Data protection - Boutique-Hotel Stadtvilla Hodes

Data protection declaration according to the GDPR for www.boutique-hotel-fulda.de

1.Name and Address of the Data Controller

In terms of the General Data Protection Regulation and other national data protection laws of the EU member states and other data protection-related regulations, the data controller is:

Boutique-Hotel Stadtvilla Hodes
Peterstor 14
36037 Fulda
Germany

Tel: +49 661 728 62
Email: info[at]boutique-hotel-fulda.de
Website: www.boutique-hotel-fulda.de

2. Name and Address of the Data Protection Officer

The data protection officer responsible is:

Nicole Winkelmann
Peterstor 14
36037 Fulda
Germany

Tel: +49 661 728 62
Email: datenschutz[at]boutique-hotel-fulda.de

3. General Data Processing Information

1. Extent to which personal data is processed

We only ever collect and use personal data of our users to the extent to which this is necessary to provide a fully functional website and our contents and services. The regular collection and use of personal data of our users is only ever made with the user’s consent. One exception to this rule applies in cases in which, for factual reasons, it is not possible to obtain the user’s prior consent, and the processing of this data is permitted by law.

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject to process his or her personal data, Art. 6 para. 1 p. 1 point a of the EU General Data Protection Regulation (GDPR) shall serve as the legal basis for the processing of personal data.
Art. 6 para. 1 p. 1 point b of the GDPR shall serve as the legal basis for the processing of personal data necessary for the performance of a contract to which the data subject is party. This shall also apply to processing necessary for the performance of pre-contractual measures.

Insofar as the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 para. 1 p. 1 point c of the GDPR shall serve as the legal basis.
Should it be necessary to process personal data in order to protect the vital interests of the data subject or another natural person, Art. 6 para. 1 p. 1 point d of the GDPR shall serve as the legal basis.

Should processing be necessary to protect the legitimate interests of our company or a third party and such interests are not overridden by the interests, fundamental rights and freedoms of the data subject, then Art. 6 para. 1 p. 1 point f of the GDPR shall serve as the legal basis for processing.

3. Data erasure and storage period

The personal data of the data subject will be deleted or blocked as soon as the purpose for which it has been saved ceases to apply. Further, data may also be stored if provided for by European or national legislators in Union directives, laws or other regulations, to which the data controller is subject. The data will also be deleted or blocked at such time as the storage period prescribed by the designated standards expires, unless it is necessary for the data to be stored for a further period for the conclusion or performance of a contract.

4. Provision of the Website and Creation of Log Files

1. Description and extent of data processing

Every time our website is accessed, our system automatically acquires data and information from the computer system of the calling computer.

The following data is collected:

(1) The user’s IP address
(2) Date and time of access
(3) Website visited
(4) Quantity of data sent in bytes
(5) Source/link from which you accessed the website
(6) Browser used
(7) Operating system used

The data is also stored in the log files of our system. This data is not stored with other personal data of the user.

2. Legal basis for data processing

Art. 6 para. 1 p. 1 point f of the GDPR is the legal basis for the temporary storage of the data and the log files.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary in order to be able to deliver the website to the user’s computer. To this end, the user’s IP address must be stored for the duration of the session.
Data is stored in log files to ensure that the website functions properly. In addition, the data serves to optimize the website and to guarantee the security of our IT systems. No data evaluation is carried out for marketing purposes in this context.
These purposes are also in our legitimate interests in data processing under Art. 6 para. 1 p. 1 point f of the GDPR.

4. Storage duration

Data is deleted as soon as it is no longer needed for the purpose for which it was collected. In the case of data being collected in order to make the website available, this is the case when the session is terminated.

In the case of data stored in log files, this is the case after a maximum of seven days. Storage beyond this point in time is possible. In this case, the user’s IP address will be deleted or distorted, so that it can no longer be attributed to the accessing client.

5. Right to object and right of elimination

Data acquisition is essential for the provision of the website and the storage of data in log files is essential for operating the website. The user therefore has no right to object.

5. USE OF COOKIES

1. Description and extent of data processing

Our website makes use of cookies. Cookies are text files stored on the user’s computer system in or by the Internet browser. If a user accesses a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic character string that enables the browser to be clearly identified the next time the website is accessed.

We use cookies to make our website more user-friendly. Some elements of our website require the accessing browser to be identified if the user changes from one page to another.

The following data is stored and transmitted in the cookies:
(1) The user’s IP address
(2) Date and time of access
(3) Login information
(4) Amount of data transferred
(5) Enquiring domain

On our website, we also use cookies which make it possible to analyse the user’s surfing habits.

The following data can be transmitted in this way:
(1) Equipment type, model, brand, screen resolution
(2) Operating system, versions, families
(3) Browser, version, configuration, engines, plugins, language, language code
(4) Location data
(5) Provider details
(6) Pages per visit, number of visits, repeat visits, time of visit, date of visit
(7) Entry pages, exit pages, page URL, title of page, search items, downloads
(8) Search engines, search item, websites, social networks
(9) Campaigns, campaign key word

When accessing our website, the user is informed that functional cookies are used, as are cookies for analysis and marketing purposes, and a Cookie Consent Manager is used to obtain his or her consent to the processing of the personal data used in this respect. Information regarding this data privacy statement is also issued in this context.
Detailed information on how the individual cookies work, information on how long they function and details of whether third parties have access to these cookies can also be found in the Cookie Consent Manager. You can access the Cookie Consent Manager any time by clicking the corresponding button in the footer of our website.

2. Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 p. 1 point f of the GDPR.
The legal basis for the processing of personal data using functional cookies and cookies for analysis and marketing purposes is Art. 6 para. 1 p. 1 point a of the GDPR along with the analogous provisions in accordance with the applicable data protection legislation.

3. Purpose of data processing

Depending on their intended use and function, we divide cookies into the following categories:

a) Technically necessary cookies
Technically necessary cookies guarantee functions without which our website cannot be be put to its intended use. These cookies are used exclusively by us, i.e. they are first party cookies. This means that all information stored in the cookies is returned to our website. Technically necessary cookies are used, for example, to ensure that users who have logged in always remain logged in when accessing various sub-pages of our website, and so do not have to re-enter login data every time they access a new page.
It is possible and permissible to use technically necessary cookies on our website without first obtaining consent. For this reason, individual technically necessary cookies cannot be activated or deactivated. These purposes are also in our legitimate interests in the processing of personal data under Art. 6 para. 1 p. 1 point f of the GDPR. Our interest in ensuring the unobstructed provision of our website and the services it offers prevails.

b) Functional cookies
Functional cookies enable our website to store information that has already been input (such as registered name, language selection or a user’s location) and, on the basis of this information, offer improved and more personalised functions. The way in which these cookies collect and store data ensures that user behaviour on other websites cannot be tracked.

c) Performance cookies
In order to improve the website’s attractiveness, content and functionality, performance cookies collect aggregated information about how it is used. These cookies help us to determine whether, how often and how long which website subpages are visited and what content is of particular interest to users.
These cookies do not store any information that would allow the user to be identified. The information collected is aggregated, and does not allow us to directly identify the individual. The only purpose it serves is to compile statistics in order to better tailor the content of our website to the needs of our users, to improve user experience, and to optimise our range of services.

d) Marketing cookies
Marketing cookies come from external advertising companies (third party cookies) and are used to collect information about the websites visited by the user, to create targeted advertising for the user, and to display advertisements based on the user’s interests. They are also used to limit the frequency with which an advertisement appears, and to measure the effectiveness of advertising campaigns. This information may be shared with third parties, advertisers for instance.

4. Storage duration, right to object and right of elimination

Cookies are stored on the user’s computer, from which they are transmitted to our website. As the user, you therefore have complete control over the use of cookies.
Even if you have consented to the use of cookies, you can revoke your consent at any time, with future effect. Please use one of the following options to do this:

You can inform us that you wish to withdraw your consent or change your settings in our Cookie Consent Manager, which can be accessed at any time via the website.
You can prevent cookies from being stored by adjusting your browser software accordingly; we would, however, like to draw your attention to the fact that if you do so, this might possibly result in your not being able to use all the functions offered on this website to the full.
Cookies which have already been stored can be removed from your settings at any time. This can also be done automatically.
Further, you can prevent the collection of data generated by the cookie and relating to your use of our websites (including your IP address) to Google and the processing of this data by downloading and installing the plug-in available for your browser.
You can also use the tools developed as part of self-regulation programs in many countries, e.g. https://www.aboutads.info/choices/ (USA) or http://www.youronlinechoices.com/uk/your-ad-choices (EU), to manage marketing cookies.

6. CONTACT FORM AND E-MAIL CONTACT

1. Description and extent of data processing

There is a contact form on our website, and this can be used to contact us online. Should a user make use of this option, the data entered in the input mask is transmitted to us and stored. The following data is mandatory:

(1) Your name
(2) Email address

The following optional data may also be supplied:
(3) Subject
(4) Your Message

The following data is also stored at the time the message is sent:

(5) The user’s IP address
(6) Date and time of registration

Your consent to the processing of this data will be requested and reference made to this data privacy statement when you send your message.

Alternatively, an e-mail address is also provided, if you prefer to contact us this way. In this case, the personal data of the user transmitted with the e-mail is stored.
In this respect, there is no disclosure of data to third parties. Such data is used solely to process the communication.

2. Legal basis for data processing

The legal basis for the processing of data, provided the user’s consent has been obtained, is Art. 6 para. 1 p. 1 point a of the GDPR.

The legal basis for the processing of data collected when an e-mail is being sent is Art. 6 para. 1 p. 1 point f of the GDPR. If the point of the e-mail contact is to enter into a contract, then Art. 6 para. 1 p. 1 point b of the GDPR will serve as an additional legal basis for processing.

3. Purpose of data processing

The sole reason for processing personal data from the input mask is to enable us to handle communication with you. If contact is established by e-mail, this also establishes a legitimate interest in processing the data.
The other personal data collected when the message is sent serve to guarantee the security of our IT systems.

4. Storage duration

Data is deleted as soon as it is no longer needed for the purpose for which it was collected. For personal data from the input mask of the contact form and data transmitted by e-mail, this is the case when a particular communication with the user is finished. Communication is finished when circumstances indicate that the matter concerned has been fully resolved.
The additional personal data collected while the message is being sent will be deleted after a period of no more than seven days has elapsed.

5. Right to object and right of elimination

The user has the right to withdraw his or her consent to the processing of the personal data at any time. If the user contacts us by e-mail, he or she can object to the storage of his or her personal data at any time. If this is the case, then the communication cannot be continued. In this case, all personal data collected as a result of contact being made will then be erased.

7. USE OF GOOGLE WEB FONTS

1. Description and extent of data processing

We use the web fonts provided by Google and downloaded to our local server to ensure that font types are shown consistently. To this end, the required web fonts are loaded into your browser cache so that texts and fonts are displayed correctly. If your browser does not support web fonts, a default font from your computer is used.

No cookies are set when you call up the page. Also, no direct connection to Google’s servers is established, as the fonts are integrated locally into our website.

2. Legal basis for data processing

Due to our legitimate interest in fonts being shown consistently, Art. 6 para. 1 p. 1 point f of the GDPR is the legal basis for processing.

3. Purpose of data processing

Google Web Fonts is a freely available library of over 800 fonts. Google Web Fonts allows us to present our website to the user in an attractive design and in the same quality across all devices. This is the only way of making it technically possible for all visitors to our homepage to have a consistent and pleasant user experience.
This is also a legitimate interest within the meaning of Art. 6 para. 1 p. 1 point f of the GDPR.

4. Storage duration, right to object and right of elimination

Data is stored for as long as it is needed for the purpose for which it was collected. You have the option of objecting to the use by changing your browser settings.

8. ONLINE PRESENCE IN SOCIAL MEDIA

We maintain online presences within social networks in order to communicate with any customers, interested parties and users active there, and to inform them about our services. In this context, only simple links are used, or only social media plug-ins that do not establish any connection to the network in question when the page is loaded. This is the difference between the social media plug-ins used here and the the widespread Like buttons, which transmit data to the social networks as soon as the page is loaded, without the button having to be clicked. Additional information on the processing of data can be found in the following social media data privacy statement.

9. RIGHTS OF DATA SUBJECT

If personal data concerning you is processed, you are the data subject as defined in the GDPR, and have the following rights against the data controller:

1. Right to be informed

Within the scope of Art. 15 of the GDPR, you can ask the controller to provide you with confirmation as to whether or not personal data concerning you is processed by us.
If such processing is being undertaken, you can ask the controller to provide you with information concerning the following:

The purposes for which the personal data is processed;
The personal data categories which are processed;
The recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;
The planned storage duration of the personal data concerning you or, if it is not possible to provide concrete information on this point, criteria for defining the storage duration;
The existence of a right to correct or delete the personal data concerning you, a right to limit processing by the controller, or a right to object to such processing;
The existence of a right to lodge a complaint with a supervisory authority;
All available information concerning the origin of the data, if the personal data was not acquired from the data subject him or herself;
The existence of automated decision-making and profiling in accordance with Art. 22 para. 1 and 4 of the GDPR and – at least in these cases – meaningful information on the logic involved and the implications and intended impact of such processing for the data subject.

You have the right to request information on whether or not the personal data concerning you is transmitted to a third country or international organization. In this context, you may ask for information on appropriate guarantees in accordance with Art. 46 of the GDPR relating to the transmission of data.

2. Right to rectification

Within the scope of Art. 16 of the GDPR, you have a right to have the controller correct or complete any personal data concerning you which, having been processed, is either incorrect or incomplete. The data controller must carry out any corrections without undue delay.

3. Right to restrict processing

Within the scope of Art. 18 of the GDPR, and subject to the following conditions, you can request that processing of the personal data concerning you be restricted:

If you dispute the accuracy of the personal data concerning you for a period which allows the controller to check the accuracy of the personal data;
The processing is unlawful and you refuse deletion of the personal data, instead requesting that use of the personal data be restricted;
The controller no longer needs the personal data for processing purposes, but you need it in order to establish, exercise or defend legal claims, or
If you have filed an objection to the processing of the data in accordance with Art. 21 para. 1 of the GDPR, and it is not yet clear whether the legitimate reasons of the controller outweigh your reasons.

If the processing of the personal data concerning you has been restricted, then, storage aside, this data may only be processed with your consent, or to establish, exercise or defend legal claims, or to protect the rights of another natural or legal person, or for reasons of substantial public interest on the basis of Union or Member State law.

If restriction of the processing has been restricted under the above-mentioned conditions, you will be informed by the controller before the restriction is lifted.

4. Right to deletion

a) Obligation to delete

Within the scope of Art. 17 of the GDPR, you can ask the controller to delete the personal data concerning you without undue delay, and the controller is obliged to delete this data without delay if one of the following reasons applies:

The personal data concerning you is no longer needed for the purposes for which it was collected or otherwise processed.
You revoke your consent, which served as the basis for processing in accordance with Art. 6 para. 1 point a or Art. 9 para. 2 point a of the GDPR, and there is no other legal basis for the processing.
You file an objection to processing in accordance with Art. 21 para. 1 of the GDPR, and there are no overriding legitimate reasons for the processing, or you file an objection to processing in accordance with Art. 21 para. 2 of the GDPR.
The personal data concerning you has been unlawfully processed.
Deletion of the personal data concerning you is necessary in order to ensure compliance with a legal obligation under Union or Member State law to which the data controller is subject.
The personal data concerning you has been acquired in relation to the offer of information society services in accordance with Art. 8 para. 1 of the GDPR.

b) Information to third partiese

If the controller has made the personal data concerning you public, and is obliged to delete such data in accordance with Art. 17 para. 1 of the GDPR, then, taking into account the technologies available and implementation costs, he – the controller – applies appropriate measures, which may also be of a technical nature, to inform the people responsible for processing personal data that, as the data subject, you have requested that they should delete all links to this personal data as well as all copies or replications of this personal data.

c) Exceptions

The data subject does not have the right to have his or her data deleted if processing is necessary

to exercise the rights to freedom of expression and freedom of information;
to comply with a legal obligation calling for processing on the basis of Union or Member State law to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the field of public health in accordance with Art. 9 para. 2 points h and i and Art. 9 para. 3 of the GDPR;
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 of the GDPR, insofar as the right set out in section a) is likely to render impossible or seriously impair the achievement of the purposes of this processing, or
to establish, exercise or defend legal claims..

5. Right to information

If you have exercised your right to have the controller correct, delete or restrict the processing of your data, then the controller is obliged to inform all recipients to whom the personal data concerning you has been disclosed of such correction or deletion of the data or restriction of the processing, unless it proves impossible to do so or would involve unreasonable expense and effort.

You are entitled to have the controller inform you of these recipients.

6. Right to data portability

Within the scope of Art. 20 of the GDPR, you have the right to receive the personal data concerning you with which you have provided the controller in a structured, commonly used and machine-readable format. Further, you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, providing that

the processing is based on consent in accordance with Art. 6 para. 1 p. 1 point a of the GDPR or Art. 9 para. 2 point a of the GDPR or on a contract in accordance with Art. 6 para. 1 p. 1 point b of the GDPR, and
the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of others.

The right to data portability does not apply to processing of personal data for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

Within the scope of Art. 21 of the GDPR, you have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Art. 6 para. 1 p. 1 point e or f of the GDPR; this also applies to profiling based on these provisions.

The controller will no longer process the personal data concerning you unless the controller can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves to establish, exercise or defend legal claims.

If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this also applies to profiling, insofar as it is related to such direct marketing.

Should you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.

In the context of the use of information society services – notwithstanding Directive 2002/58/EG – you are entitled to exercise your right to object by automated means using technical specifications.

8. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy in accordance with Art. 78 of the GDPR.

Cookie	Duration	Purpose
wordpress_test_cookie	session	Checks whether the browser accepts cookies.
mphb_session	1 h	Saves the user's data in order to be able to carry out the booking process.
moove_gdpr_popup	14 days	Saves the cookie settings specified by the user for 14 days. After that, these must be redefined.
PHPSESSID	session	Cookie from PHP (programming language), PHP data identifier. Contains only a reference to the current session. No information is stored in the user's browser and this cookie can only be used by the current online presence. This cookie is mainly used in forms to increase user friendliness. Data entered in forms is e.g. B. briefly saved when there is an input error by the user and the user receives an error message. Otherwise all data would have to be entered again. Click here for more information about php's use of cookies to learn.