Privacy Policy
1. Privacy at a Glance
General Information
The following information provides a brief overview of
what happens to your personal data when you visit this website. Personal data refers to
any data that can be used to personally identify you. For detailed information on
data protection, please refer to our
Privacy Policy listed below this text.
Data Collection on This Website
Who is responsible for data collection on this
website?
Data processing on this website is carried out by the website operator. You can find the operator’s
contact information in the “Information on the Data Controller” section of this
Privacy Policy.
How do we collect your data?
We collect your data at
when you provide it to us. This may include, for example, data that you enter into a contact form at
.
Other data is collected automatically or with your consent when you visit
the website through our IT systems. This primarily consists of technical data (e.g., internet browser,
operating system, or the time the page was accessed). This data is collected automatically as soon as you enter this
website.
What do we use your data for?
Some of the data is collected to ensure that the website functions properly.
Other data may be used to analyze your user behavior.
What rights do you have regarding your data?
You have the right at any time to obtain, free of charge, information about the origin, recipients, and purpose of your
stored personal data. You also have the right to request the correction or
deletion of this data. If you have given consent to data processing,
you may revoke this consent at any time with future effect. Furthermore, you have the right,
under certain circumstances, to request the restriction of the processing of your personal data
. Additionally, you have the right to lodge a complaint with the competent supervisory authority
.
If you have any questions about this or other data protection issues, please feel free to contact us at
at any time.
Analytics tools and third-party tools
When you visit this website, your browsing
behavior may be analyzed for statistical purposes. This is primarily done using so-called analytics tools.
For detailed information about these analytics programs, please see the following
Privacy Policy.
2. Hosting
We host our website's content with the following provider:
All-Inclusive
The provider is ALL-INKL.COM – Neue Medien Münnich, owned by René
Münnich, Hauptstraße 68, 02742 Friedersdorf (hereinafter “All-Inkl”). For more details, please visit
All-Inkl’s Privacy Policy: https://all-inkl.com/datenschutzinformationen/.
The use of All-
Inkl is based on Art. 6(1)(f) of the GDPR. We have a legitimate interest in
ensuring that our website is displayed as reliably as possible. If consent has been obtained
, processing is based exclusively on Art. 6(1)(a) of the GDPR and § 25(
1 TTDSG, insofar as the consent covers the storage of cookies or access to information on the
user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent may be
revoked at any time.
Order Processing
We have entered into a Data Processing Agreement (DPA) for the use of
the aforementioned service. This is a contract required by data protection law
that ensures that the service provider processes the personal data of our website visitors only in accordance with
our instructions and in compliance with the GDPR.
3. General Information and Mandatory Disclosures
Privacy Policy
The operators of this website take the protection of your personal data very
seriously. We treat your personal data confidentially and in accordance with applicable
data protection laws and this Privacy Policy.
When you use this website,
various types of personal data are collected. Personal data is information that can be used to personally identify you,
. This privacy policy explains,
what data we collect and how we use it. It also explains how and for what purpose this is done,
.
Please note that data transmission over the Internet (e.g., when
communicating via email) may be subject to security vulnerabilities. It is not possible to completely protect data from
access by third parties.
Information about the data controller
The entity responsible for data processing on
this website is:
Hotel König Ludwig II.
Owner: Tomma Kuhlmann GmbH
Bürgerplatz 3
85748 Garching
Phone: +49 89 329310
Email: hotel@hkl.de
The controller is the natural or legal person who, alone or jointly with others, determines
the purposes and means of processing personal data (e.g., names, email
addresses, etc.).
Retention period
Unless a more specific retention period is specified in this Privacy Policy
, we will retain your personal data until the purpose of the data processing
no longer applies. If you submit a valid request for erasure or withdraw your consent to
, your data will be deleted unless we have other legally
permissible grounds for storing your personal data (e.g., tax
or commercial law retention periods); in the latter case, deletion will occur once
these grounds no longer apply.
General Information on the Legal Basis for Data Processing on This Website
If you have consented to the processing of your data at
,
we process your personal data on the basis of Article
6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, provided that special categories of data as defined in Article 9(1) of the GDPR
are processed. In the event of explicit consent to the transfer of personal
data to third countries, data processing is also carried out on the basis of Art. 49(1)(a) GDPR.
If you have consented to the storage of cookies or to access to information on your device (e.g., via
device fingerprinting), data processing is additionally based on Section
25(1) TTDSG. Consent may be revoked at any time. If your data is necessary for the performance of a contract or for
the implementation of pre-contractual measures, we process your data on the basis of
Art. 6(1)(b) GDPR. Furthermore, we process your data if it is necessary to fulfill a
legal obligation on the basis of Art. 6(1)(c) GDPR. Data processing
may also be carried out on the basis of our legitimate interest pursuant to Art. 6(1)(f) GDPR. Information regarding the
legal bases applicable in each individual case is provided in the following sections of this
Privacy Policy.
Data Protection Officer
We have appointed a data protection officer.
Hotel König Ludwig II.
Owner: Tomma Kuhlmann GmbH
-Privacy Policy-
Bürgerplatz 3
85748 Garching
Phone: +49 89 329310
Email: datenschutz@hkl.de
Recipients of personal data
As part of our business operations
we collaborate with various external parties. In some cases, this requires the transfer of
personal data to these external parties. We only disclose personal data to
external parties if this is necessary for the performance of a contract, if we are legally
obligated to do so (e.g., disclosure of data to tax authorities), if we have a legitimate
interest in the transfer pursuant to Art. 6(1)(f) GDPR, or if another legal basis permits the
transfer of data. When using data processors, we only transfer personal data of our
customers on the basis of a valid data processing agreement. In the case of
joint processing, a joint processing agreement is concluded.
Withdrawal of Your Consent to Data Processing
Many data processing operations are
only possible with your explicit consent. You may revoke any consent you have already given
at any time. The lawfulness of the data processing carried out prior to the revocation remains
unaffected by the revocation.
Right to object to data collection in specific cases and to direct marketing (Art. 21
GDPR)
IF DATA PROCESSING IS BASED ON ART. 6(1)(e) OR (f)
OF THE GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA ON GROUNDS RELATING TO YOUR
; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS
. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND
IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR
PERSONAL DATA, UNLESS WE
CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING
THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE
PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF
LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).
IF YOUR
PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE
RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA
FOR THE PURPOSES OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING,
INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT,
YOUR PERSONAL DATA WILL NO LONGER BE USED FOR THE PURPOSES OF
DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21(2) GDPR).
Right to file a complaint with the competent supervisory authority
In the event of
violations of the GDPR, data subjects have the right to lodge a complaint with a
supervisory authority, in particular in the Member State of their habitual residence, their
place of work, or the location of the alleged violation. This right to lodge a complaint is
without prejudice to any other administrative or judicial remedies.
Right to data portability
You have the right to have data that we process automatically based on
your consent or in fulfillment of a contract transferred to you or to a third party in
a commonly used, machine-readable format. If you request the direct
transfer of the data to another controller, this will only take place to the extent that it is technically
feasible.
Access, Correction, and Deletion
Under applicable legal
provisions, you have the right at any time to receive, free of charge, information about your stored personal
data, its origin and recipients, and the purpose of data processing, as well as the right, where applicable, to
have this data corrected or deleted. You may contact us at any time regarding this matter or with any other questions about personal
data.
Right to restriction of processing
You have the right to request that
restrict the processing of your personal data. You may contact us at any time to do so.
The right to restriction of processing applies in the following cases:
- If you dispute the
accuracy of your personal data stored by us, we generally need time to
verify this. For the duration of the verification process, you have the right to
request that the processing of your personal data be restricted. - If the processing of your personal data by
was or is unlawful, you may request that data processing be restricted instead of
being deleted. - If we no longer need your
personal data, but you need it to exercise, defend, or
assert legal claims, you have the right to request the
restriction of the processing of your personal data instead of its erasure. - If you have lodged an objection under Article 21(1) of the GDPR (
), a balancing of interests between yours and ours must be carried out (
). Until it is determined whose interests prevail, you have the right to request that the processing of your personal data be restricted (
).
If you have restricted the processing of your personal data, such
data—with the exception of its storage—may be processed only with your consent or for the purpose of asserting,
exercising, or defending legal claims, or to protect the rights of another
natural or legal person, or for reasons of an important public interest of the
European Union or a Member State.
SSL or TLS encryption
For security reasons and to protect
the transmission of confidential information—such as orders or inquiries you send to us as
the site operator—this site uses SSL or TLS encryption. You can recognize an encrypted connection
by the fact that the browser’s address bar changes from “http://” to “https://” and
by the lock icon in your browser’s address bar.
If SSL or TLS encryption is enabled,
the data you send to us cannot be read by third parties.
Secure online payments on this website
If, after entering into a
paid contract, you are required to provide us with your payment information (e.g., account number for
direct debit authorization), this information is necessary for processing the payment.
Payments made using standard payment methods (Visa/MasterCard, direct debit)
are processed exclusively via an encrypted SSL or TLS connection. You can recognize an
encrypted connection by the fact that the browser’s address bar changes from “http://”
to “https://” and by the padlock icon in your browser’s address bar.
With
encrypted communication, the payment information you send to us cannot be read by
third parties.
Objection to promotional emails
The use of contact information published on
in accordance with legal disclosure requirements to send unsolicited advertising
and informational materials is hereby prohibited. The operators of this website expressly reserve the right
to take legal action in the event of the unsolicited transmission of advertising information, such as via spam emails,
.
4. Data Collection on This Website
Cookies
Our website uses so-called “cookies.” Cookies are small
data packets and do not cause any damage to your device. They are stored on your device either temporarily
for the duration of a session (session cookies) or permanently (permanent cookies)
. Session cookies are automatically deleted at the end of your visit. Permanent cookies
remain stored on your device until you delete them yourself or your web browser automatically
deletes them.
Cookies may be set by us (first-party cookies) or
by third-party companies (so-called third-party cookies). Third-party cookies enable the integration
of certain third-party services within websites (e.g., cookies used to process
payment services).
Cookies serve various purposes. Many cookies are technically
necessary, as certain website features would not work without them (e.g., the
shopping cart feature or the display of videos). Other cookies may be used to analyze
user behavior or for advertising purposes.
Cookies that are required to carry out the
electronic communication process, to provide certain functions you have requested
(e.g., the shopping cart function), or to optimize the website (e.g., cookies for measuring
website traffic) are stored on the basis of Art. 6(1)(f) GDPR
unless another legal basis is specified. The website operator has a legitimate
interest in storing necessary cookies to ensure the technically error-free and optimized provision
of its services. If consent to the storage of cookies and comparable
recognition technologies has been requested, processing takes place exclusively on the basis of this
consent (Art. 6(1)(a) GDPR and § 25(1) TTDSG); consent may be revoked at any time.
You can configure your browser to notify you when cookies are set and
allow cookies only on a case-by-case basis, block cookies in specific cases or generally
as well as enable the automatic deletion of cookies when you close your browser.
If you disable cookies, the functionality of this website may be limited.
You can find out which cookies and services are used on this website in this
Privacy Policy.
Consent to Borlab's Cookies
Our website uses consent technology from Borlabs Cookie,
to obtain your consent to the storage of certain cookies in your browser or to the use of certain
technologies, and to document this in compliance with data protection regulations. The provider of this technology is
Borlabs GmbH, Rübenkamp 32, 22305 Hamburg (hereinafter “Borlabs”).
When you visit our website
,
a Borlabs cookie is stored in your browser to record the consents you have given or
the revocation of those consents. This data is not shared with the provider of the Borlabs cookie
.
The collected data will be stored until you request that we delete it
or until you delete the Borlabs cookie yourself, or until the purpose for storing the data no longer applies.
Mandatory legal retention periods remain unaffected. Details regarding data processing by the Borlabs
cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.
Borlabs’ Cookie Consent technology is used to obtain the legally required consent
for the use of cookies. The legal basis for this is Article 6(1)(c) of the GDPR.
Server log files
The provider of this website automatically collects and stores information in so-called server log files (
), which your browser automatically transmits to us. This information includes:
- Browser type and browser version
- operating system used
- Referrer URL
- Hostname of the connecting computer
- Time of the server request
- IP address
This data is not combined with other data sources.
This data is collected on the basis of Article 6(1)(f) of the GDPR. The website operator has a
legitimate interest in the technically error-free display and optimization of its website –
and for this purpose, server log files must be collected.
Contact Form
If you submit inquiries to us via the contact form, your
information from the inquiry form—including the contact details you provided there—will be stored by us for the purpose of processing
the inquiry and in case of follow-up questions. We will not share this data without your
consent.
The processing of this data is based on Article 6(1)(b) of the GDPR,
provided that your inquiry is related to the performance of a contract or is necessary for the implementation
of pre-contractual measures. In all other cases, processing is based on
our legitimate interest in the effective handling of inquiries directed to us (Art. 6(1)(f)
GDPR) or on your consent (Art. 6(1)(a) GDPR) if such consent was requested; consent may be
withdrawn at any time.
The data you enter in the contact form will remain with us until you
request that we delete it, revoke your consent to its storage, or the purpose for
storing the data no longer applies (e.g., after your inquiry has been processed). Mandatory
legal provisions—in particular retention periods—remain unaffected.
Inquiries by email, phone, or fax
If you contact us via email, phone, or fax
, your inquiry—including all personal data contained therein (name, inquiry)—will be stored and processed by us
for the purpose of handling your request. We will not disclose this data without
your consent.
The processing of this data is based on Article 6(1)(b)
of the GDPR, provided that your request is related to the performance of a contract or is necessary for
the implementation of pre-contractual measures. In all other cases,
processing is based on our legitimate interest in the effective handling of inquiries directed to us
(Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) provided that such consent was requested
; consent may be revoked at any time.
The data you send us via contact requests at
will remain with us until you request its deletion, revoke your consent to its storage at
, or the purpose for storing the data no longer applies (e.g., after
your request has been processed). Mandatory legal provisions—in particular
statutory retention periods—remain unaffected.
5. Social Media
This website incorporates features from the social network Facebook. The provider
of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected
is also transferred to the United States and other third countries.
You can find an overview of Facebook social media elements here: https://developers.facebook.com/docs/plugins/?locale=de_DE.
If the social media
element is active, a direct connection is established between your device and the Facebook server
. This informs Facebook that you have visited this website
using your IP address. If you click the Facebook “Like” button while logged into your Facebook
account, you can link the content of this website to your Facebook profile. This allows
Facebook to associate your visit to this website with your user account. Please note that as
the provider of these pages, we have no knowledge of the content of the transmitted data or its use by Facebook
. For more information, please refer to Facebook’s privacy policy at: https://de-
de.facebook.com/privacy/explanation.
Where consent has been obtained, the
use of the aforementioned service is based on Article 6(1)(a) of the GDPR and Section 25 of the TTDSG.
Consent may be revoked at any time. Where consent has not been obtained, the use of the service is based on
our legitimate interest in achieving the widest possible visibility on social
media.
To the extent that personal data is collected on our website
using the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal
Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art.
26 GDPR). This joint responsibility is limited exclusively to the collection
of the data and its transfer to Facebook. The processing carried out by
Facebook following the transfer is not part of the joint responsibility. The obligations incumbent upon us jointly have been
set forth in a joint processing agreement. The text of the agreement can be found
at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we
are responsible for providing privacy information when using the Facebook tool and for the
data protection-compliant implementation of the tool on our website. Facebook is responsible for the
data security of Facebook products. You can exercise your data subject rights (e.g.,
requests for information) regarding the data processed by Facebook directly with Facebook
. If you exercise your data subject rights with us, we are obligated to forward them to Facebook
.
Data transfers to the United States are based on the Standard Contractual Clauses of the European Commission (
).
For more details, please visit: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-,
,
de.facebook.com/help/566994660333381, and https://www.facebook.com/policy.php.
The company is certified under the “EU-US Data Privacy
Framework” (DPF). The DPF is an agreement between the European Union and the
United States designed to ensure compliance with European data protection standards when processing data in the United States
. Every company certified under the DPF commits to complying with these
data protection standards. For more information, please visit the provider’s website at the following link:
https:
//www.dataprivacyframework.gov/s/participant-search/participant-
detail?contact=true&id=a2zt0000000GnywAAC&status=Active
6. Analytics Tools and Advertising
Google Tag Manager
We use Google Tag Manager. The provider is Google Ireland
Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that allows us to integrate tracking and analytics tools and other technologies into our website.
Google Tag Manager itself does not create user profiles, store cookies, or perform
its own analyses. It is used solely to manage and deploy the tools integrated through it.
However, Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company
in the United States.
The use of Google Tag
Manager is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest
in the quick and straightforward integration and management of various tools on its website. If
consent has been requested, processing is carried out exclusively on the basis of
Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent covers the storage of cookies or
access to information on the user’s device (e.g., device fingerprinting) within the meaning of
the TTDSG. Consent may be revoked at any time.
The company is certified under the “EU-US Data Privacy
Framework” (DPF). The DPF is an agreement between the European Union and the
United States designed to ensure compliance with European data protection standards when processing data in the United States
. Every company certified under the DPF commits to complying with these
data protection standards. Further information on this is available from the provider at the following link:
https:/
/www.dataprivacyframework.gov/s/participant-search/participant-
detail?contact=true&id=a2zt000000001L5AAI&status=Active
Google Analytics
This website uses features of the web analytics service Google Analytics.
The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4,
Ireland.
Google Analytics enables website operators to analyze the behavior of website visitors at
. This provides the website operator with various usage data, such as page views,
time spent on the site, operating systems used, and the user’s location. This data is consolidated into a user ID
and assigned to the website visitor’s respective device.
In addition,
we can use Google Analytics to track your mouse and scroll movements, clicks, and other actions. Furthermore,
Google Analytics uses various modeling approaches to supplement the collected data sets at
and employs machine learning technologies in its data analysis.
Google Analytics uses technologies that enable user recognition for the purpose of analyzing
user behavior (e.g., cookies or device fingerprinting). The information collected by Google
regarding the use of this website is generally transmitted to a Google server in the United States
and stored there.
Use of this service is based on your
consent pursuant to Article 6(1)(a) of the GDPR and Section 25(1) of the TTDSG. You may revoke your consent at any time via
.
Data transfers to the United States are based on the EU-
Commission’s Standard Contractual Clauses. For more details, please visit: https://privacy.google.com/businesses/controllerterms/mccs/.
The company
is certified under the “EU-US Data Privacy Framework” (DPF). The
DPF is an agreement between the European Union and the United States designed to ensure compliance
with European data protection standards for data processing in the United States. Every company certified under
the DPF commits to complying with these data protection standards. Further
information on this is available from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-
search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
Browser plugin
You can prevent Google from collecting and processing your data
by downloading and installing the browser plugin available at the following link:
https://tools.google.com/dlpage/gaoptout?hl=de.
For more information on how Google Analytics handles user data, please refer to Google’s Privacy Policy:
https://support.google.com/analytics/answer/6004245?hl=de.
Order Processing
We at
have entered into a data processing agreement with Google and fully comply with the strict requirements of the
German data protection authorities regarding the use of Google Analytics.
Google Ads
The website operator uses Google Ads. Google Ads is an online
advertising program provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4,
Ireland.
Google Ads allows us to display ads in the Google search engine or on
third-party websites when users enter specific search terms into Google (keyword targeting).
Furthermore, targeted ads can be displayed based on user data available to Google (e.g.,
location data and interests) (audience targeting). As website operators, we can
quantitatively evaluate this data by, for example, analyzing which search terms led to the display
of our advertisements and how many ads resulted in corresponding clicks
.
Use of this service is based on your consent pursuant to Article 6(1)(a) of the GDPR
and Section 25(1) of the TTDSG. You may withdraw your consent at any time.
Data transfers to the
USA are based on the European Commission’s Standard Contractual Clauses. For more details, please visit: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.
The company is certified under the “EU-US Data Privacy
Framework” (DPF). The DPF is an agreement between the European Union and the
United States designed to ensure compliance with European data protection standards when processing data in the United States
. Every company certified under the DPF commits to complying with these
data protection standards. Further information on this is available from the provider at the following link:
https:/
/www.dataprivacyframework.gov/s/participant-search/participant-
detail?contact=true&id=a2zt000000001L5AAI&status=Active
Google Ads Remarketing
This website uses Google Ads Remarketing features.
The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4,
Ireland.
With Google Ads Remarketing, we can assign people who interact with our website
to specific target groups so that we can subsequently display interest-based ads to them on the
Google Display Network (remarketing or retargeting).
Furthermore,
the advertising audiences created with Google Ads Remarketing can be linked to Google’s cross-device
features. In this way, interest-based, personalized
advertising messages that have been tailored to you based on your previous usage and browsing behavior on a
device (e.g., mobile phone) can also be displayed on another of your devices
(e.g., tablet or PC).
If you have a Google account,
you can opt out of personalized ads by clicking the following link: https://www.google.com/settings/ads/onweb/.
Use of this service is based on your consent pursuant to Article 6(1)(a) of the GDPR and Section 25(1) of the TTDSG. You may revoke your consent at any time at
.
For more information and our privacy policy, please visit
Google's privacy policy is available at: https://policies.google.com/technologies/ads?hl=de.
The company is certified under the “EU-US Data Privacy
Framework” (DPF). The DPF is an agreement between the European Union and the
United States designed to ensure compliance with European data protection standards when processing data in the United States
. Every company certified under the DPF commits to complying with these
data protection standards. Further information on this is available from the provider at the following link:
https:/
/www.dataprivacyframework.gov/s/participant-search/participant-
detail?contact=true&id=a2zt000000001L5AAI&status=Active
Target audience segmentation with customer matching
To create target groups, we use, among other things, the
customer matching feature of Google Ads Remarketing. In doing so, we transfer certain customer data (e.g., e-
email addresses) from our customer lists to Google. If the customers in question are Google users and are logged into their
Google account, relevant advertising messages will be displayed to them within the Google network (e.g.,
on YouTube, Gmail, or in the search engine).
Google Conversion Tracking
This website uses Google Conversion Tracking. The provider is
Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Using
from Google Conversion Tracking, Google and we can determine whether the user has performed certain actions
. For example, we can analyze which buttons on our website
are clicked most frequently and which products are viewed or purchased most often. This
information is used to generate conversion statistics. We learn the total number of users who clicked on our ads at
and what actions they took. We do not receive any
information that allows us to personally identify the user. Google itself uses cookies or similar recognition technologies for
identification.
Use of this service
is based on your consent pursuant to Article 6(1)(a) of the GDPR and Section 25(1) of the TTDSG.
You may withdraw your consent at any time.
For more information about Google Conversion Tracking, visit
and Google's Privacy Policy: https://policies.google.com/privacy?hl=de.
The company is certified under the “EU-US Data Privacy
Framework” (DPF). The DPF is an agreement between the European Union and the
United States designed to ensure compliance with European data protection standards when processing data in the United States
. Every company certified under the DPF commits to complying with these
data protection standards. Further information on this is available from the provider at the following link:
https:/
/www.dataprivacyframework.gov/s/participant-search/participant-
detail?contact=true&id=a2zt000000001L5AAI&status=Active
Meta Pixel (formerly Facebook Pixel)
This website uses Facebook/Meta's visitor action pixels (
)
to measure conversions. The provider of this service is Meta Platforms Ireland Limited, 4
Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the collected data is also transferred to the
United States and other third countries.
This allows the behavior of visitors to
to be tracked after they have been redirected to the provider’s website
by clicking on a Facebook ad. This enables the effectiveness of Facebook ads to be evaluated for statistical
and market research purposes, and future advertising campaigns to be optimized
.
The data collected is anonymous to us as the operators of this website; we cannot
draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook
in such a way that a link to the respective user profile is possible, and Facebook
can use the data for its own advertising purposes, in accordance with the Facebook Data Use Policy (https://de-
de.facebook.com/about/privacy/). This enables Facebook to display advertisements
on Facebook pages as well as outside of Facebook. We, as the site operator, have no influence over this use of data
.
Use of this service is based on
your consent pursuant to Art. 6(1)(a) of the GDPR and § 25(1) of the TTDSG. You may revoke your consent at any time via
.
We use the advanced alignment feature within Meta-Pixel.
This enhanced matching allows us to send various types of data (e.g., city, state,
zip code, hashed email addresses, names, gender, date of birth, or phone number) about our customers
and prospects that we collect via our website to Meta (Facebook).
This activation allows us to tailor our advertising campaigns on Facebook even more precisely to people
who are interested in our offerings. In addition, the enhanced matching
improves the attribution of website conversions and expands Custom Audiences.
To the extent that personal data is collected on our website using the tool described here and forwarded to
Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand
Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR).
This joint responsibility is limited exclusively to the collection of the data and
its transfer to Facebook. The processing carried out by Facebook after the transfer is not part
of the joint responsibility. The obligations incumbent upon us jointly have been set forth in a joint processing agreement
. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we
are responsible for providing data protection information when using the Facebook tool and for
ensuring the tool is implemented on our website in compliance with data protection laws. Facebook is responsible for the
data security of Facebook products. You can exercise your data subject rights (e.g.,
requests for information) regarding the data processed by Facebook directly with Facebook
. If you exercise your data subject rights with us, we are obligated to forward them to Facebook
.
Data transfers to the U.S. are based on the EU-
Commission’s Standard Contractual Clauses.
For more details, please visit: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-
de.facebook.com/help/566994660333381.
You can find more information about protecting your privacy in Facebook's Privacy Policy:
and here: https://de-de.facebook.com/about/privacy/.
You
can also disable the "Custom Audiences" remarketing feature in the
Ad Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
. To do this, you must be logged in to Facebook.
If you do not have a Facebook account
, you can opt out of Facebook's interest-based advertising on the European Interactive website
Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.
The company is certified under the “EU-US Data Privacy
Framework” (DPF). The DPF is an agreement between the European Union and the
United States designed to ensure compliance with European data protection standards when processing data in the United States
. Every company certified under the DPF commits to complying with these
data protection standards. For more information, please visit the provider’s website at the following link:
https:
//www.dataprivacyframework.gov/s/participant-search/participant-
detail?contact=true&id=a2zt0000000GnywAAC&status=Active
Facebook Custom Audiences
We use Facebook Custom Audiences. This service is provided by
Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
When you visit or use our websites
and apps, take advantage of our free or paid services, submit data
to us, or interact with our company’s Facebook content, we collect
your personal data. If you give us your consent to use Facebook Custom Audiences
, we will transmit this data to Facebook, which Facebook can then use to display relevant advertisements
to you. Furthermore, your data can be used to define target groups (Lookalike
Audiences).
Facebook processes this data as our data processor. For details, please refer to Facebook’s
Terms of Service: https://www.facebook.com/legal/terms/customaudience.
Use of this service
is based on your consent pursuant to Article 6(1)(a) of the GDPR and Section 25(1) of the TTDSG.
You may withdraw your consent at any time.
Data transfers to the United States are based on the
Standard Contractual Clauses of the European Commission. For more details, please visit: https://www.facebook.com/legal/terms/customaudience and https://www.facebook.com/legal/terms/dataprocessing.
The company is certified under the “EU-US Data Privacy
Framework” (DPF). The DPF is an agreement between the European Union and the
United States designed to ensure compliance with European data protection standards when processing data in the United States
. Every company certified under the DPF commits to complying with these
data protection standards. For more information, please visit the provider’s website at the following link:
https:
//www.dataprivacyframework.gov/s/participant-search/participant-
detail?contact=true&id=a2zt0000000GnywAAC&status=Active
7. Newsletter
Newsletter information
If you would like to subscribe to the newsletter offered on the website
, we require your email address as well as information that allows us to
verify that you are the owner of the provided email address and that you consent to
receiving the newsletter. No other data is collected, or only on a voluntary basis.
We use this data exclusively for sending the requested information and do not
share it with third parties.
The processing of the data entered in the newsletter sign-up form at
is based solely on your consent (Art. 6(1)(a) GDPR). You may revoke the consent you have given for the
storage of your data and email address, as well as their use for sending the newsletter, at any time
, for example via the “Unsubscribe” link in the newsletter. The
lawfulness of data processing operations that have already taken place remains unaffected by the revocation
.
The data you have provided to us for the purpose of subscribing to our newsletter will be stored by
until you unsubscribe from the newsletter through us or the newsletter service provider, and will be deleted from the newsletter distribution list after
you unsubscribe from the newsletter or once the purpose for which it was collected no longer applies. We
reserve the right to delete or block email addresses from our newsletter distribution list at our own discretion within the scope of our
legitimate interest pursuant to Art. 6(1)(f) GDPR.
Data that we have stored for
other purposes remains unaffected by this.
After you unsubscribe from
the newsletter mailing list, your email address may be stored by us or the newsletter service provider in a
blacklist, if necessary to prevent future mailings. The data from the
blacklist is used solely for this purpose and is not combined with any other data. This
serves both your interests and our interest in complying with legal requirements regarding the
distribution of newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). Storage in the
blacklist is not time-limited. You may object to this storage if your
interests outweigh our legitimate interest.
8. Plugins and Tools
Google Fonts (local hosting)
This site uses Google Fonts, as described at
,
to ensure consistent font display. These Google Fonts are installed locally. No connection is made to Google’s servers.
For more information about Google Fonts, visit
You can find it at https://developers.google.com/fonts/faq and in Google’s Privacy Policy: https://policies.google.com/privacy?hl=de.
Google Maps
This site uses the Google Maps service. The provider is Google Ireland
Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
To use the
features of Google Maps, it is necessary to store your IP address. This information is
typically transmitted to a Google server in the United States and stored there. The provider of this site has
no influence over this data transfer. When Google Maps is enabled, Google may use Google Fonts for the purpose of
consistent font display. When you access Google Maps, your
browser loads the required web fonts into its browser cache to display text and fonts correctly
.
We use Google Maps to ensure an appealing presentation of our
online offerings and to make it easy for users to locate the places listed on our website. This constitutes a
legitimate interest within the meaning of Article 6(1)(f) of the GDPR. If consent has been requested
, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and
§ 25(1) TTDSG, insofar as the consent covers the storage of cookies or access to information on the
user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent may be revoked at any time at
.
Data transfers to the United States are based on the Standard Contractual Clauses issued by the
European Commission. For more details, please visit: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
For more information, visit
You can find information about how user data is handled in Google's Privacy Policy: https://policies.google.com/privacy?hl=de.
The company is certified under the “EU-US Data Privacy
Framework” (DPF). The DPF is an agreement between the European Union and the
United States designed to ensure compliance with European data protection standards when processing data in the United States
. Every company certified under the DPF commits to complying with these
data protection standards. Further information on this is available from the provider at the following link:
https:/
/www.dataprivacyframework.gov/s/participant-search/participant-
detail?contact=true&id=a2zt000000001L5AAI&status=Active
DialogShift Chat
DialogShift chat application and other communication services on our website
Our website uses the communication services provided by DialogShift GmbH, Torstr. 201, 10115 Berlin. These services include a chat application, email communication, and telephone communication. The applications process and store data for the purposes of web analytics, operating the communication services, and responding to inquiries.
To enable the chat feature, chat messages are stored and a cookie with a unique ID is set—this is used to recognize you as a customer. For email and phone communications, the content of these communications is also temporarily stored to ensure that your inquiries are handled efficiently.
A cookie is a small text file that is stored locally in the cache on your device. This cookie allows our application to recognize your device and retrieve past chat logs. This cookie is stored for 90 days after your last use. You can disable cookies in your browser settings. However, the chat feature will not work without cookies.
The provision of information such as your name, email address, or phone number is voluntary and implies your consent to the temporary use and storage of this data for the purpose of contacting you until the end of the interaction. This personal data will be deleted after 90 days. When using the Journey Messaging Service, your contact information may also be used to send travel-related information (such as check-in information), provided you have consented to this.
The legal basis for data processing is Article 6(1)(a) of the GDPR and Section 25(1) of the TTDSG, based on your consent. DialogShift provides further information at https://www.dialogshift.com/datenschutz regarding the collection and use of data, as well as your rights and options for protecting your privacy.
9. Our Own Services
Handling of Applicant Data
We offer you the opportunity to apply for a position with us at
(e.g., by email, mail, or via the online application form). Below, we provide information regarding
the scope, purpose, and use of your personal data collected as part of the application process
. We assure you that the collection, processing, and use of your data are carried out in accordance with
applicable data protection laws and all other legal provisions, and that your data will be treated with strict
confidentiality.
Scope and Purpose of Data Collection
If you submit an application to us at
,
we will process your associated personal data (e.g.,
contact and communication details, application documents, notes taken during
job interviews, etc.), to the extent necessary to decide whether to establish an
employment relationship. The legal basis for this is Section 26 of the German Federal Data Protection Act (BDSG) under
German law (initiation of an employment relationship), Article 6(1)(b) of the GDPR (general
contractual initiation), and—provided you have given your consent—Article 6(1)(a) of the GDPR.
Consent may be revoked at any time. Your personal data will be shared within our company
exclusively with persons involved in processing your application.
If your application is successful, the data you have submitted will be stored in our data processing systems pursuant to Section 26 of the German Federal Data Protection Act (
)
and Article 6(1)(b) of the General Data Protection Regulation (GDPR) for the purpose of carrying out the
employment relationship.
Data retention period
If we are unable to offer you a position, you decline a job offer
or withdraw your application, we reserve the right to retain the data you submitted
for up to 6
months from the end of the application process (rejection or withdrawal of the application) at
. Subsequently, the data will be deleted and the physical
application documents destroyed. The retention serves in particular for evidentiary purposes in the event of a
legal dispute. If it becomes apparent that the data will be required after the 6-month period has expired
(e.g., due to an impending or pending legal dispute), deletion will not take place until
the purpose for continued retention no longer applies.
Data may also be retained for a longer period if you have provided the necessary consent (Art. 6(1)(a)
GDPR) or if statutory retention requirements prevent its deletion.
Inclusion in the candidate pool
If we do not offer you a position, we may
add you to our applicant pool. If you are added to the pool, all documents and
information from your application will be transferred to the applicant pool so that we can
contact you if suitable vacancies arise.
Inclusion in the applicant pool is based solely on your
express consent (Art. 6(1)(a) GDPR). Providing consent is voluntary and is
not related to the current application process. The data subject may revoke their consent at any time
. In this case, the data will be irrevocably deleted from the applicant pool,
provided there are no legal grounds for retention.
Data from the applicant pool at
will be permanently deleted no later than two years after consent is given.