I. Name and Address of the Controller
The responsible entity within the meaning of data protection laws is:
Hotel Zur Traube GmbH
Bübinger Straße 22
Tel: +49 6866 349
Fax: +49 6866 150018
VAT ID: DE812367767
HRB 64337; AG Saarbrücken
We are very pleased with your interest in our company. Data protection is of particular importance to the management of Hotel Zur Traube, Hotel Zur Traube GmbH.
The processing of personal data, such as the name, address, email address, or telephone number of a data subject, is always in line with the General Data Protection Regulation and in accordance with the specific data protection regulations applicable to Hotel Zur Traube, Hotel Zur Traube GmbH. Through this privacy statement, our company wants to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, data subjects are informed of their rights through this privacy statement.
II. Use of the Websites
A. Collection of General Information
When you access our website, general information is automatically recorded. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider, and similar. This is exclusively information that does not allow conclusions to be drawn about your person. This information is technically necessary to correctly deliver the content of websites requested by you and is mandatory when using the Internet. Anonymous information of this kind is statistically evaluated by us to optimize our website and the underlying technology.
B. Provision of Paid Services
To provide paid services, we request additional data, such as payment details, to process your order. We store this data in our systems until the statutory retention periods have expired.
C. Registration on our Website
When registering for the use of our personalized services, some personal data is collected, such as name, address, contact and communication data such as telephone number and email address. If you are registered with us, you can access content and services that we only offer to registered users. Registered users also have the option of changing or deleting the data provided during registration at any time, if necessary. Of course, we will also provide you with information about the personal data we have stored about you at any time. We will gladly correct or delete this data at your request, provided that there are no legal storage obligations to the contrary. For contact in this context, please use the contact details provided at the end of this privacy statement.
D. SSL Encryption
To protect the security of your data during transmission, we use encryption methods corresponding to the current state of the art (e.g. SSL) via HTTPS.
E. Contact Form
If you contact us by email or contact form regarding any questions, you give us your voluntary consent for the purpose of contacting us. A valid email address is required for this. This is used to assign the request and to subsequently answer it. Providing further data is optional. The information you provide will be stored for the purpose of processing the request and for possible follow-up questions. After completing the request you have made, personal data will be automatically deleted.
F. Deletion or Blocking of Data
We adhere to the principles of data avoidance and data economy. Therefore, we only store your personal data for as long as is necessary to achieve the purposes mentioned here or as stipulated by the various storage periods provided by legislators. After the respective purpose has ceased to apply or these deadlines have expired, the corresponding data will be routinely blocked or deleted in accordance with legal regulations.
G. Social Plugins
Social plugins from the providers listed below are used on our websites. The plugins can be identified by the corresponding logo.
Through these plugins, information, including personal data, may be sent to the service provider and, if necessary, used by them. We prevent the unconscious and unwanted collection and transmission of data to the service provider through a 2-click solution. To activate a desired social plugin, it must first be activated by clicking on the corresponding switch. Only through this activation of the plugin is the collection of information and its transmission to the service provider triggered. We do not collect personal data ourselves through the social plugins or their use.
We have integrated the social media buttons of the following companies on our website:
Facebook Inc. (1601 S. California Ave – Palo Alto – CA 94304 – USA)
Twitter Inc. (795 Folsom St. – Suite 600 – San Francisco – CA 94107 – USA)
Instagram LLC (1601 Willow Rd – Menlo Park – CA 94025 – USA)
III. Data Protection for Customers
For the purpose of pre-contractual offers or for contract fulfillment and service provision, we process personal data such as address and contact details, information from conversations, your requirements, offers, and other information we receive from you. Additionally, we process data from relatives of our guests. For corporate customers, we process information, especially contact details, for our contact persons. For the purpose of payment processing, we may store and process data related to your bank account or credit card information. If external partners are involved in the provision of services or contract fulfillment, they may be provided with the necessary information for the provision of their services. Information processing may involve auxiliary systems (IT environment, CRM/ERP systems, accounting), which service providers may access during maintenance. In these cases, we establish the necessary contracts for order processing. We also share data with registration authorities, as required by law.
IV. Data Protection in Applications and the Application Process
The controller responsible for processing collects and processes the personal data of applicants for the purpose of handling the application process. Processing can also be done electronically, especially if an applicant submits corresponding application documents electronically, for example, by email or through a web form on the website. If the controller responsible for processing concludes an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with legal requirements. If no employment contract is concluded between the controller and the applicant, the application documents will be automatically deleted four months after the decision to reject the application is communicated, unless deletion is opposed by other legitimate interests of the controller responsible for processing. Another legitimate interest in this sense is, for example, the obligation to provide evidence in proceedings under the General Equal Treatment Act (AGG).
V. Data Protection for Suppliers
In the course of selecting suppliers or service providers, we will store and process information about you. In the course of supplier checks/evaluations, we may obtain and store additional information from credit agencies, for example. For the purpose of order processing, we will also process order-specific information beyond your master data. For company contacts, we process information, especially contact details, for our contact persons. In the processing of information, auxiliary systems (IT environment, CRM/ERP systems, accounting) may be used, which service providers may access during maintenance. In these cases, we establish the necessary contracts for order processing.
VI. General Information
A. Legal Basis for Processing
For processing operations where we obtain consent for a specific processing purpose, Article 6(1)(a) of the GDPR serves as the legal basis for our company. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, in processing operations necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Article 6(1)(b) of the GDPR. This also applies to processing operations that are necessary for the implementation of pre-contractual measures, such as in connection with inquiries about our products or services. If our company is subject to a legal obligation by which the processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Article 6(1)(c) of the GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our business were injured and his name, age, health insurance data, or other vital information had to be passed on to a doctor, hospital, or other third party. Then the processing would be based on Article 6(1)(d) of the GDPR. Ultimately, processing operations could be based on Article 6(1)(f) of the GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights, and freedoms of the data subject do not prevail. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47, sentence 2, GDPR).
B. Legitimate Interests Pursued by the Controller or a Third Party
If the processing of personal data is based on Article 6(1)(f) of the GDPR, our legitimate interest is the conduct of our business activities for the benefit of the well-being of all our employees and shareholders.
C. Purposes of Data Processing by the Controller and Third Parties
We process your personal data only for the purposes stated in this privacy statement. Your personal data will not be transmitted to third parties for purposes other than those mentioned. We only disclose your personal data to third parties if:
you have given your explicit consent,
the processing is necessary for the performance of a contract with you,
the processing is necessary for compliance with a legal obligation,
the processing is necessary to protect legitimate interests, and there is no reason to believe that you have an overriding legitimate interest in not disclosing your data.
D. Transfer of Data to Third Countries
In individual cases, such as the use of web services in connection with Google services or newsletter services, there may be a transfer of personal data to third countries. We always ensure that appropriate guarantees for the protection of your data are in place. In individual cases, you can obtain such proof from our data protection officer.
E. Deletion or Blocking of Data
We adhere to the principles of data avoidance and data economy. Therefore, we only store your personal data for as long as is necessary to achieve the purposes mentioned here or as required by the various storage periods prescribed by the legislator. After the respective purpose has ceased to exist or these deadlines have expired, the corresponding data will be routinely blocked or deleted in accordance with legal regulations.
F. Legal or Contractual Requirements for Providing Personal Data; Necessity for Contract Conclusion; Obligation of the Data Subject to Provide Personal Data; Possible Consequences of Non-Provision
We inform you that the provision of personal data is partly required by law (e.g., tax regulations) or may result from contractual provisions (e.g., information about the contractual partner). Occasionally, it may be necessary for a contract to be concluded that a data subject provides us with personal data that must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company concludes a contract with them. Failure to provide personal data would mean that the contract with the data subject could not be concluded. Before providing personal data, the data subject must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of personal data is required by law or contract, whether there is an obligation to provide the personal data, and what the consequences would be if the personal data were not provided.
G. Existence of Automated Decision-Making
As a responsible company, we do not use automatic decision-making or profiling.
H. Your Rights as a Data Subject
Under the specified contact details of our data protection officer, you can exercise the following rights at any time:
– Information about your stored data and their processing,
– Correction of incorrect personal data,
– Deletion of your stored data,
– Restriction of data processing, if we are not yet allowed to delete your data due to legal obligations,
– Objection to the processing of your data by us, and
– Data portability, if you have consented to data processing or have concluded a contract with us.
If you have given us consent, you can revoke it at any time with effect for the future.
You can always lodge a complaint with the supervisory authority responsible for you. Your competent supervisory authority depends on the federal state of your residence, your work, or the alleged violation. A list of the supervisory authorities (for the non-public sector) with addresses can be found at: [https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html](https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html).
I. Changes to Our Data Protection Regulations