Data protection regulations
of the Privathotel Lindtner
Privacy policy
Privacy policy of Privathotel Lindtner Hamburg GmbH, Konditorei Lindtner Hamburg GmbH and Lindtner SPA & Beauty
We are pleased that you are visiting our website and thank you for your interest. The protection of personal data is important to us. Therefore, the processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, is carried out in accordance with the applicable European and national legislation.
If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.
In the following, the controller - Privathotel Lindtner Hamburg GmbH, Konditorei Lindtner Hamburg GmbH and Lindtner SPA & Beauty (hereinafter referred to as "we" or "us") - would like to inform the public about the nature, scope and purpose of the personal data it processes. Furthermore, data subjects are informed of their rights by means of this privacy policy.
Right to revoke any consent you may have given for data processing
If the data processing is based on Art. 6 para. 1 lit. a GDPR, i.e. your express consent, you have the right to revoke this consent at any time (pursuant to Art. 7 para. 3 sentence 1 GDPR). The respective legal basis on which processing is based can be found in this privacy policy.
The lawfulness of the data processing carried out until the revocation remains unaffected by the revocation (pursuant to Art. 7 para. 3 sentence 2 GDPR).
Right to object to the collection of data in special cases and to direct marketing
IF THE DATA PROCESSING IS BASED ON ART. 6 ABS. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA CONCERNED UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 PARA. 1 GDPR).
IF YOUR PERSONAL DATA ARE PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21 PARA. 2 GDPR).
Definitions
Our data protection declaration is based on the terms used by the European legislator for the adoption of the EU General Data Protection Regulation (hereinafter referred to as "GDPR"). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.
We use the following terms, among others, in this privacy policy and on our website:
Personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject" or "person concerned"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Person concerned is any identified or identifiable natural person whose personal data is processed by the controller.
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing is the marking of stored personal data with the aim of restricting its future processing.
Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Receiver is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients.
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Rights of the data subject
Right to confirmation: Each data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to avail himself of this right of confirmation, he or she may, at any time, contact the controller.
Right of access: Any person affected by the processing of personal data has the right to receive information free of charge from the data controller at any time about the personal data stored about them and a copy of this information. Furthermore, the European legislator has granted the data subject access to the following information:
- the purposes of processing
- the categories of personal data that are processed
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
- the existence of a right to rectification or erasure of personal data concerning them or to restriction of processing by
- the controller or a right to object to such processing
- the existence of a right to lodge a complaint with a supervisory authority
- if the personal data is not collected from the data subject: All available information about the origin of the data
- the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject
- Furthermore, the data subject has a right to information as to whether personal data has been transferred to a third country or to an international organisation. If this is the case, the data subject also has the right to obtain information about the appropriate safeguards in connection with the transfer.
If a data subject wishes to exercise this right to information, they can contact the data controller at any time.
Right to rectification: Any person affected by the processing of personal data has the right to request the immediate rectification of inaccurate personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing.
If a data subject wishes to exercise this right to rectification, he or she may, at any time, contact the controller.
Right to erasure (right to be forgotten): Any data subject affected by the processing of personal data has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies and insofar as the processing is not necessary:
- The personal data was collected or otherwise processed for purposes for which it is no longer necessary.
- The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1) GDPR, or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.
- The data subject objects to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 (2) GDPR.
- The personal data was processed unlawfully.
- The deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
- The personal data was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.
- If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by us, he or she may, at any time, contact the controller. The data subject's request for erasure will then be complied with immediately
- .
If we have made the personal data public and our company is obliged to erase the personal data in accordance with Art. 17 (1) GDPR, we shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform other data controllers who process the published personal data that the data subject has requested the erasure of all links to this personal data or of copies or replications of this personal data from these other data controllers, insofar as the processing is not necessary. The data controller will then take the necessary steps in individual cases.
Right to restriction of processing: Any data subject affected by the processing of personal data has the right to obtain from the controller restriction of processing where one of the following applies:
- The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
- The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
- The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
- The data subject has objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
- If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by us, he or she may at any time contact the controller. The restriction of processing will then be arranged immediately
- .
Right to data portability: Any person affected by the processing of personal data has the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format. He or she also has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, in exercising their right to data portability pursuant to Art. 20 (1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.
To assert the right to data portability, the data subject can contact the data controller at any time.
Right to object: Any person affected by the processing of personal data has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) of Article 6(1) GDPR or point (f) of Article 6(1) GDPR. This also applies to profiling based on these provisions.
In the event of an objection, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
If we process personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. This also applies to profiling insofar as it is associated with such direct advertising. If the data subject objects to us to the processing for direct marketing purposes, we will no longer process the personal data for these purposes.
In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her by us for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
To exercise the right to object, the data subject may contact the controller directly. The data subject is also free, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to exercise his or her right to object by automated means using technical specifications.
Automated individual decision-making, including profiling: Any data subject affected by the processing of personal data has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, provided that the decision:
is not necessary for entering into, or the performance of, a contract between the data subject and a data controller, or
is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or
is based on the data subject's explicit consent.
If the decision is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or it is based on the data subject's explicit consent, we shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and contest the decision.
If the data subject wishes to assert rights relating to automated decisions, they can contact the controller at any time.
Right to withdraw consent under data protection law: Any person affected by the processing of personal data has the right to withdraw consent to the processing of personal data at any time.
If the data subject wishes to exercise his or her right to withdraw consent, he or she may contact the controller at any time.
Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation. A list of the state data protection officers and their contact details can be found at the following link:
https://www.bfdi.bund.de/DE/Service/Anschriften/anschriften_table.html
The data protection supervisory authority responsible for us is:
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Ludwig-Erhard-Str. 22, 7. OG
20459 Hamburg
Telephone: +49 (0) 40 428 54 – 4040
E-Mail: mailbox@datenschutz.hamburg.de
Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis.
Art. 6 para. 1 lit. b GDPR serves as the legal basis for the processing of personal data required for the fulfilment of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which we are subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
Routine erasure and blocking of personal data
The controller processes (in this sense also: stores) personal data of the data subject only for the period necessary to achieve the purpose of storage or if this has been provided for by the European Directive and Regulation Giver or another legislator in laws or regulations to which the controller is subject.
If the storage purpose no longer applies or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be routinely blocked or erased in accordance with the statutory provisions.
Cooperation with processors and third parties
If we disclose data to other persons and companies (processors or third parties) as part of our processing, transfer it to them or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g. if the transfer of data to third parties, such as payment service providers, is necessary for the fulfilment of the contract in accordance with Art. 6 para. 1 lit. b GDPR), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we commission third parties with the processing of data on the basis of a so-called "order processing contract", this is done on the basis of Art. 28 GDPR.
Data protection for applications and in the application process
The controller collects and processes the personal data of applicants for the purpose of handling the application process. Processing may also be carried out electronically. This is particularly the case if an applicant sends the relevant application documents to the controller by electronic means, for example by email. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, unless deletion conflicts with any other legitimate interests of the controller. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).
Information on video surveillance on site
Video surveillance is a particularly intensive form of personal data processing. Almost everyone feels uncomfortable when they are under video surveillance. This is also referred to as "surveillance pressure". Not being exposed to this pressure is almost a basic human need.
However, another human need is the desire for security. Individuals and communities, but also inanimate things such as objects and systems, benefit greatly from an environment that is free from security risks or dangers.
Video surveillance is subject to strict data protection regulations for good reasons. On the other hand, the security interests of the controller must also be assessed fairly. This is because these interests are often not limited to the person responsible alone. Employees, interested parties, suppliers, customers, tenants, guests, visitors, etc. may also have a need for security, which can be satisfied by the appropriate and sensible use of video surveillance.
Even if some of the following information is already mentioned elsewhere in this privacy policy, we would like to list all information in this text section as it can also be found in a downstream video sign (information sheet according to Art. 13 GDPR):
Name and contact details of the person responsible and, if applicable, their representative:
To be found at the bottom of this privacy policy.
Contact details of the data protection officer:
To be found at the bottom of this privacy policy
Purposes and legal basis of data processing:
Aufklärung und Nachweisbarkeit von Straftaten sowie weiteren sicherheitsrelevanten Ereignissen.
Art. 6 Abs. 1 lit. f EU-Datenschutz-Grundverordnung.
Legitimate interests that are being pursued:
Safety of employees, guests, visitors, etc.
Protection of property, exercise of domiciliary rights.
Storage duration or criteria for determining the duration:
Image data is usually deleted from our properties after 72 hours at the latest, provided that the purpose for which it was stored no longer applies at this time.
In doing so, we are following a recommendation of the independent data protection authorities of the federal and state governments (Data Protection Conference - DSK).
With a storage period of 72 hours, according to the DSK's reasoning, the person monitoring the data can regularly pursue their security interests, while at the same time the interests of the data subjects worthy of protection are safeguarded.
If necessary, a special monitoring purpose may justify longer storage. However, this must be duly justified.
Recipients or categories of recipients of the data (if data transfer takes place):
The controller will not transfer the personal data to a third country or an international organisation
Information on the rights of data subjects
See also the section "Rights of the data subject" at the top of this privacy policy. The following applies to video surveillance in summary:
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the information specified in Art. 15 GDPR.
The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her and, where applicable, the completion of incomplete personal data (Art. 16 GDPR).
The data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the grounds listed in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued (right to erasure).
The data subject has the right to obtain from the controller restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if the data subject has objected to the processing, for the duration of the examination by the controller.
The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her. The controller will then no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims (Art. 21 GDPR).
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to him or her infringes the GDPR (Art. 77 GDPR). The data subject may exercise this right before a supervisory authority in the Member State of their habitual residence, place of work or place of the alleged infringement. In Hamburg, the competent supervisory authority is:
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Ludwig-Erhard-Str. 22, 7. OG
20459 Hamburg
Telephone: +49 (0) 40 428 54 – 4040
E-Mail: mailbox@datenschutz.hamburg.de
Security
We take numerous technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss or alteration and against unauthorised disclosure or access.
Nevertheless, internet-based data transmissions, for example, can generally have security gaps, meaning that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.
Encryption
This site uses TLS encryption for security reasons and to protect the transmission of confidential content, such as the enquiries you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in the browser line.
If encryption is activated, the data you transmit to us cannot be read by third parties.
Collection of general data and information
Our website collects a range of general data and information each time the website is accessed by a data subject or an automated system. This general data and information is stored in the server log files. The following can be recorded:
- the browser types and versions used
- the operating system used by the accessing system
- the website from which an accessing system reaches our website (so-called referrer)
- the sub-websites that are accessed via an accessing system on our website
- the date and time of access to the website
- a web protocol address (IP address)
- the Internet service provider of the accessing system
- other similar data and information used for security purposes in the event of attacks on our information technology systems
When using this general data and information, we do not draw any conclusions about the data subject. Rather, this information is required to
- deliver the content of our website correctly
- to optimise the content of our website and, if applicable, the advertising for it
- ensure the long-term functionality of our information technology systems and the technology of our websiteprovide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack
- This collected data and information is therefore analysed by us both statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
This data is not merged with other data sources.
This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website - the server log files must be recorded for this purpose.
Enquiry by e-mail, telephone or fax
If you contact us by e-mail, telephone or fax, your enquiry including all personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.
This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.
The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.
Contact
Personal data is also processed by us if you provide it yourself. This happens, for example, every time you contact us. We will, of course, use the personal data transmitted in this way exclusively for the purpose for which you provide it to us when contacting us. This information is provided expressly on a voluntary basis and with your consent. If this involves information on communication channels (e.g. e-mail address, telephone number), you also consent to us contacting you via this communication channel if necessary in order to respond to your enquiry.
Contact forms without forwarding to external websites
General contact form
There is a contact form on our website that can be used to contact us electronically. If you click on the "Contact" link at the bottom of the website, you will be automatically redirected to the corresponding subpage.
If you make use of this option, the data you entered in the input mask will be transmitted to us and stored in our system. These data are
Company name
Last name, first name
Phone number
E-mail address
Subject
Message
Contact form for conference enquiries
There is a conference enquiry form on our website which can be used to contact us electronically. If you click on the "BOOK A CONFERENCE" button, you will be automatically redirected to the corresponding subpage.
If you make use of this option, the data which you entered in the input mask will be sent to us and stored. These data contain
Company name
Last name, first name
Phone number
E-mail address
Subject
Message
Order form for Konditorei Lindtner
There is an order form on our website which can be used to contact us electronically. If you click on the "ORDER NOW" button, you will be automatically redirected to the corresponding subpage.
If you make use of this option, the data entered in the input mask will be transmitted to us and stored. These data are
Company name
Last name, first name
Phone number
E-mail address
Subject
Message
The following data is also stored at the time the message is sent:
IP address of the user
Date and time of registration
Your consent is obtained for the processing of the data as part of the sending process and reference is made to this privacy policy.
You are also welcome to contact us by e-mail. In this case, the personal data transmitted with the e-mail will be stored. If this involves information on communication channels (e.g. e-mail address, telephone number), you also agree that we may also contact you via this communication channel in order to answer your enquiry. No data will be passed on to third parties in this context. The data will only be used to process the conversation.
The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
The processing of the personal data from the input mask serves us solely to process the contact. We will, of course, use the data from your e-mail enquiry exclusively for the purpose for which you provide it to us when contacting us. The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems. This is also our legitimate interest.
The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. If the e-mail contact is aimed at the execution of a contract, the data will be deleted after expiry of the statutory (commercial or tax law) storage periods required for this purpose.
You have the option to revoke your consent to the processing of the email and its content at any time. In such a case, the conversation cannot be continued. Please simply contact us for this purpose. However, this cancellation option only exists if the e-mail contact does not serve to prepare or execute a contract.
Contact forms with forwarding to external websites
Room booking
On our website we have integrated the online service cBooking of HotelNetSolutions GmbH, Genthiner Straße 8, 10785 Berlin, www.hotelnetsolutions.de for room bookings. If you click on the "BOOK ROOM" button, you will be automatically redirected to the cBooking website.
If you would like to book a room with us, it is necessary for the conclusion of the contract that you provide your personal data, which we need for the processing of your booking. Mandatory information required for the processing of contracts is marked separately, other information is voluntary. The data is entered into an input mask and transmitted to us and stored. The following data is collected during the booking process:
IP address
Date and time of booking
Room category and number of people
Travel period
Extras (arrangements, restaurant, facilities, etc.)
Notes to the hotel (requests)
Address
Name of the person making the booking
Name of the traveller (if different from the person making the booking)
Address
E-mail address
Telephone number
Different billing address
Country
Credit card details
The data will also be passed on to the provider of the online service cBooking and to the relevant payment service providers. Otherwise, the data will only be passed on to third parties if this is necessary for the purpose of processing the contract or for billing purposes or to collect the payment or if you have expressly consented to this. In this respect, we only pass on the data required in each case. The data recipients are
the respective delivery/shipping company (disclosure of name and address)
collection companies, if the payment has to be collected (disclosure of name, address, order details)
payment institutions for the purpose of collecting receivables, if you have selected direct debit as the payment method
payment service providers - depending on the payment method selected.
The legal basis is Art. 6 para. 1 lit. b GDPR. With regard to the voluntary data, the legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR. There is an order processing contract between the controller and HotelNetSolutions GmbH.
The mandatory data collected is required to fulfil the contract with the user (for the purpose of providing the goods or services and confirming the content of the contract). We therefore use the data to answer your enquiries, to process your booking, to check your creditworthiness or to collect a debt and for the technical administration of the website. The voluntary information is provided to prevent misuse and, if necessary, to investigate criminal offences.
The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. Due to commercial and tax law requirements, we are obliged to store your address, payment and order data for a period of ten years after fulfilment of the contract. However, we restrict processing after 6 years, i.e. your data will only be used to fulfil legal obligations. If there is a continuing obligation between us and the user, we store the data for the entire term of the contract and for a period of ten years thereafter (see above). With regard to the data provided voluntarily, we will delete the data 6 years after the contract has been executed, unless another contract is concluded with the user during this time; in this case, the data will be deleted 6 years after the last contract has been executed.
If the data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion. Otherwise, you are free to have the personal data provided during registration completely deleted from the controller's database. With regard to the voluntary data, you can declare your cancellation to the controller at any time. In this case, the voluntary data will be deleted immediately.
Information on data protection at HotelNetSolutions GmbH can be found here: https://hotelnetsolutions.de/Datenschutz/
Appointment booking Lindtner SPA & Beauty
On our website, we have integrated the online service of Treatwell DACH GmbH, Greifswalder Straße 212, 10405 Berlin (hereinafter referred to as "Treatwell") for booking appointments at Lindtner SPA & Beauty. If you click on the "BOOK APPOINTMENT" button, you will be automatically redirected to the Treatwell website.
If you would like to book an appointment at Lindtner SPA & Beauty, it is necessary for the conclusion of the contract that you provide your personal data, which we need to process your booking. The data is entered into an input mask and transmitted to us and stored. The following data is collected during the booking process:
IP address
Date and time of booking
Type of service
Choice of first available employee
Date and time of appointment
E-mail address and password for login via Treatwell or Facebook
First and last name
E-mail address
Phone number
Notes on the appointment
Payment method
Subscription to an e-mail or SMS newsletter
The data will also be passed on to Treatwell and the relevant payment service providers. Otherwise, the data will only be passed on to third parties if this is necessary for the purpose of processing the contract or for billing purposes or to collect the payment or if you have expressly consented to this. In this respect, we only pass on the data required in each case. The data recipients are:
Debt collection companies, if the payment has to be collected (disclosure of name, address, order details)
Payment service provider - depending on the payment method selected.
The legal basis is Art. 6 para. 1 lit. b GDPR. With regard to the voluntary data, the legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR. There is an order processing contract between the controller and Treatwell DACH GmbH.
The mandatory data collected is required to fulfil the contract with the user (for the purpose of providing the service and confirming the content of the contract). We therefore use the data to answer your enquiries, to process your booking, to check your creditworthiness or to recover a debt and for the technical administration of the website. The voluntary information is provided to prevent misuse and, if necessary, to investigate criminal offences.
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Due to commercial and tax law requirements, we are obliged to store your address, payment and order data for a period of ten years after the execution of the contract. However, we restrict processing after 6 years, i.e. your data will only be used to comply with legal obligations. If there is a continuing obligation between us and the user, we store the data for the entire term of the contract and for a period of ten years thereafter (see above). With regard to the data provided voluntarily, we will delete the data 6 years after the contract has been executed, unless another contract is concluded with the user during this time; in this case, the data will be deleted 6 years after the last contract has been executed.
If the data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion. Otherwise, you are free to have the personal data provided during registration completely deleted from the controller's database. With regard to the voluntary data, you can declare your cancellation to us at any time. In this case, the voluntary data will be deleted immediately.
Information on data protection at Treatwell DACH GmbH can be found here: https://www.treatwell.de/info/datenschutz/
Newsletter dispatch with rapidmail
If you would like to receive our newsletter, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. No further data is collected, or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.
The data entered in the newsletter registration form is processed exclusively on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time, for example via the corresponding link in the newsletter ("Unsubscribe newsletter") or by sending a message to the contact details given in the imprint. The legality of the data processing operations that have already taken place remains unaffected by the cancellation.
We use rapidmail to send our newsletter. Your data will therefore be transmitted to rapidmail GmbH. In doing so, rapidmail GmbH is prohibited from using your data for purposes other than sending the newsletter. Rapidmail GmbH is not permitted to pass on or sell your data. rapidmail is a German, certified newsletter software provider that has been carefully selected in accordance with the requirements of the GDPR and the new BDSG. An order data processing contract has been concluded with rapidmail GmbH in accordance with Art. 28 GDPR.
To register for our newsletter, rapidmail uses the so-called double opt-in procedure. This means that after you have registered, an email will be sent to the email address you have provided asking you to confirm that you wish to receive the newsletter.
As long as you do not confirm your registration, your information will be stored by rapidmail. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
The only mandatory information for sending the newsletter is your e-mail address. After your confirmation, rapidmail will save your e-mail address and IP address for the purpose of sending you the newsletter.
We would like to point out that we evaluate your user behaviour when sending the newsletter. For this analysis, the emails sent contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. For the analyses, we link the data mentioned under "Collection of general data and information" in this privacy policy and the web beacons with your email address and an individual ID. The data is collected exclusively in pseudonymised form. This means that the IDs are not linked to your other personal data and cannot be directly linked to you personally.
The information is stored for as long as you have subscribed to the newsletter. After cancellation, all stored data except the e-mail address will be deleted.
Further information can be found in the privacy policy of rapidmail GmbH at https://www.rapidmail.de/datenschutz
Links to other websites
This website contains links to other websites (so-called external links).
As a provider, we are responsible for our own content in accordance with the applicable European and national legislation. Links to content provided by other providers are to be distinguished from our own content. We have no influence on whether the operators of other websites comply with the applicable European and national legal provisions. Please refer to the data protection declarations provided on the respective websites.
Cookies
We use cookies to make our website user-friendly for you and to optimise it to your needs. Cookies are small text files that are sent from a web server to your browser and stored locally on your end device (PC, notebook, tablet, smartphone, etc.) as soon as you visit a website.
Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a string of characters through which websites and servers can be assigned to the specific web browser in which the cookie was stored. This enables the websites and servers visited to distinguish the individual browser of the data subject from other web browsers that contain other cookies. A specific web browser can be recognised and identified via the unique cookie ID. This information is used to automatically recognise you when you visit the website again with the same end device and to make navigation easier for you.
You can also consent to or reject cookies - including for web tracking - via the settings of your web browser. You can configure your browser so that the acceptance of cookies is refused in principle or you are informed in advance if a cookie is to be stored. In this case, however, the functionality of the website may be impaired (e.g. when placing orders). Your browser also offers a function to delete cookies (e.g. via "Delete browser data"). This is possible in all common web browsers. You can find further information on this in the operating instructions or in the settings of your browser.
First-party cookies: First-party cookies are permanent cookies that are stored on the computer and only lose their validity when the expiry date assigned to them has expired. The word "party" refers to the domain from which the cookie originates. In contrast to third-party cookies, first-party cookies usually originate from the website operator itself. They are therefore not accessible by browsers across domains. For example, website A issues a cookie A, which is not recognised by website B, but can only be recognised by website A. This means that data cannot be passed on to third parties.
Third-party cookies: In the case of a third-party cookie, the cookie is set and collected by a third party. These cookies are mostly used by advertisers who use the cookies to collect information about the website visitor via their adverts on other websites. These are data records that are stored in the user's web browser when they visit a page with an advert. If they visit a page with advertising from the same provider again, they will be recognised.
Consent with Borlabs Cookie
Our website uses Borlabs Cookie consent technology to obtain your consent to the storage of certain cookies in your browser or to the use of certain technologies and to document them in accordance with data protection regulations. The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg (hereinafter referred to as "Borlabs").
When you enter our website, a Borlabs cookie is stored in your browser, in which the consents you have given or the revocation of these consents are stored. This data is not passed on to Borlabs.
The data collected will be stored until you ask us to delete it or delete the Borlabs cookie yourself or until the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected.
Borlabs cookie consent technology is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.
Details on data processing by Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/ and https://de.borlabs.io/datenschutz/
Google Tag Manager
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that enables us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google's parent company in the United States.
The Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time with effect for the future.
Further information about Google Tag Manager and Google's privacy policy can be found at the following link: https://policies.google.com/privacy
Google Analytics
If you have given your consent, Google Analytics 4, a web analytics service provided by Google LLC, is used on this website. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
Scope of processing
Google Analytics uses cookies that enable us to analyse your use of our website. The information collected by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there.
In Google Analytics 4, the anonymisation of IP addresses is activated by default. Due to IP anonymisation, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
During your visit to the website, your user behaviour is recorded in the form of "events". Events can be
Page views
First visit to the website
Start of the session
Your "click path", interaction with the website
Scrolls (whenever a user scrolls to the bottom of the page (90%))
Clicks on external links
Internal search queries
Interaction with videos
File downloads
Viewed/clicked adverts
Language setting
In addition, the following is recorded:
Your approximate location (region)
Your IP address (in abbreviated form)
Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
Your internet provider
The referrer URL (via which website/advertising medium you came to this website)
Purposes of processing
On behalf of the operator of this website, Google will use this information to analyse your use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyse the performance of our website.
Recipient
Recipients of the data are/may be:
- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR)
- Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
- Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
- It cannot be ruled out that US authorities will access the data stored by Google.
Third country transfer
Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.
Storage duration
The data sent by us and linked to cookies is automatically deleted after 2. Data that has reached the end of its retention period is automatically deleted once a month.
Legal basis
The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG.
Revocation
You can revoke your consent at any time with effect for the future by accessing the cookie settings [borlabs-cookie type="btn-cookie-preference" title="Change cookie settings" element="link"/] and changing your selection there. Alternatively, you can click on the blue circle in the bottom left-hand corner of the screen to change your cookie settings. This does not affect the lawfulness of the processing carried out on the basis of your consent until you withdraw it.
You can also prevent the storage of cookies from the outset by configuring your browser software accordingly. However, if you configure your browser to reject all cookies, this may restrict the functionality of this and other websites. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by selecting:
do not give your consent to the setting of cookies or
download and install the browser add-on to deactivate Google Analytics: https://tools.google.com/dlpage/gaoptout?hl=de
You can find more information on the terms of use of Google Analytics and data protection at Google at https://marketingplatform.google.com/about/analytics/terms/de/ and at https://policies.google.com/?hl=de
Google Ads
We use "Google Ads" (formerly Google AdWords) on our website, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as "Google"). Google Ads enables us to draw attention to our attractive offers with the help of advertising material on external websites. This allows us to determine how successful individual advertising measures are. These adverts are delivered by Google via so-called "AdServers". We use so-called AdServer cookies for this purpose, through which certain parameters for measuring success, such as the display of adverts or clicks by users, can be measured. If you access our website via a Google advert, Google Ads will store a cookie on your PC. These cookies generally lose their validity after 30 days. They are not intended to identify you personally. The following information is usually stored as analysis values for this cookie: unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), opt-out information (marking that the user no longer wishes to be addressed). These cookies enable Google to recognise your web browser. If a user visits certain pages of an Ads customer's website and the cookie stored on their computer has not yet expired, Google and the customer can recognise that the user clicked on the ad and was redirected to this page. A different cookie is assigned to each Ads customer. Cookies can therefore not be tracked via the websites of Ads customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical analyses from Google. These analyses enable us to recognise which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material; in particular, we cannot identify users on the basis of this information. Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of Google Ads. To the best of our knowledge, Google receives the information that you have accessed the relevant part of our website or clicked on an advert from us. If you have a user account with Google and are registered, Google can assign the visit to your user account. Even if you are not registered with Google or have not logged in, there is a possibility that Google will find out your IP address and store it.
We use Google Ads for marketing and optimisation purposes, in particular to display ads that are relevant and interesting to you, to improve campaign performance reports and to achieve a fair calculation of advertising costs. The legal basis for the use of Google Ads is your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG.
You can prevent the installation of these cookies by refusing your consent to the storage of these cookies when you enter the website, deleting existing cookies or deactivating the storage of cookies in the settings of your web browser. We would like to point out that in this case you may not be able to use all the functions of our website to their full extent. You can also prevent the storage of cookies by setting your web browser to block cookies from the domain "www.googleadservices.com" (https://www.google.de/settings/ads ). We would like to point out that this setting will be deleted if you delete your cookies. You can also deactivate interest-based adverts via the link http://optout.aboutads.info. Please note that this setting will also be deleted if you delete your cookies.
Information from the third-party provider: Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland
Further information on the use of data by Google, on setting and objection options and on data protection can be found on the following Google websites:
Privacy policy: https://policies.google.com/privacy
Google website statistics: https://services.google.com/sitestats/de.html
Google DoubleClick
A web service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter: DoubleClick) is loaded on our website. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to DoubleClick.
You can prevent the collection and processing of your data by DoubleClick by refusing your consent to this when you enter the website, deactivating the execution of script code in your browser or installing a script blocker in your browser.
The legal basis for the use of Google Double Click is your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG.
The data is deleted as soon as the purpose of its collection has been fulfilled. Further information on the handling of the transferred data can be found in DoubleClick's privacy policy: https://policies.google.com/privacy
A web service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland is loaded on our website. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to Google.
You can prevent the collection and processing of your data by this web service by refusing your consent when entering the website, deactivating the execution of script code in your browser or installing a script blocker in your browser.
The legal basis for the use of this web service is your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG.
The data will be deleted as soon as the purpose of its collection has been fulfilled. Further information on the handling of the transferred data can be found in Google's privacy policy: https://policies.google.com/privacy
Google Fonts
Google Fonts (https://fonts.google.com/ ) are used to visually improve the presentation of various information on this website. The web fonts are transferred to the browser cache when the page is called up so that they can be used for the display.
No cookies are stored on the website visitor's computer when the page is accessed. Data that is transmitted in connection with the page view is sent to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. They are not associated with data that may be collected or used in connection with the parallel use of authenticated Google services such as Gmail.
You can prevent the collection and processing of your data by this web service by refusing your consent when entering the website, deactivating the execution in your browser or installing a script blocker in your browser. If your browser does not support Google Fonts or you prevent access to the Google servers, the text will be displayed in the system's default font.
The legal basis for the use of this web service is your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG.
You can find information about Google Fonts' privacy policy at: https://developers.google.com/fonts/faq#Privacy
General information on data protection can be found in the Google Privacy Centre at: https://policies.google.com/privacy
Google Maps
This site uses the map service Google Maps. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there.
Although the USA is a third country that does not offer an adequate level of data protection, suitable guarantees in the form of EU standard data protection clauses pursuant to Art. 46 para. 2 lit. c GDPR apply here, which were issued by the European Commission in accordance with an examination procedure pursuant to Art. 93 GDPR. These standard data protection clauses can be found, for example, at: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A02010D0087-20161217 (as at 31/03/2021)
The provider of this site has no influence on this data transmission. If Google Maps is activated, Google may use Google Fonts for the purpose of standardising the display of fonts. When you access Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
The use of Google Maps is in the interest of an appealing presentation of our online offers and to make it easy to find the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
Further details can be found here:
https://privacy.google.com/businesses/gdprcontrollerterms/ und
https://privacy.google.com/businesses/gdprcontrollerterms/sccs/
Mehr Informationen zum Umgang mit Nutzerdaten finden Sie in der Datenschutzerklärung von Google:
https://policies.google.com/privacy?hl=de
Gstatic
A web service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter: Gstatic) is loaded on our website. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to Gstatic.
The legal basis for the use of this web service is your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG.
You can prevent the collection and processing of your data by Gstatic by refusing your consent when entering the website, deactivating the execution of script code in your browser or installing a script blocker in your browser.
The data is deleted as soon as the purpose of its collection has been fulfilled. Further information on the handling of the transferred data can be found in Google's privacy policy: https://policies.google.com/privacy
YouTube
On our website, we use plug-ins from the video platform YouTube.de or YouTube.com, a service operated by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA (hereinafter referred to as "YouTube") and represented by Google. Using the plug-ins, we can also embed audio-visual content ("videos") that we have published on Youtube.de and, if applicable, Youtube.com on this website. The videos are all integrated in "extended data protection mode", i.e. no data about you as a user is transferred to YouTube if you do not play the videos. Conversely, this means: Data is only transferred when you play the videos. We have no influence on this data transfer.
When you visit the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under the section "Access data" is transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your YouTube profile, you must log out before activating the button.
The legal basis for the use of YouTube is your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. We have no knowledge of the storage period at YouTube and have no influence on it.
Further information on the purpose and scope of processing by YouTube can be found in the privacy policy at https://policies.google.com/privacy?gl=de
Social-Media-Elemente
Elements of social media are used on this website (e.g. Facebook).
You can usually recognise the social media elements by the respective social media logos.
If you activate the respective social media element by clicking on the corresponding button, a direct connection to the provider's server is established. As soon as you activate the social media element, the respective provider receives the information that you have visited this website with your IP address. If you are logged into your respective social media account (e.g. Facebook) at the same time, the respective provider can assign the visit to this website to your user account.
Elements of the social network Facebook are integrated on this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.
You can find an overview of the Facebook social media elements here: https://developers.facebook.com/docs/plugins/?locale=de_DE
When the social media element is active, a direct connection is established between your end device and the Facebook server. Facebook receives the information that you have visited this website with your IP address. If you click on the Facebook "Like" button while you are logged into your Facebook account, you can link the content of this website to your Facebook profile.
This allows Facebook to associate your visit to this website with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Facebook. Further information on this can be found in Facebook's privacy policy at: https://de-de.facebook.com/privacy/explanation
If consent has been obtained, the above-mentioned service is used on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time. If no consent has been obtained, the service is used on the basis of our legitimate interest in the widest possible visibility in social media.
Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission.
Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum , https://de-de.facebook.com/help/566994660333381 and https://www.facebook.com/policy.php
Our social media presence
Data processing by social networks
We maintain publicly accessible profiles on social networks. The individual social networks we use are listed below.
Social networks such as Facebook, Twitter etc. can generally analyse your user behaviour comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presences triggers numerous data protection-relevant processing operations. In detail:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are logged in or were logged in.
Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.
Legal basis
Our social media presence is intended to ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR).
Responsible party and assertion of rights
If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can assert your rights (information, rectification, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. against Facebook).
Please note that, despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing procedures of the social media portals. Our options are largely determined by the company policy of the respective provider.
Storage duration
The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for its storage no longer applies, you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory provisions - in particular retention periods - remain unaffected.
We have no influence on the storage period of your data that is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).
We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter referred to as "Facebook"). According to Facebook, the data collected is also transferred to the USA and other third countries.
We have concluded an agreement with Facebook on joint processing (Controller Addendum).
This agreement defines which data processing operations we or Facebook are responsible for when you visit our Facebook page. You can view this agreement at the following link:
https://www.facebook.com/legal/terms/page_controller_addendum
You can customise your advertising settings yourself in your user account. To do this, click on the following link and log in:
https://www.facebook.com/settings?tab=ads
Details can be found in Facebook's privacy policy: https://www.facebook.com/privacy/center/
We have a profile on Instagram. The provider is Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA. Details on how they handle your personal data can be found in Instagram's privacy policy: https://privacycenter.instagram.com/
YouTube
We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on how they handle your personal data can be found in YouTube's privacy policy:
https://policies.google.com/privacy?hl=de
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies. If you wish to deactivate LinkedIn advertising cookies, please use the following link:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
We have a profile on Xing. The operator is New Work SE, Am Strandkai 1, 20457 Hamburg, Germany. Details on how they handle your personal data can be found in Xing's privacy policy:
https://privacy.xing.com/de/datenschutzerklaerung
TripAdvisor
We have a profile on TripAdvisor. The operator is TripAdvisor LLC, 400 1st Avenue, Needham, MA 02494 USA. Details on how they handle your personal data can be found in TripAdvisor's privacy policy: https://tripadvisor.mediaroom.com/de-privacy-policy
Name und Anschrift des Verantwortlichen:
The controller within the meaning of the EU General Data Protection Regulation (GDPR), other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is the:
Privathotel Lindtner Hamburg GmbH
Heimfelder Straße 123
21075 Hamburg
Telephone: +49 (0) 40 79009-0
Telefax: +49 (0) 40 79009-482
E-Mail: info@lindtner.com
Regional Management:
Heidrun Lindtner-Thies-Lembcke
Konditorei Lindtner Hamburg GmbH
Heimfelder Straße 123
21075 Hamburg
Telephone: +49 (0) 40 480600-0
Telefax: +49 (0) 40 480600-20
E-Mail: info@konditorei-lindtner.de
Regional Management:
Brunhild Bruns, Heidrun Lindtner-Thies-Lembcke
Lindtner SPA & Beauty
Owner/operator: Frank Liebermann
Heimfelder Straße 123
21075 Hamburg
Telephone: +49 (0) 40 79009-370
E-Mail: gl@spa-lindtner.com
Contact person:
Grit Liebermann
Name and address of the data protection officer:
SHIELD GmbH
Martin Vogel
Ohlrattweg 5
25497 Prisdorf
Telephone: +49 (0) 4101 80 50 600
E-Mail: info@shield-datenschutz.de
Hamburg, August 2023
Changes to the privacy policy
We reserve the right to change our data protection practices and this data protection declaration in order to adapt them to changes in relevant laws or regulations or to better meet your needs. Possible changes to our data protection practices will be announced here accordingly. Please note the current version date of the privacy policy.
