing under §21, para. 2 of the GDPR
  • the personal data has been processed unlawfully
  • the deletion of personal data is necessary in order to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject
  • the personal data has been processed in relation to the services offered by the Information Society pursuant to §8, para. 1 of the GDPR.
Where the controller has made the personal data public and is obliged to delete it in accordance with paragraph 1, he shall take reasonable measures, including technical measures, to inform the data controllers processing the personal data that a person concerned has requested them to delete all links to or copies or replications of that personal data, taking into account available technology and implementation costs.

Paragraphs 1 and 2 shall not apply if processing is necessary

  • to exercise the right of freedom of expression and of information
  • to fulfil a legal obligation which the processing requires under the law of the Union or of the Member States to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller
  • for reasons of public interest in the field of public health pursuant to §9, para. 2, letters h and i of the GDPR and §9, para. 3 of the GDPR
  • for archival purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with §89, para. 1 of the GDPR if the law referred to in paragraph 1 is likely to render the attainment of the objectives of such processing impossible or to prove seriously detrimental, or
  • to assert, exercise or defend legal claims.
e.  The right to the limitation of processing

The person(s) concerned shall have the right to demand that we limit processing if one of the following conditions is met:

  • the accuracy of the personal data is contested by the person concerned for a period of time which enables the data controller to verify the accuracy of the personal data
  • the processing is unlawful and the person concerned refuses to delete the personal data and instead requests that the use of the personal data be restricted
  • the controller no longer needs the personal data for the purposes of processing, but the person concerned needs it for the assertion, exercise or defence of legal rights, or
  • the person concerned has objected to the processing under §21, para. 1 of the GDPR, until it is established whether or not the legitimate reasons of the controller outweigh those of the person concerned.
Where processing has been restricted in accordance with paragraph 1, such personal data shall only be processed – except where the data is stored – with the consent of the person concerned or for the assertion, exercise or defence of rights, or for the protection of the rights of another natural or legal person, or for reasons concerning an important public interest of the Union or of a Member State.
A person concerned who has obtained a restriction on processing shall be informed by the controller before the restriction is lifted.

f. The right to data transferability

The person concerned has the right to receive his/her personal data that he/she has provided to us in a structured, common, machine-readable format – and also has the right to communicate such data to another data processor without interference from the controller to whom the personal data has been provided, provided that
  • processing is based on consent pursuant to §6, para. 1, letter a of the GDPR or §9, para. 2, letter a of the GDPR or on a contract pursuant to §6, para. 1, letter b of the GDPR, and
  • processing is carried out using automated procedures.
In exercising the right to data transfer referred to in paragraph 1, the person concerned has the right to have the personal data be communicated directly by one controller to another controller, where this is technically feasible. The exercise of the right under paragraph 1 of this § does not affect §17 of the GDPR. This right does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

The right referred to in paragraph 2 may not affect the rights and freedoms of other persons.

g.  Right of objection

The person concerned has the right to object at any time to the processing of his/her personal data on the basis of §6, para. 1, letters e and f of the GDPR, for reasons related to his/her particular situation.

If you object, we will no longer process your personal data, unless we can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or that the processing serves to assert, exercise or defend legal claims.

h. Right to revoke consent under data protection law

Any person affected by the processing of personal data has the right (granted by the European directive and regulation) to revoke his/her consent to the processing of that data at any time.

i. Right of appeal to a supervisory authority

You have the right to appeal to the responsible data protection authority at any time. If you wish to exercise your right of appeal, you can do so at the following authority:

State Commissioner for Data Protection and Freedom of Information in Baden-Wuerttemberg

Prof. Dr. Thomas Petri
Postfach 22 12 19, 80502 München
Wagmüllerstraße 18, 80538 München
Tel.: 089 212672-0
Fax.: 089 212672-50

12. Data protection regarding applications in an application procedure

We collect and process the personal data of applicants for the purpose of processing the application process. This processing can also be done electronically. This is particularly the case if an applicant submits relevant application documents electronically, for example by e-mail.
If we conclude an employment contract with the applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with the applicant, the application documents will be deleted immediately after the rejection decision is made, provided that no other legitimate interests stand in the way of deletion. Another legitimate interest in this context is, for example, an obligation to provide evidence in proceedings under the General Equal Treatment Act (AGG).

13. Data security and amendment of the data protection statement

Transmitting data over the Internet is never entirely secure, so we cannot guarantee the safety of data
transmitted to our website over the Internet, although we have protected our website and other devices via which data is transmitted to us. This protection involves adequate technical and organisational measures against the possible unavailability of data, breach of confidentiality and loss of integrity.
In this respect, supplementary reference is made to section 10 of this data protection statement.

We reserve the right to change this data protection statement partially or completely at any time with effect for the future. The current status of our data protection statement can be viewed on our website.