1. An overview of data protection
The following notes provide a simple overview of what happens to your personal data when you visit our website. Personal data is all data with which you can be personally identified. Detailed information on the subject of data protection can be found in our data protection declaration listed under this text.
Data collection on our website
Who is responsible for data collection on this website? The data processing on this website is carried out by the website operator. You can find their contact details in the imprint of this website.
How do we record your data?
Your data will be collected on the one hand, by telling us this. For example, this may be data that you enter in a contact form. Other data is collected automatically when visiting the website through our IT systems. These are above all technical data (eg Internet browser, operating system or time of the page request). The collection of this information is automatic as soon as you enter our website.
What are the purposes we use your data for?
Part of the data is collected to ensure that the website is provided without errors. Other data can be used to analyze your user behavior. What rights do you have regarding your data?
You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the correction, blocking or deletion of this data. You can contact us at any time at the address given in the imprint if you have any further questions on the subject of data protection. You also have the right to lodge a complaint with the competent supervisory authority.
2. General information and mandatory information
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration. If you use this website, various personal data will be collected. Personal data is data with which you can be personally identified. This data protection declaration explains what data we collect and what we use it for. It also explains how and for what purpose this happens. We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of the data against access by third parties is not possible. Note on the responsible body
The data processing controller on this website is:
Touristik Service Waldeck-Ederbergland GmbH
Auf Lülingskreuz 60
Phone: + 49 (0) 5631 - 954 359
The responsible body is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).
Revocation of your consent to the processing of data
Many data processing operations are only possible with your express consent. You can revoke consent that you have already given at any time. An informal message by e-mail to us is sufficient. The legality of the data processing that took place up until the revocation remains unaffected by the revocation.
Right to log a complaint with the competent supervisory agency
f there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you should demand the direct transfer of the data to another controller, this will be done only if it is technically feasible.
SSL and/or TLS encryption
This site uses, for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as a site operator, an SSL or. TLS encryption. An encrypted connection is indicated by the browser's address bar changing from "http: //" to "https: //" and the lock icon in your browser bar. If SSL or TLS encryption is enabled, the data you submit to us can not be read by third parties.
Information, blocking, deletion
Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if necessary, a right to correction, blocking or deletion of this data at any time. You can contact us at any time at the address given in the imprint if you have any further questions on the subject of personal data.
Opposition to promotional emails
We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements with regard to sending promotional and informational materials not expressly requested. The website operator reserves the right to take specific legal action if unsolicited advertising material, such as email spam, is received.
3. Data collection on our website
Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit. Other cookies remain in your device's memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be restricted. Cookies that are required to carry out the electronic communication process or to provide certain functions you want (e.g. shopping cart function) are stored on the basis of Article 6 Paragraph 1 Letter f GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. Insofar as other cookies (e.g. cookies for analyzing your surfing behavior) are stored, these are treated separately in this data protection declaration.
Server log files
The website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us.
The type and version of browser used
The used operating system
The hostname of the accessing computer
The time of the server inquiry
The IP address
This data is not merged with other data sources.
The basis for data processing is Art. 6 (1) (f) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
Our website uses functions of the web analysis service Google Analytics. The provider of the web analysis service is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Google Analytics uses "cookies." These are small text files that your web browser stores on your end device and enable analysis of website usage. Information generated by cookies about your use of our website is transmitted to a Google server and stored there. Server location is usually the USA.
The setting of Google Analytics cookies is based on Art. 6 para. 1 lit. f DSGVO. As the operator of this website, we have a legitimate interest in the analysis of user behavior in order to optimize our website and possibly also advertising.
We use Google Analytics in conjunction with the IP anonymization feature. It ensures that Google shortens your IP address within member states of the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. There may be exceptions where Google transmits and truncates the full IP address to a server in the United States. Google will use this information on our behalf to evaluate your use of the website, to report on website activity, and to provide us with other services related to website activity and internet usage. There is no merger of the Google Analytics transmitted IP address with other Google data.
The setting of cookies by your web browser can be prevented. However, this could limit some functions of our website. You can also prevent the collection of data relating to your website use, including your IP address and subsequent processing by Google. This is possible by downloading and installing the browser plugin available via the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
Opposition to data collection
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We will not pass on this data without your consent. The processing of the data entered in the contact form takes place exclusively on the basis of your consent (Art. 6 Para. 1 lit. a GDPR). You can withdraw this consent at any time. All you need to do is send an informal email to us. The legality of the data processing operations carried out before the revocation remains unaffected by the revocation. The data you entered in the contact form will remain with us until you request deletion, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions - especially retention periods - remain unaffected.
Processing of data (customer and contract data)
We collect, process and use personal data only insofar as they are necessary for the establishment, content or change of the legal relationship (inventory data). This is done on the basis of Art. 6 Para. 1lit. B GDPR, which allows the processing of data to fulfill a contract or pre-contractual measures. We collect, process and use personal data about the use of our website (usage data) only to the extent necessary to enable the user to use the service or to bill the user.
The collected customer data will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.
Data transmission when concluding a contract for services
We only transmit personal data to third parties if this is necessary in the context of contract processing, for example to the bank commissioned with payment processing. Any further transmission of the data does not take place or only if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes. The basis of data processing is Article 6 Paragraph 1 Letter B GDPR, which allows the processing of data to fulfill a contract or pre-contractual measures.
The accommodation you booked
In order for your booking to be completed, we transmit the data relevant to the booking to the accommodation you have booked. This can be information such as your name, your contact details, your payment details, your special requests from the booking, and the names of the guests traveling with you. If you have a question regarding your booking, we may contact the accommodation provider and ask them to take care of your question.
4. Plug-ins and Tools
Our website uses plugins from the Google-operated YouTube site. The website is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers will be established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account. YouTube is used in the interest of an attractive presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Further information on the handling of user data can be found in YouTube's data protection declaration at: https://www.google.de/intl/de/policies/privacy.
This site uses the Google Maps map service via an API. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. To use the functions of Google Maps it is necessary to save your IP address. This information is usually transmitted to and stored by Google on servers in the United States. The provider of this site has no influence on this data transfer.
The use of Google Maps is in the interest of an appealing presentation of our online offers and to make it easy to find the places we have indicated on the website. This represents a legitimate interest within the meaning of Art. 6 Paragraph 1 lit. f GDPR. You can find more information on handling user data in Google's data protection declaration: https://www.google.de/intl/de/policies/privacy/.
We use Google Fonts on our website. These are the “Google fonts” from Google Inc. For Europe, Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.
You do not need to register or enter a password to use Google fonts. Furthermore, no cookies are stored in your browser. The files (CSS, typefaces/fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, requests for CSS and fonts are completely separate from all other Google services. If you have a Google account, you don't have to worry about your Google account data being transmitted to Google while using Google Fonts. Google records the use of CSS (Cascading Style Sheets) and the fonts used and stores this data securely.
In order to deliver our website or all of our individual sub-pages (websites) to you on different devices quickly and easily, we use the services of jQuery CDN from the company jQuery Foundation. jQuery is distributed via the Content Delivery Network (CDN) of the American software company StackPath (LCC 2012 McKinney Ave. Suite 1100, Dallas, TX 75201, USA). This service stores, manages and processes your personal data.
A content delivery network (CDN) is a network of regionally distributed servers that are connected to one another via the Internet. Through this network, content, especially very large files, can be delivered quickly even with large load peaks.
In the data protection guidelines of StackPath it is explicitly mentioned that StackPath use aggregated and anonymized data from various services (such as jQuery) for the extension of security and for their own services. However, this data cannot identify you as a person.
StackPath is an active participant in the EU-US Privacy Shield Framework, which regulates the correct and secure transfer of personal data. You can find more information on this at www.privacyshield.gov/participant. More information on data protection at StackPath can be found at www.stackpath.com/legal/privacy-statement/ and to jQuery under openjsf.org/wp-content/uploads/sites/84/2019/11/OpenJS-Foundation-Privacy-Policy-2019-11-15.pdf.