Data Protection Declaration

The protection of personal data is an important concern to us.
This is why we process personal data in accordance with valid European and national legal regulations.
The following declaration gives an overview of which type of data can be collected, in which way this data can be used and passed on, which security measures we take to protect your data and in which manner and means you can receive information about data given to us.
Article 6 section 1 S. lit. a) EU general data protection regulations (GDPR) serves as the legal basis as far as we obtain permission of the affected person for processing procedures of personal data. Article 6 section 1 S. lit. b) GDPR serves as the legal basis for processing personal data which is required to fulfil a contract whose contract party is the affected person. This is also valid for processing procedures which are required to execute pre-contract measures.
Article 6 section 1 S. lit. c) GDPR serves as the legal basis if processing personal data is required to fulfil a legal obligation which we are subject to. Article 6 section 1 S. lit. f) GDPR serves as the legal basis if processing is required to safeguard a legitimate interest of our company or a third party and the interests, basic rights and the fundamental freedoms of the affected person do not outweigh the aforementioned interest.
The personal data of the affected person are deleted or blocked as soon as the purpose of storage no longer exists. In addition, storage can be made if this was foreseen by the European or national legislator in the Union’s legislation decrees, laws or other regulations which we are subject to. Blocking or deletion of data is also made if the storage period specified by the above mentioned standard expires, unless a requirement exists to continue storage of data for a contract conclusion or fulfilment of a
contract.

§ 1 The Responsible Person

The responsible person in accordance with the general data protection regulations and other national data protection laws of the member state and also other legal data protection regulations is:
Parkhotel Krone
Darmstädter Straße 168
64625 Bensheim

§ 2 Definitions

The data protection declaration is based on terminology which was used by the European regulators in the decree of the EU general data protection regulation (hereinafter
called “GDPR”). The data protection declaration shall be easy to read and understandable. To ensure this the following important definitions are explained:
a) Personal data is information which concerns identified or identifiable natural persons (hereinafter called “affected person”). A natural person is seen as identifiable who
can be directly or indirectly identified, in particular by means of association to an identifier such as a name, to a code number, to location data, to online identification or to
one or several special features which are an expression of physical, physiological, genetic, psychic, economic, cultural or social identity of this natural person.
b) An affected person is any identified or identifiable natural person whose personal data is processed by the person responsible for the processing.
c) Processing is any executed activity with or without the help of automated processes or any such set of processes in conjunction with personal data such as collection,
recording, organisation, arranging, storage, modification or changing, selection, searching, using, disclosure through transfer, distribution or another form of provision,
comparison or link, restriction, deletion or destruction.
d) Profiling is any type of automated processing of personal data which consists of processing this personal data to assess certain personal aspects relating to a natural
person, in particular aspects regarding work performance, economic situation, health, personal preferences, interests, reliability, behaviour, place of residence or to
analyse or predict the change of location of this natural person.
e) Pseudonymising is the processing of personal data in such a way that personal data cannot be associated to a specific affected person without the help of additional
information as far as this additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data cannot be
allocated to an identified or identifiable natural person.
f) Responsible or responsible person for processing is the natural or legal person, authority, institution or other offices which decide about the purpose and means of the
personal data processing solely or together with others. If the purposes and means of this processing are prescribed by Union right or the right of the member state then
the responsible person can or could specify the specific criteria of its designation according to Union right or the right of the member states.
g) Contract processor is a natural or legal person, authority, institution or other offices which processes personal data on behalf of the responsible person.
h) Recipient is a natural or legal person, authority, institution or other offices which publish personal data, regardless of whether it refers to a third party or not. Authorities
which possibly receive personal data within a specific enquiry mandate according to Union rights or the right of member states do not, however, count as recipients.
i) Third party is a natural or legal person, authority, institution or other offices apart from the affected person, the responsible person, the contract processor and the
persons who are authorised under the direct responsibility of the responsible person or the contract processor, to process personal data.
j) Consent is any expression voluntarily given by the affected person for the specific case in an informed manner and unmistakably in the form of a statement or in another
unambiguous affirmative act which the affected person insinuates that he agrees with the processing of his personal data.

§ 3 Availability of website and preparing logfiles

When the website is only used informatively, i.e. if you do not register or otherwise transmit to us information, we can automatically collect with every website call up the
following data and information of the computer system of the requesting computer:
a) The IP address of the user
b) Information on the type of browser and the version used
c) The user’s operating system
d) The Internet service provider of the user
e) Date and time of access
f) Websites from which the user’s system accesses the internet page
g) Websites which were called up by the user’s system through our website
h) Contents called up (specific sites)
i) Each transferred data volume
j) Language and version of browser software
k) Search machines used
l) Names of downloaded files
The data will also be stored in the logfiles of our system.
Article 6 section 1 S. lit. f) GDPR serves as the legal basis for the temporary storage of logfiles. The temporary storage of the IP address by the system is required to:
a) allow the website to be delivered to the user’s computer. For this
the IP address of the user must remain stored for the period of the session.
b) to optimise the content of our website and also the advertisements
c) to guarantee the functionality of our information technology systems and the technology of our website
d) to provide law enforcement authorities with the necessary information for prosecution in the case of a cyber attack.
In case storage of IP addresses is made in the logfiles:
The storage of logfiles is made to ensure the functionality of the website. In addition, the data serves to optimise the website and to ensure the security of our information
technology systems.
An assessment of the data for marketing purposes is not made in this context. In these cases there also exists a justified interest in data processing according to article 6
section 1 S. 1 lit. f) GDPR.
The data is deleted as soon as it is no longer required for achieving the purpose of its collection – in this case with the end of the use process if storage of IP addresses in
logfiles is made:
In the case of storage of data in logfiles this is at the latest after seven days. A further storage is not possible. In this case IP addresses will be deleted or anonymised so
that allocation of the client called is not possible.
Collection of data for access of the website and the storage of data in logfiles is absolutely necessary for the operation of the Internet page, which is why no objection
procedure exists.

§ 4 Use of cookies

This website uses so-called cookies. Cookies are small text files which are sent from a webserver to your browser and are stored locally on your end device (PC, notebook, tablet, smartphone etc.) and send specific information to the user (i.e. us) as soon as you visit a website. Cookies help to make the website user friendly and safer, in particular they help to collect user-related information such as user frequency and number of users of the pages and also behaviour of the website use. Cookies do not damage the computer and do not contain viruses. ata collected in this way will be pseudonymised by technical means. An allocation of the data to the user calling is therefore no longer possible. The data will not be stored together with other personal data. In this regards information is also given on how the storage of cookies can be prevented in the browser settings. Article 6 section 1 S. lit. f) GDPR serves as the legal basis for processing personal data using cookies. Cookies remain stored also when the browser session has ended and can be accessed when the website is revisited. However, cookies are stored on your computer and transmitted from it to our website. You thus have full control over the use of cookies. If you do not wish data collection via cookies, you can set your browser via the menu
under “settings” so that you are informed about setting cookies or generally exclude setting cookies or you can delete individual cookies. However, please note that when cookies are deactivated the functionality of this website can be restricted. As far as session cookies are used, these will anyway be deleted automatically after leaving the website.

§ 5 E-Commerce

If you wish to order in our booking portal, to conclude the contract we require you to enter your personal data for processing of your order. The data is entered into an input
mask and transmitted to us and stored. The following data is collected:
a) Name of orderer
b) Name of arriving guest
c) Address
d) Email address
e) Telephonef) Payment data
g) IP address
Forwarding data to third parties is only possible if forwarding for the purpose of processing the contract or for invoicing purposes and/or collecting charges is required or
you have given your explicit permission. In this regards we only pass on the respective required data. The data recipients are:
a) Collection agency, as far as the payment must be collected (forwarding name, address, order details)
b) The bank for collection of the payment as far as the payment is made via direct debit or credit card.
c) Immediate transfer, Sofort GmbH, as far as the payment is made via immediate transfer
d) PayPal Holding , Inc., if the payment is made via Paypal
Article 6 section 1 S. 1 lit. b) GDPR is the legal basis.
Article 6 section 1 S. 1 lit. a) GDPR is the legal basis regarding processing voluntary data.
The mandatory details are required to fulfil the contract with the user. We therefore use the data to answer your enquires, to process your order and if necessary to check
credit rating and/or collect a debt and also for purposes of technical administration of the website.
Voluntary information is made to prevent misuse and if necessary to investigate criminal offences. We can also process data provided by you to inform you about further
interesting products in our portfolio or to send you emails with information.
The data is deleted as soon as collection is no longer required to achieve the purpose. Due to commercial and fiscal requirements we must store your address, payment
and order details for a period of ten years after execution of the contract. If a continuing obligation exists between us and the user, we store the data during the whole of
the contract period and also for a period of ten years afterwards (see above). Regarding voluntary data provided we delete the data three years after execution of the
contract as far as no further contract with the user has been concluded in this period; in this case the data will be deleted three years after execution of the last contract.
If data is required to fulfil a contract or to execute pre-contractual measures, premature deletion of data is only possible if no contractual or legal obligations to delete
prevent this. Otherwise you are free to have personal data, which was provided at the registration, completely deleted out of the database of the person responsible for the
processing. At any time upon request the person responsible for the processing can give information which personal data about you has been stored. In addition the person responsible for processing corrects or deletes personal data on request or after indication by the affected person if no legal retention obligations oppose this.
You can write to the responsible person or the data protection officer at any time via email or by post according to § 1 and request the deletion/amendment of the data.

§ 6 Forwarding personal data to third parties

This website can contain links to external sites. We ourselves are responsible for our content. We have no control of the content of external links and therefore are not
responsible, in particular we do not adopt their content as our own.
If you are routed to an external site, the data protection declaration available on this site is valid. We gladly receive information from you regarding illegal activities on our
site or if content is conspicuous. In this case we will check the content and react accordingly.

§ 7 Contact form or email contact

A contact form is available on our internet site which can be used to contact us electronically. If you use this option, the data entered into an input mask are transmitted to
us and stored. Your permission will be obtained for data processing in the course of the dispatching process and you will be referred to this data protection declaration.
Alternatively contact can be made through the email address provided. In this case the personal data transmitted with the email will be stored.
If it concerns information on communication channels (for example email address, telephone number), you also permit us to contact you if necessary through this communication channel in order to answer your issue. In this respect no data will be passed on to third parties. The data is only used for processing the conversation. If a user’s permission exists Article 6 section 1 S. lit. a) GDPR serves as the legal basis for the processing of data. Legal basis for the data processing which is transmitted when sending an email is article 6 section 1 S.1 lit .f) GDPR.Legal basis for processing is in addition article 6 section 1 S.1 lit .b) GDPR if the email contact aims to conclude a contract.
Processing of personal data from the input mask only serves to process the first contact. We obviously use the data from the email request exclusively for the purpose you
intended when contacting us. In the case of contact by email, answering the email means a legitimate interest exists in processing data. Other personal data processed
during the dispatch process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.
The data is deleted as soon as collection is no longer required to achieve the purpose. This is then the case for personal data from the input mask of the contact form and those transmitted by email if the corresponding conversation with the user has ended. The conversation is then finished if it can be seen from the circumstances that the affected issue has been finally clarified.
You have the option at any time to withdraw your permission to the processing of personal data. If you contact us by email, you can withdraw your permission to store your personal data at any time. In such a case the conversation will not be continued.
Please contact the responsible person according to § 1 via email or by post concerning the withdrawal of permission/objection to storage. All personal data stored in the course of the contact will be deleted in this case

§ 8 Web analyse by Google Analytics (with pseudonymisation)

On our website we use if necessary services of Google Inc. (Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA) to analyse the surf behaviour of our users. The software stores a cookie on your computer (for cookies see above). The following data can be stored when calling up individual pages of our website:
a) Two bytes of the IP address of the user’s calling system
b) The website called up
c) Entry pages, exit pages,
d) The retention time on the website and the dropout rate
e) The frequency of accessing the website
f) Country of origin and regional origin, language, browser, operating system,
screen resolution, use of Flash or Java
g) Search machines and search definition used

The information on the use of this website by the user generated by cookies are generally transmitted to a Google server in the USA and stored there. This website uses
Google Analytics with the extension „_anonymizeIp()“. The software is set such that the IP addresses are not fully stored but only in abbreviated form. In this way an
allocation of the abbreviated IP address to the accessing computer is not possible. The full IP address will only be transmitted to the Google server in the USA in
exceptional cases and abbreviated there. However, the IP address transmitted within Google Analytics from your browser will not be joined with other Google data. Legal
basis for the processing of personal data is article 6 section 1 S.1 lit .f) GDPR.
In exceptional cases in which personal data is transmitted to the USA, Google is subject to the EU-US Privacy Shield https://www.privacyshield.gov/EU-US-Framework.
Google can, on our behalf, use this information to evaluate the use of the website by you and to prepare reports on the website activities. Through the evaluation of the
data gained we are in a position to compile information on the use of individual components of our website. This helps us to continually improve our website and its userfriendliness In these cases we have a legitimate interest in processing data according to article 6 section 1 lit. f) GPDR.

The interest of the user to protect his personal data is sufficiently taken into account by the anonymisation of the IP address. The data will be deleted as soon as it is not required for our record keeping purposes. Cookies used are stored on your computer and transmitted from the computer to our page. If you do not agree with the collection and evaluation of user data, you can prevent this by correspondingly setting your browser software by deactivating or restricting the use of cookies. Cookies already stored can be deleted at any time. However, in this case it could be possible that you may not be able to fully use all functions of this website. In addition you can prevent the collection of data (incl. your IP address) generated by the cookie and their related use of the website to Google and also prevent this data being processed by Google by downloading and installing the browser plugin under the following link. The current link is: https://tools.google.com/dlpage/gaoptout?hl=de. Third party provider is Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Further information can be found in the user conditions under https://www.google.com/analytics/terms/de.html, in the overview for data protection under https://www.google.com/intl/de/analytics/learn/privacy.html and also in the data protection declaration under https://www.google.de/intl/de/policies/privacy.

§ 9 Social Media Plugins

On these pages social plugins of the social network Facebook (Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA) are used. This plugin allows you to set a bookmark on these pages and thus share these with other subscribers of social networks. You can recognise this plugin by the Facebook logo or the typical “Like button”. A summary of Facebook plugins can be found under https://developers.facebook.com/docs/plugins/. We use the so-called double click solution. This means that if you visit our site initially strictly no personal data is forwarded to Facebook. We provide you the possibility to communicate with Facebook via the button. Facebook only receives information that you have accessed the website if you click the marked box and thus activate it. Forwarding data is made regardless of whether you have an account with Facebook and are logged in there. a) If you click the Facebook “Like button” when you are logged into your Facebook account, the contents of this page can be linked to the Facebook profile. In this case Facebook can also allocate the pages visited to your user account. If you click the activated button and for example link the page, Facebook also stores this information in your user account and shares it publicly with your contacts. We recommend to you that you regularly log out after using a social network, in particular before activating the button so that you can avoid such an assignment to your profile. b) If you are not a member of Facebook or if you have logged out of Facebook before visiting this site there is still the possibility that Facebook finds out your IP address and stores it. If you do not wish that Facebook can assign the visit to our site to your Facebook user account, you must log out of Facebook before visiting our internet site and you should not activate the plugin. The following data is hereby generally transmitted to Facebook: – browser-related data such as IP address, browser type, operating system, time and date of request, website visited. – User ID (for registered Facebook account) The IP addresses are immediately anonymised after collection according to Facebook in Germany. By activating the plugin your personal data is transmitted to Facebook and stored in the USA: Since Facebook carries out data collection in particular through cookies, we recommend to you to delete all cookies through the security settings of your browser before clicking the greyed out boxes. We have neither control over the data collected and data processing activities nor are we aware of the full scope of the data collection, the purpose of the processing and the storage periods. We also do not have information on deletion of data collected by Facebook. Facebook stores the data collected about you as user profiles and uses this for the purpose of advertising, market research and/or needs-based design of its website. Such an evaluation is made (also for users not logged in) in particular to depict needs-based advertising and in order to inform other users of social networks about youractivities on our website. Regarding the plugins, we offer you the option to interact with the social networks and other users so that we can improve our offer and design our website more interestingly for you as user. Legal basis for the use of the plugins is article 6 section 1 S.1 lit .a GDPR. Facebook is subject to the EU-US-Privacy-Shield, https://www.privacyshield.gov/EUUSFramework. You have the right of objection against creating this user profile, in order to exercise your right of objection you must contact Facebook.

§ 10 Rights of the person affected

If your personal data is processed, you are the affected person in terms of GDPR and you are entitled to the following rights against the responsible person: 1. The right to information, 2. The right to correction 3. The right to restrict processing, 4. The right of deletion 5. The right of instruction 6. The right of data portability. 7. The right of objection to the processing 8. The right to withdraw the data protection permission 9. The right to non-application of an automated decision 10. The right of complaint to a regulatory authority

1. The right to information

You can request from the responsible person a confirmation whether personal data which concerns you has been processed by us. If such processing has been carried out, you can request from the responsible person at any time free information about personal data stored about your person as well as the following information: a) For what purpose the personal data was processed; b) Which categories of personal data were processed; c) The recipients and/or the categories of recipients to whom your personal data was disclosed to or will be disclosed; d) The planned period of storage of your personal data or, if specific information is not possible on this, criteria for determining the storage period; e) Existing rights of correction or deletion of your personal data, existing rights of restriction of processing by the responsible person or of a right of objection against this processing: f) Existing right of appeal with the regulatory authority; g) All available information on the origin of data if the personal data was not collected from the affected person; h) The existence of automated decision-making including profiling according to article 22 section 1 and 4 GDPR and – at least in these cases – meaningful information on the logic and also the scope involved and the pursued effect of this processing for the affected person. You have the right to request information whether personal data affecting you has been transmitted to a third country or an international organisation. In this context you can require to be informed about suitable guarantees according to article 46 GDPR associated with the transmittal.

2. Right of correction

You have the right of immediate correction and/or completion by the responsible person if the processed personal data concerning you is not correct or incomplete.

3. Right of restriction of processing

Under the following conditions you can require from the person responsible that the processing of personal data concerning you is immediately restricted: a) if you contest the accuracy of personal data concerning you for a period in which the responsible person is allowed to check the correctness of the personal data. b) processing is illegal and you reject the deletion of the personal data and instead require that the use of the personal data is restricted. c) the responsible person no longer requires the personal data for processing purposes, however, you require this data for asserting, pursuing or defending legal claims, or d) if you file an objection against the processing according to article 21 section 1 GDPR and it has not yet been determined whether the legitimate reasons of the responsible person outweigh your reasons. If the processing of personal data concerning you has been restricted, this data can only be processed – apart from its storage – with your permission or to assert, pursue or defend legal claims or to protect the rights of another natural or legal person or on the grounds of an important public interest of the Union or a member state. If the processing was restricted according to the above conditions, you will be informed by the responsible person before the restriction is lifted.

4. Right of deletion

You can require from the responsible person that personal data concerning you is immediately deleted as far as the following grounds apply: a) The personal data concerning you is no longer required for the purpose it was collected or otherwise processed. b) You withdraw your permission on which the processing was based on according to article 6 section 1 lit. a or article 9 section 2 lit. a GDPR and there is no other legal basis for the processing. c) You file an objection against the processing according to article 21 section 1 GDPR and no overriding legitimate grounds for the processing exist or you file an objection against the processing according to article 21 section 2 GDPR. d) The personal data concerning you was processed illegally. e) The deletion of the personal data concerning you is required to fulfil a legal obligation according to Union rights or the rights of the member state which the responsible person is subject to. f) The personal data concerning you was collected with regard to services of the information company offered according to article 8 section 1 GDPR. If the responsible person has made public personal data concerning you and he is obliged according to article 17 section 1 GDPR to delete this data, he will take suitable measures, also technical, having regard to technology available and their implementation costs, to inform the person responsible for the data processing who processes the personal data that you have requested, as the person affected, the deletion of all links to this personal data or copies or replications of this personal data. The right of deletion does not exist if processing is required a) to exercise the right to freedom of expression and information; b) to fulfil a legal obligation which requires processing according to rights of the Union or the member state which the responsible person is subject to, or performing a task which is in the public interest or is made in exercising public authority which was transferred to the responsible person. c) on grounds of public interest in the field of public health according to article 9 section 2 lit. h and i and also article 9 section 3 GDPR; d) for archive purposes in the public’s interest, economic or historical research purposes or for statistical purposes according to article 89 section 1 GDPR, if the right specified under section a) probably makes achieving the goals of this processing impossible or seriously impedes, or e) for assertion, pursuing or defending legal claims. 5. Right of information If you have asserted the right to correction, deletion or restriction of processing towards the responsible person, the person is obliged to inform all recipients, who were given the personal data concerning you, of this processing correction/deletion/restriction, unless this proves to be impossible or it is associated with a disproportionate effort. You have the right to be informed of these recipients by the responsible person.

6. Right of data transfer

You have the right to receive the personal data concerning you which you made available to the responsible person in a structured, common and machine-readable form. In addition you have the right to transmit this data to another responsible person without that the responsible person whom you gave the personal data prevents this, if a) processing is based on consent according to article 6 section 1 lit. a GDPR or article 9 section 2 lit. a GDPR or on a contract according to article 6 section 1 lit. b GDPR and b) processing is made by means of automated procedure. In exercising this right you also have the right to have the personal data concerning you transmitted directly from one responsible person to another responsible person as far as this is technically possible. Freedoms and rights of other persons may not be affected by this. The right of data portability is not applicable to processing personal data which is necessary for performing a task that is in the public’s interest or is made while executing public authority which was transferred to the responsible person. To assert the right of data portability the person affected can contact at any time the person responsible for the processing.

7. Right of objection

You have the right on grounds which result from its special situation, to file an objection at any time against processing of personal data concerning you on the basis of article 6 section 1 lit. e or f GDPR, this is also applicable to a profiling supported by this provision. The responsible person will no longer process personal data concerning you unless he can prove that there are compelling legitimate grounds for processing which override your interests, rights and freedoms or processing serves to assert, pursue or defend legal claims. If the affected personal data is processed to carry out direct advertising, you have the right at any time to file an objection against the processing of personal data concerning you for the purpose of such advertising; this is also applicable to profiling if it is associated with such direct advertising. If you object to the processing on grounds of direct advertising, personal data concerning you will no longer be processed for this purpose. You have the possibility, in conjunction with the use of services of the information company – regardless of the guideline 2002/58/EG – to exercise your objection right by means of automated procedure which uses technical specifications. To pursue the right of objection the person affected can contact directly the person responsible for the processing. 8. Right of withdrawal of data protection declaration of consent You have the right to withdraw your data protection declaration of consent at any time. Through the withdrawal of the consent the legitimacy of the processing on the basis of the consent up to the withdrawal is not affected. You can contact the responsible person regarding this.

9. Automated decision on a case by case including profiling

You have the right not to be subject to a decision based on exclusively automated processing – including profiling – which achieves legal effect against you or in a similar way significantly impairs you. This is also applicable if the decision a) is for the conclusion or fulfilling a contract between you and the responsible person, b) is valid on the basis of legal regulations of the Union or the member states which the responsible person is subject to and these legal regulations contain appropriate measures to protect your rights and freedoms and also your legitimate interests or c) is made with your explicit consent. However, these decisions may not be based on special categories of personal data according to article 9 section 1 GDPR if article 9 section 2 lit. a or g GDPR and it is not applicable and suitable measures to protect the rights and freedoms as well as your legitimate interests were not taken. Regarding the cases specified in (1) and (3) the responsible person will take suitable measures to safeguard your rights and freedoms and also legitimate interests, this includes the right to obtain the intervention of a person on the part of the responsible person to express one’s own standpoint and contest the decision. Should the affected person want to assert rights regarding automated decisions, the person can contact the person responsible for the processing at any time.

10. Right to appeal to the regulatory authority

Regardless of another administrative right or court remedy, you have the right to object at the regulatory authority, in particular in the member state of your residence, your workplace or the place of the suspected violation if you are of the opinion that processing of personal data concerning you violates the GDPR. The regulatory authoritywhere the objection is submitted, informs the complainant about the status of the results of the objection including the possibility of judicial proceedings according to article 78 GDPR.

§ 11 Changes in the data protection guidelines

We reserve the right to change our data protection methods and these guidelines in order to adjust if necessary to changes to relevant laws and regulations or to better satisfy your requirements. Possible changes to our data protection methods will be announced accordingly on this site.