PRIVACY
Data protection notice Heidenreich and Münch GbR
Dear customers,
Below we would like to inform you about the processing of your personal data when using our website.
"Personal data" is any information relating to an identified or identifiable natural person (hereinafter "data subject") (Art. 4 No. 1 GDPR).
I. Responsible for data processing
The person responsible within the meaning of the General Data Protection Regulation and other data protection regulations is:
Heidenreich and Munch GbR
d. Mrs. Andrea Munch
To the Old Castle 3
50374 Erftstadt
Tel: 0172 4081713
Email: andrea@glaadter-huette.de
II. General information on data processing
1. Scope of processing of personal data
We collect and use personal data (hereinafter personal data) of our users only if this is necessary to provide a functional website and our content and services or if the user has given their consent. An exception applies in such cases in which prior consent cannot be obtained for actual reasons and the processing of the data is permitted by statutory provisions.
2. Legal basis for processing personal data
Below you will find an overview of the GDPR legal bases for data processing:
When processing pb. Data
on the basis of the consent of the person concerned, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) is the legal basis;
which serves to fulfill a contract with the person concerned, is Article 6 Paragraph 1 lit. b GDPR legal basis.
which are required to carry out pre-contractual measures, Art. 6 Para. 1 lit. b GDPR is the legal basis;
which is necessary to fulfill a legal obligation incumbent on us, Article 6 Paragraph 1 lit. c GDPR serves as the legal basis;
which are necessary due to the vital interests of the data subject or other natural persons, Art. 6 (1) lit. d GDPR is the legal basis.
which are necessary to safeguard a legitimate interest of our company or a third party and outweigh the interests, fundamental rights and fundamental freedoms of the data subject, Art. 6 Paragraph 1 lit. f GDPR serves as the legal basis for processing.
3. Data Erasure and Storage Duration
Basically we delete or block pb. Data as soon as the purpose of storage no longer applies. If we are legally obliged to store data, it will only be blocked or deleted after the statutory storage obligation has expired, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
4. Recipients of the data collected
The recipient of the data collected via the website is the person responsible. In addition, contract processors (web hosts, IT supervisors, software providers) have access to the data collected via the website. However, compliance with the legal regulations is guaranteed in this respect by order processing contracts that we conclude with our EU-based processors. In addition, your data will be transmitted to third parties that we use to provide our services (transport companies, hotels, rental car companies, payment service providers, banks, etc.). Depending on the country of travel, these recipients may also be located in third countries that do not comply with the data protection level of the GDPR.
5. Profiling / Automated Decision Making
In principle, we do not use automated decision-making in accordance with Art. 22 EU-GDPR to establish and implement the business relationship. If we use these procedures in individual cases, you will be informed separately if this is required by law.
III. Provision of the website and creation of log files
1. Scope of data processing
Each time our website is accessed, our hoster's system automatically collects data and information from the computer system of the accessing computer (web server log).
The following data is collected here:
(1) Information about the browser type and version used
(2) The user's operating system
(3) The IP address of the user
(5) Date and time of access
The data is stored in the log files (log files/protocol of all or specific processes on a computer system) of our hoster for a short time and are not visible to us. A storage of this data together with other personal data of the user does not take place as well as a storage by our own systems.
2. Legal basis for data processing
The legal basis for the temporary storage of the data and the log files is Art. 6 Para. 1 lit. f GDPR, our legitimate interest.
3. Purpose of data processing
The temporary storage of the IP address by the system of the hoster with whom we have concluded an order processing contract, is necessary to enable delivery of the website to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session.
Storage in log files takes place to ensure the functionality of the website. The data is also used to ensure the security of the information technology systems we use.
Our legitimate interest in data processing in accordance with Article 6 (1) (f) GDPR also lies in these purposes. Since we do not have access to the IP address, which is temporarily stored by our hoster, it is not easily possible for us and the hoster to draw conclusions about a natural person from an IP address, nor is an IP address itself is a sensitive date and this is permanently deleted by our hoster after 3 days, our interest outweighs the interest of the person concerned.
4. Duration of storage
The data collected will be deleted as soon as they are no longer required to achieve the purpose for which they were collected (provision of the website). If the data is stored in log files by our hoster, this is the case after 3 days at the latest.
5. Possibility of objection and elimination
The collection of data for the provision of the website is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
IV. Web Analysis / Google Analytics
1. Scope of data processing
We use Google Analytics, an analysis software from Google Ireland Limited, on our website. The software sets cookies on the user's computer. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. If a user calls up a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic character string that enables the browser to be clearly identified when the website is called up again.
If individual pages of our website are called up, the following data is stored:
Two bytes of the IP address of the user's calling system
The accessed website
The website from which the user accessed the accessed website (referrer)
The sub-pages that are accessed from the accessed website
The length of stay on the website
The frequency of visits to the website
The information generated by the cookie about your use of this website (including your IP address) is transmitted to a Google server and stored there. Google will use this information to evaluate your use of the website on our behalf, to compile reports on website activity for us and to provide us as the website operator with other services related to website activity and internet usage. In view of the discussion about the use of analysis tools with full IP addresses, we would like to point out that, in order to rule out direct personal reference, IP addresses are only processed in abbreviated form on this website, since we use Google Analytics with the "_anonymizeIp()" extension . For this reason, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before it is transmitted to a Google server.
Under no circumstances will Google associate your IP address with other Google data.
2. Legal Basis for Data Processing
The legal basis is our legitimate interest within the meaning of Article 6 (1) (f) GDPR.
3. Purpose of data processing
We use Google Analytics to make our website more user-friendly and to optimize it. For these purposes, it is necessary for us to be able to evaluate the number of page views in order to see which content is of particular interest to the user. This is also our legitimate and economic interest.
4. Duration of storage / revocation and removal options
We store the data for 14 months. However, you can prevent the installation of cookies by setting your browser software accordingly; we would like to point out to you however that in this case you can if applicable not use all functions of this website in full. In addition, you can prevent the use and processing of your data generated by the cookie by clicking on the following link
http://tools.google.com/dlpage/gaoptout?hl=de
Download and install the available browser plugin.
You can also prevent data collection by Google Analytics by clicking on this link. By clicking on the link, a so-called opt-out cookie is set, which prevents future collection of your data when you visit our website again.
You can find more information on the terms of use and data protection under
http://www.google.com/analytics/terms/de.html or at
https://support.google.com/analytics/topic/2919631?hl=en&ref_topic=1008008
https://www.google.de/intl/de/policies/.
V. E-mail contact / contact form
1. Scope of data processing
It is possible to contact us via the provided e-mail address and a contact form on our website. We store the user's personal data transmitted via email or the contact form. The data you provide voluntarily will only be used to process the conversation or booking request.
When you use the contact form, we also save your IP address and the time and date of contact for security reasons.
2. Legal basis for data processing
The legal basis for processing the data is Art. 6 (1) (f) GDPR (legitimate interest). aims the If contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR (to fulfill a contract).
3. Purpose of data processing
The processing of the personal data of the contact serves us solely to process the contact and your request. This is also our legitimate interest. Since you are responsible for establishing contact, you are free to do so and we inform you in advance about how we will handle the transmitted data, our legitimate interest outweighs your personal rights. The storage of the IP address and the time of sending serves to protect against misuse. In this respect, too, our legitimate interest prevails.
4. Duration of storage
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data sent by email or via the contact form, this is the case when the respective conversation with the user has ended. The conversation is over when it can be inferred from the circumstances that the facts in question have been finally clarified.
5. Possibility of objection and elimination
The user has the option to object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. The objection can be made by e-mail, post or fax.
In this case, we will delete all personal data stored in the course of contacting you.
If data is collected as part of a contractual relationship, there is no possibility of objection, as this is absolutely necessary for the execution of the contract.
VI. rental
1. Scope of data processing
On our website, we offer users the opportunity to rent a holiday home by providing personal data. The data is entered into an input mask and transmitted to us and stored. The following data is collected as part of the registration process:
Required fields:
(1) Salutation, first and last name, street, house number, zip code, city, cell phone number,
E-mail address
(2) travel time, number of guests, travel price
2. Legal basis for data processing
The legal basis for the processing of the data is Art. 6 Para. 1 lit. b GDPR (contractual / pre-contractual implementation), Art. 6 Para. 1 lit. etc.) as well as Art. 6 Para. 1 lit. f GDPR (legitimate interest).
3. Purpose of data processing
Data processing is absolutely necessary to fulfill the travel contract and the associated services (overnight stays, transfers, etc.). This is the purpose of data processing. Our legitimate interest in the respective processing results from the respective purposes and is otherwise of an economic nature (efficient performance of tasks, sales, avoidance of legal risks, prevention of criminal offenses, guarantee of IT security, advertising). In addition, we are subject to various legal and legal obligations. The purposes of processing include identity and age verification, fraud prevention, compliance with tax control and reporting obligations, and risk assessment and management.
4. Duration of storage
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected, unless we are required by law to store the data, e.g. according to tax regulations or obligated for other legal reasons. The retention and documentation periods specified there are two to a maximum of ten years. Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB) are usually three years.
5. Obligation to provide the data
Within the framework of a booking, you are obliged to provide the data necessary for the establishment, implementation and termination of the business relationship. If you do not provide the data, you will not be able to book a trip via our website.
6. Possibility of objection and elimination
Premature deletion of the data is only possible if there are no contractual or legal obligations to the contrary. Otherwise, such requests should be sent to the person responsible by email or post.
VII.Google Tag Manager
We use the Google Tag Manager from Google for our website. Google Tag Manager allows marketers to manage website tags from one interface. However, the Tag Manager itself, which uses the tags, works without cookies and does not record any personal data. The Tag Manager only triggers other tags, which in turn may collect data. Corresponding explanations for these respective third-party providers can be found in this data protection declaration - insofar as we use them. However, the Google Tag Manager does not use this data. If you have set or otherwise deactivated cookies, this will be taken into account for all tracking tags that are associated with used by Google Tag Manager, so the tool does not change your cookie settings.
VIII. Social Media
Our website refers via the "f" button in the footer to the social network facebook.com, which is operated by users outside the USA and Canada is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland. However, this is only a link to an external Facebook website and not a plugin. When you visit our website, no links are created or personal data is transmitted to the third-party providers. If you click on the button marked with "f", you will be forwarded to the Facebook website. You are leaving our website at this moment. If you have any questions about data collection by Facebook, please read Facebook's privacy policy, which you can find at https://de-de.facebook.com/about/privacy/.
IX. Your rights as a data subject
If your personal data is processed, you are the data subject i. s.d. DSGVO and you have the following rights in summary:
right to information
Right to Rectification
Right to Restriction of Processing
Right to Erasure
right to information
Right to data portability
right to object
Right to revoke a given consent
Right to lodge a complaint with a supervisory authority.
Please see below for details:
1. Right to information, Art. 15 GDPR
You can request confirmation from the person responsible as to whether personal data relating to you is being processed by us.
If such processing is present, you can request information from the person responsible for the following information:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom your personal data has been or will be disclosed;
(4) the planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage duration;
(5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the person responsible or a right to object to this processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) all available information about the origin of the data if the personal data are not collected from the data subject;
(8) the existence of automated decision-making including profiling in accordance with Art. 22 (1) and (4) GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information as to whether your personal data is being transmitted to a third country or to an international organization. In this context, you can request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.
2. Right to rectification, Art. 16 GDPR
You have a right to correction and/or completion to the person responsible if the processed personal data concerning you is incorrect or incomplete. The person responsible must make the correction immediately.
3. Right to restriction of processing, Art. 18 GDPR
Under certain conditions, you can request the restriction of the processing of your personal data, Art. 18 GDPR.
If the processing of the personal data concerning you has been restricted, this data - apart from its storage - may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State are processed.
If the restriction of processing has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.
4. Right to erasure, Art. 17 GDPR
Under certain circumstances, you also have a right to erasure (“right to be forgotten”) of your personal data against us.
The right to erasure does not exist if processing is necessary
(1) to exercise the right to freedom of expression and information;
(2) to fulfill a legal obligation that requires processing under Union or Member State law to which the controller is subject, or to perform a task that is in the public interest or in the exercise of official authority vested in the controller would;
(3) for reasons of public interest in the field of public health in accordance with Article 9 (2) lit. h and i and Article 9 (3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 Para
(5) to assert, exercise or defend legal claims.
5. Right to Information
If you have asserted the right to correction, deletion or restriction of processing against the person responsible, he is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.
You have the right to be informed about these recipients by the person responsible.
6. Right to data portability, Art. 20 GDPR
You have the right to receive the personal data concerning you that you have provided to the person responsible in a structured, common and machine-readable format. In addition, you have the right to transmit this data to another person responsible without hindrance by the person responsible for providing the personal data, provided that
(1) the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and
(2) the processing is carried out using automated procedures.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one person responsible to another person responsible, insofar as this is technically feasible. The freedoms and rights of other people must not be impaired by this.
The right to data portability does not apply to processing of personal data that is required to perform a task that is in the public interest or in the exercise of official authority that has been assigned to the controller.
7. Right to object, Art. 21 GDPR
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is based on Article 6 Paragraph 1 lit. e or f GDPR; this also applies to profiling based on these provisions.
The person responsible no longer processes the personal data relating to you unless he can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you is processed in order to operate direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
If you object to the processing for direct marketing purposes, the personal data relating to you will no longer be processed for these purposes.
In connection with the use of information society services, you have the option – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures that use technical specifications.
8. Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.
9. Automated individual decision-making including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
(1) is necessary for the conclusion or performance of a contract between you and the person responsible,
(2) is permissible on the basis of Union or Member State legislation to which the person responsible is subject and this legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or
(3) with your express consent.
However, these decisions must not be based on special categories of personal data according to Article 9 Paragraph 1 GDPR, unless Article 9 Paragraph 2 lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests .
With regard to the cases referred to in (1) and (3), the person responsible shall take appropriate measures to safeguard your rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on the part of the person responsible, to express his or her point of view and to challenge the decision.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you believe that the processing of your personal data is contrary to violates the GDPR.
The supervisory authority to which the complaint was lodged will inform you as the complainant about the status and the results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.
A list of all supervisory authorities can be found on the website of the Federal Commissioner for Data Protection and Freedom of Information. https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
X. Release of absolutely necessary pb. Data
As part of our business relationship, we require the following personal data from you
– Data required for the establishment and implementation of the business relationship
– Data that is necessary for the fulfillment of the associated contractual obligations
– Data that we are legally obliged to collect.
Without this personal data, we are usually not able to enter into or execute a contract with you.
XI. IT security
In order to protect the security of your data during the transmission of data, we use the so-called TLS encryption method (128-bit key), which you can recognize by the green lock symbol in the address line of the URL of our website. In addition, we secure our IT systems with firewalls and virus protection and other technical and organizational measures.
XII. Subject to change
We reserve the right to adapt this data protection notice so that it complies with current legal requirements. If you visit our website again, the updated data protection declaration will then apply.
Status: April 2021