Jetzt buchen und besten Preis sichern!

Date protection

§ 1 The responsible person

The responsible person within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
Christine Kuß 
Ludwigstr. 18 
87561 Oberstdorf 
08322/60 30
info@luitpold-oberstdorf.de
www.luitpold-oberstdorf.de

§ 2 Definitions

(1) The data protection declaration is based on the terms used by the European legislator when adopting the EU General Data Protection Regulation (hereinafter referred to as "GDPR"). The data protection declaration should be easy to read and understand. To ensure this, the most important terms are explained below:

(2) Personal data shall mean any information relating to an identified or identifiable natural person (hereinafter referred to as 'data subject'). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

(3) Data subject means any identified or identifiable natural person whose personal data are processed by the controller.

(4) Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

(5) Profiling means any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.

(6) Pseudonymisation means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.

(7) The controller or controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.

(8) Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. 

(9) Recipient means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients. 

(10) Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or the processor, are authorised to process the personal data. 

(11) Consent means any freely given specific and informed indication of the data subject's wishes, in the form of a statement or other unambiguous affirmative act, by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.

§ 3 Provision of the  website and creation of log files

(1)    In the case of purely informational use of the website, i.e. if you do not register or otherwise transmit information to us, we automatically collect the following data and information from the computer system of the calling computer each time the website is called up:
•    The IP-Adresse of the user
•    Information about the browser type and the version used
•    The  operating system of the user
•    The  Internet service provider of the user
•    Date and time of access
•    Websites from which the user's  system accesses the website
•    Websites that are accessed by the user's system via our website
•    Content of the accesses (specific pages)
•    Volume of data transferred in each case
•    Search engines used
•    Names of files downloaded

The data is stored in the log files of our server. This data is not stored together with other personal data of the user.

When using this general data, we do not draw any conclusions about the data subject. The data is only evaluated statistically.

(2) The legal basis for the temporary storage of the log files is Art. 6 para. 1 p. lit. f) DSGVO.

(3) The temporary storage of data by the system is necessary in order to

•    to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
•    to optimise the content of our website and the advertising for it
•    to ensure the functionality of our information technology systems and the technology of our website
•    to  provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.  These purposes also constitute our legitimate interest in data processing pursuant to Art. 6 (1)  sentence 1 lit. f) DSGVO. 

(4) The data is deleted as soon as it is no longer required to achieve the purpose - in this case at the end of the usage process.
In the case of storage of data in log files, this is the case after xxx at the latest. Storage beyond this is possible. In this case, the IP addresses will be deleted or anonymised so that it is no longer possible to assign the calling client.

(5) The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website, which is why there is no possibility of objection.

§ 4 Use of cookies 

(1) This website uses so-called cookies. Cookies are small text files which, as soon as you visit a website, are sent to your browser by a web server and stored locally on your end device (PC, notebook, tablet, smartphone, etc.) and stored on your computer and send the user (i.e. us) certain information. Cookies do not cause any damage to the computer and do not contain viruses. Each cookie contains a characteristic character string (socalled cookie ID), which enables the browser to be uniquely identified when the website is called up again.

(2) We use cookies to make our website more userfriendly, e.g. to make our multimedia content accessible to you. Some elements of our website require that the calling browser can be identified even after a page change.

(3)    We also use cookies on our website,
•    to integrate user-oriented advertisements as well as for market research purposes
•    to integrate third-party plug-ins. 

(4)    When you access our website, you will be informed about the use of cookies and consent will be obtained for the processing of personal data used in this context. In this context, a reference to this data protection declaration is also made. 

(5) The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 p. 1 lit. f) DSGVO. The legal basis for the processing of personal data using cookies for advertising purposes as well as those of third-party providers is Art. 6 para. 1 p. 1 lit. a) DSGVO if the user has given his consent.

(6) The purpose of using technically necessary cookies is to simplify the use of websites for you. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change. Cookies are used in particular to make the website more customer-friendly and secure, and in particular to collect usage-related information, such as frequency of use and number of users of the pages, as well as behavioural patterns of page use. The user data collected through technically necessary cookies are not used to create user profiles.

The purpose of using technically unnecessary cookies is to improve the quality of our website and its content. The advertising cookies allow us to integrate or display advertising to you according to your interests. The thirdparty cookies are used to simplify certain functionalities for you or for better displayability. This information is also used to automatically recognise you when you visit the website again with the same end device and to make navigation easier for you.

(7) Permanent cookies remain stored even if the browser session is ended and can be called up again when you visit the site again. The cookies are stored on your computer and transmitted from it to our site. Therefore, you also have full control over the use of cookies. If you do not wish data to be collected via cookies, you can set your browser via the menu under "Settings" so that you are informed about the setting of cookies or generally exclude the setting of cookies or can also delete cookies individually. Please note, however, that the functionality of this website may be limited if cookies are deactivated. In the case of session cookies, these will be automatically deleted after you leave the website.

§ 5 Contact form and e-mails 

(1)    Our website contains a contact form that can be used for electronic contact. If you use this option, the data entered in the input mask will be transmitted to us and stored. These data are :
•    E-Mail-address
•    Massage
•    Name
•    Address
The following data are also stored at the time the message is sent:
•    IP-address of the user
•    date and time of registration
For the processing of the data, your consent is obtained as part of the sending process and reference is made to this data protection declaration.

(2) You are welcome to contact us by e-mail. In this case, the personal data transmitted with the e-mail will be stored. Insofar as this involves information on communication channels (e.g. e-mail address, telephone number), you also consent to us contacting you via this communication channel, if necessary, in order to answer your request. In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation.

(3) The legal basis for the processing of data is Art. 6 para. 1 p. 1 lit. a) DSGVO if the user has given his or her consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 p.1 lit. f) DSGVO. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 p. 1lit. b) DSGVO.

(4) The processing of the personal data from the input mask serves us solely to process the contact. We will of course use the data from your e-mail enquiries exclusively for the purpose for which you provide them to us when contacting us. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems. This is also our legitimate interest.

(5) The data shall be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest. If the e-mail contact is aimed at the execution of a contract, the data will be deleted after the expiry of the legal (commercial or tax) storage periods required for this purpose.

(6) You have the option to revoke your consent to the processing of the email and its content at any time. In such a case, the conversation cannot be continued. To do so, please contact the person responsible according to § 1. However, this revocation option only exists insofar as the e-mail contact does not serve the preparation or execution of a contract.

§ 6 Integration of the Holiday Check hotel rating

(1) We offer you the possibility to submit reviews and comments on Holiday Check regarding our accommodation via the widget of HolidayCheck AG, Bahnweg 8, CH-8598 Bottighofen, Switzerland. Your comment will be published with your given name at the entry on our homepage. We recommend using a pseudonym instead of your real name. You are required to provide your first and last name, email address and date of arrival, all other information (age travelled as, length of stay) is voluntary. If you post a comment, we will continue to store your IP address. This information is only passed on to third parties if this is required by law, e.g. for the prosecution of criminal content. The ratings are then automatically checked by HolidayCheck on the basis of various criteria and the probability of a false rating is calculated. If the probability is high, a manual individual check takes place and, if necessary, verification by contacting the reviewer. If the check comes to the conclusion that the rating is very likely correct, the rating is published.

(2) HolidayCheck uses a captcha to verify the person making the entry and to ensure that the entry was made by a natural person and not in an abusive manner by machine or automated services.

(3) The legal basis for the collection of the name, the email address, the date of arrival and the IP address is Art. 6 para. 1 sentence 1 lit. b) and f) DS-GVO and with regard to the voluntary data Art. 6 para. 1 sentence 1 lit. a) DSGVO. The legitimate interest of storing the name lies in the publication of exclusively qualified and authentic reviews. The data will be forwarded to HolidayCheck.

(4) Comments are not checked before publication. However, HolidayCheck reserves the right to delete comments if they are objected to by third parties as being illegal. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. As long as the rating is not deleted by the user, the rating remains permanently stored by HolidayCheck. If you wish your public reviews to be deleted, please contact the person responsible at HolidayCheck AG, Bahnweg 8, CH-8598 Bottighofen, Switzerland or its data protection officer DS Extern, Dipl.Kfm. Marc Althaus, Frapanweg 22, 22589 Hamburg, Germany, using the contact details provided above.

§ 7 SSL encryption

Our website uses SSL encryption when transmitting confidential or personal data. This encryption is used, for example, for payment transactions and enquiries to us via this website. To ensure that this encryption is actually active, you must monitor it. The status of the encryption can be seen in the browser line, which changes from
"http://" to https:// in the case of encryption. In the case of encryption, your data cannot be read by third parties. If the encryption is not active, please contact us confidentially via another contact option.

§ 8 Disclosure of personal data to third parties 

8.1    Links to external websites 

This website contains links to external sites. We are responsible for our own content. We have no influence on the contents of external links and are therefore not responsible for them, in particular we do not adopt their contents as our own. If you are directed to an external site, the data protection declaration provided there applies. If you notice any illegal activities or content on this site, you are welcome to point this out to us. In this case we will check the content and react accordingly (notice and take down procedure).

8.2    Rented server space 

We would like to point out that we use a rented server space of the provider HostEurope GmbH, Hansastr. 111, 51149 Cologne, Germany, www.hosteurope.de. When you visit the website, the provider of the server space therefore receives the following information:
•    browser type
•    operating system used 
•    the  origin address,
•    the time of the server request
•    the  host name of the accessing computer
This information is automatically stored by the provider in so-called server log files (see § 3), which are automatically transmitted by your browser.

8.3    Google Maps

On this website we use the offer of Google Maps. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently. By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website.

The following data will be transmitted

• Device-specific information, for example, the hardware used; the version of the operating system; unique device identifier and information about the mobile network including your telephone number.
•  Log data in the form of server logs. These include, but are not limited to, details of how the services were used, such as search queries; IP address; hardware settings; browser type; browser language; date and time of your request; originating page; cookies that uniquely identify your browser or Google account
• Location-based information. Information about your actual location may be collected by Google. This includes, for example, your IP address, your WLAN access points or mobile phone masts
• Further information on the data collected by Google, INC can be found at the following link: https://policies.google.com/privacy?hl=de&gl=deDies takes place regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account.

The legal basis for the processing of personal data is Art. 6 para. 1 lit. p.1 f) DSGVO. Google also processes your personal data in the USA and has submitted to the EUUS Privacy Shield, https://www.privacyshield.gov/EU-USFramework.
Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. If you do not wish to be associated with your Google profile, you must log out before activating the button.

You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.
The duration of storage depends on the storage periods at Google.

For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the provider's privacy policy. There you will also find further information on your rights in this regard and your right to privacy.

Setting options to protect your privacy: http://www.google.de/intl/de/policies/privacy.

8.4    Embedding YouTube videos

We have integrated YouTube videos into our online offer, which can be played directly on
http://www.YouTube.comgespeichert and from our website. YouTube is operated by YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. You Tube LLC is a subsidiary of Google Inc. When you visit the website, YouTube receives the information that you have called up the corresponding sub-page of our website:

• Device specific information, for example the hardware used; operating system version; unique device identifier and mobile network information including your phone number
• Log data in the form of server logs. These include, but are not limited to, details of how the services were used, for example, search queries; IP address; hardware settings; browser type; browser language; date and time of your request; originating page; cookies that uniquely identify your browser or Google account
• Location-based information. Information about your actual location may be collected by Google. This may include, for example, your IP address, Wi-Fi access points or cell towers
• For more information about the data collected by Google, INC, please see the following link: https://policies.google.com/privacy?hl=de&gl=de.

This takes place regardless of whether YouTube provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account.

The legal basis for the processing of personal data is Art. 6 para. 1 sentence 1 lit. f) DSGVO. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EUUS-Framework.   

The integration of the videos serves to make the website more vivid for the user and to increase the search engine ranking of the website on Google and to refer more specifically to our specially produced videos. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or designing its website to meet user needs. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. This is also our legitimate interest.
If you do not wish to be associated with your YouTube profile, you must log out before activating the button.
The duration of storage depends on the storage periods at YouTube.

You have the right to object to the creation of these user profiles, and to exercise this right you must contact YouTube or the responsible party, namely Google Ireland
Ltd, Gordon House, 4 Barrow St., Dublin, D04 E5W5, Ireland.
For more information on the purpose and scope of data collection and its processing by YouTube, please refer to YouTube's privacy policy. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy. 

8.5    Google WebFonts

This site uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. When you visit our website, your browser sends requests to the Google server.

Google logs the following data in the process:    

• IP address
• Browser information (name, version)
• Website
• User's operating system
• User's screen resolution
• Language settings of the browser or the user's operating system
• Font file

This occurs regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. Google Web Fonts are used in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 p. 1 lit. f DSGVO.

The legal basis for the processing of personal data is Art.
6 para. 1 lit. p.1 f) DSGVO. Google also processes your personal data in the USA and has submitted to the EUUS Privacy Shield, https://www.privacyshield.gov/EU-USFramework.
Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation is carried out in particular (even for users who are not logged in) for the provision of needs-based advertising and to obtain information about your activities on our website.
You have the right to object to the creation of these user profiles, and to exercise this right you must contact Google Ireland Ltd, Gordon House, 4 Barrow St., Dublin, D04 E5W5, Ireland. For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the provider's privacy policy. There you will also find further information on your rights in this regard and setting options for protecting your privacy: http://www.google.de/intl/de/policies/privacy.

8.6    Font Awesome

This site uses so-called web fonts provided by Fonticons Inc. for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. When you visit our website, your browser sends requests to the servers of Fonticons Inc. The following data is logged:

• IP address
• Browser information (name, version)
• Website
• User's operating system
• User's screen resolution
• Language settings of the browser or the user's operating system
• Font file

The use of web fonts is in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art.
6 para. 1 p. 1 lit. f DSGVO. The legal basis for the processing of personal data is Art. 6 para. 1 lit. p.1 f) DSGVO. Fonticons Inc. also processes your personal data in the USA.
Fonticons, Inc. stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation is carried out in particular (even for users who are not logged in) for the provision of needs-based advertising and to obtain information about your activities on our website.
You have the right to object to the creation of these user profiles, and to exercise this right you must contact Fonticons Inc.
Further information on the purpose and scope of the data collection and its processing can be found in the provider's data protection declarations. There you will also find further information on your rights in this regard and setting options for protecting your privacy: https://fontawesome.com/privacy.

§ 9 Google Adwords Conversion with Remarketing

(1) This website uses Google Adwords. This is a service for integrating advertisements of Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

(2) Google AdWords enables an advertiser to define keywords by means of which an advertisement is displayed in Google's search engine results exclusively when a keyword-relevant search result is retrieved with the search engine. In the Google advertising network, the ads are distributed to topic-relevant internet pages by means of an automatic algorithm and taking into account the previously defined keywords.

(3) The purpose of Google Adwords is to advertise our website by displaying interest-based advertising on third-party sites, in the results of the Google search engine and through third-party ads on our site. In doing so, we pursue the interest of displaying advertising that is of interest to you, making our website more interesting for you and achieving a fair calculation of advertising costs. These advertisements are delivered by Google via so-called "ad servers". For this purpose, we use ad server cookies, which can be used to measure certain parameters for measuring success, such as the display of the ads or clicks by users. If you access our website via a Google ad, Google Adwords will store a cookie on your PC. These cookies usually lose their validity after 30 days. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for postview conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie.

(4) The cookies enable Google to recognise your internet browser (see also § 4). If a user visits certain pages of the website of an Adwords customer and the cookie stored on his computer has not yet expired, Google and the customer can recognise that the user clicked on the ad and was redirected to this page. A different cookie is assigned to each Adwords customer. Cookies can therefore not be tracked via the websites of Adwords customers. We only receive statistical evaluations from Google. These evaluations enable us to recognise which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media; in particular, we cannot identify users on the basis of this information. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may obtain and store your IP address. We ourselves do not collect and process any personal data in the aforementioned advertising measures.

(5) Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the data collected, nor are we aware of the full extent of the data collection and the storage period Your data will be transferred to the USA and evaluated there.Through the integration of AdWords Conversion, Google receives the information that you have called up the corresponding part of our website or clicked on one of our ads; furthermore, both Google and we receive the information via the conversion cookie as to whether you have generated a turnover if you have reached our website via an AdWords ad. (6) Remarketing: In addition to Adwords Conversion, we use the Google Remarketing application. This is a function that enables us to display advertisements to Internet users who have previously visited our website. This is intended to show you advertisements that are relevant to your interests. This is done by means of cookies stored in your browser, which Google uses to record and evaluate your usage behaviour when you visit various websites. Each time you visit a website on which the Google Remarketing service has been integrated, the browser of the person concerned automatically identifies itself to Google, which can then determine your previous visit to our website. As part of this technical procedure, Google obtains knowledge of personal data, i.e. your IP address or your surfing behaviour. According to its own statements, Google does not combine the data collected in the course of remarketing with your personal data that may be stored by Google. However, this data is also transmitted to Google in the USA and stored there.

(7) The legal basis for the processing of the data is Art. 6 para. 1 p. 1 lit. f DS-GVO. For cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

(8) You can prevent participation in this tracking procedure in various ways:

a) by adjusting your browser software accordingly, in particular the suppression of third-party cookies will result in you not receiving ads from third-party providers; however, you may not be able to use all functions of our websites in this case.
b) by deactivating cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com", https://www.google.de/settings/ads, deleting this setting when you delete your cookies;
c) by deactivating the interest-based ads of the providers that are part of the self-regulation campaign "About Ads" via the link http://www.aboutads.info/choices, deleting this setting when you delete your cookies;
d) by permanently deactivating them in your Firefox, Internetexplorer or Google Chrome browsers at the link http://www.google.com/settings/ads/plugin. We would like to point out that in this case you may not be able to use all functions of this offer to their full extent.  

(9) The responsible party is Google Ireland Ltd, Gordon House, 4 Barrow Street, Dublin, Ireland, Fax: +353 (1) 436 1001. Further information on data protection at Google can be found here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org.besuchen.

§ 10 Captcha

To protect your data and your requests, we use the reCAPTCHA service of Google Inc. (Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA). This is primarily used to distinguish whether the entry of data has been made by a natural person or in an abusive manner by machine or automated services. For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google. Google uses the data to evaluate the use of this service.

(2) The legal basis for the use is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in the exclusion of machine and automated services. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

(3) We have no influence on the collected data and data processing procedures, nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods. We also have no information on the deletion of the collected data by Google.

(4) You have the right to object to the creation of these user profiles. The responsible party is Google Ireland Ltd, Gordon House, 4 Barrow Street, Dublin, Ireland, Fax: +353 (1) 436 1001.

(5) Further information on the purpose and scope of the data collection and its processing as well as on your respective rights by and against Google can be found at https://www.google.com/policies/privacy/partners/?hl=de.

§ 11 Vacancies 

(1)  We offer job advertisements on our website. 

(2) You can send us application documents by e-mail. Within the scope of this, we process the information that we receive from you as well as
•    E-Mail-address
•    if applicable, further information that is transmitted via email

(3) We do not carry out searches about you on the internet (so-called background checks). 

(4) Your data will initially be processed exclusively for the purpose of carrying out the application procedure. If your application is successful, the data will become part of the personnel file and may be used to implement and terminate the employment relationship. If we are currently unable to offer you employment, we will process your data in order to defend ourselves against any legal claims, in particular due to an alleged disadvantage in the application process. Insofar as you receive reimbursements of costs, the corresponding accounting records are processed to fulfil the retention obligations under commercial and tax law. The legal basis for the data processing is therefore Art. 6 para. 1 lit. b) DSGVO, insofar as the data processing serves the decision on the establishment of an employment relationship and insofar as the data is then included in the employment relationship. If the storage serves to secure claims, the legal basis is Art. 6 para. 1 lit. f) DSGVO. The legitimate interest here is the receipt of evidence documents for possible defence. We process information and documents that are not required for the aforementioned purposes on the basis of your implied consent pursuant to Art. 6 Para. 1 lit. a) DSGVO, which you have given us by sending us the information.

(5) We store the data required for the successful application and for the employment relationship until the end of the employment relationship and for up to 3 years thereafter. We continue to process the data relating to an application in respect of which we had to decide on a rejection for a period of 6 months after sending the rejection in order to safeguard our legitimate interests. If we are called upon within the scope of a lawsuit, we store the data until its conclusion. This also applies accordingly to data received voluntarily.

(6) You have a right of revocation with regard to the data you have provided voluntarily, which you can exercise at any time vis-à-vis the person responsible in accordance with § 1.

§ 12 Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller pursuant to § 1:
- Right to information
- Right to rectification
- Right to restriction of processing
- Right to erasure
- Right to information
- Right to data portability
- Right to object to processing
- Right to withdraw consent under data protection law
- Right to withdraw consent under data protection law
- Right not to apply an automated decision
- Right to complain to a supervisory authority.

12.1    Right to information 

(1) You may request confirmation from the controller as to whether personal data concerning you are being processed by us. If such processing is taking place, you can request information from the controller at any time and free of charge about the personal data stored about you and about the following information:

a) the purposes for which the personal data are processed;
b) the categories of personal data processed;
c) the recipients or categories of recipients to whom the personal data relating to you have been or will be disclosed. c) the recipients or categories of recipients to whom the personal data relating to you have been or will be disclosed;
d) the planned duration of the storage of the personal data relating to you or, if specific information on this is not possible, criteria for determining the storage duration;
e) the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
f) the existence of a right of appeal to a supervisory authority;
g) any available information on the origin of the data if the personal data are not collected from the data subject;
h) the existence of automated decision-making, including profiling, pursuant to Art. 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

(2) You have the right to request information as to whether personal data concerning you are transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 of the GDPR in connection with the transfer.

12.2    Right of rectification

You have the right to obtain from the controller the rectification and/or completion without undue delay of any personal data processed concerning you which is inaccurate or incomplete.

12.3    Right to restrict processing

(1) You may request the controller to restrict the processing of personal data relating to you without delay, subject to the following conditions:

a) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
b) if the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
c) if the controller no longer needs the personal data for the purposes of the processing but you need them for the establishment, exercise or defence of legal claims; ord ) if you object to the processing pursuant to Art. 21 (1) DSGVO and it has not yet been determined whether the legitimate grounds of the controller outweigh your grounds.

(2) Where the processing of personal data concerning you has been restricted, such data may be processed, except for storage, only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or of a Member State. If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

12.4    Right to deletion 

(1) You may request the controller to erase the personal data concerning you without undue delay if one of the following reasons applies:

a) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
b) You withdraw your consent on which the processing was based pursuant to Article 6 (1) (a) or Article 9 (2) (a) of the GDPR and there is no other legal basis for the processing.
c) You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.
d) The personal data concerning you has been processed unlawfully.
e) The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
f) The personal data concerning you has been collected in relation to information society services offered pursuant to Art. 8(1) DSGVO.

(2) If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) of the GDPR, it shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that you, as the data subject, have requested that they erase all links to, or copies or replications of, that personal data.

(3) The right to erasure shall not apply insofar as processing is necessary
a) for the exercise of the right to freedom of expression and information;
b) for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
c) for reasons of public interest in the field of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) of the GDPR;
d) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89(1) of the GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
e) for the establishment, exercise or defence of legal claims.

12.5    Right to information 

If you have exercised the right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification/erasure/restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients by the controller.

12.6    Right to data portability

(1) You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was provided, provided
a) the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR and
b) the processing is carried out with the help of automated procedures.

(2) In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another controller, insofar as this is technically feasible. This must not affect the freedoms and rights of other persons.

(3) The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. In order to assert the right to data portability, the data subject may at any time contact the controller.

12.7    Right of objection

(1) You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(e) or (f) DSGVO; this also applies to profiling based on these provisions.

(2) The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

(3) If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this shall also apply to profiling insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

(4) You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.

(5) In order to exercise the right to object, the data subject may contact the controller directly.

12.8 Right to revoke the declaration of consent under data protection law 

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. You can contact the responsible person for this purpose. 


12.9 Right to automated decision-making in individual cases, including profiling 

(1) You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision 

a) is necessary for the conclusion or performance of a contract between you and the controller, 
b) is permitted by Union or Member State law to which the controller is subject and that law contains appropriate measures to safeguard your rights and freedoms and your legitimate interests, or
c ) is done with your express consent. 

(2) However, these decisions must not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) of the GDPR applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests. 

(3) With regard to the cases referred to in (1) and (3), the controller shall take reasonable steps to safeguard the rights and freedoms of, and your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express his or her point of view and to contest the decision. 

(4) If the data subject wishes to exercise rights concerning automated decisions, he or she may, at any time, contact the controller.

12.10    Right to complain to a supervisory authority 

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

§ 13 Amendments to the Data Protection Policy

We reserve the right to change our privacy practices and this policy to conform to changes in relevant laws or regulations or to better meet your needs. Possible changes to our privacy practices will be posted here accordingly. Please note the current version date of the privacy policy.

Source: This privacy policy was created by the lawyer Dr. Carmen Fritz. Copying, even in excerpts, is not permitted. 

© 2021 Ferienhotel Luitpold | AGB | Impressum | Datenschutz