Privacy policy and consent to data storage and use

The website https://www.pension-donatus.de is operated by GEVA Unternehmensgruppe GmbH, represented by Managing Director Sven Vater, Dr.-Wilhelm-Külz-Straße 12, 01796 Pirna (https://www.pension-donatus.de/Kontakt/Impressum/422/). We take data protection very seriously and will use your personal data strictly in accordance with data protection regulations. This declaration only applies to the content on our servers and does not include the websites linked to the site.

In the following, we inform you about the type, scope and purpose of the collection, processing and use of personal data. You can access this information at any time on our website. Our data protection provisions are in accordance with the General Data Protection Regulation (GDPR) and the German Telemedia Act (TMG). Express reference is made to the right to object in accordance with 7. g).

1. definitions of terms

We use the following terms, among others, in this privacy policy and on our website

a) Personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject

Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

c) Processing

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Pseudonymization

Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

e) Controller

The controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

f) Processor

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

g) Consent

Consent means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.


2. collection and storage of general information and registration

a) When visiting the website

If you wish to use this website for information purposes only without registering, we do not collect any direct personal data from you, but only log information (IP address, browser type, date, time, name and URL of the file accessed, website from which the access is made), which has no personal reference. This data is used exclusively to ensure a smooth connection setup, to guarantee convenient use of our website, to evaluate system security and stability, and for administrative and statistical purposes. They are neither passed on nor are they merged with the personal data provided. The legal basis is Art. 6 para. 1 sentence 1 letter f GDPR. Explicit reference is made to the use of session cookies in accordance with section 4.b) When using our booking formFor booking inquiries and questions of any kind, we offer you the opportunity to contact us via a form provided on the website.

It is necessary to provide a valid e-mail address and your name so that we know who sent the request and can answer it. Further information can be provided voluntarily. Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your voluntarily given consent.

b) When using our booking form

For booking inquiries and questions of any kind, we offer you the opportunity to contact us via a form provided on the website. It is necessary to provide a valid e-mail address and your name so that we know who sent the request and can answer it. Further information can be provided voluntarily. Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your voluntarily given consent.

The personal data collected by us for the use of the contact form will be automatically deleted after your inquiry has been dealt with. In the event of a successful booking, this data is again subject to the retention obligations and is automatically deleted after this period has expired.


3. forwarding of data

Your personal data will not be transferred to third parties for purposes other than those listed below. We only pass on your data to third parties if:

  •     you have given your express consent in accordance with Art. 6 para. 1 sentence 1 letter a GDPR,
  •     the disclosure pursuant to Art. 6 para. 1 sentence 1 letter f GDPR is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
  •     in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 letter c GDPR, and
  •     this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 letter b GDPR

4. cookies

We use cookies to send data to your computer during your visit and store it there. Cookies are small data records that are generated when websites are accessed. These session cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a random string of characters through which websites and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the websites and servers visited to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified via the unique cookie ID. If personal data is also processed by individual session cookies implemented by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR either for the execution of the contract or in accordance with Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.

By means of a cookie, the information and offers on our website can be optimized for the benefit of the user. These session cookies enable us to recognize the users of our website during their visit to the website. The purpose of this recognition is to make it easier for users to use our website. With the help of session cookies, the web server can therefore retrieve user-specific information that serves to make the use of the website easier and more convenient for you. Their sole purpose is to make your use of the site more pleasant.

If you reject the use of cookies, you can set your browser so that cookies are generally rejected or that you must confirm the acceptance of cookies in each case. If you generally decide against cookies, you may not be able to use certain functions on our website. Most web browsers have a function in the menu bar (usually under "Tools / Settings / Privacy" or under "Tools / Internet Options / Privacy") with which you can prevent your browser from accepting new cookies, with which you can have your browser notify you when you receive a new cookie or with which you can also deactivate all cookies received.

5. Google Maps and Google Analytics

On our website we use the offer of "Google Maps", an online map service of Google lnc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as: "Google"). This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently. When you visit our website, Google receives the information that you have accessed the corresponding subpage of our website. Your IP address will be transmitted. This takes place regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google profile, you must log out beforehand. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or needs-based design of the website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users about your activities on our website.

We use Google Maps to show you interactive maps from Google Maps and thus provide you with a better user experience on our website. This also constitutes our legitimate interest in the processing of the aforementioned data by the third-party provider. The legal basis is Art. 6 para. 1 lit. 1lit. f) GDPR.

You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

Google has submitted to the Privacy Shield Agreement concluded between the European Union and the USA and is certified. This means that Google undertakes to comply with the standards and regulations of European data protection law. Further information can be found in the entry linked below:              

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider's privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy:

http://www.google.de/intl/de/policies/privacy

This website uses Google Analytics, a web analysis service of Google Inc. ("Google"), 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA. Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, due to the activation of IP anonymization on these websites, your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website,

Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link:

Link: https://tools.google.com/dlpage/gaoptout?hl=de

Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.de/intl/de/policies/privacy/ and under http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail at this link https://www.google.com/intl/de_de/analytics/.

6. DIRS21 Quickbook-Box

We use a booking plugin from TourOnline AG, Borsigstraße 26, 73249 Wernau, Germany, on our website.

The use of the plugin is in the interest of a quick availability check and booking option for the rooms we offer. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

You can find more information on the handling of user data in TourOnline AG's privacy policy.

7. customer rating Customer Alliance

We use a plugin from CA Customer Alliance GmbH, Ullsteinstr. 130 | Turm B, 12109 Berlin. Customer Alliance is a portal for rating hotels. The legal basis for the use of the plugin is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in informing you about the reviews submitted about us and giving you an easy way to submit a review yourself.

You can find more information on the handling of user data in the CA Customer Alliance GmbH privacy policy.

8. Your rights

If you wish to assert your rights, you can contact our data protection officer at Dipl.-Ing. Matthias Netzker, DSB@Netzker.com

a) Erasure of personal data (right to be forgotten)

The controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to. If the storage purpose no longer applies or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data is routinely blocked or erased in accordance with the statutory provisions.

The data subject shall also have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed
  • The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing
  • The data subject objects to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 (2) GDPR
  • The personal data has been processed unlawfully
  • The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject
  • the personal data have been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR

b) Right to confirmation

Each data subject shall have the right granted by the European legislator to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed.

c) Right to information

In accordance with the provisions of the GDPR, you have the right to free written information about your personal data stored by us and the extent of its use by us, as well as a copy of this information.

In addition, you have a right of access to the following information

  • The purposes of the processing
  • The categories of personal data that are processed
  • The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations
  • If possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
  • The existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
  • The existence of a right to lodge a complaint with a supervisory authority
  • All available information about the origin of the data if the personal data was not collected from the data subject
  • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject
  • whether personal data have been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to be informed of the appropriate guarantees.

If you wish to make use of this right, please let us know by sending an e-mail to info@gevagruppe.de. The postal address is: GEVA Unternehmensgruppe GmbH, Sven Vater, Dr.-Wilhelm-Külz-Straße 12, 01796 Pirna.

d) Right to rectification

The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

e) Right to restriction of processing

The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies

  • the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data
  • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead
  • the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims; or
  • the data subject has objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

f) Right to data portability

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where

  • the processing is based on consent pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) or on a contract pursuant to Art. 6 (1) (b) GDPR and
  • the processing is carried out by automated means.

g) Right to object

The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. If you wish to exercise your right of revocation or objection, simply send an e-mail to info@gevagruppe.de

h) Automated decisions

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, unless the decision

  • is necessary for the conclusion or performance of a contract between the data subject and the controller
  • is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or
  • with the express consent of the data subject.

i) Right to withdraw consent under data protection law

Every data subject has the right to withdraw consent to the processing of personal data at any time.

9. data security

We use the widespread SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser when you visit our website. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser. We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

10. Changes to our data protection provisions

We reserve the right to amend this privacy policy from time to time so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will then apply to your next visit.