Data controller within the scope of privacy law, specifically the EU General Data Protection Regulation (GDPR):
Massenhauser Straße 1
+49 (0) 81 65.90 51 95-0
You can exercise the following rights:
- information about any personal data we hold and process about you,
- rectification of any inaccuracies within the personal data we hold about you,
- erasure of your personal data from our systems,
- restriction of data processing, in cases where we are not allowed to delete your data entirely due to applicable law,
- revoke your consent to data storage and processing,
- data transfer, in case you have agreed to data processing or have signed a contract with us.
Once you have given consent, you can revoke it for the future at any time.
You can file a complaint with your responsible regulatory authority, should you feel that we have violated your privacy rights.
Scope of Data Processing by Data Controller and Third Parties
- you have expressly given consent,
- it is required to fulfill our contract with you,
- it is required to fulfill a legal requirement,
- it ensures our legitimate interest and there is no reason to presume any predominant protectable interest from your side against disclosure.
In cases where data is transferred to third countries, this happens within the scope of legal or contractual permissions and if special prerequisites are met according to art. 44 GDPR and subsequent articles. Specifically, data is processed based on guarantees and official recognition of the applicable data protection level matching the EU (e.g. “Privacy Shield” for the USA).
Deletion and Suspension of Data
We uphold the principles of data reduction and data economy. Therefore, your personal information is stored only as long as it is required for achieving the purposes described herein or as is mandated by law. After the particular purpose ceases or the statutory terms expire, all date is routinely deleted or suspended according to regulations.
Acquisition of General Information During a Visit to our Website
When accessing our website, general information is recorded automatically. This information (server log files) contains, among others, your web browser type, the operating system in use, the domain name of your internet service provider and similar data. This is information does not enable us to make any conclusion about you personally.
This data is technically required, to deliver the requested content of websites correctly and are obligatory when using the internet. They are processed for the following purposes:
- ensuring a working connection with the website is established,
- ensuring proper use of our website,
- analysis of system security and stability,
- additional administrative purposes.
Processing of your personal information is based on our legitimate interest to achieve the aforementioned purpose. We do not use your personal information to reach any conclusions about you as a person. Recipients of the data are the data controller and our webhosting provider as a commissioned data processor.
Anonymized information of this kind may be used by us statistically, in order to optimize our website and the technology used.
Server log files are stored for security reasons (e.g. to resolve cases of abuse or fraud) for a max. of 7 days. They are deleted afterwards, unless they are required as proof until final resolution of specific cases.
Like many other websites we use so-called “cookies“. Cookies are small text files send to your local hard drive by a web server. This automatically provides us with certain data, like IP-address, browser, operating system used and your internet connection.
Cookies cannot be used to open programs or transfer viruses to another computer. Based on the information contained in the cookies however we can simplify navigation for you and ensure or website is correctly displayed. Mainly, this concerns so-called “session cookies”, which are solely used to facilitate the correct functionality of the website and are deleted once you leave our website or close the browser.
In no case will we disclose the data collected to third parties or, without your consent, create a connection to your personal information.
In order to withdraw the cookie consent you’ve set in the cookie banner, please click the following link:Cookie Settings
To ensure the safety of your information during transmission, we use common state of the art encryption methods via HTTPS (SSL/TLS).
Should you contact us via email or via the contact form for any reason, you give consent to us saving the information provided. The collected data is used to allocate and subsequently respond to your enquiry. Providing any additional data is optional. The data provided by you will be saved in order to handle your inquiry as well as any subsequent follow-up questions. After concluding your inquiry, your personal information will be automatically deleted.
Our booking system (online and offline) is provided by the third party provider Protel (protel Hotelsoftware GmbH, Europaplatz 8, 44269 Dortmund, Germany), based on a data processing agreement according to art. 28 par. 3 p. 1 GDPR. protel’s place of business is located in the EU. They process the data of our guests based on contractual obligations, guaranteeing specific organizational and technical measures. The use of protel as a third party provider is based on our legitimate interest as well as the legitimate interest of our guests to use an efficient and reliable booking system.
Use of Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States.
As IP anonymization is activated on this website, your IP-address will be truncated within the area of Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases the whole IP-address will be first transferred to a Google server in the USA and truncated there.
Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing them with other services relating to website activity and internet usage. The IP-address, that your browser conveys within the scope of Google Analytics, will not be associated with any other data held by Google.
Additionally, within browsers on mobile devices or as an alternative to the browser add on, you can disable tracking by Google Analytics at any time in our Cookie Settings:Cookie Settings
Personal information of our website users is deleted or anonymized after 14 months.
Third Party Content and Services
For the purpose of an optimized rendering, our website utilizes third-party content (“Third Party Suppliers“), such as fonts, maps and videos. This entails that the provider(s) of such are capable of identifying an incoming IP-address, without which this content cannot be transmitted to the browser being used to visit the website. Identification of the IP-address is therefore a technical requirement for the provision of this content. We attempt to select and use only such content in which the respective Third-Party Suppliers are committed to registering the IP-address solely for the purpose of providing this content. Third Party Suppliers may furthermore save data for statistical purposes. Some browsers give you the possibility to limit or modify the type and amount of data transmitted to Third Party Suppliers, however, this depends on the browser you use.
Use of Google Maps
You can find detailed instructions on managing your personal data in context with Google products here.
Reservations via OpenTable
Data of applicants are collected, saved and processed solely within the scope of the respective application procedure and in accordance with existing laws.
Within the scope of an application, we require the applicants to provide us with their personal information. Mandatory information is, if applicable, designated as such in our online forms or are listed in the job description. This can be information to the person, contact information, address as well as corresponding documents (cover letter, CV, certificates). Additionally, applicants may voluntarily provide additional information.
Should personal information, falling under special categories according to art. 9 par. 1 GDPR, be provided voluntarily during the application procedure, we will handle them with the required diligence and according to legal requirements.
Applications can be submitted by online form on our website and will be encrypted. Additionally, applications can be submitted via email. However, we need to point out that emails are not encrypted, and the applicant needs to make sure of their own encryption. We cannot assume any responsibility for unencrypted emailing and strongly suggest to either use the online form or send the application by mail, which is still available for the applicants.
Information provided by the applicants can be further processed in case of a successful application within the scope of the employment relationship. In case of an unsuccessful application, the applicant’s information will be deleted. The applicant can, at any time, retract their application, at which point the information will also be deleted.
Deletion will take place, pending a legitimate recall by applicants, after 6 months, to enable us to respond to follow-up questions to the application and to satisfy our obligations to provide proof according to General Equal Treatment laws (Equal Opportunity).
Questions about Privacy
Should you have questions regarding the protection of your personal data, please send us an email or contact the person responsible for data protection in our organization directly:
Last updated on September 15, 2022