DATA PROTECTION STATEMENT
1. Data Protection at a Glance
The following notes provide a simple overview of what happens to your personal data when you visit our website. Personal data include all data that make it possible to identify you in person. Detailed information on the subject of data protection can be taken from our data protection statement listed below this text.
Data collection on our website
Who is the controller for data collection on this website?
Processing activities on this website are performed by the website operator. For its contact details, see the imprint of this website.
How do we record your data?
Your data will be collected when you disclose them to us. These may be data you enter in a contact form, for example.
Other data will be recorded automatically by our IT systems when you visit the website. These are in particular technical data (e.g. web browser, operating system or time at which the page was called up). These data are collected automatically as soon as you enter our website.
What do we use your data for?
Part of the data are collected in order to ensure correct provision of the website. Other data may be used for analysing your user behaviour.
What rights do you have concerning your data?
2. General notes and mandatory information
We as the providers of these pages take protection of your personal data very seriously. We treat your personal data confidentially and comply with the statutory data-protection rules and this data protection statement.
When you use this website, various personal data will be collected. Personal data include data that make it possible to identify you in person. This data protection statement explains which data we collect and what we use them for. It also explains how and for what purpose this is done.
Please note that the data transmission through the internet (e.g. in the case of email communication) may involve gaps in security. Complete protection of the data against third-party access is not possible.
Information on the controller
The controller for processing activities on this website is:
Hotel- und Gaststättenbetriebs GmbH
Linkstraße 10 – 14
D-59519 Möhnesee – Delecke
Phone: +49 2924 8090
The controller is the natural or legal person who, alone or together with others, decides about the purposes and means of processing of personal data (e.g. name, email addresses, etc.).
Legally required data protection officer
We have appointed a data protection officer for our company.
Hotel- und Gaststättenbetriebs GmbH
Linkstraße 10 – 14
D-59519 Möhnesee – Delecke
Phone: +49 2924 8090
Withdrawal of your consent to processing activities
Many processing activities are only permitted with your explicit consent. You may revoke consent once given at any time. An informal notification by email to us is sufficient for this. The lawfulness of the processing activities performed until the revocation will not be affected by this.
Right to object to data collection in specific cases and against direct marketing (Article 21 GDPR)
If processing activities take place based on points (e) or (f) of Article 6 (1) GDPR, you have the right to object to processing of your personal data at any time due to reasons resulting from your particular situation; this also applies to profiling based on these provisions. You can find the respective legal basis of processing in this data protection statement. If you object, we shall no longer process your personal data in question, except if we can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms or if processing serves to establish, pursuit or defend legal claims (right to object in accordance with Article 21(1) GDPR).
If your personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to
such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection in accordance with Article 21(2) GDPR).
Right to lodge a complaint with the supervisory authority
In cases of violations of the GDPR, the data subject has the right to lodge a complaint with the supervisory authority, in particular in the member of your common place of residence, your workplace or the place of the alleged violation. The right to object exists notwithstanding any other legal remedy under administrative law or in court.
Right to data portability
You have the right to have any data that we process automatically based on your consent or to perform a contract transferred to you or a third party in a common machine-readable format. If you demand direct transfer of the data to another controller, this shall be done only as far as it is technically feasible.
SSL or TLS encryption
This page uses SSL or TLS encryption for reasons of security and to protect the transmission of confidential contents, such as orders or queries that you send to us as the page operator. An encrypted connection can be recognised by the address line of the browser switching from “http://” to “https://” and the lock icon being shown in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by any third parties.
Information, blocking, erasure and rectification
You have the right to free information concerning your personal data stored by us, their origin and recipients, as well as the purpose of processing activities, and potentially a right to rectification, blocking or erasure of such data at any time within the context of the applicable statutory provisions. You may contact us at any time concerning this and any other questions relating to the subject of personal data using the address indicated in the imprint.
Right to restriction of processing
You have the right to demand restriction of processing of your personal data. You may contact us at any time concerning this using the address indicated in the imprint. The right to restriction of processing applies in the following cases:
- If you deny the accuracy of your personal data stored by us, we usually need time to verify this. You have the right to demand restriction of processing of your personal data for the duration of the review.
- If processing of personal data is/was unlawful, you may demand restrictions of processing activities instead of erasure.
- If we no longer need your personal data but you need them to exercise, defend or assert any legal claims, you have the right to demand restriction of processing of your personal data instead of erasure.
- If you have filed an objection in accordance with Article 21(1) GDPR, your and our interests must be reconciled. While it is not certain yet whose interests are overriding, you have the right to demand restriction of processing of your personal data for the duration of the review.
If you have restricted processing of your personal data, these data must - with the exception of storage - only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.
Objection to advertising emails
We hereby object to the use of the contact details published within the context of the imprint obligation for the transmission of any advertisements and information materials not explicitly requested. The providers of the pages expressly reserve the right to take legal action in the case of transmission of non-solicited advertising material, for example, by way of spam emails.
3. Data collection on our website
Most of the cookies we use are "session cookies". They are deleted automatically after the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser again on your next visit.
You can set your browser so that you will be informed when cookies are set and only permit cookies in individual cases, prevent acceptance of cookies for certain cases or in general and activate automatic deletion of the cookies when you close the browser. If you deactivate cookies, the function of this website may be limited.
Cookies that are needed to perform electronic communication, or to provide certain functions desired by you (e.g. shopping cart functions), are stored based on point (f) of Article 6(1) GDPR. The website operator has as legitimate interest in storage of cookies for technically correct and optimised provision of its services. As far as any other cookies (e.g. cookies for analysis of your surfing behaviour) are stored, these are treated separately in the data protection statement.
Server log files
The provider of the website will automatically collect and store information in server log files that your browser transmits to us automatically. These are:
- Browser type and browser version
- operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server query
- Internet protocol address
These data will not be combined with any other data sources.
Acquisition of these data is done on the basis of point (f) of Article 6(1) GDPR. The website operator has a legitimate interest in the technically impeccable presentation and optimisation of his website – for this, the server log files must be recorded.
Queries by email, phone or fax
If you contact us by email, phone or fax, we will store your query, including any personal data evident from it (name, query) for the purpose of processing your request. We will not pass on your data without your consent.
These data will be processed based on point (b) of Article 6(1) GDPR, provided that your query is connected to performance of a contract or necessary to perform pre-contractual measures. In any other case, processing is based on your consent (point (a) of Article 6(1) GDPR) and/or our legitimate interests (point (f) of Article 6(1) GDPR), since we have a legitimate interest in effective processing of any queries targeted at us.
The data you submitted to us in contact requests will remain with us until you request that we erase them, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been completely processed). Mandatory legal provisions – in particular statutory archiving periods – shall not be affected by this.
Use of the Siteminder online booking system - thebookingbutton.co.uk
Our website offers online booking via the online booking system named. For more information on data protection and usage terms, see: https://www.siteminder.com/de/legal/datenschutzrichtlinien/
4. Own services
We offer the option of applying to us (e.g. by email, mail or online application form). Below, we inform you about the scope, purpose and use of your personal data collected within the application process. We represent that collection, processing and use of your data will take place in correspondence with the applicable data protection law and any other statutory provisions and that your data will be treated strictly confidentially.
Scope and purpose of data collection
If you submit an application to us, we will process your personal data connected to it (e.g. contact and communication details, application documents, notes taken during job interviews, etc.), as far as this is necessary to make a decision on founding of an employment relationship. The legal basis for this is Section 26 of the revised Federal Data Protection Act (Bundesdatenschutzgesetz-neu; BDSG-neu) under German law (preparation of an employment relationship), point (b) of Article 6(1) GDPR (general preparation of a contract) and, provided that you have given your consent, point (a) of Article 6(1) GDPR. You may withdraw your consent at any time. Your personal data will only be passed on to persons involved in processing of your application within our company.
If your application is successful, your data submitted to us will be stored in our data processing systems based on Section 26 BDSG-neu and point (b) of Article 6(1) GDPR in order to perform the employment relationship.
Archiving duration of the data
If we cannot offer you a job, if you refuse a job offer, withdraw your application, withdraw your consent to data processing or ask us to erase your data, the data submitted by you, incl. any remaining physical application documents, will be stored or archived for up to 6 months after the end of the application proceedings (archiving period), in order to be able to track the details of the application process if there are any discrepancies (point (f) of Article 6(1) GDPR).
YOU MAY OBJECT TO THIS STORAGE, PROVIDED THAT YOUR LEGITIMATE INTERESTS OVERRIDE OURS.
After the end of the archiving period, the data shall be deleted if not subject to any statutory archiving obligation or other legal reason for further storage. If it is evident that archiving of your data will be required after the end of the archiving period (e.g. due to a threatening or pending legal dispute), they shall only be deleted once the data have become irrelevant. Other statutory archiving obligations shall not be affected.
OUR SOCIAL–MEDIA SITES
Data processing through social networks
We maintain publicly accessible profiles in social networks. The social networks used by us in detail are listed below.
Social networks such as Facebook, Google+, etc., can usually comprehensively analyse your user behaviour if you visit their website or a website with integrated social media contents (e.g. Like buttons or advertising banners). Visiting our Social-Media sites will trigger many processing activities relevant under data protection. In detail:
If you are logged in with your social media account while visiting our social media site, the operator of the respective social media portal can assign the visit to your user account. Your personal data may be recorded even if you are not logged in or if you do not have any account with the social media portal, however. These data are recorded, e.g., through cookies that are stored on your terminal device, or by recording of your internet protocol address in such a case.
The operators of the social media portals can use the data recorded in this manner to compile user profiles that store your preferences and interests. This way, you can be shown interest-specific advertising in and outside of the respective social media site. If you have an account with the respective social network, interest-specific advertising may be shown on all devices on which you are or were logged in.
Our social media sites are to ensure the most comprehensive online presence possible. This is a legitimate interest within the meaning of point (f) of Article 6(1) GDPR. The analysis processes initiated by the social networks may be based on a different legal basis that is to be indicated by the operators of the social networks (e.g. consent within the meaning of point (a) of Article 6(1) GDPR).
Data controller and assertion of rights
If you visit one of our social media pages (e.g. Facebook), we and the operator of the social media platform will be joint controllers for the processing activities triggered by your visit. You may generally assert your rights (access, rectification, erasure, restriction of processing, data portability and complaint) both towards us and towards the operator of the respective social media portal (e.g. towards Facebook).
Please note that, in spite of being joint controllers with the social media portal operators, we cannot fully influence the processing activities of the social media portals. Our options are essentially according to the corporate policy of the respective provider.
Duration of storage
The data recorded by us directly through the social media page shall be deleted from our systems as soon as the purpose for storage has ended, you ask us to erase them, you withdraw your consent to storage or the purpose for data storage is lost. Stored cookies remain on your end device until you delete them. Mandatory legal provisions – in particular archiving periods – shall not be affected by this.
We cannot influence the storage duration of your data that are stored by the operators of social networks for their own purposes. Please request details from this directly from the operators of the social networks (e.g. in their data privacy statements, see below).
Social networks in detail
We have a profile with Facebook. The provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook is certified under the EU-US-Privacy-Shield. We have entered into an agreement with Facebook concerning joint processing (Controller Addendum). The agreement stipulates the processing activities for which we and Facebook respectively are responsible when you visit our Facebook page. You can view the agreement under the following link:
You may adjust your advertising settings independently in your user account. Click the following link and log in:
For details, see the data privacy statement of Facebook: