Data privacy statement according to the GDPR

Welcome to the website of Hotel Gutsgasthof Stangl, which provides you with information about our company as well as the option to make an online reservation. 

 

Name and address of the data controller

The data controller in the sense of the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection regulations is:

HOTEL-GUTSGASTHOF STANGL
Owner Bärbel Fauth-Stangl
Münchener Straße 1
85646 Neufarn/Vaterstetten
Germany
Tel.: 089 90 50 10
Email: info@hotel-stangl.de
Website: www.hotel-stangl.de

 

General information on data processing

Scope of the processing of personal data
We process personal data only insofar as is necessary for the provision of a functional website as well as of our contents and services. The processing of personal data occurs only with your consent. An exception shall apply in cases where it is not possible to obtain prior consent due to practical reasons and where the processing of the data is permitted by statutory regulations.

Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 Para. 1 Item a EU General Data Protection Regulation (GDPR) serves as the legal basis. For the processing of personal data required for the performance of a contract to which the data subject is party, Art. 6 Para. 1 Item b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the execution of pre-contractual measures.
Insofar as the processing of personal data is required for the fulfillment of a legal obligation to which our company is subject, Art. 6 Para. 1 Item c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 Para. 1 Item d GDPR serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or of a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the previously mentioned interest, thus Art. 6 Para. 1 Item f GDPR serves as the legal basis for the processing.

Deletion of data and storage duration
Personal data are deleted or blocked as soon as the purpose of the storage ceases to apply. Beyond this, storage may occur if stipulated by the European or national legislation in regulations, laws or other ordinances pertaining to Union law to which the data controller is subject. Blocking or deletion of the data also occurs if a retention period stipulated by the specified norms expires, unless there is a necessity for the continued storage of the data for the conclusion of a contract or the fulfillment of a contract.

 

Provision of the website and creation of log files

Description and scope of the data processing
As a rule, no personal data are collected during a visit to our web pages. Each time our website is called up, our system automatically records data and information from the computer system of the computer accessing the page. The following data are collected in this process:

  • Complete IP address of the requesting computer
  • Date and time of the request
  • The page from which the visitor has accessed the current website or file (referrer)
  • Name of URL of the file or page that has been requested
  • The web browser and operating system used by the visitor
  • Access status (page/file transferred, page/file not found etc.)
  • Protocol version
  • Access type (e.g. GET/HEAD/POST)
  • Data volume transferred

The data are stored in our system’s log files. Storage of these data together with other personal data of the user does not take place.

Legal basis for the data processing
The legal basis for the temporary storage of the data and the log files is Art. 6 Para. 1 Item f GDPR.

Purpose of the data processing
The temporary storage of the IP address by the system is necessary to ensure the functionality of the website. For this purpose, the IP address of the user needs to remain stored for the duration of the session. The storage takes place in log files. There is a legitimate interest in the data processing in accordance with Art. 6 Para. 1 Item f GDPR.

Duration of the storage
The data are deleted as soon as they are no longer required for the fulfillment of the purpose of their collection. In the event of collection of the data for the provision of the website, this is the case once the respective session is ended. In the event of storage of the data in log files, this is the case at the latest after seven days. Storage beyond this is not possible. In this case, the IP addresses of the users are deleted or masked, meaning that attribution to the requesting client is no longer possible.

Possibility of objection or elimination
The recording of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, the user has no possibility of objection.

 

Use of cookies

Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored on your computer system by the internet browser. This cookie contains a distinctive sequence of characters that enables unequivocal identification of the browser when the website is called up again. No personal data are recorded. The data are not stored together with other personal data of the user. When you call up our website, an info banner informs you of the use of cookies and refers you to this data privacy statement. The cookie is only stored once you grant your consent.

Legal basis for the data processing
The legal basis for the processing of personal data with the use of cookies is Art. 6 Para. 1 Item f GDPR.

Purpose of the data processing
The purpose of the use of technically necessary cookies is to simplify the use of websites. Several functions of our website cannot be offered without the use of cookies.

Duration of the storage, possibility of objection or elimination
Cookies are stored on your computer, which then transmits them to our page. Thus you have complete control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored may be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of our website to their full extent.

 

Google Analytics

This website uses Google Analytics, a web analytics service of Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and that enable an analysis of your use of the website. As a rule, the information generated by the cookie about your use of this website is transmitted to a Google server in the USA and stored there. However, in the event that IP anonymization is activated on this website, within Member States of the European Union or in other States Parties to the Agreement on the European Economic Area your IP address is previously truncated by Google. Only in exceptional cases is the complete IP address transmitted to a Google server in the USA and truncated there. On the behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to perform further services for the website operator associated with the use of the website and the use of the internet. The IP address transmitted by your browser as part of Google Analytics is not associated with other Google data.

Anonymization of the IP addresses: We use “anonymizeIP”.This means that the last three digits of your recorded IP address are removed, meaning that an association is no longer possible.

Prevention of Google Analytics with a browser-plugin: You may prevent the storage of the cookies by making an appropriate setting in your browser software; however, we would like to point out that in this case, you may not be able to use all the functions of this website to their full extent. In addition, you may also prevent the recording of the data generated by the cookies regarding your use of the website (incl. your IP address) by Google as well as the processing of these data by Google by downloading and installing the browser plugin available under the following link. The current link is https://tools.google.com/dlpage/gaoptout/.

 

Plugins and modules from third-party providers

Google Web Fonts
In order to display fonts in a uniform manner, this website uses so-called web fonts, which are provided by Google. When you call up a page, your browser loads the required Web Fonts in your browser cache in order to display texts and fonts correctly. For this purpose, the browser used by you needs to establish a connection to Google’s servers. As a consequence, Google is made aware that your IP address was used to call up our website. The use of Google Web Fonts occurs in the interest of a uniform, appealing presentation of our online offerings. This represents a legitimate interest in the sense of Art. 6 Para. 1 Item f GDPR. If your browser does not support Web Fonts, a standard font from your computer is used. Further information on Google Web Fonts is available under https://developers.google.com/fonts/faq and in Google’s data privacy statement: https://www.google.com/policies/privacy/.

Google Maps
This website uses Google Maps API to provide graphic depictions of maps. When using Google Maps, Google also records, processes and uses data on the use of the maps function by visitors to the website. More detailed information on the data processing by Google is available in the Google data privacy policy. There you can also make changes to the settings in the data protection center, where you may protect and manage your data. Here you will find further instructions for managing your own data in connection with Google products. The use of Google Maps occurs in the interest of the proper display of maps. This represents a legitimate interest in the sense of Art. 6 Para. 1 Item f GDPR.

jQuery libraries
jQuery is necessary for the proper functioning of this website and all its functions. The jQuery libraries are called up by so-called CDN servers, whereby your IP address is transmitted; however, no personal data whatsoever are transmitted. This represents a legitimate interest in the sense of Art. 6 Para. 1 Item f GDPR.

Bootstrap
Bootstrap is used to ensure the proper functioning of this website and all its functions. The Bootstrap libraries are called up by so-called CDN servers, whereby your IP address is transmitted; however, no personal data whatsoever are transmitted. This represents a legitimate interest in the sense of Art. 6 Para. 1 Item f GDPR.

Additional web fonts such as Font Awesome, Simple Icons, Simple Line Icons
For the graphic display of symbols, this website uses so-called web fonts that are provided by various creators. When you call up a page, your browser loads the required Web Fonts in your browser cache in order to display texts and fonts correctly. For this purpose, the browser used by you needs to establish a connection to the servers of the font provider. As a consequence, this provider is made aware that your IP address was used to call up our website. The use of web fonts occurs in the interest of a uniform, appealing presentation of our online offerings. This represents a legitimate interest in the sense of Art. 6 Para. 1 Item f GDPR. If your browser does not support web fonts, a standard font from your computer is used.

 

Links to other websites

Our offer contains links to external websites of third parties over whose content we have no control. Thus we cannot assume any liability for these external contents. The respective provider or operator of the web pages is always responsible for the contents of the linked pages. The linked pages were inspected for possible legal violations at the time of linking.

 

Newsletter

Description and scope of the data processing
Our website provides the option to subscribe to a free newsletter. When you register, the following data are transmitted to us.

  • Email address
  • First name and last name
  • Your IP address
  • Date and time of the registration

For the processing of the data, your consent is obtained in the context of the registration process.

Legal basis for the data processing

The legal basis for the processing of the data following the registration to the newsletter and confirmation via registration email is Art. 6 Para. 1 Item a GDPR.

Purpose of the data processing
The recording of the email address of the user serves the purpose of delivery of the newsletter.

Duration of the storage
The data are deleted as soon as the subscription to the newsletter is terminated.

Possibility of objection or elimination
The subscription to the newsletter may be terminated at any time. Each newsletter contains a corresponding link for this purpose. In addition, you will also find another link on our website that you can click on to unsubscribe from our newsletter list.

 

Registration / login

Description and scope of the data processing
This website offers the option of registering by providing personal data. In this process, the data are entered into an input mask, then transmitted to us and stored by us. Disclosure of the data to third parties does not take place. The following data are recorded as part of the registration process:

  • Your IP address
  • Your email address
  • Your user name
  • Your access password (necessary to ensure the registration; you may change the password at any time)
  • Date and time of the registration

Legal basis for the data processing
The legal basis for the processing of the data is the registration by the user Art. 6 Para. 1 Item a GDPR. If the registration serves the fulfillment of a contract or the execution of pre-contractual measures, thus the additional legal basis for the processing of the data is Art. 6 Para. 1 Item b GDPR.

Purpose of the data processing
Registration is necessary in order to keep certain contents and services ready for use on our website.

  • Access to the back-end of the website
  • Access to administration tools of the website
  • Access to password-protected areas of the website

Duration of the storage
The data are deleted as soon as they are no longer required for the fulfillment of the purpose of their collection.

Possibility of objection or elimination
You have the option of canceling your registration at any time. You may have the data stored on you modified at any time. For this, please use the above-mentioned address of the data controller.

 

Contact form and email contact

Description and scope of the data processing
Our website includes a contact form that can be used for getting in contact electronically. If you use this option, all data that you enter into the input mask is transmitted to us and stored by us.

At the time of sending the message, the following data are also stored:

  • Your IP address
  • Your name
  • Your email address
  • Your user name
  • Date and time of the registration

For the processing of the data, clicking on the Send button in the context of the sending procedure grants your consent and refers you to this data privacy statement. Alternatively, you may also get in contact using the provided email address. In this case, the personal data of the user that are transmitted with the email are stored. In this context, no disclosure of the data to third parties takes place. The data are used exclusively for the processing of the conversation.

Legal basis for the data processing
If the user has granted his or her consent, the legal basis for the processing of the data is Art. 6 Para. 1 Item a GDPR.
The legal basis for the processing of the data that are transmitted in the course of sending an email is Art. 6 Para. 1 Item f GDPR. If the email contact is made with the intention of concluding a contract, an additional legal basis for the processing is Art. 6 Para. 1 Item b GDPR.

Purpose of the data processing
The processing of the personal data from the input mask is solely so that we may process the establishment of contact. In the event that contact is established via email, this purpose also represents the required legitimate interest in the processing of the data.
The other personal data processed during the sending procedure serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

Duration of the storage
The data are deleted as soon as they are no longer required for the fulfillment of the purpose of their collection. For the personal data from the input mask of the contact form and the data that were sent via email, this is the case once the respective conversation with the user is ended. The conversation is ended when the circumstances make it apparent that the issue concerned has been conclusively resolved.
The personal data that are additionally recorded during the sending procedure are deleted at the latest after a period of seven days.

Possibility of objection or elimination
You have the option of revoking your consent to the processing of the personal data at any time. If you get in contact with us via email, you may object to the storage of your personal data at any time. In such a case, it is not possible to continue the conversation.
You may object to the storage of the data by getting in touch at the above-mentioned address of the data controller. In this case, all data stored in the course of the establishment of contact are deleted.

Security
We have taken technical and organizational security measures to protect your personal data from loss, destruction, manipulation and unauthorized access. Our employees have been instructed with regard to the applicable aspects of data protection, and are obliged to maintain data secrecy according to the Federal Data Protection Act as well as to properly handle personal data in a confidential manner according to the provisions of the EU General Data Protection Regulation.

 

Data protection online room reservations

Description and scope of the data processing
For reasons of unequivocal identification and establishment of contact with the guest, personal data are requested in the course of online room reservation. The mandatory details include address, first name, last name, telephone number and email address. In addition, a credit card is also required as a warranty i.e. for payment.

Legal basis for the data processing
The legal basis for the processing of these data is Art. 6 Para. 1 Item b GDPR, since these data are necessary according to § 29 f BMG [Federal Registration Act] in order for us to be able to fulfill our contractual obligations toward you.

Purpose of the data processing
We require the processing of the personal data from the input mask in order to ensure unambiguous allocation during the reservation of rooms. After completing the reservation, you will receive your booking confirmation at the email address you provided. We require your telephone number for any further inquiries or to otherwise reach you (e.g. guests arriving late). Your credit card serves, depending on the rate, guarantee or payment purposes.

Duration of the storage
Unless specifically indicated, we store personal data only as long as is necessary for the fulfillment of the pursued purposes.
In certain cases, the legislation stipulates the retention of personal data, e.g. in tax or commercial law. In these cases, we only continue to store the data for these legal purposes, but do not process them in any other way. The data are deleted after expiry of the legal retention period.
Personal data provided during booking are stored for a duration of maximum 10 years.

Disclosure of the data to third parties
As a rule, we only use your personal data within our company.
If and insofar as we involve third parties in the scope of the fulfillment of contracts (e.g. logistics service providers), these third parties receive personal data only to the extent to which the transmission thereof is necessary for the corresponding service.
In the event that we outsource certain parts of the data processing (“contract processing”), we contractually oblige processors to use personal data only in accordance with the requirements of the data protection laws and to guarantee the protection of the rights of the data subjects.

Data security
We do our utmost to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities.
With us, your personal data are encrypted before being transmitted. We use the encoding system SSL (Secure Socket Layer); however, we would like to point out that data transmission on the internet (e.g. during communication via email) may involve gaps in security. Complete protection of the data from access by third parties is not possible.
To secure your data, we maintain technical and organizational security measures in accordance with Art. 32 GDPR, which we continually update to the latest state of the art.

 

Your rights

If personal data of yours are processed, you are a data subject in the sense of the GDPR and you may exercise the following rights against the data controller:

 

Right to information

You may demand confirmation of whether and in what manner personal data concerning you are processed by us. For this, please get in touch via the above-mentioned address of the data controller.

 

Right to rectification

You have a right to rectification and/or completion by the data controller if the processed personal data concerning you are incorrect or incomplete. The data controller must carry out the rectification immediately.

 

Right to restriction of the processing.

Under the following conditions, you may demand the restriction of the processing of the personal data concerning you:

  • if you dispute the accuracy of the personal data concerning you for a duration of time that enables the data controller to verify the accuracy of the personal data;
  • if the processing is unlawful and you reject the deletion of the personal data and instead demand the restriction of the use of the personal data;
  • if the data controller no longer requires the personal data for the purposes of processing, but you, however, require these data for the assertion, exercise or defense of legal claims;
  • if you have filed an objection to the processing pursuant to Art. 21 Para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the data controller outweigh your reasons.

If the processing of the personal data concerning you has been restricted, then these data – aside from the storage thereof – may only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or a Member State.
If the restriction of the processing has been limited in accordance with the above-mentioned conditions, you will be informed by the data controller before the limitation is removed.

 

Right to deletion

Obligation of deletion
You may demand of the data controller that the personal data concerning you be deleted immediately, and the data controller is obliged to delete these data immediately insofar as one of the following reasons applies:

  • The personal data concerning you are no longer required for the purposes for which they were collected or processed in any other way.
  • You revoke your consent on which the processing in accordance with Art. 6 Para. 1 Item a or Art. 9 Para. 2 Item a GDPR was based, and there is no other legal basis for the processing.
  • You file an objection to the processing in accordance with Art. 21 Para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you file an objection to the processing in accordance with Art. 21 Para. 2 GDPR.
  • The personal data concerning you have been unlawfully processed.

Notification to third parties
If the data controller has published the personal data concerning you and if he is obliged to delete it in accordance with Art. 17 Para. 1 GDPR, then he shall take appropriate measures, including of a technical kind, under consideration of the available technology and the costs of implementation, in order to inform the responsible data controllers who are processing the personal data that you, as the data subject, have demanded that they delete all links to these personal data as well as all copies or replications of these personal data.

 

Right to instruction

If you have asserted your right to rectification, deletion or restriction of the processing against the data controller, he is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or deletion of the data or restriction of the processing, unless this proves to be impossible or would involve a disproportionate effort. You have the right to be informed by the data controller of these recipients.

 

Right to data portability

You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, common and machine-readable format. In addition, you also have the right to transmit these data to another data controller without hindrance by the data controller to whom the personal data were provided, insofar as the processing is based on consent in accordance with Art. 6 Para 1. Item a GDPR or Art. 9 Para. 2 Item a GDPR or on a contract in accordance with Art. 6 Para. 1 Item b GDPR and the processing occurs
with the help of automated procedures.
In exercising this right you furthermore have also the right to have the personal data concerning you transmitted from one data controller directly to another data controller, insofar as this is technically feasible. The freedoms and rights of other persons may not be impaired in the process.
The right to data portability does not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

 

Right of objection

You have the right to file an objection against the processing of the personal data concerning you that is based on Art. 6 Para. 1 Item e or f GDPR at any time for reasons arising from your particular situation. For this, please get in touch via the address of the above-mentioned data controller.

 

Right to revocation of the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the legality of the processing that has taken place on the basis of the consent up until the revocation. For this, please get in touch via the address of the above-mentioned data controller. 

 

Right to lodge a complaint with a supervisory authority

Irrespective of any other administrative or judicial appeal, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your abode, your workplace or place of the suspected infringement, if you are of the opinion that the processing of the personal data concerning you is in violation of the GDPR. The supervisory authority with whom the complaint was lodged shall inform the complainant of the status and the results of the complaint including the possibility of a judicial appeal pursuant to Art. 78 GDPR.

 

Prohibition on the use of contact details published here

We forbid the use of all contact details published on this website, such as postal addresses, telephone and fax numbers as well as email addresses, for advertising purposes and for evaluation for market and opinion research. Legal steps against the senders of so-called spam mails in case of violation of this prohibition are expressly reserved.

 

 

We reserve the right to make changes to these data protection guidelines at any time insofar as is legally necessary.

 

Status 17.05.2018

 

HOTEL-GUTSGASTHOF STANGL
Bärbel Fauth-Stangl & Ludwig Fauth

Münchener Straße 1   
85646 Neufarn/Vaterstetten
Fon +49 89 90501-0
Fax +49 89 90501-363