1. Data Protection at a Glance
The following communication provides a simple overview of what happens to your personal data when you visit our website. Personal data include all data that make it possible to identify you in person. Detailed information on the subject of data protection can be taken from our data protection policy listed below this text.
Data collection on our website
Who is the controller for data collection on this website?
Processing activities on this website are performed by the website operator. For its contact details, see the imprint of this website.
How do we record your data?
Your data will be collected when you communicate them to us. These may be data you enter in a contact form, for example.
Other data will be recorded automatically by our IT systems when you visit the website. These are in particular technical data (e.g. web browser, operating system, or time at which the page was called up). These data are collected automatically as soon as you enter our website.
What do we use your data for?
Part of the data are collected in order to ensure correct provision of the website. Other data may be used for analysing your user behaviour.
What rights do you have concerning your data?
You have the right to receive information on the origin, recipients, and purpose of the personal data concerning you that are stored at all times free of charge. You also have the right to demand rectification, blocking, or erasure of such data. You may contact us at any time concerning this and any other questions relating to data protection using the address indicated in the imprint. Furthermore, you have a right to lodge a complaint with the competent supervisory authority. You also have the right to demand restriction of processing of your personal data under specific circumstances. For details on this, see the data protection policy, “Right to restriction of processing”.
2. General Notes and Mandatory Information
We as the providers of these pages take protection of your personal data very seriously. We treat your personal data confidentially and comply with the statutory data protection provisions and this data protection policy.
When you use this website, various kinds of personal data will be collected. Personal data include data that make it possible to identify you in person. This data protection policy explains which data we collect and what we use them for. It also explains how and for what purpose this is done.
Please note that data transmission through the internet (e.g. in the case of email communication) may involve gaps in security. Complete data privacy against third-party access is not possible.
Information on the controller
The controller for processing activities on this website is:
Hotel- und Gaststättenbetriebs GmbH
Linkstraße 10 – 14
D-59519 Möhnesee – Delecke
Phone: +49 2924 8090
The controller is the natural or legal person who, alone or together with others, decides about the purposes and means of processing of personal data (e.g. name, email addresses, etc.).
Data protection officer required by law
We have appointed a data protection officer for our undertaking.
Hotel- und Gaststättenbetriebs GmbH
Linkstraße 10 – 14
D-59519 Möhnesee – Delecke
Phone: +49 2924 8090
Withdrawal of your consent to processing activities
Many processing activities are only permitted with your explicit consent. You may withdraw consent once given at any time. An informal notification by email to us is sufficient for this. The lawfulness of the processing activities performed until the withdrawal shall remain unaffected by this.
Right to object to data collection in specific cases and against direct marketing (Article 21 GDPR)
If processing activities take place based on points (e) or (f) of Article 6 (1) GDPR, you have the right to object to processing of your personal data at any time due to reasons resulting from your particular situation; this also applies to profiling based on these provisions. You can find the respective legal basis of processing in this data protection statement. If you object, we shall no longer process your personal data in question, except if we can demonstrate compelling legitimate grounds for processing which override your interests, rights, and freedoms or if processing serves to establish, pursue, or defend legal claims (right to object in accordance with Article 21(1) GDPR).
If your personal data are processed for direct marketing purposes, you have the right to object to processing of personal data concerning you for such marketing at any time; this includes profiling to the extent that it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection in accordance with Article 21(2) GDPR).
Right to lodge a complaint with the competent supervisory authority
In cases of violations of the GDPR, the data subject has the right to lodge a complaint with the supervisory authority, in particular in the member state where you have your habitual place of residence, your workplace or the place of the alleged violation. The right to lodge a complaint exists without prejudice to any other judicial remedy under administrative law or in court.
Right to data portability
You have the right to have any data that we process automatically on the basis of your consent or compliance with a contract transferred to you or to a third party in a commonly used machine-readable format. If you demand direct transfer of the data to another controller, this shall be done only as far as it is technically feasible.
SSL or TLS encryption
This page uses SSL or TLS encryption for reasons of security and to protect the transmission of confidential contents, such as orders or queries that you send to us as the page operator. An encrypted connection can be recognised by the address line of the browser switching from “http://” to “https://” and the lock icon being shown in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by any third parties.
Information, blocking, erasure and rectification
You have the right to free information concerning your personal data stored by us, their origin and recipients, as well as the purpose of processing activities, and potentially a right to rectification, blocking, or erasure of such data at any time within the context of the applicable statutory provisions. You may contact us at any time concerning this and any other questions relating to the subject of personal data using the address indicated in the imprint.
Right to restriction of processing
You have the right to demand restriction of processing of your personal data. You may contact us at any time concerning this using the address indicated in the imprint. The right to restriction of processing applies in the following cases:
- If you deny the accuracy of your personal data stored by us, we usually need time to review this. You have the right to demand restriction of processing of your personal data for the duration of the review.
- If processing of personal data is/was unlawful, you may demand restriction of processing activities instead of erasure.
- If we no longer need your personal data but you need them to exercise, defend, or assert any legal claims, you have the right to demand restriction of processing of your personal data instead of erasure.
- If you have filed an objection in accordance with Article 21(1) GDPR, your and our interests must be reconciled. You have the right to demand restriction of processing of your personal data for the duration of the review while it is not certain yet whose interests are overriding.
- If you have restricted processing of your personal data, these data must – with the exception of storage – only be processed with your consent or for the assertion, exercise, or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.
Objection to advertising emails
We hereby object to use of the contact details published within the framework of the imprint obligation for the transmission of any marketing and information materials not explicitly requested. The providers of the pages explicitly reserve the right to take legal action in the case of transmission of non-solicited advertising material, for example, by way of spam emails.
3. Data Collection on our Website
Most of the cookies we use are “session cookies”. They are deleted automatically after the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser again on your next visit.
You can set your browser so that you will be informed when cookies are set and only allow cookies in individual cases, prevent acceptance of cookies for certain cases or in general, and activate automatic deletion of the cookies when you close the browser. If you deactivate cookies, the function of this website may be restricted.
Cookies that are necessary to perform electronic communication, or to provide certain functions desired by you (e.g. shopping cart functions), are stored on the basis of point (f) of Article 6 (1) GDPR. The website operator has as legitimate interest in recording of cookies for technically correct and optimised provision of its services. As far as any other cookies (e.g. cookies for analysing your surfing behaviour) are stored, these shall be treated separately in the data protection policy.
Server log files
The provider of the website will automatically collect and store information in server log files that your browser transmits to us automatically. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server query
- Internet protocol address
These data will not be combined with any other data sources.
Acquisition of these data takes place on the basis of point (f) of Article 6 (1) GDPR. The website operator has a legitimate interest in the technically impeccable presentation and optimisation of his website. The server log files must be recorded for this.
Queries by email, phone, or fax
If you contact us by email, phone, or fax, we will store and process your query, including any personal data evident from it (name, query) for the purpose of processing your request. We will not pass on your data without your consent.
These data will be processed on the basis of point (b) of Article 6 (1) GDPR, provided that your query is connected to compliance with a contract or necessary to carry out pre-contractual measures. In any other case, processing shall be based on your consent (point (a) of Article 6 (1) GDPR) and/or our legitimate interests (point (f) of Article 6 (1) GDPR), since we have a legitimate interest in effective processing of any queries addressed to us.
The data you submitted to us in contact requests will remain with us until you request that we erase them, withdraw your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been completely processed). Mandatory legal provisions – in particular statutory archiving periods – shall remain unaffected by this.
Use of the Siteminder online booking system – thebookingbutton.co.uk
Our website offers online booking via the online booking system named. For more information on data protection and usage terms, see: https://www.siteminder.com/de/legal/datenschutzrichtlinien/
4. Own Services
We offer the option of applying to us (e.g. by email, mail, or online application form). Below, we will inform you about the scale, purpose, and use of your personal data collected within the framework of the application process. We represent that collection, processing, and use of your data will take place in correspondence with the applicable data protection law and any other statutory provisions and that your data will be treated strictly confidentially.
Scale and purpose of data collection
If you submit an application to us, we will process your personal data connected to it (e.g. contact and communication details, application documents, notes taken during job interviews, etc.), as far as this is necessary to make a decision on founding of an employment relationship. The legal basis for this is Section 26 of the revised Federal Data Protection Act (Bundesdatenschutzgesetz-neu; BDSG-neu) under German law (preparation of an employment relationship), point (b) of Article 6 (1) GDPR (general preparation of a contract) and, provided that you have given your consent, point (a) of Article 6 (1) GDPR. You may withdraw your consent at any time. Your personal data will only be forwarded to persons involved in processing of your application within our undertaking.
If your application is successful, your data submitted to us will be stored in our data processing systems based on Section 26 BDSG-neu and point (b) of Article 6 (1) GDPR in order to perform the employment relationship.
Archiving duration of the data
If we cannot offer you a job, if you refuse a job offer, withdraw your application, withdraw your consent to processing activities, or ask us to erase your data, the data transmitted by you, incl. any remaining physical application documents, will be stored or archived for up to 6 months after the end of the application proceedings (archiving period), in order to be able to track the details of the application process if there are any discrepancies (point (f) of Article 6 (1) GDPR).
YOU MAY OBJECT TO THIS STORAGE, PROVIDED THAT YOUR LEGITIMATE INTERESTS OVERRIDE OURS.
After the end of the archiving period, the data shall be erased if not subject to any statutory archiving obligation or other legal reason for further storage. If it is evident that archiving of your data will be required after the end of the archiving period (e.g. due to a threatening or pending legal dispute), they shall only be erased once the data have become irrelevant. Other statutory archiving obligations shall not be affected.
OUR SOCIAL-MEDIA SITES
Data processing through social networks
We maintain publicly accessible profiles in social networks. The social networks used by us are listed below in detail.
Social networks such as Facebook, Google+, etc., can usually comprehensively analyse your user behaviour if you visit their website or a website with integrated social media contents (e.g. Like buttons or advertising banners). Visiting our Social-Media sites will trigger many processing activities relevant under data protection. In detail:
If you are logged in with your social media account while visiting our social media site, the operator of the respective social media portal can assign the visit to your user account. Your personal data may recorded even if you are not logged in or if you do not have any account with the social media portal, however. These data are recorded, e.g., through cookies that are stored on your terminal device, or by recording of your internet protocol address in such a case.
The operators of the social media portals can use the data recorded in this manner to compile user profiles that store your preferences and interests. This way, you can be shown interest-specific marketing in and outside of the respective social media site. If you have an account with the respective social network, interest-specific advertising may be shown on all devices on which you are or were logged in.
Our social media sites are to ensure the most comprehensive online presence possible. This is a legitimate interest within the meaning of point (f) of Article 6 (1) GDPR. The analysis processes initiated by the social networks may be based on a different legal basis that is to be indicated by the operators of the social networks (e.g. consent within the meaning of point (a) of Article 6 (1) GDPR).
Data controller and assertion of rights
If you visit one of our social media pages (e.g. Facebook), we and the operator of the social media platform will be joint controllers for the processing activities triggered by your visit. You may generally assert your rights (access, rectification, erasure, restriction of processing, data portability and complaint) both towards us and towards the operator of the respective social media portal (e.g. towards Facebook).
Please note that, in spite of being joint controllers with the social media portal operators, we cannot fully influence the processing activities of the social media portals. Our options are essentially according to the corporate policy of the respective provider.
Duration of storage
The data recorded by us directly through the social media page shall be erased from our systems as soon as the purpose for storage has ended, you ask us to erase them, you withdraw your consent to storage, or the purpose for data storage has ended. Stored cookies will remain on your end device until you delete them. Mandatory statutory provisions – in particular archiving periods – shall remain unaffected by this.
We cannot influence the storage duration of your data that are stored by the operators of social networks for their own purposes. Please request details on this directly from the operators of the social networks (e.g. in their data privacy statements, see below).
Social networks in detail
We have a profile with Facebook. The provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook is certified under the EU-US-Privacy-Shield. We have entered into an agreement with Facebook concerning joint processing (Controller Addendum). The agreement stipulates the processing activities for which we and Facebook respectively are responsible when you visit our Facebook page. You can view the agreement under the following link:
You may adjust your advertising settings independently in your user account. Click the following link and log in:
For details, see the data privacy statement of Facebook: