Privacy policy

Your trust is important to us. Therefore as the user of our website you always have the right to obtain information about the data stored about you, its origins and recipients as well as the purpose of storage. If you have any questions regarding data protection on our website please contact privacy@schloss-burgbrohl.de.

I. Name and address of the controller

The controller for the purposes of the General Data Protection Regulation and other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:

Schloss Burgbrohl GmbH
Auf der Burg 1
56659 Burgbrohl
Deutschland
Tel.: 02636 800140
E-Mail: info@schloss-burgbrohl.de
Website: www.schloss-burgbrohl.de

II. Address of the data protection officer

Schloss Burgbrohl GmbH
Auf der Burg 1
56659 Burgbrohl
Deutschland
Tel.: 02636 800140
E-Mail: privacy@schloss-burgbrohl.de

III. Data processing in general

a) Scope of personal data processing

We only collect and use the personal data of our users insofar as this is necessary to provide a functional website as well as our contents and services. The collection and use of the personal data of our users takes place regularly only with the consent of the user. An exception applies in such cases where prior consent cannot be obtained for practical reasons and the processing of the data is permitted by law.

b) Legal basis for the processing of personal data

Point (a) of Article 6(1) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data insofar as we obtain the consent of the data subject for processing operations containing personal data. Point (b) of Article 6(1) of the GDPR serves as the legal basis in the processing of personal data necessary for the performance of a contract to which the data subject is a party. This also applies to processing operations necessary for the implementation of pre-contractual measures. Point (c) of Article 6(1) of the GDPR serves as the legal basis insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject. Point (d) of Article 6(1) of the GDPR serves as the legal basis in the event that the vital interests of the data subject or of another natural person require the processing of personal data. Point (f) of Article 6(1) of the GDPR serves as the legal basis if processing is required to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest.

c) Data erasure and storage period

The personal data of the data subject shall be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data shall also be blocked or deleted if a storage period prescribed by the aforementioned standards expires unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

IV. Provision of the website and creation of log files

a) Description and scope of the data processing

Our system automatically collects data and information from the computer system of the calling computer every time our website is visited. The following data is collected: the IP address of the user as well as the date and time of access.

b) Legal basis for the data processing

Point (f) of Article 6(1) of the GDPR serves as the legal basis for the temporary storage of data and log files.

c) Purpose of the data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the computer of the user. For this the IP address of the user must remain stored for the duration of the session. In addition the data is used to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context. These purposes also include our legitimate interest in data processing in accordance with point (f) of Article 6(1) of the GDPR.

d) Storage period

The data shall be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. This is the case when the respective session has ended e.g. when the data has been collected for the provision of the website.

e) Possibility of objection and erasure

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Therefore there is no possibility of objection on the part of the user.

V. Use of cookies

a) Description and scope of the data processing

Our website uses cookies. Cookies are text files which are stored in the Internet browser or by the Internet browser on the computer system of the user. A cookie may be stored on the operating system of the user when a user visits a website. This cookie contains a characteristic string of characters which enables a unique identification of the browser when the website is called up again.

We use cookies to make our website more user friendly. Some elements of our website require that the calling browser can be identified even after a page change. The following data is stored and transmitted in the cookies: the session ID as well as the pages visited within the "schloss-burgbrohl.de" domain during this session. Furthermore we use cookies on our website which makes it possible to analyse the surfing behaviour of the user. The following data can thus be transmitted: search terms entered, the frequency of page views, the use of website functions as well as the date and time of the visit. The user data collected in this way is pseudonymised by technical measures. Therefore it is no longer possible to assign the data to the calling user. The data shall not be stored together with other personal user data. When visiting our website a banner informs the user of the use of cookies for analytical purposes and refers the user to this privacy policy. It is also pointed out in this context that the storage of cookies can be prevented in the browser settings. The analysis can be stopped and deleted at any time on this page. You can deactivate or delete cookies in your browser settings. Deactivating cookies can result in our website not functioning as intended.

 

b) Legal basis for the data processing

Point (f) of Article 6(1) of the GDPR serves as the legal basis for the processing of personal data by using cookies.

c) Purpose of the data processing

We use Matomo software (https://matomo.org) in order to optimise the user experience on our website. We can measure and evaluate user behaviour (clicks, length of stay, etc.) on our website using the Matomo software. This makes it possible for us to adapt the contents of our website even better to the needs of our visitors. We use cookies on the end devices of the visitors for this purpose and can store the data about user behaviour specified in section (a) on an anonymous basis. No conclusions can be drawn about the visitor by making the IP address anonymous. The data is only processed on our servers in Germany and no data is passed on to third parties. You can withhold consent subsequently if you do not agree to the evaluation of your data. In this case an opt-out cookie is stored and no data from your visit shall be collected or processed. Alternatively you can prevent the use of cookies in your browser settings. Please note that an opt-out cookie can no longer be set in this case. The opt-out cookie must also be activated again if you delete all the cookies in your browser. These purposes also include our legitimate interest in the processing of personal data in accordance with point (f) of Article 6(1) of the GDPR.

d) Duration of storage / possibility of objection and erasure

Cookies are stored on the computer of the user and transmitted from there to our site. Therefore you as the user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies which have already been stored can be deleted at any time. This can also be carried out automatically. It may no longer be possible to use all the functions of the website in full if cookies are deactivated for our website.

VI. Newsletter

a) Description and scope of the data processing

It is possible to subscribe to a free newsletter on our website. The data from the input mask is transmitted to us when registering for the newsletter: the date and time of the registration as well as the email address of the user. The user is free, in order to classify the enquiry, to specify his or her name, the actual country, the company on whose behalf the enquiry is being sent, his or her position within the company and a telephone number. Your consent will be obtained in order to process the data as part of the registration process and this privacy policy shall be referred to. Data is not be passed on to third parties in connection with the data processing for sending newsletters. The data is used exclusively for sending the newsletter.

b) Legal basis for the data processing

Point (a) of Article 6(1) of the GDPR serves as the legal basis for processing data after registering for the newsletter by the user with the consent of the user. The newsletter is sent out for registered users only.

c) Purpose of the data processing

The email address of the user is collected in order to send the newsletter. Collecting other personal data as part of the registration process serves to prevent misuse of the services or the email address used.

d) Storage period

The data shall be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. The email address of the user shall therefore be stored for as long as the subscription to the newsletter is active. The other personal data collected during the registration process shall generally be deleted after a period of seven days.

e) Possibility of objection and erasure

The subscription to the newsletter can be cancelled by the respective user at any time. There is a corresponding link in every newsletter for this purpose. This also makes it possible to revoke the consent to the storage of personal data collected during the registration process.

VII. Booking form and email contact

a) Description and scope of the data processing

You can book your room directly online on our website. In this process, the platform dirs21.de (Provider: TourOnline AG, Borsigstr. 26, D-73249 Wernau) collects the following personal data of all guests:

- Name
- Residential address
- E-mail address
- Payment details (Bank account/Credit Card Information)
- IP Adress and access time

Optional the following additional information can be given:

- Salutation
- Title
- Company
- Phone/Mobile number
- Fax
In case of the conclusion of a travel cancellation insurance via the registration platform the aforementioned data is sent to AWP P&C S.A (Bahnhofstr. 16, D-85609 Aschheim).

b) Legal basis for the data processing

Point (a) of Article 6(1) of the GDPR serves as the legal basis for processing data if the user has given his or her consent. Point (f) of Article 6(1) of the GDPR serves as the legal basis for processing data which was transmitted in the course of sending an email. Point (b) of Article 6(1) of the GDPR serves as an additional legal basis for the processing if the email contact is aimed at the conclusion of a contract.

c) Purpose of the data processing

The processing of the personal data from the input mask serves us for the sole purpose of processing the room booking. Contact by email also constitutes the necessary legitimate interest in the processing of the data. The other personal data processed during the submission process serves to prevent misuse of the booking form and to ensure the security of our information technology systems.

d) Storage period

The data shall be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. The additional personal data (IP address and time of transmission) collected during the submission process shall be deleted after a period of seven days at the latest.

e) Possibility of objection and erasure

The user has the possibility to withdraw his or her consent to the processing of his or her personal data at any time (e.g. by email to privacy@schloss-burgbrohl.de). The user can object to the storage of his or her personal data at any time if he or she contacts us by email. The booking cannot be continued in such a case. All the personal data stored in the course of contacting us shall be deleted in this case.

VIII. Rights of the data subject

You are the data subject according to the GDPR if your personal data is processed and you have the following rights against the controller:

a) Right to information

You can ask the controller to confirm whether personal data concerning you is being processed by us. You can request the following information from the controller if such processing has taken place:

(1) the purposes for which the personal data is processed;

(2) the categories of personal data processed;

(3) the recipients or categories of recipients to whom the personal data concerning you have been or shall be disclosed;

(4) the envisaged period for which the personal data concerning you shall be stored, or, if specific information on this is not possible, the criteria used to determine the storage period;

(5) the existence of a right to have the personal data concerning you rectified or erased, a right to have the processing restricted by the controller or a right to object to such processing;

(6) the existence of a right to lodge a complaint with a supervisory authority;

(7) all available information as to the source of the data where the personal data is not collected from the data subject;

(8) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organisation. Where this is the case you have the right to be informed of the appropriate safeguards pursuant to Article 46 of the GDPR relating to the transfer.

b) Right to rectification

You have the right to obtain rectification and / or completion from the controller where the personal data processed concerning you is incorrect or incomplete. The controller shall make the rectification without delay.

c) Right of restriction of processing

You can request the restriction of the processing of personal data concerning you under the following conditions:

(1) if you dispute the accuracy of the personal data concerning you for a period of time which enables the controller to verify the accuracy of the personal data;

(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of the use of the personal data instead;

(3) the controller no longer needs the personal data for the purposes of the processing but you require them for the establishment, exercise or defence of legal claims; or

(4) if you have objected processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller outweigh your grounds.

Where the processing of personal data concerning you has been restricted, such data shall, with the exception of their storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If the restriction of processing has been limited according to the above conditions, you shall be informed by the controller before the restriction is lifted.

d) Right to erasure (Right to be forgotten)

Erasure obligation

You shall have the right to obtain from the controller without delay the erasure of personal data concerning you, also the controller shall have the obligation to erase this data where one of the following grounds applies:

(1) The personal data concerning you is no longer necessary in relation to the purposes for which they were collected or otherwise processed.

(2) You withdraw consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) of the GDPR and where there is no other legal ground for the processing.

(3) You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing or you object to the processing pursuant to Article 21(2) of the GDPR.

(4) The personal data concerning you has been unlawfully processed.

(5) The personal data concerning you has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

(6) The personal data concerning you has been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

Exceptions:

The right to erasure does not apply insofar as processing is necessary

(1) for exercising the right of freedom of expression and information;

(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) of the GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR insofar as the right referred to in section (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

(5) for the establishment, exercise or defence of legal claims.

Information to third parties

Information is not passed to third parties.

e) Right to information

If you have exercised your right to have the controller rectify, erase or restrict the processing, the controller is obliged to inform all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort. You shall have the right to be informed of such recipients with respect to the controller.

f) Right to data portability

You shall have the right to receive the personal data concerning you which you provided to the controller, in a structured, commonly used and machine-readable format. Furthermore you have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where:

(1) the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR or on a contract pursuant to point (b) of Article 6(1) of the GDPR; and

(2) the processing is carried out by automated means.

In exercising this right you shall also have the right to have the personal data concerning you transmitted directly from one controller to another controller insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this. The right to data portability does not apply to processing personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

g) Right to object

You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) of the GDPR including profiling based on those provisions. The controller shall no longer process the personal data concerning you unless the controller can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or processing is used for the establishment, exercise or defence of legal claims. Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is associated with such direct marketing. If you are object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You may exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

h) Right to withdraw data protection consent

You shall have the right to withdraw your data protection consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

i) Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of the personal data concerning you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.