The website https://www.pension-donatus.de is operated by GEVA Unternehmensgruppe GmbH, represented by Managing Director Sven Vater, Dr.-Wilhelm-Külz-Straße 12, 01796 Pirna (https://www.pension-donatus.de/Kontakt/Impressum/422/). We take data protection very seriously and will use your personal data strictly in accordance with data protection regulations. This declaration only applies to the content on our servers and does not include the websites linked to the site.
In the following, we inform you about the type, scope and purpose of the collection, processing and use of personal data. You can access this information at any time on our website. Our data protection provisions are in accordance with the General Data Protection Regulation (GDPR) and the German Telemedia Act (TMG). Express reference is made to the right to object in accordance with 7. g).
We use the following terms, among others, in this privacy policy and on our website
a) Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.
c) Processing
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Pseudonymization
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
e) Controller
The controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
f) Processor
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
g) Consent
Consent means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
a) When visiting the website
If you wish to use this website for information purposes only without registering, we do not collect any direct personal data from you, but only log information (IP address, browser type, date, time, name and URL of the file accessed, website from which the access is made), which has no personal reference. This data is used exclusively to ensure a smooth connection setup, to guarantee convenient use of our website, to evaluate system security and stability, and for administrative and statistical purposes. They are neither passed on nor are they merged with the personal data provided. The legal basis is Art. 6 para. 1 sentence 1 letter f GDPR. Explicit reference is made to the use of session cookies in accordance with section 4.b) When using our booking formFor booking inquiries and questions of any kind, we offer you the opportunity to contact us via a form provided on the website.
It is necessary to provide a valid e-mail address and your name so that we know who sent the request and can answer it. Further information can be provided voluntarily. Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your voluntarily given consent.
b) When using our booking form
For booking inquiries and questions of any kind, we offer you the opportunity to contact us via a form provided on the website. It is necessary to provide a valid e-mail address and your name so that we know who sent the request and can answer it. Further information can be provided voluntarily. Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your voluntarily given consent.
The personal data collected by us for the use of the contact form will be automatically deleted after your inquiry has been dealt with. In the event of a successful booking, this data is again subject to the retention obligations and is automatically deleted after this period has expired.
Your personal data will not be transferred to third parties for purposes other than those listed below. We only pass on your data to third parties if:
We use cookies to send data to your computer during your visit and store it there. Cookies are small data records that are generated when websites are accessed. These session cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a random string of characters through which websites and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the websites and servers visited to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified via the unique cookie ID. If personal data is also processed by individual session cookies implemented by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR either for the execution of the contract or in accordance with Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.
By means of a cookie, the information and offers on our website can be optimized for the benefit of the user. These session cookies enable us to recognize the users of our website during their visit to the website. The purpose of this recognition is to make it easier for users to use our website. With the help of session cookies, the web server can therefore retrieve user-specific information that serves to make the use of the website easier and more convenient for you. Their sole purpose is to make your use of the site more pleasant.
If you reject the use of cookies, you can set your browser so that cookies are generally rejected or that you must confirm the acceptance of cookies in each case. If you generally decide against cookies, you may not be able to use certain functions on our website. Most web browsers have a function in the menu bar (usually under "Tools / Settings / Privacy" or under "Tools / Internet Options / Privacy") with which you can prevent your browser from accepting new cookies, with which you can have your browser notify you when you receive a new cookie or with which you can also deactivate all cookies received.
On our website we use the offer of "Google Maps", an online map service of Google lnc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as: "Google"). This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently. When you visit our website, Google receives the information that you have accessed the corresponding subpage of our website. Your IP address will be transmitted. This takes place regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google profile, you must log out beforehand. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or needs-based design of the website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users about your activities on our website.
We use Google Maps to show you interactive maps from Google Maps and thus provide you with a better user experience on our website. This also constitutes our legitimate interest in the processing of the aforementioned data by the third-party provider. The legal basis is Art. 6 para. 1 lit. 1lit. f) GDPR.
You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
Google has submitted to the Privacy Shield Agreement concluded between the European Union and the USA and is certified. This means that Google undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the entry linked below:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider's privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy:
http://www.google.de/intl/de/policies/privacy
This website uses Google Analytics, a web analysis service of Google Inc. ("Google"), 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA. Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, due to the activation of IP anonymization on these websites, your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website,
Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link:
Link: https://tools.google.com/dlpage/gaoptout?hl=de
Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.de/intl/de/policies/privacy/ and under http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail at this link https://www.google.com/intl/de_de/analytics/.
We use a booking plugin from TourOnline AG, Borsigstraße 26, 73249 Wernau, Germany, on our website.
The use of the plugin is in the interest of a quick availability check and booking option for the rooms we offer. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
You can find more information on the handling of user data in TourOnline AG's privacy policy.
We use a plugin from CA Customer Alliance GmbH, Ullsteinstr. 130 | Turm B, 12109 Berlin. Customer Alliance is a portal for rating hotels. The legal basis for the use of the plugin is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in informing you about the reviews submitted about us and giving you an easy way to submit a review yourself.
You can find more information on the handling of user data in the CA Customer Alliance GmbH privacy policy.
If you wish to assert your rights, you can contact our data protection officer at Dipl.-Ing. Matthias Netzker, DSB@Netzker.com
a) Erasure of personal data (right to be forgotten)
The controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to. If the storage purpose no longer applies or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data is routinely blocked or erased in accordance with the statutory provisions.
The data subject shall also have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
b) Right to confirmation
Each data subject shall have the right granted by the European legislator to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed.
c) Right to information
In accordance with the provisions of the GDPR, you have the right to free written information about your personal data stored by us and the extent of its use by us, as well as a copy of this information.
In addition, you have a right of access to the following information
If you wish to make use of this right, please let us know by sending an e-mail to info@gevagruppe.de. The postal address is: GEVA Unternehmensgruppe GmbH, Sven Vater, Dr.-Wilhelm-Külz-Straße 12, 01796 Pirna.
d) Right to rectification
The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
e) Right to restriction of processing
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies
f) Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where
g) Right to object
The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. If you wish to exercise your right of revocation or objection, simply send an e-mail to info@gevagruppe.de
h) Automated decisions
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, unless the decision
i) Right to withdraw consent under data protection law
Every data subject has the right to withdraw consent to the processing of personal data at any time.
We use the widespread SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser when you visit our website. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser. We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
We reserve the right to amend this privacy policy from time to time so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will then apply to your next visit.