Your trust is important to us. Therefore as the user of our website you always have the right to obtain information about the data stored about you, its origins and recipients as well as the purpose of storage. If you have any questions regarding data protection on our website please contact firstname.lastname@example.org.
The controller for the purposes of the General Data Protection Regulation and other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
Schloss Burgbrohl GmbH
Auf der Burg 1
Tel.: 02636 800140
We only collect and use the personal data of our users insofar as this is necessary to provide a functional website as well as our contents and services. The collection and use of the personal data of our users takes place regularly only with the consent of the user. An exception applies in such cases where prior consent cannot be obtained for practical reasons and the processing of the data is permitted by law.
Point (a) of Article 6(1) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data insofar as we obtain the consent of the data subject for processing operations containing personal data. Point (b) of Article 6(1) of the GDPR serves as the legal basis in the processing of personal data necessary for the performance of a contract to which the data subject is a party. This also applies to processing operations necessary for the implementation of pre-contractual measures. Point (c) of Article 6(1) of the GDPR serves as the legal basis insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject. Point (d) of Article 6(1) of the GDPR serves as the legal basis in the event that the vital interests of the data subject or of another natural person require the processing of personal data. Point (f) of Article 6(1) of the GDPR serves as the legal basis if processing is required to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest.
The personal data of the data subject shall be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data shall also be blocked or deleted if a storage period prescribed by the aforementioned standards expires unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
Our system automatically collects data and information from the computer system of the calling computer every time our website is visited. The following data is collected: the IP address of the user as well as the date and time of access.
Point (f) of Article 6(1) of the GDPR serves as the legal basis for the temporary storage of data and log files.
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the computer of the user. For this the IP address of the user must remain stored for the duration of the session. In addition the data is used to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context. These purposes also include our legitimate interest in data processing in accordance with point (f) of Article 6(1) of the GDPR.
The data shall be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. This is the case when the respective session has ended e.g. when the data has been collected for the provision of the website.
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Therefore there is no possibility of objection on the part of the user.
Point (f) of Article 6(1) of the GDPR serves as the legal basis for the processing of personal data by using cookies.
Point (a) of Article 6(1) of the GDPR serves as the legal basis for processing data after registering for the newsletter by the user with the consent of the user. The newsletter is sent out for registered users only.
The email address of the user is collected in order to send the newsletter. Collecting other personal data as part of the registration process serves to prevent misuse of the services or the email address used.
The data shall be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. The email address of the user shall therefore be stored for as long as the subscription to the newsletter is active. The other personal data collected during the registration process shall generally be deleted after a period of seven days.
The subscription to the newsletter can be cancelled by the respective user at any time. There is a corresponding link in every newsletter for this purpose. This also makes it possible to revoke the consent to the storage of personal data collected during the registration process.
You can book your room directly online on our website. In this process, the platform dirs21.de (Provider: TourOnline AG, Borsigstr. 26, D-73249 Wernau) collects the following personal data of all guests:
- Residential address
- E-mail address
- Payment details (Bank account/Credit Card Information)
- IP Adress and access time
Optional the following additional information can be given:
- Phone/Mobile number
In case of the conclusion of a travel cancellation insurance via the registration platform the aforementioned data is sent to AWP P&C S.A (Bahnhofstr. 16, D-85609 Aschheim).
Point (a) of Article 6(1) of the GDPR serves as the legal basis for processing data if the user has given his or her consent. Point (f) of Article 6(1) of the GDPR serves as the legal basis for processing data which was transmitted in the course of sending an email. Point (b) of Article 6(1) of the GDPR serves as an additional legal basis for the processing if the email contact is aimed at the conclusion of a contract.
The processing of the personal data from the input mask serves us for the sole purpose of processing the room booking. Contact by email also constitutes the necessary legitimate interest in the processing of the data. The other personal data processed during the submission process serves to prevent misuse of the booking form and to ensure the security of our information technology systems.
The data shall be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. The additional personal data (IP address and time of transmission) collected during the submission process shall be deleted after a period of seven days at the latest.
The user has the possibility to withdraw his or her consent to the processing of his or her personal data at any time (e.g. by email to email@example.com). The user can object to the storage of his or her personal data at any time if he or she contacts us by email. The booking cannot be continued in such a case. All the personal data stored in the course of contacting us shall be deleted in this case.
You are the data subject according to the GDPR if your personal data is processed and you have the following rights against the controller:
You can ask the controller to confirm whether personal data concerning you is being processed by us. You can request the following information from the controller if such processing has taken place:
(1) the purposes for which the personal data is processed;
(2) the categories of personal data processed;
(3) the recipients or categories of recipients to whom the personal data concerning you have been or shall be disclosed;
(4) the envisaged period for which the personal data concerning you shall be stored, or, if specific information on this is not possible, the criteria used to determine the storage period;
(5) the existence of a right to have the personal data concerning you rectified or erased, a right to have the processing restricted by the controller or a right to object to such processing;
(6) the existence of a right to lodge a complaint with a supervisory authority;
(7) all available information as to the source of the data where the personal data is not collected from the data subject;
(8) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organisation. Where this is the case you have the right to be informed of the appropriate safeguards pursuant to Article 46 of the GDPR relating to the transfer.
You have the right to obtain rectification and / or completion from the controller where the personal data processed concerning you is incorrect or incomplete. The controller shall make the rectification without delay.
You can request the restriction of the processing of personal data concerning you under the following conditions:
(1) if you dispute the accuracy of the personal data concerning you for a period of time which enables the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of the use of the personal data instead;
(3) the controller no longer needs the personal data for the purposes of the processing but you require them for the establishment, exercise or defence of legal claims; or
(4) if you have objected processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller outweigh your grounds.
Where the processing of personal data concerning you has been restricted, such data shall, with the exception of their storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If the restriction of processing has been limited according to the above conditions, you shall be informed by the controller before the restriction is lifted.
You shall have the right to obtain from the controller without delay the erasure of personal data concerning you, also the controller shall have the obligation to erase this data where one of the following grounds applies:
(1) The personal data concerning you is no longer necessary in relation to the purposes for which they were collected or otherwise processed.
(2) You withdraw consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) of the GDPR and where there is no other legal ground for the processing.
(3) You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing or you object to the processing pursuant to Article 21(2) of the GDPR.
(4) The personal data concerning you has been unlawfully processed.
(5) The personal data concerning you has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
(6) The personal data concerning you has been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
The right to erasure does not apply insofar as processing is necessary
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) of the GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR insofar as the right referred to in section (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.
Information to third parties
Information is not passed to third parties.
If you have exercised your right to have the controller rectify, erase or restrict the processing, the controller is obliged to inform all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort. You shall have the right to be informed of such recipients with respect to the controller.
You shall have the right to receive the personal data concerning you which you provided to the controller, in a structured, commonly used and machine-readable format. Furthermore you have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where:
(1) the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR or on a contract pursuant to point (b) of Article 6(1) of the GDPR; and
(2) the processing is carried out by automated means.
In exercising this right you shall also have the right to have the personal data concerning you transmitted directly from one controller to another controller insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this. The right to data portability does not apply to processing personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) of the GDPR including profiling based on those provisions. The controller shall no longer process the personal data concerning you unless the controller can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or processing is used for the establishment, exercise or defence of legal claims. Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is associated with such direct marketing. If you are object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You may exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
You shall have the right to withdraw your data protection consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Without prejudice to any other administrative or judicial remedy you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of the personal data concerning you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.