Privacy Policy
Privacy PolicyInformation on the Collection of Personal Data
a) Below we provide information about the collection of personal data when using our website. Personal data are all data relating to you personally, e.g. name, address, email addresses, user behavior.
b) The controller pursuant to Art. 4 para. 7 EU General Data Protection Regulation (GDPR) is:
Richter GmbH & Co. KG
Elisabethstrasse 12
35037 MarburgPhone: +49 (0) 6421 59075-0Fax: +49 (0) 6421 59075-100Email: info@marburgerhof.deYou can reach our data protection officer at:Gesellschaft für Datenschutz Mittelhessen mbHAuf der Appeling 835043 MarburgEmail: datenschutz@gdsm.de
c) If we use commissioned service providers for certain functions of our offer or wish to use your data for advertising purposes, we will inform you in detail below about the respective procedures. We will also specify the defined criteria for the storage period.
Your Rights
a) You have the following rights vis-à-vis us regarding your personal data:
• Right to access,• Right to rectification or deletion,• Right to restriction of processing,• Right to object to processing,• Right to data portability.
b) You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
Collection of Personal Data When Visiting Our Website
a) When using the website purely for informational purposes, that is, if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you simply want to view our website, we collect the following data which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):
• IP address• Date and time of the request• Time zone difference to Greenwich Mean Time (GMT)• Content of the request (concrete page)• Access status/HTTP status code• Transferred amount of data respectively• Website from which the request comes• Browser• Operating system and its interface• Language and version of the browser software.
b) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and through which the party setting the cookie (here us) receives certain information. Cookies cannot execute programs or transmit viruses to your computer. They serve to make the internet offer overall more user-friendly and effective. The use of these cookies is based on Art. 6 para. 1 sentence 1 lit. a or c GDPR.
Use of Cookies:
a) This website uses the following types of cookies, the scope and functionality of which are explained below:
• Transient cookies (see b below)• Persistent cookies (see c below).
b) Transient cookies are automatically deleted when you close the browser. These primarily include session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This makes it possible to recognize your computer when you return to our website. Session cookies are deleted when you log out or close the browser.
c) Persistent cookies are automatically deleted after a predetermined period which can vary depending on the cookie. You can delete the cookies at any time in the security settings of your browser.
d) You can configure your browser settings according to your wishes and, for example, refuse acceptance of third-party cookies or all cookies. We point out that you may not be able to use all functions of this website in this case.
e) Cookie Consent Manager System
On our website, we use a Cookie Consent Manager tool to inform you about technologies we use on our website and to obtain, manage and document your consent to the processing of your personal data by these technologies.
This is necessary to fulfill our legal obligation pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR in conjunction with Art. 7 para. 1 GDPR in order to be able to prove your consent to the processing of your personal data.
Other Functions and Offers of Our Website
a) In addition to purely informational use of our website, we offer various services which you can use if interested. For this you usually have to provide additional personal data which we use to provide the respective service and for which the above-mentioned principles of data processing apply.
b) Sometimes we use external service providers for processing your data. These have been carefully selected and commissioned by us, are bound by our instructions, and are regularly monitored.
c) Furthermore, we may pass your personal data to third parties if participations in campaigns, competitions, contract conclusions or similar services are offered jointly with partners. You will receive more information on this when providing your personal data or below in the description of the offer.
d) If our service providers or partners are based outside the European Economic Area (EEA), we inform you of the consequences of this circumstance in the description of the offer.
Data Security
The personal data we collect and store are treated confidentially and protected against loss and alteration as well as unauthorized access by suitable technical and organizational measures. Your personal data is transmitted encrypted over the internet. We use SSL encryption (Secure Socket Layer) for data transmission.
Automated Decisions, Profiling
We do not carry out automated decisions (including profiling) with the personal data we collect during your visit to our website.
Objection or Revocation of the Processing of Your Data
a) If you have given consent to the processing of your data, you can revoke this at any time. Such a revocation affects the legality of the processing of your personal data after you have communicated it to us.
b) If we base the processing of your personal data on the balance of interests, you can object to the processing. This is the case if the processing is not necessary for the performance of a contract with you, which we will explain in connection with the description of the functions below. When exercising such objection, please state the reasons why we should not process your personal data as carried out by us. In case of your justified objection, we will examine the facts and either stop or adjust the data processing or inform you of compelling legitimate grounds based on which we continue processing.
c) Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us about your objection to advertising at the following contact details: Richter GmbH & Co. KG
Elisabethstrasse 12, 35037 Marburg, Phone: +49 (0) 6421 59075-0, Email: info@marburgerhof.de.
Contact Possibility via E-Mail
You have the option to contact us by email. The respective addresses can be found on our website under Contact.
If contact is made via the email address provided by us, the personal data transmitted with your email will be stored. The legal basis for the processing of your data in this context is Art. 6 para. 1 lit. f) GDPR, as our legitimate interest is to contact you as a (potential) customer.
If the email contact is related to the conclusion or execution of a contract between you and us, Art. 6 para. 1 lit. b) GDPR additionally applies as the legal basis for processing.
We process personal data that we store in connection with your email contact exclusively to process your inquiry. Data is not passed on to third parties in this context.
We delete your data as soon as it is no longer necessary for achieving the purpose for which it was collected. For personal data transmitted via email, this is the case once the respective correspondence with you has ended and the circumstances indicate that the facts concerned have been finally clarified.
If data is required for fulfilling a contract or for pre-contractual measures, deletion can only occur as far as contractual or legal retention obligations allow. Which retention periods apply must be determined individually for each contract and contracting party.
You can revoke your consent to the processing of personal data at any time. In case of contact via email, you can object to the storage of your personal data at any time. For this, simply send a corresponding message to the contact details named at the beginning of this privacy policy.
Contact via Contact Form
a) When you contact us via a contact form, the data you provide and personal data resulting from it (e.g. name, inquiry, email address, phone number) will be stored by us for the purpose of processing your inquiry and for any follow-up questions. We do not pass on these data to third parties without your consent.
b) The data you send us via contact inquiries remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g. after completed processing of your request). Mandatory legal provisions – especially statutory retention periods – remain unaffected.
c) Processing of these data is based on Art. 6 para. 1 lit. b GDPR if your request is related to the performance of a contract or required for pre-contractual measures. In all other cases, processing is based on our legitimate interest in effective handling of requests addressed to us (Art. 6 para. 1 lit. f GDPR) or your consent (Art. 6 para. 1 lit. a GDPR) if obtained.
Processing of Bookings and Payment Information
Bookings can be made via our website. For processing the booking, the following personal data will be collected by us: Name, address, date of birth, gender, email address, phone number, mobile number. These data are necessary for processing the booking. Furthermore, to process the booking, we also require personal data related to the respective booking. In particular, exchange of payment information such as bank details, card number, validity date and CVC code may occur mutually. Transmission of this data serves identity verification, payment administration and fraud prevention. The purpose of data collection is the fulfillment of (pre-) contractual obligations according to Art. 6 para. 1 lit. b GDPR.
Profitroom Upperbooking
This site uses the Profitroom booking system via an API. The provider is PROFITROOM GmbH, Potsdamer Platz 10/2, 10785 Berlin.
To correctly display booking information, your browser loads the necessary scripts into its browser cache when accessing a page.
To do this, the browser you use must connect to the servers of PROFITROOM GmbH. This allows PROFITROOM GmbH to know that our website was accessed via your IP address. The use of Profitroom is in the interest of a simple and fast booking process. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. For cases in which your personal data is transmitted to Profitroom, the legal basis is your consent according to Art. 6 para. 1 lit. a GDPR. Further information about Profitroom can be found at https://www.profitroom.de/impressum.
External Hosting
This website is hosted by an external service provider (host). The personal data collected on this website is stored on the host’s servers. This may include, in particular, IP addresses, contact requests, metadata and communication data, contractual data, contact details, names, website visits, and other data generated through a website.
The use of the host is for the purpose of fulfilling our contractual obligations to our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of providing our online services securely, quickly, and efficiently through a professional provider (Art. 6(1)(f) GDPR). If consent has been obtained, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.
Our hosting provider will process your data only to the extent necessary to fulfill its service obligations and will follow our instructions regarding this data.
We use the following hosting provider:DigitalOcean EU B.V.Zekeringstraat 17A1014 BM AmsterdamNetherlandsDigitalOcean Spaces CDN
We use the “Spaces CDN” service on our website for content delivery. The service provider is DigitalOcean EU B.V.
Zekeringstraat 17A, 1014 BM Amsterdam, Netherlands. When you visit our website, personal data is processed for technical delivery purposes. This may include the following data:
* IP address
* Date and time of access
* Browser information
* Referrer URL
If you consent to the use of Spaces CDN, the legal basis is your consent pursuant to Art. 6(1)(a) GDPR. Additionally, we have a legitimate interest pursuant to Art. 6(1)(f) GDPR in using Spaces CDN to optimize our online service and make it more secure. We only use Spaces CDN if you have given us your consent. Data processing may also take place on servers outside the European Union. According to its own statements, DigitalOcean uses appropriate safeguards for international data transfers in accordance with Art. 44 et seq. GDPR, in particular the European Commission’s Standard Contractual Clauses. In cases where personal data is transferred to the U.S., DigitalOcean has submitted to the EU-U.S. Data Privacy Framework, https://www.dataprivacyframework.gov/s/.
For more information about DigitalOcean's data processing practices, please refer to the provider's privacy policy: https://www.digitalocean.com/legal/privacy-policy?utm_source=chatgpt.com.
Newsletter
If you subscribe to our newsletter, we inform you about our current interesting offers. The legal basis for this is your consent according to Art. 6 para. 1 lit. a GDPR.
If the newsletter of our company is subscribed to, the data entered in the input mask is transmitted to the responsible person for processing. Subscription to our newsletter is done via a so-called double opt-in process. This means you receive an email after signing up asking you to confirm your subscription.
When signing up for the newsletter, the IP address of the user as well as date and time of registration are stored. This serves to prevent abuse of the services or the email address of the affected person. Data is not shared with third parties. An exception applies if there is a legal obligation to share data. The data is used exclusively for sending the newsletter. The subscription can be canceled by the affected person at any time. Likewise, consent to the storage of personal data can be revoked at any time. Every newsletter contains a corresponding link for this purpose.
Use of Cloudflare
This website uses services provided by “Cloudflare” (provider: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA).
Cloudflare operates a Content Delivery Network (CDN) and provides security features for the website (Web Application Firewall). Data transfer between your browser and our servers flows through Cloudflare’s infrastructure and is analyzed there to ward off attacks. Cloudflare uses cookies for this purpose to enable you to access our website.
If you consent to the use of Cloudflare, the legal basis is your consent pursuant to Art. 6(1)(a) GDPR in conjunction with §25(1) TDDDG. Additionally, we have a legitimate interest pursuant to Art. 6(1)(f) GDPR in using Cloudflare to optimize our online service and make it more secure. We only use Cloudflare if you have given us your consent.
In cases where personal data is transferred to the United States, Cloudflare has committed to the EU-U.S. Data Privacy Framework, https://www.dataprivacyframework.gov/s/.
For more information, please see the Cloudflare Privacy Policy: https://www.cloudflare.com/de-de/privacypolicy/.
Use of Google Remarketing
We use the remarketing or “Similar Audiences” feature on our website. This is a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, hereinafter referred to as “Google.”
We use this feature to display interest-based, personalized ads on third-party websites that also participate in Google’s advertising network.
To enable this advertising service, Google stores a cookie containing a string of numbers on your device via your web browser during your visit to our website. This cookie records both your visit and your use of our website in an anonymized form. According to Google, however, no personal data is processed in this process. If you subsequently visit a third-party website that also uses Google’s advertising network, you may see ads that are related to our website or the offers available there.
The legal basis for the use of Google Remarketing is your consent pursuant to Article 6(1)(a) of the GDPR in conjunction with Section 25(1) of the TDDDG. In cases where personal data is transferred to the United States, Google has committed to the EU-U.S. Data Privacy Framework, https://www.dataprivacyframework.gov/s/.
To permanently disable this feature, Google offers a browser plugin for the most common internet browsers via https://www.google.com/settings/ads/plugin.
Through so-called cross-device marketing, Google may also track your usage behavior across multiple devices, so that you may be shown interest-based, personalized ads even when you switch devices. However, this requires that you have consented to linking your browsing history to your existing Google account.
Google provides further information on Google Remarketing at http://www.google.com/privacy/ads/.
Use of Google DoubleClick
This website uses the online marketing tool DoubleClick by Google. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. Placing Google DoubleClick cookies is based on Art. 6 para. 1 lit. a GDPR.
DoubleClick uses cookies to show users relevant ads, improve reports on campaign performance, or avoid showing the same ads multiple times. Google registers which ads appear in which browser through a cookie ID, thus preventing duplicate ad displays. Additionally, DoubleClick can record so-called conversions linked to ad requests. This happens when a user sees a DoubleClick ad and later visits the advertiser's website with the same browser and makes a purchase. Due to the marketing tools used, your browser automatically establishes a direct connection to Google's server. We have no influence on the extent and further use of data collected by Google through this tool and inform you accordingly: By embedding DoubleClick, Google receives information that you accessed the respective part of our website or clicked on our ad. If you are registered with a Google service, Google may associate the visit with your account. Even if you are not registered or logged in, the provider may receive and store your IP address.
For cases in which personal data are transferred to the USA, Google has committed to the EU-U.S. Data Privacy Framework, https://www.dataprivacyframework.gov/s/. More about the data processed by Google DoubleClick can be found in the privacy policy at https://policies.google.com/privacy?hl=en-US.
Use of Google AdWords Conversion
We use Google AdWords to draw attention to our attractive offers on external websites through advertising (known as Google AdWords). Based on the data from these advertising campaigns, we can determine how successful individual advertising measures are. Our goal is to show you ads that are relevant to you, make our website more engaging for you, and ensure a fair calculation of advertising costs. These ads are delivered by Google via so-called “ad servers.” To do this, we use ad server cookies, which allow us to measure certain performance metrics, such as ad impressions or user clicks. If you arrive at our website via a Google ad, Google AdWords will store a cookie on your computer. These cookies generally expire after 30 days and are not intended to identify you personally. This cookie typically stores the following analytics data: the unique cookie ID, the number of ad impressions per placement (frequency), the last impression (relevant for post-view conversions), and opt-out information (an indicator that the user no longer wishes to be targeted). These cookies enable Google to recognize your web browser. If a user visits specific pages on an AdWords customer’s website and the cookie stored on their computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to that page. Each AdWords customer is assigned a different cookie. Cookies cannot therefore be tracked across the websites of AdWords customers. We ourselves do not collect or process any personal data in connection with the aforementioned advertising measures. We merely receive statistical reports from Google. Based on these reports, we can determine which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising materials; in particular, we cannot identify users based on this information. Due to the marketing tools used, your browser automatically establishes a direct connection to Google’s server. We have no control over the scope and further use of the data collected by Google through the use of this tool and therefore inform you to the best of our knowledge: By integrating AdWords Conversion, Google receives the information that you have visited the relevant part of our website or clicked on one of our ads. If you are registered with a Google service, Google can associate the visit with your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider may obtain and store your IP address.
You can prevent participation in this tracking process in several ways:
by adjusting your browser settings accordingly; in particular, disabling third-party cookies will prevent you from receiving ads from third-party providers;
by disabling cookies for conversion tracking by configuring your browser to block cookies from the domain “www.googleadservices.com”, https://www.google.de/settings/ads, although this setting will be deleted if you clear your cookies;
by disabling interest-based ads from providers participating in the “About Ads” self-regulatory campaign via the link http://www.aboutads.info/choices, although this setting will be deleted if you clear your cookies;
by permanently disabling it in your Firefox, Internet Explorer, or Google Chrome browsers via the link http://www.google.com/settings/ads/plugin.
Please note that in this case, you may not be able to use all features of this service to their full extent. The legal basis for the processing of your data is Article 6(1)(a) of the GDPR in conjunction with Section 25(1) of the TDDDG[AH6.1]. Further information on data protection at Google can be found here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org. In cases where personal data is transferred to the United States, Google has committed to the EU-U.S. Data Privacy Framework, https://www.dataprivacyframework.gov/s/.
Use of Google Analytics
a) This website uses Google Analytics, a web analytics service provided by Google LLC (for Europe: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland – “Google”). Google Analytics uses “cookies,” which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the United States and stored there. We have enabled IP anonymization on this website; therefore, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the United States and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website and internet usage to the website operator. Google is therefore a processor acting on behalf of the website operator within the meaning of Article 4(8) of the GDPR; a corresponding agreement on processing on behalf of the website operator pursuant to Article 28(3) of the GDPR has been concluded. Google Analytics cookies are set in accordance with Article 6(1)(a) of the GDPR in conjunction with Section 25(1) of the TDDDG.[AH1.1]
b) The IP address transmitted by your browser as part of Google Analytics is not merged with other data held by Google.
c) You can prevent the storage of cookies by adjusting your browser settings accordingly; however, we would like to point out that in this case, you may not be able to use all functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
d) This website uses Google Analytics with the extension “_anonymizeIp()”. This shortens IP addresses during processing, thereby preventing any personal identification. If the data collected about you is personally identifiable, this is immediately excluded, and the personal data is promptly deleted.
e) We use Google Analytics to analyze and regularly improve the use of our website. The statistics we collect allow us to enhance our offerings and make them more interesting for you as a user.
f) In cases where personal data is transferred to the United States, Google has committed to complying with the EU-U.S. Data Privacy Framework, https://www.dataprivacyframework.gov/s/.
g) This website also uses Google Analytics for cross-device analysis of visitor traffic, which is carried out via a user ID. You can disable cross-device analysis of your usage in your customer account under “My Data,” “Personal Data.”
Integration of Google Web Fonts
This site uses so-called web fonts provided by Google for uniform font display. When a page is called up, your browser loads the required web fonts into its browser cache to display texts and fonts correctly. The fonts are held locally by us, so no personal data is transmitted to Google. If your browser does not support web fonts, a standard font on your computer is used. More information about Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy.
Use of Google Maps
a) On this website, we use Google Maps via an API based on your consent pursuant to Art. 6 para. 1 lit. a GDPR. This allows us to display interactive maps directly on the website and enables convenient use of the map function. The provider is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
b) To ensure data protection on this website, Google Maps is deactivated when you first visit this website. A direct connection to the Google servers will only be established after you have activated Google Maps yourself. This prevents your data from being transmitted to Google upon initial page visit.
c) After activation, Google Maps will store your IP address and location information, which is usually transferred to a Google server in the USA and stored there. After activation, the operator of this site has no influence on this data transfer. For cases where personal data is transferred to the USA, Google has committed to the EU-U.S. Data Privacy Framework, https://www.dataprivacyframework.gov/s/.
d) More information on handling user data can be found in Google's privacy policy here: https://www.google.de/intl/de/policies/privacy/.
Use of Google Tag Manager
This website uses Google Tag Manager, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Tag Manager manages website tags via an interface, allowing other services to be integrated into our online offer. The tag manager itself (which implements tags) does not create profiles of users or store cookies. Google only learns the IP address of the user, which is necessary for executing Google Tag Manager. The legal basis for data processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR.
Use of Sentry
We use Sentry, an error management tool, on our website. The service provider is the American company Functional Software, Inc., 132 Hawthorne Street, San Francisco, CA 94107, USA. The legal basis for data processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR.
For cases in which personal data is transferred to the USA, Functional Software Inc. has committed to the EU-U.S. Data Privacy Framework, https://www.dataprivacyframework.gov/s/. Additionally, Functional Software uses so-called standard contractual clauses (= Art. 46 para. 2 and 3 GDPR). Standard contractual clauses (SCC) are templates provided by the EU Commission intended to ensure that your data comply with European data protection standards when transferred and stored in third countries (such as the USA). Through the EU-US Data Privacy Framework and standard contractual clauses, Functional Software commits to complying with the European data protection level, even if data are stored, processed and managed in the USA. These clauses are based on an implementing decision by the EU Commission. You can find the decision and corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de.
The data processing conditions (Data Processing Addendum) compliant with the standard contractual clauses can be found at https://sentry.io/legal/dpa/.
More about the data processed by using Sentry can be found in the privacy policy https://sentry.io/privacy/?tid=331709114127.
Use of The Hotels Network
On our website, we use the external service provided by The Hotels Network S.L., Calle Bailén 11, 08010 Barcelona, Spain (“The Hotels Network”).
We use this service to analyze usage on our website and to personalize content and offers. For this purpose, The Hotels Network uses cookies and similar technologies that collect information about your usage behavior. This may include the following data:
- Pages visited
- Interactions
- Technical information such as browser type, operating system, or IP address
The collected data is used to display personalized content, offers, or notifications to you, as well as to improve the functionality and user-friendliness of our website.
Data processing is carried out in accordance with your consent pursuant to Article 6(1)(a) of the GDPR in conjunction with Section 25, sentence 1 of the TDDDG.
According to The Hotels Network, it cannot be ruled out that data may be transferred to servers in third countries in connection with the use of the service. In such cases, The Hotels Network ensures that an adequate level of data protection is maintained in accordance with the requirements of the GDPR, for example by entering into standard contractual clauses.
For more information on data protection at The Hotels Network, please visit:
https://www.thehotelsnetwork.com/de/privacy-policy.Use of the “Profitroom” AI Chatbot
We use an AI-powered chatbot on our website. The software provider is Profitroom S.A., Roosevelta 9/3, 60-829 Poznań. We use the chatbot to interact with you, provide information about the hotel and its offers, answer questions, assist with bookings, and support the hotel staff.
Nature and Scope of Processing
When using the chatbot, the following data may be processed:
- Users’ chat entries
- Personal data you may voluntarily provide (e.g., name, email address, phone number, booking-related inquiries, data from existing bookings)
- Technical data (e.g., IP address, time of the request, browser information)
Please note that you decide for yourself what information you enter in the chat. We ask that you refrain from sharing any sensitive personal data (e.g., health-related information).
Legal Basis
Processing is based on your voluntary consent pursuant to Art. 6(1)(a) GDPR. You may revoke your consent at any time with future effect. Where applicable, the processing of this data is based on Art. 6(1)(b) GDPR, provided that your inquiry relates to the performance of a contract or is necessary for the implementation of pre-contractual measures.
Retention Period
Your data will only be stored for as long as is necessary to process your request or as required by statutory retention obligations.
Disclosure and Transfer to Third Countries
Your data will only be disclosed to the extent necessary for the operation of the chatbot. We have entered into a data processing agreement with the software service provider in accordance with Article 28 of the GDPR.
In the course of performing the contract, we may also engage data processors located outside the European Union (e.g., the United States). Data transfers are made on the basis of appropriate safeguards in accordance with Article 46 of the GDPR (in particular, the EU Standard Contractual Clauses).
Use of the chatbot is voluntary. Alternatively, you can contact us at any time using the other contact options provided.
Data Processing by Social Networks
We maintain publicly accessible profiles on social networks. The social networks used by us can be found below.
Social networks like Facebook etc. usually analyze your user behavior extensively when you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Visiting our social media presences triggers numerous data protection-related processing activities as follows:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. Your personal data may also be collected even if you are not logged in or do not have an account on the respective social media portal. In this case, data collection occurs, for example, via cookies stored on your device or by recording your IP address.
Using the data thus collected, operators of social media portals can create user profiles in which your preferences and interests are stored. This allows interest-based advertising to be displayed on and off the respective social media platform. If you have an account on the respective social network, interest-based advertising can be shown on all devices on which you are or have been logged in.
Please also note that we cannot trace all the processing processes on the social media platforms. Depending on the provider, further processing steps may be carried out by operators of social media platforms. Details can be found in the terms of use and privacy policies of the respective social media portals.
Legal Basis
Our social media presences are intended to provide the most extensive presence on the internet possible. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. The analysis processes initiated by social networks may be based on different legal grounds to be specified by the providers of social networks (e.g., consent within the meaning of Art. 6 para. 1 lit. a GDPR).
Controller and Assertion of Rights
If you visit one of our social media profiles (e.g. on Facebook), we are jointly responsible with the social media platform operator for data processing activities triggered during the visit. You can generally assert your rights (access, rectification, deletion, restriction of processing, data portability, and complaint) both against us and against the operator of the respective social media portal (e.g., Facebook).
Please note that despite the joint responsibility with social media portal operators, we do not have full influence over the data processing processes of the social media portals. Our possibilities depend substantially on the respective provider’s corporate policy.
Storage Duration
Data directly collected by us via the social media presence will be deleted from our systems once the purpose for storing them ceases, you request deletion, revoke consent to storage, or the purpose for data storage ceases. Stored cookies remain on your device until you delete them. Mandatory legal provisions – particularly retention periods – remain unaffected.
We have no influence on the storage duration of your data that is stored by the operators of social networks for their own purposes. For details, please inform yourself directly from the operators of social networks (e.g., in their privacy policies listed below).
Social Networks in Detail:Facebook
We have a profile on Facebook. Provider is Meta Platforms Inc., 1 Hacker Way, Menlo Park, California 94025, USA. We have concluded a joint processing agreement (Controller Addendum) with Facebook. This agreement specifies which data processing activities we or Facebook are responsible for when you visit our Facebook page. You can view this agreement at: https://www.facebook.com/legal/terms/page_controller_addendum. You can adjust your ad settings independently in your user account. Click the following link and log in: https://www.facebook.com/settings?tab=ads. Details can be found in Facebook’s Privacy Policy: https://www.facebook.com/about/privacy/.
We have a profile on Instagram. Operator of the social network Instagram is Meta Platforms Ireland Limited. Details about how they handle your personal data can be found in Instagram's Privacy Policy: https://help.instagram.com/581066165581870
TripAdvisor
We have a profile on TripAdvisor. Operator of the social network TripAdvisor is TripAdvisor LLC, 400 1st Avenue, Needham, MA 02494 USA. Details about their handling of your personal data can be found in TripAdvisor’s Privacy Policy: https://tripadvisor.mediaroom.com/de-privacy-policy