1. Name and contact data of the data controller responsible for the processing as well as the company data protection officer
This data protection information shall apply to the data processing by:
Data controller: BOOK-IT Gästehäuser, owner Dipl. Ing. Michael Gietl
Address: Carl-Thiersch-Straße 2c, 91052 Erlangen
Phone: +49 9131 6101-300
Fax: +49 9131 6101-333
2. Collection and storage of personal data as well as the type and purpose of their use
a. When visiting the website
When calling our website www.book-it.de information is automatically sent to the server of our website by the browser used on your terminal device. This information is stored temporarily in a so-called log file. The following information is entered in this case without any action on your part and stored until the automated erasure:
- IP address of the requesting computer,
- date and time of the access,
- name and URL of the called file,
- website, from where the access is carried out (Referrer-URL),
- used browser and, if applicable, the operating system of your computer as well as the name of your access provider.
The stated data are processed by us for the following purposes:
- guarantee of a smooth set-up of a connection to the website,
- guarantee of a convenient use of our website,
- evaluation of the system security and stability as well as
- for further administrative purposes.
b. When contacting us
When you contact us by e-mail or via a contact form the data provided by you are stored by us in order to answer your questions. It is necessary to enter a valid e-mail address as well as your first and last names so that we know from whom the enquiry stems and in order to be able to answer this. Further details can be provided voluntarily. The data processing for the purpose of contacting us is carried out according to Art. 6 Para. 1 S. 1 lit. f GDPR based on our legitimate interest in being able to answer your enquiries or to carry out pre-contractual measures according to Art. 6 Para. 1 S. 1 lit. b GDPR. We erase the data produced in this context after the storage is no longer necessary or we limit the process in case of statutory storage obligations.
c. With the use of our online booking service
aa) Booking enquiry without registration
If you would like to book accommodation or a conference room on our website, in order to carry out your booing it is necessary for you to enter your personal data, which we require for processing your booking. This includes the following details:
- guest data (first and last name, address, telephone and e-mail address),
- payment data (credit card information),
- billing data (first and last name, address and e-mail address).
Mandatory details that are necessary for processing the booking are marked separately, further details are voluntary. We process the data entered by you in order to process your booking. The legal basis for this is Art. 6 Para. 1 S. 1 lit. b GDPR.
bb) Booking enquiry with registration
If you would like to book accommodation or a conference room on our website you can voluntarily set up a customer account, through which we can store your data for future booking enquiries. The data entered by you will be stored when setting up an account under “MY BOOK-IT”. This includes the following details:
- guest data (first and last name, address, telephone, e-mail address, user name and password),
- billing data (first and last name, address and e-mail address).
Mandatory details that are necessary for processing the booking are marked separately, further details are voluntary. We process the data entered by you in order to process your booking and to facilitate your further booking enquiries. The legal basis for this is Art. 6 Para. 1 S. 1 lit. b GDPR.
You can erase your user account at all times in the customer zone or you can send us an e-mail (email@example.com).
Owing to stipulations under commercial and tax law we are obliged to store your address, payment and order data for the duration of ten years.
d. When using our intranet
We have set up an “employee zone” for our employees. Each employee has an individual access. The purpose of this intranet is to exchange internal documents and it serves to optimize the personnel management. The legal basis for this is Art. 6 Para. 1 lit. b, Art. 88 GDPR in conjunction with Section 26 BDSG in conjunction with Section 611 a BGB [German Civil Code] as well as Art. 6 Para. 1 lit. f GDPR.
3. Forwarding of data
Your personal data will not be transmitted to third parties for any other purposes than those listed below. We will only forward your personal data to third parties if:
- you have explicitly granted your consent hereto according to Art. 6 Para. 1 S. 1 lit. a GDPR,
- the forwarding is necessary according to Art. 6 Para. 1 S. 1 lit. f GDPR for the assertion, exercising or defense of legal claims and there is no reason to assume that you have a primary interest in the non-forwarding of your data that is worthy of protection,
- for the event that a statutory obligation exists for the forwarding according to Art. 6 Para. 1 S. 1 lit. c GDPR, as well as
- this is permitted by law and according to Art. 6 Para. 1 S. 1 lit. b GDPR is necessary for the processing of contractual relationships with you.
In addition, we also use temporary cookies in order to optimize the user-friendliness, which are stored on your terminal device for a certain stipulated period of time. If you visit our site once again in order to use our services it will be automatically recognized that you had visited our site before already and which inputs and settings you made in order to not have to enter these again.
On the other hand, Google Analytics cookies are used in order to record the use of our website statistically and to evaluate it for the purpose of optimizing our offer for you (see Subclause 5). When our site is visited again these cookies enable us to automatically recognize that you had visited our site already. These cookies will be deleted automatically after a respectively defined period of time. The data processed by cookies are necessary for the stated purposes in order to safeguard our legitimate interests as well as those of third parties according to Art. 6 Para. 1 S. 1 lit. f GDPR. The majority of browsers accept cookies automatically. You can, however, configure your browser so that no cookies are stored on your computer or a reference will always appear before a new cookie is created. The full deactivation of cookies may, however, lead to the fact that you cannot use all functions of our website.
5. Analysis tools
a) Tracking tools
The tracking measures listed below and used by us are carried out based on Art. 6 Para. 1 S. 1 lit. f GDPR. With the used tracking measures we want to ensure a design and the continuous optimization of our website suitable for the needs. On the other hand, we use the tracking measures in order to record the use of our website statistically and to evaluate it for the purpose of optimizing our offer for you. These interests are to be seen as legitimate within the meaning of the aforementioned regulation. The respective data processing purposes and data categories can be seen from the corresponding tracking tools.
b) Use of Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc. („Google“). Google Analytics uses so-called „cookies“, Text files, which are stored on your computer and which enable an analysis of the use of the website by you. The information generated by the cookie about your use of this website is, as a rule, transferred to a server of Google in the USA and stored there. In the event of the activation of the IP anonymization on this website your IP address will, however, be previously abbreviated by Google within member states of the European Union or in other contracting states of the Treaty on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a server of Google in the USA and abbreviated there. By order of the operator of this website Google will use this information in order to evaluate your use of the website in order to compile reports about the website activities and in order to provide further services associated with the website use and the internet use towards the website operator.
The IP address transmitted by your browser within the scope of Google Analytics will not be aggregated with our data of Google.
You can prevent the storage of the cookies by a corresponding setting of your browser software; however we would like to point out to you that in this case you will, if applicable, not be able to use all functions of this website in full. You can in addition prevent the entry of the data generated by the cookie and which refer to your use of the website (incl. your IP address) by Google as well as the processing of these data by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
As an alternative to the browser add-on, in particular with browsers on mobile terminal devices, you can moreover prevent the entry by Google Analytics by clicking on this link in order to deactivate Google Analytics. An opt-out-cookie will be set that prevents the future entry of your data when visiting this website. The opt-out-cookie only applies in this browser and only for our website and will be deposited on your device. If you delete the cookies in this browser you must set the opt-out-cookie once again.
This website uses Google Analytics with the extension “_anonymizeIp()”. This way IP addresses are further processed in an abbreviated form, the ability to make reference to a person can therefore be excluded. Insofar as the data collected in relation to you have a personal reference, this is therefore excluded immediately and the personal data are thus erased immediately.
We use Google Analytics in order to analyze the use of our website and be able to improve this regularly. We can improve our offer through the gained statistics and design it more interesting for you as a user. For the exceptional cases, in which personal data are transferred to the USA, Google has submitted itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 Para. 1 S. 1 lit. f GDPR.
Information of the third party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Conditions of use: http://www.google.com/analytics/terms/de.html, overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the privacy statement: http://www.google.de/intl/de/policies/privacy.
6. Integration of Google Maps
On our website we use the offer of Google Maps. This way we can display interactive maps to you directly in the website and enable you convenient use of the map function. By the visit to the website Google receives the information that you have called the corresponding sub-site of our website. Moreover, the data stated under Subclause 2 of this statement are transmitted. This is carried out irrespective whether Google makes a user account available, through which you are logged in, or whether no user account exists. If you are logged into Google your data will be allocated directly to your account. If you do not wish to have the allocation with your profile at Google you must log-out before activating the button. Google will store your data as usage profiles and use these for purposes of advertising, market research and/or to design its website suitable for the needs. Such an evaluation is carried out in particular (even for users who are not logged in) in order to provide advertising suitable for the needs and in order to inform other users of the social network about your activities on our website. You are entitled to a right to object to the creation of these user profiles, whereby you must contact Google in order to exercise this right.
You can obtain further information regarding the purpose and scope of the data collection and their processing by the plug-in provider in the privacy statements of the provider. Google also processes your personal data in the USA and has submitted itself to the EU-US Privacy Shield.
7. Webfonts of Google
Based on our legitimate interests (operation and optimization of our websites) within the meaning of Art. 6 Para. 1 lit. f GDPR we use the web font service “Google Webfonts”, offered by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Each time this website is visited files are loaded from a Google server in order to display the text in a certain font. Your IP address can be transferred to a server of the provider and will be stored in the customary server protocol.
You can obtain further information regarding the purpose and scope of the data collection and their processing by Google in the privacy statements of the provider (https://www.google.com/policies/privacy/). Google also processes your personal data in the USA and has submitted itself to the EU-US Privacy Shield.
8. Rights of data subjects
You have the following rights towards us regarding the personal data relating to you:
- Right to information (Art. 15 GDPR),
- Right to rectification (Art. 16 GDPR),
- Right to erasure (Art. 17 GDPR),
- Right to limitation of the processing (Art. 18 GDPR),
- Right to data portability (Art. 20 GDPR),
- Right to object to the processing (Art. 21 GDPR),
- Right to lodge a complaint at a data protection supervisory authority (Art. 77 GDPR).
9. Right to object
If your personal data are processed based on legitimate interests pursuant to Art. 6 Para. 1 S. 1 lit. f GDPR, you have the right pursuant to Art. 21 GDPR to file an objection against the processing of your personal data, insofar as reasons exist in this respect, which arise from your special situation or the objection is aimed against direct marketing. In the latter case you have a general right to object, which will be implemented by us without stating a special situation. If you would like to exercise your right to revocation or object it is sufficient to send an e-mail to firstname.lastname@example.org.
10. Data security
We use the widespread SSL procedure within the visit to the website (Secure Socket Layer) in conjunction with the respective maximum encryption level, which is supported by your browser. As a rule, this concerns a 256 bit encryption. If your browser does not support any 256-bit encryption, we will instead resort to 128-bit v3 technology. Whether an individual site of our internet presence is transmitted encrypted, you can recognize by the closed presentation of the key or the lock symbol in the lower status bar of your browsers. Incidentally, we use suitable technical and organizational security measures in order to protect your data against accidental or willful manipulations, partial or full loss, destruction or against the unauthorized access of third parties. Our security measures are continuously improved in line with the technological development.
11. Actuality of and changes to this privacy statement
This privacy statement is currently valid and has the status of May 2018. By the further development of our website and offers made via this website or owing to changed statutory or official stipulations it may be necessary to change this privacy statement. The respective current privacy statement can be called by you on our website at all times and printed out.