Data protection declaration

I. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection related provisions is:

Landgasthof Mindelsee

Proprietor Martina Schleith

II. General information regarding data processing

1. Extent of processing of personal data

We generally only collect and use the personal data of our users, insofar as is necessary for the provision of a functional website as well as our contents and services. The collection and use of the personal data of our users takes place regularly only after the consent of the user. An exception applies in such cases in which the previous obtaining of consent is not possible for factual reasons and the processing of the data is allowed by statutory regulations.

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, the legal basis for the processing of said personal data is Art. 6 par.1 lit.a of the EU General Data Protection Regulation (GDPR).

For the processing of personal data required for the fulfilment of a contract to which the data subject is the contracting party, the legal basis is Art. 6 par.1 lit.b GDPR. This also applies for processing which is required for the implementation of pre-contract measures.

If the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, the legal basis is Art. 6 par.1 lit.c GDPR.

In the case that processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, the legal basis is Art. 6 par.1 lit.d GDPR.

If processing is necessary for the protection of the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not override the first-stated interests, the legal basis for processing is Art. 6 par.1 lit.f GDPR.

3. Data erasure and storage duration

The personal data of the data subject is erased or blocked, as soon as the purpose of the storage no longer exists. Storage may furthermore take place, if this is provided for compliance with a legal obligation in the European Union or Member State ordinances, laws or other regulations to which the controller is subject. Blocking or erasure of the data also takes place when a storage period specified by the named standards expires, unless there is a necessity for the further storage of the data due to the conclusion of a contract or the fulfilment of a contract.

III. Provision of the website and creation of log files

1. Description and extent of data processing

Upon each use of our website, our system automatically collects data and information from the computer system of the calling computer.

The following data is saved in this process:

  • Information regarding the type of browser and the version used
  • The operating system of the user
  • The internet service provider of the user
  • The IP address of the user
  • Date and time of the access
  • Websites from which the system of the user accesses our internet site
  • Websites that are called up by the system of the user via our website

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

2. Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 par.1 lit.f GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the delivery of the website to the computer of the user. For this, the IP address of the user remains stored for the duration of the session.

Storage takes place in log files to ensure the functional capability of the website. Furthermore, the data is used by us to optimize the website and to ensure the security of our IT systems. An evaluation of the data for marketing purposes does not take place in this respect.

These purposes also substantiate our legitimate interest in the data processing pursuant to Art. 6 par.1 lit.f GDPR.

4. Duration of storage

The data is erased as soon as it is no longer required for the accomplishment of the purpose of its collection. In the event of the acquisition of the data for the provision of the website, this is the case when the respective session ends.

If the data is stored in log files, this is the case after seven days at the latest. A continuation of storage beyond this period is possible. In this case, the IP addresses of the users is erased or pseudonymised, such that allocation to the calling client is no longer possible.

5. Objection and disposal possibility

The acquisition of the data for the provision of the website and the storage of the data in log files is essential for the operation of the website. The user therefore does not have an option of objection.

IV. Use of cookies

V. Google Analytics

Our websites use Google Analytics, a web analysis services of Google Inc. (“Google”). The provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

For this, Google use so-called “analysis cookies”, which are text files stored on your computer to enable the analysis of your use of the website. The information generated by the cookie with regard to your use of the website

  • Browser type/version,
  • Operating system used,
  • Referrer URL (site previously visited),
  • Host name of the accessing computer (IP address),
  • Time of server request,

is usually transferred to a Google server in the USA and stored there. The website also uses Google Analytics with the extension “_anonymizeIp()”, so that data is only processed in an anonymized form. For this, the IP address is shortened by the last three digits, such that the clear allocation of the IP address is no longer possible. The full IP address is only transferred to a Google server in the USA and shortened there in exceptional cases.

On our behalf, Google will use this information to analyse your use of the website, to compile reports on the website activities and to render further services associated with the website and Internet use. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the data on Google’s behalf. Google will not connect your IP address with other data from Google. These purposes also substantiate our legitimate interest in the processing of personal data pursuant to Art. 6 par.1 lit.f GDPR.

The basis for the data processing is Art. 6 par. 1 S. 1 lit. f GDPR. Erasure of the data takes place automatically once a month after statistical evaluation.

You can prevent the installation and storage of the cookies by making the appropriate setting in your browser software. We must hereby inform you that, in this case, you may possibly not be able to fully utilise certain functions of this website.

You can also prevent the collection of the data related to your use of the website and generated by the cookie (incl. your IP address) to Google and the processing of said data by Google, by downloading and installing the browser plug-in available under the following link:

http://tools.google.com/dlpage/gaoptout?hl=de.

As an alternative to the browser add-on, in particular for browsers on mobile end devices, you can also prevent the collection by Google Analytics by setting an opt-out cookie in your browser, which prevents the future collection of your data when visiting this website. The opt-out cookie applies only in this browser and only to our website and is stored on your device. If you delete the cookies in this browser you must set the opt-out cookie anew.

Set the Google Analytics opt-out cookie now

By using the website, you declare that you consent to the processing of your personal data collected by Google in the manner described and for the purpose described above. For further information on Google Analytics, please refer to the internet under the following link of the manufacturer Google: https://support.google.com/analytics/answer/6004245?hl=de).

VI. Use of social media plug-ins

So-called plug-ins of the providers facebook, Google+, Twitter, Instagram, Pinterest and YouTube are also used on this website.

Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. You will find an overview of the plug-ins of Facebook here:

https://developers.facebook.com/docs/plugins/

Google+ is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. You will find further information about the plug-ins of Google+ here:

https://developers.google.com/+/web/

Instagram is offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. Further information can be found in the data protection declaration of Instagram: http://instagram.com/about/legal/privacy/.

Pinterest is offered by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. Further information can be found in the data protection declaration of Instagram: https://policy.pinterest.com/de/privacy-policy

if you call up a sub-page of our website that has one of the plug-ins stated above, a connection to the servers of the associated provider is established and the plug-in is displayed on the website by a message to your browser. By this means, the server of the network provider respectively stated above receives information as to which of our websites you have visited. If you are logged in as a member of a provider, then the provider will assign this information to your personal user account. During the use of the plug-in functions (e.g. clicking the “Like” button, leaving a comment on Facebook) this information is also allocated to your account, which you can only prevent by logging out prior to using the plug-in.

The plug-ins are only regularly activated when you click on the corresponding buttons. If these are displayed greyed-out, the plug-ins are inactive. You have the possibility to activate the plug-ins once or permanently.

The plug-ins establish a direct connection between your browser and the plug-in providers. This takes place only after the activation of the plug-in. As the website operator we have no influence whatsoever on the nature and extent of the data transferred by the plug-in to the servers of the plug-in providers.

For further information regarding the collection and use of the data by the network provider, your relevant rights and possibilities for the protection of your privacy, please refer to the respective data protection information of the providers:

Data protection information:

Facebook, accessible under https://www.facebook.com/policy.php

Google+, accessible under https://developers.google.com/+/web/buttons-policy

Twitter, accessible under https://twitter.com/privacy

YouTube, accessible under https://www.google.de/intl/de/policies/privacy/

Pinterest, accessible under https://about.pinterest.com/de/terms-service

Instagram, accessible under http://instagram.com/about/legal/privacy/.

The basis for the data processing via our website is Art. 6 par. 1 S. 1 lit. f GDPR.

If you do not want the network providers to directly allocate the data collected via our website to your user profile, you must log out of your network account prior to visiting our website. In addition, the loading of the plug-ins can be completely prevented by means of specially developed add-ons for your browser.

VII. Contact form and e-mail contact

1. Description and extent of data processing

A contact form is available on our website, which can be used for the establishment of electronic contact. If a user takes advantage of this option, the data entered in the input mask is transferred to us and saved. This data includes the name, e-mail address and content of the message.

In addition, the following data is saved at the time the message is sent:

  • The IP address of the user
  • Date and time of the login

Within the framework of the sending procedure, your consent to the processing of the data is obtained and reference is made to this data protection declaration.

As an alternative, contact may be made via the e-mail address provided. In this case, the personal data of the user that is communicated together with the e-mail is stored.

No disclosure to third parties takes place in this respect. The data is solely used for processing the conversation.

2. Legal basis for data processing

If consent has been obtained from the user, the legal basis for processing the data is Art. 6 par.1 lit.a GDPR.

The legal basis for the processing of the data transferred in the process of sending an e-mail is Art. 6 par.1 lit.f GDPR. If the e-mail contact aims at the conclusion of a contract, then the additional legal basis for the processing is Art. 6 par.1 lit.b GDPR.

3. Purpose of data processing

The processing of the personal data from the input mask serves only for the purpose of establishing contact. In the case of establishing contact via e-mail, this also involves the necessary legitimate interest in the processing of the data.

The other personal data processed during the sending procedure serves to prevent any misuse of the contact form and to ensure the security of our IT systems.

4. Duration of storage

The data is erased as soon as it is no longer required for the accomplishment of the purpose of its collection. For the personal data from the input mask of the contact form and that sent via e-mail, this is the case when the respective conversation with the user is finished. The conversation is only over when the circumstances indicate that the situation in question has been finally clarified.

The personal data additionally collected during the sending procedure is erased after a period of seven days at the latest.

5. Objection and disposal possibility

The user has the possibility at any time to revoke his consent to the processing of his personal data. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

All personal data stored during the establishment of contact is erased in this case.

VIII. Rights of the data subject

If your personal data is processed, you as the data subject in the sense of the GDPR have the following rights against the controller:

1. Right to information

You can demand confirmation from the controller as to whether personal data referring to you is being processed by us.

In the case of such processing, you can demand the following information from the controller:

(1) the purposes for which the personal data is processed;

(2) the categories of personal data concerned;

(3) the recipients or categories of recipients, to whom your personal data has been disclosed or will be disclosed;

(4) the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine the storage period;

(5) the existence of the right to request from the controller rectification or erasure of your personal data or restriction of processing of personal data by the controller or of a right of objection to said processing;

(6) the existence of a right to lodge a complaint with a supervisory authority;

(7) where the personal data is not collected from the data subject, any available information as to the source;

(8) the existence of automated decision-making, including profiling, referred to in Art. 22 par. 1 and 4 GDPR and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to be informed whether your personal data is to be transferred to a third country or an international organisation. In this connection you can demand to be informed as to the suitable safeguards pursuant to Art. 46 GDPR in conjunction with the transfer.

2. Right of rectification

You have a right to obtain from the controller without undue delay the rectification and/or completion of inaccurate or incomplete personal data. The controller must implement the rectification immediately.

3. Right to restriction of processing

You have the right to obtain the restriction of processing of your personal data under the following conditions:

(1) you contest the accuracy of your personal data for a period enabling the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of the use of the personal data instead;

(3) the controller no longer needs the personal data for the purposes of the processing, but is required by you for the establishment, exercise or defence of legal claims; or

(4) you have objected to processing pursuant to Art. 21 par. 1 GDPR pending the verification whether the legitimate grounds of the controller override your grounds.

Where processing of your personal data has been restricted, said personal data shall – with the exception of storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If you have obtained a restriction of processing pursuant to the above conditions, you will be informed by the controller before the restriction of processing is lifted.

4. Right to erasure

a) Erasure obligation

You can demand from the controller that your personal data is immediately erased, and the controller is obligated to immediately erase said data, if one of the following reasons apply:

(1) The personal data is no longer required in relation to the purposes for which it was collected or otherwise processed.

(2) You withdraw your consent on which the processing is based according to Art. 6 par. 1 lit. a, or Art. 9 par. 2 lit a GDPR and where there is no other legal basis for the processing.

(3) You object to the processing pursuant to Art. 21 par. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 par. 2 GDPR.

(4) Your personal data has been unlawfully processed.

(5) The erasure of your personal data is required for compliance with a legal obligation in Union or Member State law to which the controller is subject.

(6) Your personal data has been collected in relation to the offer of information society services referred to in Art. 8 par. 1 GDPR.

b) Information to third parties

Where the controller has made your personal data public and is obliged pursuant to Art. 17 par. 1 GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers processing the personal data that you as the person affected have requested the erasure of all links to said data, or of copies or replications of said personal data.

c) Exceptions

The right to erasure does not exist if processing is necessary

(1) for exercising the right of freedom of expression and information;

(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health in accordance with Art. 9 par. 2 lit. h and i as well as Art. 9 par. 3 GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 par. 1 GDPR, in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of said processing; or

(5) for the establishment, exercise or defence of legal claims.

5. Right to notification

If you have exercised the right to rectification, erasure or restriction of processing against the controller, said controller shall be obligated to communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort.

You are entitled with respect to the controller to be instructed about said recipients.

6. Right to data portability

You have the right to receive the personal data you have provided to the controller in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit said data to another controller without hindrance from the controller to which the personal data has been provided, where:

(1) the processing is based on consent pursuant to Art. 6 par. 1 lit. a GDPR or Art. 9 par. 2 lit. a GDPR or on a contract pursuant to Art. 6 par. 1 lit. b GDPR and

(2) the processing is carried out by automated means.

In exercising this right, you shall also be entitled to have the personal data transferred directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of other persons.

The right to data portability shall not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right of objection

You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data based on Art. 6 par. 1 lit. e or f GDPR; this shall also apply to profiling based on these provisions.

The controller shall no longer process your personal data, unless he can present compelling protection reasons for processing that outweigh your interests, rights and freedoms, or that processing serves the establishment, exercise or defence of legal claims.

Where your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this shall also apply to profiling to the extent that it is related to such direct marketing.

If you object to the processing for purposes of direct marketing, we shall no longer process your personal data for these purposes.

In connection with the use of the services of the information company – irrespective of the directive 2002/58/EC – you have the possibility to exercise your right of objection by automated means where technical specifications are used.

8. Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent pursuant to data protection law at any time. The lawfulness of the processing performed based on the consent until the time of revocation shall not be affected by the revocation of the consent.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision

(1) is necessary for the conclusion or fulfilment of a contract between you and the controller;

(2) is permissible by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or

(3) is based on your explicit consent.

However, these decisions may not solely be based on special categories of personal data pursuant to Art. 9 par. 1 GDPR, unless Art. 9 par. 2 lit. a or g applies and suitable measures to safeguard rights and freedoms and your legitimate interests have been taken.

With regard to the cases stated in (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Irrespective of another administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.