data privacy statement

We take data protection seriously

The protection of your privacy when we process your personal data is an important concern for us. When you visit our website, our web servers automatically store the IP of your Internet service provider, the website from which you visit us, the pages which you visit when you are on our website, as well as the date and duration of the visit. This information is essential for the technical transmission of the web pages and for secure server operation. No personalised evaluation of this data is carried out.

If you send us data via the contact form, this data is stored on our servers as part of the data back-up process. Your data will be used by us only to process your request. Your data will also be dealt with in the strictest of confidence. It will not be disclosed to third parties.

 

Controller:

Relais & Châteaux Hardenberg BurgHotel
Hinterhaus 11 A
D-37176 Nörten-Hardenberg
Telefon: +49 5503 9810
Fax: +49 5503 981666
E-Mail: info@hardenberg-burghotel.de

 

Personal data

Personal data is data about your person. This includes your name, address and email address. You do not have to disclose any personal data in order to be able to visit our Internet site. In some cases, we need your name and address as well as further information in order to be able to offer you the requested service.

The same applies if we supply you with information material on request or if we answer your enquiries. In these cases, we will always point this out to you. Furthermore, we store only the data that you have sent to us either automatically or voluntarily.

If you use one of our services, we generally only collect the data that is necessary for us to be able to provide you with our service. We may ask you for further information, although this is only on a voluntary basis. Whenever we process personal data, we do so in order to be able to provide you with our service or to pursue our commercial objectives.

Automatically stored data

Server log files 

The website provider automatically collects and stores information in so-called "server log files", which your browser automatically transmits to us. These are:

  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Access status (file transferred, file not found, etc.)
  • Web browser and operating system used
  • Complete IP address of the requesting computer
  • Transferred data volume

This data is not combined with other data sources. Processing is carried out in accordance with Art. 6 Para. 1 (f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.

This data is temporarily stored by us for reasons of technical security, in particular in order to prevent attempts to attack our web server. It is not possible for us to draw conclusions about specific individuals on the basis of this data. After seven days at the latest, the data is made anonymous by shortening the IP address at the domain level, so that it is no longer possible to establish a reference to the individual user. The data is also processed in anonymous form for statistical purposes; it is not compared with other data stocks or passed on to third parties, even in the form of extracts. Only within the context of our server statistics, which we publish every two years in our activity report, is the number of page views made known.

Cookies

When you visit our Internet pages, we may store information on your computer in the form of cookies. Cookies are small files that are transferred from an Internet server to your browser and stored on its hard drive. Only the Internet protocol address is saved during this process – but no personal data. This information, which is stored in the cookies, enables us to recognise you automatically the next time you visit our website, thereby making it easier for you to use our website. The legal basis for the use of cookies is the legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

You can of course also visit our Internet pages without accepting cookies. If you do not want your computer to be recognised upon your next visit, you can also refuse the use of cookies by changing the settings in your browser to "Reject cookies". You can find out how to do this in the operating instructions of your browser. However, if you reject the use of cookies, there may be restrictions on the use of some areas of our Internet pages.

Google Tag Manager

This website uses Google Tag Manager. The Tag Manager does not collect any personal data. The tool will trigger other tags that for their part might collect data. Google Tag Manager does not access these data. If a deactivation took place on the domain or cookie level, this deactivation will remain in force for all tracking tags that are implemented by Google Tag Manager. For the Google data protection policy about this tool, please go to: google.de/tagmanager/use-policy

Google Analytics with Anonymisation Function

On our website, we use Google Analytics, a web analysis service of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter "Google“. Google-Analytics uses so-called "cookies“, text files that are saved on your computer allowing for an analysis of your visit to the website.

The information provided by these cookies, such as the time, place and frequency of your visit including your IP address, will be sent to Google in the USA and saved at this location.

On our website, we use Google Analytics with the suffix "_gat._anonymizeIp". In this case, Google will already shorten and thus anonymise your IP address within the member states of the European Union or other signatories of the Agreement on the Economic Area.

Google uses this information to evaluate your visit to our website, to create reports for us about the website activities and to render additional services associated with the use of the website and Internet. Where appropriate, Google will also disclose this information to third parties if legally required or if a third party processes these data on behalf of Google.

Google will never link your IP address with other data from Google on its own account. You can prevent the installation of cookies with the corresponding setting of your browser software; however, we would like to point out that in this case you won't be able to make full use of all the functions on our website.

In addition, Google provides a deactivation add-on for the most common browsers which will give you more control over which data Google will collect from the websites you visit. The add-on tells JavaScript (ga.js) from Google Analytics that no information on the website visit may be sent to Google Analytics. However, the deactivation add-on from Google Analytics for browsers does not prevent information from being sent to us or other web analysis services possibly used by us. Click on the following link to get more information on the installation of the browser add-on: https://tools.google.com/dlpage/gaoptout?hl=de

If you have agreed to have your web and app browser history linked to your Google account and that information from your Google account can be used to personalise your data, Google will use your data together with Google Analytics data to create target group lists for remarketing purposes across devices. For this purpose, Google Analytics will first collect your Google-authenticated ID on our website which is then linked to your Google account (thus personal data). Google Analytics will then temporarily link your ID to your Google Analytics data in order to optimise our target groups.

If you don't agree with this, you can stop this by making the corresponding settings in the "My account" area of your Google account.

Google Web Fonts

Google web fonts (http://www.google.com/webfonts/) are used to improve the visual presentation of various information on our website. The web fonts are transferred to the cache of the browser when the page is called up, so that they can be used for the display. If the browser does not support Google web fonts or prevents access, the text is displayed in a standard font. When the page is called up, no cookies are stored for the website visitor. Data transmitted in connection with the page view is sent to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. They are not associated with data that may be collected or used in connection with the parallel use of authenticated Google services such as Gmail.

You can set your browser so that the fonts are not loaded from the Google servers (e.g. by installing add-ons like NoScript or Ghostery for Firefox). If your browser does not support the Google fonts or if you prevent access to the Google servers, the text will be displayed in the default font of the system. For information on the privacy policy of Google Web Fonts, please visit: developers.google.com/fonts/faq#Privacy

Information about the Google Privacy Policy and Google Terms of Use can be obtained directly from Google: policies.google.com/privacy

Facebook "Sign In with Facebook"

We use components of the provider facebook.com on our site. Facebook is a service of facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA.

We use the "Facebook Connect" function, which is offered by Facebook.

If you want to use this function, you will first be redirected to Facebook. There you will be asked to log in with your user name and password. Of course, we do not take note of your registration data. If you are already logged in to Facebook, this step will be skipped.

Facebook will then tell you what information is sent to us (public profile, list of friends, email address and current location). Confirm this with the "OK" button. With the transmitted data we create your customer account, whereby your friend list is not stored by us of course. There is no further permanent link between your customer account and your Facebook account.

The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights in this regard and setting options for the protection of your privacy can be found in the Facebook data protection information.

Cookiebot

As "cookie banner" the provider uses "Cookiebot", "Cookiebot" is a product of Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark, hereinafter "Cybot".

By means of the "Cookiebot" function, the provider informs the user about the use of cookies on the website and enables the user to make a decision about their use. If the user gives his consent to the use of cookies, the following data will be automatically logged at Cybot: The anonymized IP number of the user; Date and time of the consent; User agent of the browser of the end user; The URL of the provider; An anonymous, random and encrypted key.

The authorized cookies of the user (cookie status), which serves as proof of consent.

The encrypted key and the cookie status are stored on the user's terminal device by means of a cookie in order to establish the corresponding cookie status for future page visits. This cookie is automatically deleted after 12 months. 

The legal basis for this is Art. 6 para. 1 lit. f DSGVO. The legitimate interest of the provider lies in the user-friendliness of the website as well as in the fulfilment of the legal requirements of the DSGVO.

The user can prevent or terminate the installation of the cookie and its storage, and thus his consent to the cookie, at any time by adjusting his browser settings. For more information, see the section "Cookies" above.

Cybot offers further information under the following links:

cookiebot.com/privacy-policy

TrustYou

This page integrates TrustYou to display ratings. The provider is TrustYou GmbH, Munich Center of Technology, Agnes-Pockels-Bogen 1, 80992 Munich.

To use the functions of TrustYou it is necessary to store your IP address, browser information (name, version), website, operating system of the user, screen resolution of the user, language settings of the browser or the operating system of the user. For example, when you enter and submit a rating, this data is usually transferred to a TrustYou server and stored there. The provider of this site has no influence on this data transfer.

The use of TrustYou is in the interest of a presentation of the ratings given on TrustYou about our hotel, and to offer the possibility of writing a rating on TrustYou. This represents a legitimate interest in terms of Art. 6 para. 1 lit. f DSGVO.

More information about the handling of user data at TrustYou can be found in the privacy policy at https://www.trustyou.com/wp-content/uploads/2018/05/2017-01-19-TY-Privacy-Policy.pdf.

Google Maps

This website uses Google Maps to display maps and to generate route maps.

Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

By using Google Maps on this website, you agree with the collection, processing and use of the automatically collected data as well as the data you entered by Google or one of its representatives or third party providers. You will find the terms of use for Google Maps here.

Click here to view the data privacy statement from Google Maps.

jsDelivr CDN

This site uses a so called "Content Delivery Network" (CDN) from jsDelivr.

A CDN is a service that helps to deliver content of our online offer, especially large media files, such as graphics or scripts, faster with the help of regionally distributed servers connected via the internet. User data is processed solely for the aforementioned purposes and to maintain the security and functionality of the CDN.

For this purpose, the browser you use must connect to the servers of the CDN. As a result, this browser is informed that our website has been accessed via your IP address.

The use is based on our legitimate interests, i.e. interest in a secure and efficient provision, analysis and optimization of our online offer in accordance with Art. 6 para. 1 lit. f. DSGVO.

Further information can be found in the privacy policy of jsDelivr: jsdelivr.com/privacy-policy-jsdelivr-net

Security

We have taken technical and administrative security precautions to protect your personal data against loss, destruction, manipulation and unauthorised access. All of our employees and the service providers working for us are obliged to comply with the valid data protection laws.

Whenever we collect and process personal data, it is encrypted before being transmitted. This means that your data cannot be misused by third parties. Our security precautions are subject to a constant improvement process and our privacy policies are constantly being revised. Please make sure that you have the latest version.

Affected Rights

You have a right to information, rectification, erasure or restriction of the processing of your stored data, a right of objection to the processing as well as a right to data portability and a right to complain in accordance with the requirements of data protection law.

Right to information:

You can request information from us concerning whether and to what extent we process your data.

Right to rectification:

If we process your data that is incomplete or incorrect, you can request that we rectify or complete such data at any time.

Right to erasure:

You can request that we erase your data if we process it unlawfully or if the processing interferes disproportionately with your legitimate protection interests. Please note that there may be reasons that prevent immediate erasure, e.g. in the case of legally regulated retention obligations.

Irrespective of the exercising of your right to erasure, we will erase your data immediately and completely, unless there is a contractual or legal obligation to retain it.

Right to restriction of the processing:

You may request that we restrict the processing of your data if

  • you dispute the accuracy of the data, namely for a period of time that enables us to verify the accuracy of the data.
  • the processing of the data is unlawful, but you refuse to have it erased and instead request a restriction on the use of the data,
  • we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
  • you have lodged an objection to the processing of the data.

Right to data portability:

You may request us to provide you with the data you have made available to us in a structured, current and machine-readable format and to allow you to forward this data to another responsible party without our interference, provided that

  • we process this data on the basis of an agreement which you have submitted and which is revocable or in order to fulfil a contract between us, and
  • this processing is carried out using automated methods.

If it is technically feasible, you can ask us to transfer your data directly to another responsible party.

Right of objection:

If we process your data on the basis of a legitimate interest, you can object to this data processing at any time; this would also apply to any profiling which is based on these provisions. We will then no longer process your data unless we can prove compelling reasons worthy of protection for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims. You can object to the processing of your data for the purposes of direct advertising at any time without stating any reasons.

Right of appeal:

If you are of the opinion that we are infringing German or European data protection law when processing your data, please contact us so that we can clarify any questions. Of course you also have the right to contact the supervisory authority which is responsible for you, i.e. the respective State Office for Data Protection Supervision.

If you wish to assert any of the above rights against us, please contact our Data Protection Officer. In cases of doubt we may request additional information to confirm your identity.

Changes to this privacy policy

We reserve the right to change our privacy policies if this becomes necessary due to new technologies. Please make sure that you have the latest version. If fundamental changes are carried out to this privacy policy, we announce these on our website.

All interested parties and visitors to our website can reach us concerning questions of data protection at the following address:

Mr Christian Volkmer
represented by Mr Wojtek Dragon
Project 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg, Germany

Phone.: +49 941 2986930 | Fax: +49 941 29869316
Email: anfragen@projekt29.de | Internet: www.projekt29.de