Data Protection Information
Welcome to our Website, we thank you for your interest in our company. In order to give you a good feeling with regard to how your personal data is handled, we would like to clarify what happens to the produced data and which safety measures are taken by us.
We process your data in compliance with the applicable legal regulations concerning the protection of personal data, in particular the EU Data Protection Basic Regulation (EU-DS-GVO) as well as the country-specific implementing laws which apply to us. By means of this data protection statement we inform you comprehensively about the processing of your personal data by the Boardinghaus Freising and your rights.
Personal data are those pieces of information, which enable the identification of a natural person.
Specifically these include name, date of birth, address, phone number, e-mail address, and also IP address.
As non-personal data are considered those pieces of information, by means of which it is not possible to identify the user’s person.
Responsible body and data protection supervisor:
Managing director: Wolfgang Haslberger
Contact to data protection supervisor: email@example.com
Your rights as a person concerned
In the first place we would like to inform you on your rights as a person concerned. Those rights are defined under Art. 15-22 EU-DS-GVO, which includes:
- The right of access to information (Art. 15 EU-DS-GVO)
- The right of deletion of the personal data (Art. 17 EU-DS-GVO)
- The right of data correction (Art. 16 EU-DS-GVO)
- The right to data portability (Art. 20 EU-DS-GVO)
- The right of the restriction of the data procession (Art. 18 EU-DS-GVO)
- The right of objection of the data procession (Art. 21 EU-DS-GVO)
To exercise your right please contact firstname.lastname@example.org. The same applies if you have questions concerning the data procession in our company. You also have the right to appeal to a data protection supervisory authority.
Rights to Appeal
Regarding the rights to appeal please consider the following:
In case we process your personal data for the purpose of direct marketing you have the right to appeal against it at any time, without giving reasons. This also applies for profiling, so far as it is connected to direct marketing.
If you appeal against the data procession for the purpose of direct marketing, we will not process your personal data for this purpose. The appeal is free of charge and any formal requirement, preferably to email@example.com
In case we process your data for safeguarding legitimate interests, you may appeal against the processing for reasons related to your specific situation at any time; the same applies to a profiling based on these provisions. We will not process your personal data any longer, unless we can provide compelling and legitimate reasons, which your interests, rights and freedoms outweight, or the procession serves to assert, exercise and defend legal claims.
The Purpose and the Legal Basis of Data Procession
In course of processing your personal data we will comply with the regulations of EU-DSGVO as well as other applicable data protection regulations. The legal bases for data procession derive especially from Art. 6 EU-DSGVO.
We apply your data for business preparations, for fulfilling contractual and legal obligations, for the implementation of contractual relationship, to offer products and services as well as to strengthen customer relationships, which also may include analysis for marketing and direct marketing purposes.
Your consent represents also a data procession permission. We clarify hereby the purposes of the data procession and your right to appeal. In case the consent refers to the procession of specific categories of personal data, we will explicitly inform you about it in the consent (Art. 88 Abs. 1 EU-DS-GVO).
A procession of specific categories of personal data in term on Art. 9 Abs. 1 EU-DS-GVO) takes place only when this due to regulations is necessary and there is no reason for assuming that your legitimate interest in precluding data processing outweights (Art. 88 Abs. 1 EU-DS-GVO).
Transfer to Third Parties
We will transfer your data to third parties only in accordance with legal regulations or with the corresponding consent. Otherwise we do not transfer data to third parties unless we are obliged by mandatory rules (Transfer to external bodies such as supervisory authorities or law enforcement authorities).
Recipient of the Data / Categories of Recipients
Within our company we ensure that only those persons gain access to your data who need it to fulfil contractual or legal obligations. In some cases we are supported by external service providers in the fulfilment of their tasks. The necessary data procession contracts have been concluded with all of our service providers.
Providers of the Boardinghaus Freising are:
For booking and related tasks:
- HS/3 Hotelsoftware GmbH&Co. KG
- Strato AG
- CCV Deutschland Ltd.
Transfer to Third Countries/Intention toTransfer to Third Countries
Data transfer to third countries (outside the EU or the European Economic Area) takes only place when it is necessary to fulfil obligations, prescribed by law, or you give us your consent.
Data Storage Duration
We store your data as long as it is necessary for the respective purpose of procession. Please consider that numerous retention periods (have to) require the further storage of data. This applies particularly to commercial or fiscal obligations ( e.g. Commercial Code, Fiscal Code, etc.). Provided there is no further retention period, your data will be routinely deleted after the fulfilment of the purpose.
Furthermore, we may store data upon your consent, or in case of legal conflicts we may use data as evidence within periods of limitation, which can be as long as 30 years; the regular period of limitation is 3 years.
The Safe Transfer of Your Data
To protect the stored data against incidental or deliberate manipulation, loss, destruction, or against access by unauthorised persons in the best possible way we implement technical and organisational security measures. The security level is being continuously controlled in co-operation with safety experts and adapted to the latest standards.
The exchange of data from and to our website takes place encoded. As transmission protocol we provide HTTPS for the website, by using current encryption protocols in each case. Furthermore it is possible to use alternative ways of communication (such as mail).
Obligation to Provide Data
Various personal data are necessary to create, execute and terminate obligations as well as to fulfil the related contractual and legal responsibilities. The same applies to the use of our website and the various functions provided. We have summarised the details above. In certain cases data must be collected or provided due to legal provisions. Please consider that it is not possible to process your request or to fulfil the underlying obligations without providing these data.
Categories, Sources and Origin of Data
It is determined by the context, which data we process. E.g. it depends, whether you send your booking inquiry by mail or you use our contact form. Please note that if necessary, information for special processing situations has to be provided separately at a suitable place.
When you visit our website we collect and process the following data:
- Name of the internet service provider
- Information on the website through which you visit our website
- Applied web browser and applied operating system
- Your IP address assigned by the internet service provider
- Requested files, data volume transferred, downloads/file export
- Information on the websites you visit at our place, including date and time
- These data must be stored in accordance with Art. 6 Abs. 1 lit. F EU-DS-GVO for technical safety reasons, especially to protect our web server against attempted hacking. The anonymisation of the data by shortening the IP address, so that no further reference to the user can be made, takes place no more than 7 days later.
In course of a contact inquiry we collect and process the following data:
- name and first name
- e-mail address
- Information on wishes and interests
In course of a booking or a booking inquiry we collect and process the following data:
- name and first name
- invoicing address
- e-mail address
- phone and fax number
- dates of arrival and departure
- room and booking wishes
- data from other sources, which are permitted to process
Contact form / Contact via e-mail (Art. 6 Abs. 1 lit. a, b EU-DS-GVO)
There are contact forms on our website for the purpose of electronic contact. If you write to us via this form, we process your data provided in the contact form in order to contact you and answer your questions and wishes.
In this connection the principles of data economy and data avoidance will be taken into consideration, so that you provide only those data which are essential for making contact. These are your name, e-mail address and the message. Additionally your IP address will be processed for technical reasons and legal protection.
All other information is optional, and may be given (e.g. for responding your request more individually).
If you contact us via e-mail, we will use the personal data provided by you only for the purpose of the processing of your inquiry.
Booking request form (Art. 6 Abs. 1 lit. a, b EU-DS-GVO)
We process the data provided by you in the booking request form only for the purpose of executing the contract, unless you give your consent to further use.
The principles of data economy and data avoidance will be taken into consideration, so that you provide only those data which are essential for the execution of the contract or to fulfil our contractual obligations (such as your name, address, e-mail address, booking requirements) or which data we are legally obliged to collect.
Additionally your IP addresse will be processed for technical reasons and legal protection. Without these data unfortunately we must reject the completition a booking, because we will not be able to execute it. Of course, you may provide further data if you wish.
Cookies (Art. 6 Abs. 1 lit f EU-DS-GVO / Art. 6 Abs. 1 lit a EU-DS-GVO in case of consent)
This website uses Google Analytics, a web analytics service provided by Google Inc. („Google”). Google Analytics applies “cookies”, text files, saved on your computer which allow an analysis of your website usage. The information provided by the cookies about your use of this website are transmitted to a Google server in the United States where they are stored. In case of the activation of the IP anonymisation of this website, your IP adress will be shortened by Google within the member states of the European Union and all other states parties to the agreement within the European Economic Area (EEA). Only in exceptional cases will the whole IP address be transmitted to a Google server in the United States and shorthened there. On behalf of the operator of this website Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide other services relating to website activity and internet usage. The IP address transmitted from your browser by Google Analytics will not be connected to other data of the Google. You can prevent these cookies from being saved by changing the appropriate browser software settings; we would like to make you aware of the fact, that in this case it is possible that you will not be able to use all the functions of this website. Moreover, you can prevent the collecting and the processing of those data by Google which are generated by the cookie and which are related to your website usage (including your IP address) by downloading and installing the available browser plugin under the following link (http://tools.google.com/dlpage/gaoptout?hl=de)
Plugins and tools
This site uses the Google Maps map service via an API. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use Google Maps, it is necessary to save your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
The use of Google Maps is in the interest of making our website appealing and to facilitate the location of places specified by us on the website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.
Further information about handling user data, can be found in the data protection declaration of Google at https://www.google.de/intl/de/policies/privacy/.
Links to Other Providers
Our website contains -clearly recognisable- links to the internet appearance of other companies. Where links to websites of other providers exist, we do not have any influence on their content. Therefore we cannot provide any guarantee or accept any liability for them. For the content of these pages the respective provider or operator of the websites is responsible.
The linked pages have been checked at the time the link was established for possible legal infringements and recognisable legal violations. Illegal contents were not recognisable at the time of linking. A continuous control of the content of these websites is not reasonable without specific indication for infringements. We will immediately remove such contents upon discovery of legal violations.
If required, you can turn directly to our data protection supervisor, who will gladly answer your questions.