book now

DATA PROTECTION
FROM THE RELAIS & CHÂTEAUX
HARDENBERG BURGHOTEL

The protection of your privacy during the processing of personal data is an important concern for us. When you visit our website, our web servers store by default the IP of your Internet Service Provider, the website from which you visit us, the websites you visit on our website and the date and duration of your visit. This information is absolutely necessary for the technical transmission of the websites and the secure operation of the server. A personalized evaluation of this data does not take place.

 

We take data protection seriously

Relais & Châteaux Hardenberg BurgHotel
Hinterhaus 11 A
D-37176 Nörten-Hardenberg
Telefon: +49 5503 9810
Fax: +49 5503 981666
E-Mail: info@hardenberg-burghotel.de

 

Information obligations according to Art.13 GDPR

The protection of your personal data is of particular concern to us. We process your personal data (hereinafter referred to as "data") exclusively in accordance with the statutory provisions. With this privacy policy, we aim to inform you comprehensively about the processing of your data in our company and your data protection rights and claims according to Art. 13 of the European General Data Protection Regulation (EU GDPR).

1. Who is responsible for data processing and who can you contact?

Responsible is

FREIGEIST & FRIENDS GmbH & Co. KG

Daimlerstraße 2

37075 Göttingen

office@freigeist-friends.com

The company's data protection officer is

Christian Volkmer

Projekt 29 GmbH & Co. KG

Ostengasse 14

93047 Regensburg

Email: anfragen@projekt29.de

Tel .: 0941-2986930

2. What data is processed, and from which sources do these data originate?

We process the data that we have received from you as part of contract initiation or execution, based on consents, or as part of your application with us or within the scope of your employment with us.

The personal data include:

Your master/contact data, including for customers, e.g., first and last name, address, contact details (email address, telephone number, fax), bank details.

For applicants and employees, this includes, for example, first and last name, address, contact details (email address, telephone number, fax), date of birth, data from CVs and employment references, bank details, religious affiliation, image recordings.

For business partners, this includes, for example, the designation of their legal representatives, company, commercial register number, VAT number, company number, address, contact details of contact persons (email address, telephone number, fax), bank details.

For visitors to our company, this includes name and signature.

For journalists, this includes first and last name, email address, fax number.

For competition participants, this includes first and last name, email address.

Furthermore, we also process the following other personal data:

- Information about the type and content of contract data, order data, sales and document data, customer and supplier history, as well as consultation documents,
- Advertising and sales data,
- Information from your electronic communication with us (e.g., IP address, login data),
- Other data that we have received from you as part of our business relationship (e.g., in customer conversations),
- Data that we generate from master/contact data and other data ourselves, such as through customer needs and customer potential analyses,
- Documentation of your declaration of consent to receive newsletters, for example.
- Photo recordings as part of events.

3. For what purposes and on what legal basis are the data processed?

We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act 2018 in its current version:

• To fulfill (pre-)contractual obligations (Art 6 para. 1 lit.b GDPR):
The processing of your data is carried out for contract processing online or in one of our branches, for processing your employment with our company. The data is processed, in particular, during business initiation and during the execution of contracts with you.

• To fulfill legal obligations (Art 6 para. 1 lit.c GDPR):
Processing your data is necessary to fulfill various legal obligations, for example, from the Commercial Code or the Fiscal Code.

• To safeguard legitimate interests (Art 6 para. 1 lit.f GDPR):
Based on a balance of interests, data processing beyond the actual fulfillment of the contract may take place to safeguard legitimate interests of us or third parties. Data processing to safeguard legitimate interests takes place, for example, in the following cases:

- Advertising or marketing (see No. 4),
- Customer satisfaction surveys
- Measures for business management and further development of services and products;
- Maintaining a group-wide customer database to improve customer service
- As part of legal proceedings
- Sending non-promotional information and press releases.

• Within the scope of your consent (Art 6 para. 1 lit.a GDPR):
If you have given us consent to process your data, e.g., for receiving our newsletter, publishing photos, competitions, etc.

4. Processing of personal data for advertising purposes

You can object to the use of your personal data for advertising purposes at any time, either in total or for individual measures, without incurring any costs other than the transmission costs according to the basic rates.

We are entitled under the legal requirements of § 7 para. 3 UWG to use the email address you provided when concluding the contract for direct advertising of our own similar goods or services. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter. Customer satisfaction surveys can also be sent. We refer to this in this context, as the Federal Court of Justice has ruled that surveys have a promotional character.

If you do not wish to receive such recommendations by email from us, you can object to the use of your address for this purpose at any time, without incurring any costs other than the transmission costs according to the basic rates. A notification in text form is sufficient for this purpose. Of course, an unsubscribe link is always included in every email.

5. Who receives my data?

If we use a service provider within the meaning of order processing, we nevertheless remain responsible for the protection of your data. All contract processors are contractually obliged to treat your data confidentially and to process it only within the scope of service provision. The contract processors commissioned by us receive your data if they need the data to fulfill their respective service. These include, for example, IT service providers that we need for the operation and security of our IT system as well as advertising and address publishers for our own advertising campaigns.

Your data is processed in our customer database. The customer database supports the improvement of data quality of existing customer data (duplicate cleansing, address correction).

This data is provided to group companies if necessary for contract processing. The storage of customer data is company-specific and separate, with our parent company acting as a service provider for the individual participating companies.

In the event of a legal obligation and as part of legal proceedings, authorities and courts as well as external auditors may be recipients of your data.

Furthermore, for the purpose of initiating and fulfilling contracts, insurance companies, banks, credit agencies, and service providers may be recipients of your data.

6. How long will my data be stored?

We process your data until the end of the business relationship or until the expiration of the applicable statutory retention periods (e.g., from the Commercial Code, the Fiscal Code, or the Working Hours Act); furthermore, until the end of any legal disputes in which the data is needed as evidence.

7. Are personal data transferred to a third country?

Basically, we do not transfer data to a third country. Transmission only takes place on a case-by-case basis based on an adequacy decision of the European Commission, standard contractual clauses, appropriate guarantees, or your express consent.

8. What data protection rights do I have?

You have the right to information, correction, deletion, or restriction of the processing of your stored data at any time, the right to object to the processing, as well as the right to data portability and to lodge a complaint in accordance with the requirements of data protection law.

Right to information:

You can request information from us as to whether and to what extent we process your data.

Right to rectification:

If we process your data that is incomplete or incorrect, you can request the correction or completion of this data from us at any time.

Right to erasure:

You can request the deletion of your data from us if we process it unlawfully or if the processing disproportionately interferes with your legitimate interests. Please note that there may be reasons that prevent immediate deletion, e.g., in the case of legally regulated retention obligations.

Regardless of exercising your right to erasure, we will delete your data immediately and completely, provided that there is no legal or contractual retention obligation to the contrary.

Right to restriction of processing:

You can request us to restrict the processing of your data if

- You dispute the accuracy of the data, for a period that allows us to verify the accuracy of the data.
- The processing of the data is unlawful, but you refuse to delete it and instead request the restriction of data usage,
- We no longer need the data for the intended purpose, but you need it to assert, exercise, or defend legal claims, or
- You have objected to the processing of the data.

Right to data portability:

You can request us to provide you with the data that you have provided to us in a structured, common, and machine-readable format and to transmit this data to another responsible person without hindrance from us if

- We process this data based on your consent, which you can revoke at any time, or to fulfill a contract between us, and
- This processing is carried out using automated processes.

If technically feasible, you can request us to directly transfer your data to another responsible person.

Right to object:

If we process your data based on legitimate interests, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims. You can object to the processing of your data for the purpose of direct advertising at any time without giving reasons.

Right to lodge a complaint:

If you believe that we are violating German or European data protection law when processing your data, we ask you to contact us to clarify any questions. Of course, you also have the right to contact the competent supervisory authority for you, the respective state office for data protection supervision.

If you wish to exercise any of the rights mentioned above against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.

9. Am I obliged to provide data?

The processing of your data is necessary to conclude or fulfill your contract with us. If you do not provide us with this data, we will generally have to refuse to conclude the contract or will not be able to carry out an existing contract and consequently will have to terminate it. However, you are not obliged to give your consent to the processing of data that is not relevant or legally required for the fulfillment of the contract.

 

Personal data

Personal data is data about you. These include your name, address and e-mail address. You do not have to disclose any personal data in order to be able to visit our website. In some cases, we need your name and address as well as other information in order to be able to provide you with the service you require.
The same applies if we supply you with information material on request or if we answer your enquiries. In such cases, we will always inform you. In addition, we only store data that you have provided to us automatically or voluntarily.
When you use one of our services, we usually only collect the data that is necessary to provide you with our service. We may ask you for further information, but this is voluntary. Whenever we process personal data, we do so in order to be able to offer you our service or to pursue our commercial objectives.

Contacting

When contacting us (e. g. via contact form, e-mail, telephone or via social media), the data of the requesting persons will be processed insofar as this is necessary to answer the contact requests and any measures requested.
Responding to contact enquiries in the context of contractual or pre-contractual relationships is done to fulfil our contractual obligations or to answer (pre) contractual enquiries and otherwise on the basis of legitimate interests in answering the enquiries.

  • Processed data types: inventory data (e. g. names, addresses), contact data (e. g. e-mail, telephone numbers), content data (e. g. entries in online forms).
  • Data subjects: communication partners.
  • Purposes of processing: contact requests and communication.
  • Legal basis: Contract performance and pre-contractual requests (Art. 6 para. 1 lit. b. GDPR), legitimate interests (Art. 6 para. 1 lit. f. GDPR).

Automatically stored data

Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Access status (file transferred, file not found, etc. )
  • Web browser and operating system used
  • complete IP address of the requesting computer
  • Amount of data transferred

This data will not be merged with other data sources. Processing is carried out in accordance with Art. 6 para. 1 bed. f GDPR based on our legitimate interest in improving the stability and functionality of our website.
For reasons of technical security, in particular to prevent attacks on our web server, this data is stored by us for a short period of time. It is not possible for us to draw conclusions about individual persons on the basis of this data. After seven days at the latest, the data is anonymised by shortening the IP address at the domain level, so that it is no longer possible to establish a link to the individual user.

Cookies

When you visit our website, we may store information on your computer in the form of cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters by which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the websites and servers visited to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognised and identified via the unique cookie ID.

Through the use of session cookies, the controller can provide the users of this website with a user-friendly service that would not be possible without the setting of cookies. Without consent, we only use technically necessary cookies on the legal basis of legitimate interest pursuant to Art. 6 para. 1 bed. f GDPR.

We only use personal cookies to improve our website or for marketing/advertising purposes with your consent. During your first visit, you can voluntarily consent to tracking or analysis via the displayed cookie banner. Your data may be passed on to partners or third-party providers. These cookies are only stored if you explicitly agree to this, the legal basis is your consent in accordance with Art. 6 para. 1 bed. a GDPR.

Hotjar

This website uses Hotjar. The provider is Hotjar Ltd. , Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (Website: www. hotjar. com).

Hotjar is a tool for analyzing your user behaviour on this website. Hotjar allows us to record your mouse and scroll movements and clicks. Hotjar can also determine how long you have stayed with the mouse pointer in a certain place. Hotjar uses this information to create heat maps, which can be used to determine which areas of the website visitors prefer to view.

We can also track how long you have stayed on a page and when you left it. We can also determine where you have aborted your entries into a contact form (so-called conversion tunnels).

In addition, Hotjar can be used to obtain direct feedback from website visitors. These Function serves to improve the web offers of the website operator.

Hotjar uses technologies that recognize the user for the purpose of analyzing the User behaviour (e. g. cookies or use of device fingerprinting).

The use of this analysis tool is based on Art. 6 para. 1 bed. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. If a corresponding consent has been obtained, the processing takes place exclusively on the basis of Art. 6 para. 1 bed. a GDPR and 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s terminal device (e. g. device fingerprinting) within the meaning of the TTDSG. The consent is revocable at any time.

If you wish to deactivate data collection by Hotjar, click on the following link and follow the instructions there: https://www. hotjar. com/policies/do-not-track/

Please note that the deactivation of Hotjar must be done separately for each browser or device. For more information about Hotjar and the data collected, please refer to Hotjar’s privacy policy under the following link: https://www. hotjar. com/privacy

We have a contract on order processing (AV) acc. Art. 28 GDPR closed with the above-mentioned provider. This is a contract required by data protection law, which ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Registration with Facebook Connect

Instead of registering directly on this website, you can register with Facebook Connect. This service is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

According to Facebook, however, the collected data is also transmitted to the USA and other third countries. If you decide to register with Facebook Connect and click on the “Login with Facebook”/”Connect with Facebook” button, you will be automatically redirected to the Facebook platform. There you can log in with your usage data. This will link your Facebook profile to this website or our services. This link gives us access to your data stored on Facebook. These are in particular:

  • Facebook name
  • Facebook profile and cover image
  • Facebook cover
  • e-mail address stored on Facebook
  • Facebook ID
  • Facebook friends lists
  • Facebook Likes (“f llt-me” information)
  • Birthday
  • Gender
  • Country
  • Language

This data is used to set up, provide and personalize your account.

The registration with Facebook Connect and the associated data processing operations are carried out on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time with effect for the future.

If personal data is collected on our website and forwarded to Facebook using the tool described here, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of data and its transmission to Facebook. The processing carried out by Facebook after the forwarding is not part of the joint responsibility. Our common obligations have been set out in a joint processing agreement. The text of the agreement can be found at: https://www. facebook. com/legal/controller_addendum. According to this agreement, we are responsible for the provision of data protection information when using the Facebook tool and for the secure implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. Data subject rights (e. g. requests for information) regarding data processed on Facebook can be asserted directly on Facebook. If you assert the rights of data subjects with us, we are obliged to forward them to Facebook.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission.
Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum,
https://de-de.facebook.com/help/566994660333381 and
https://www.facebook.com/policy.php

Further information can be found in the Facebook Terms of Use and the Facebook Data protection regulations. You can find them at:
https://de-de.facebook.com/about/privacy/ and
https://de-de.facebook.com/legal/terms/.

Comment function

For the comment function on this page, in addition to your comment, information about the time the comment was created, your e-mail address and, if you do not post anonymously, the user name you have chosen is stored.

Storage of IP address
Our comment function stores the IP addresses of users who write comments. Since we If you do not check comments on this website before they are activated, we need this data in order to be able to take action against the author in the event of legal violations such as insults or propaganda.

Subscribe to comments
As a user of the site, you can subscribe to comments after registering. You will receive a Confirmation email to check if you are the owner of the e-mail address provided. You can unsubscribe from this feature at any time via a link in the info mails. The data entered in the context of subscribing to comments will be deleted in this case; however, if you have transmitted this data to us for other purposes and elsewhere (e. g. to subscribe to a newsletter), this data will remain with us.

Storage time of comments
The comments and related data are stored and remain on this website until the commented content has been completely deleted or the comments have to be deleted for legal reasons (e. g. offensive comments).

Legal basis
The comments are stored on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time. An informal e-mail message to us is sufficient. The legality of the data processing operations already carried out remains unaffected by the revocation.

Facebook Custom Audiences

We use Facebook Custom Audiences. This service is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

When you visit or use our websites and apps, make use of our free or paid offers, submit data to us or interact with our company’s Facebook content, we collect your personal data. If you give us your consent to the use of Facebook Custom Audiences, we will transmit this data to Facebook so that Facebook can display suitable advertising for you. Furthermore, target groups can be defined with your data (Loocal Audiences).

Facebook processes this data as our processor. Details can be found in the Facebook user agreement:
https://www. facebook. com/legal/terms/customaudience.

The use of this service is based on your consent pursuant to Art. 6 para. 1 bed. a GDPR and 25 para. 1 TTDSG. The consent is revocable at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:
https://www.facebook.com/legal/terms/customaudience and
https://www.facebook.com/legal/terms/dataprocessing.

Safety

We have put in place technical and administrative security measures to protect your personal data against loss, destruction, manipulation and unauthorized access. All our employees and service providers working for us are obliged to comply with the applicable data protection laws.

Whenever we collect and process personal data, it is encrypted before it is transmitted. This means that your data cannot be misused by third parties. Our security measures are subject to a continuous process of improvement and our privacy statements are constantly revised. Please make sure you have the latest version.

Rights of the persons concerned

You have a right to access, rectification, deletion or restriction of the processing of your stored data at any time, a right to object to processing, and a right to data portability and to lodge a complaint in accordance with the requirements of data protection law.

Right to information:
You can request information from us as to whether and to what extent we process your data.

Right to rectification:
If we process your data that is incomplete or incorrect, you can request us to correct or complete it at any time.

Right to erasure:
You can request us to delete your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent an immediate deletion, e. g. in the case of statutory retention obligations. Irrespective of the exercise of your right to erasure, we will immediately and completely delete your data, unless there is no legal or statutory retention obligation to do so.

Right to restriction of processing:
You may request that we restrict the processing of your data if:

  • you deny the accuracy of the data, for a period that allows us to verify the accuracy of the data.
  • the processing of the data is unlawful, but you refuse to delete it and instead request a restriction of the use of the data,
  • we no longer need the data for the intended purpose, but you still need it to assert or defend legal claims, or
  • You have lodged an objection to the processing of the data.

Right to data portability:
You may require us to provide you with the information you have provided to us in a structured, commonly used and machine-readable format and to be able to transfer this information to another controller without hindrance by us, provided that:

  • we process this data on the basis of a revocable consent given by you or for the performance of a contract between us, and
  • such processing is carried out by means of automated methods. If technically feasible, you can request a direct transfer of your data to another controller.

Right of objection:
If we process your data for legitimate interest, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms or the processing serves the purpose of asserting, exercising or defending legal claims. You can object to the processing of your data for the purpose of direct marketing at any time without giving reasons.

Right of appeal:
If you believe that we are violating German or European data protection law when processing your data, please contact us in order to clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, the respective State Office for Data Protection Supervision. If you wish to assert one of the aforementioned rights against us, please contact our data protection officer. If in doubt, we may request additional information to confirm your identity

Changes to this Privacy Policy

We reserve the right to change our privacy statements should this become necessary due to new technologies. Please make sure you have the latest version. If fundamental changes are made to this privacy policy, we will announce them on our website.

All interested parties and visitors of our website can contact us for data protection questions at:

Mr Wojtek Dragon
Projekt 29 GmbH & Co. KG
Ostengasse 14
93 047 Regensburg

Tel. : 0941 2 986 930
Fax: 0941 29 869 316
E-Mail: anfragen@projekt29.de
Internet: www.projekt29.de

Your Browser is not supported!

You are using an outdated browser. To have the best experience use one of the following browsers: