1. Name and contact details of the Controller and of the data protection officer:
Hollenstedter Hof GmbH, Claudio Spinsanti
Am Markt 1 D-21279 Hollenstedt / Nordheide
Telefon: +49 (0)4165 - 213 70
Fax: +49 (0)4165 - 213 762
The company data protection officer can be reached at the above-mentioned address, Att. data protection officer, or by e-mail: firstname.lastname@example.org.
2. Collection, Storage and Erasure of Personal Data as well as Type and Purpose and their use:
a) When visiting the website:
When you visit our Website www.hollenstedterhof.de, the browser you are using on your terminal device automatically sends information to the server of our website. This information will be temporarily stored in a so-called log file. The following information will be recorded without your intervention and stored until automated deletion.
- IP address of the requesting computer,
- date and time of access,
- name and URL of the file accessed,
- website from which access has been made (Referrer-URL),
- the browser used and, if applicable, your computer’s operating system, and your access provider’s name.
- ensuring a smooth connection of the website,
- ensuring comfortable use of our website,
- evaluation of system security and stability,
- for other administrative purposes.
b) When using the online reservation (restaurant):
For reservations, we offer you the possibility to contact us via a form provided on the website. We need a valid email address, your name, mobile phone number, date and time, and the number of people so that we know who sent the request and can process the reservation.
c) When using the booking portal (hotel):
You have the opportunity to book rooms with us via our booking portal. For this it is necessary that you let us know your name, your address and your telephone number. Required information for the execution of the contracts are marked separately, further information is voluntary. We process the data provided by you to process your booking. The legal basis for this is GDPR sec. 6 para. 1 sentence 1 lit. b.
Payment data is collected in encrypted form and used solely to execute the corresponding transaction. We do not receive any knowledge or access to credit card data. The processing is carried out solely by the corresponding service provider. We process the data provided by you to process your reservation. The legal basis for this is GDPR sec. 6 para. 1 sentence 1 lit. b.
d) Erasure of data:
Your data stored by us will only be stored for as long as it is required for the optimal execution of the customer relationship. This means that the booking data remains stored until execution. The personal data collected by us for the use of the reservation form will be deleted after your request has been completed.
However, due to commercial and tax regulations, we are obliged to store your address, payment and order data for a period of ten years. After three years at the end of the year, we will limit processing, i.e. your data will only be used to comply with legal obligations.
3. Disclosure of Data to Third Parties:
Your personal data will not be transmitted to third parties for purposes other than those listed below. We only pass on your personal data to third parties:
- if you explicitly have consented pursuant GDPR sec. 6 para. 1 sentence 1 lit. a,
- if passing on your personal data pursuant GDPR sec. 6 para. 1 sentence 1 lit. f is necessary for assertion, exercise or defence of legal claims, and there is no reason to believe that you have an overriding interest worthy of protection in non-disclosure of your data,
- in the event of a legal obligation existing for their transfer pursuant to GDPR sec. 6 para. 1 sentence 1 lit. c, and
- this is permitted by law and it is necessary for carrying out our contractual relationships with you pursuant to GDPR sec. 6 para. 1 sentence 1 lit. b.
The data processed by cookies is required for the aforementioned purposes in order to protect our legitimate interests and those of third parties pursuant to GDPR sec. 6 para 1 lit. f.
Most browsers automatically accept cookies. However, you can configure your browser in a way that no cookies will be stored on your computer or a message always will appear prior to a new cookie being created. However, complete deactivation of cookies might lead to you not being able to using all our website’s functions.
5. Use of Google Analytics:
We use Google Analytics, a web analysis service by Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter „Google“) for the purpose of demand-oriented design and continuous optimization of our sites. The legal basis of this is GDPR sec. 6 para 1 lit. f. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. In this context, pseudonymised user profiles will be created and cookies will be used, see point 4. The information on your use of our website created by the cookie such as
- browser type / version,
- used operating system,
- Referrer URL (the previously visited page),
- the accessing computer’s host name of (IP address),
- time of server request,
will be submitted to a server of Google in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on the website activities and to provide further services associated with the use of the website and of the internet for the purposes of market research and demand-oriented design of these web pages. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of the company. Under no circumstances will your IP address be merged with other data from Google. The IP addresses will be anonymized so that an assignment is not possible (IP masking).
Further information on data protection in connection with Google Analytics can be found at https://www.google.com/analytics/terms/de.html.
6. Google Maps:
Further instructions for managing your own data in connection with Google products can be found here: https://support.google.com/accounts/answer/3024190.
7. Rights of Data Subjects
You have the right:
- to obtain access to your personal data processed by us in accordance with GDPR sec. 15. In particular, you may obtain access to the purposes of the processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the envisaged storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the source of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information on their details;
- to immediately request the rectification of inaccurate or completion of incomplete personal data stored by us in accordance with GDPR sec. 16;
- to request the erasure of your personal data stored by us pursuant to GDPR sec. 17, unless the processing for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for assertion, exercise or defense of legal rights is required;
- to demand the restriction of the processing of your personal data pursuant to GDPR sec. 18, as far as the accuracy of the data is contested by you, the processing is unlawful, but you reject its erasure and we no longer need the data, but you require this, for the exercise or defense of legal claims or you objected to processing pursuant to GDPR sec. 21;
- to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format in accordance with GDPR sec. 20. or to demand transmission to another controller;
- to object to your consent given pursuant to GDPR sec. 7 para 3 at any time. As a result, we are no longer allowed to continue processing data based on this consent in the future and
- to lodge a complaint with a supervisory authority pursuant to GDPR sec. 77. As a rule, you can contact the supervisory authority of your habitual residence or place of work or place of business.
8. Right to object:
If your personal data are processed based on legitimate interests pursuant to GDPR sec. 6 para. 1 sentence 1 lit. f, you have the right to object to the processing of your personal data pursuant to GDPR sec. 21, provided that there are reasons on grounds relating to your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation. If you would like to make use of your right of revocation or objection, simply send an e-mail to email@example.com
9. Data security:
We use the most common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. Usually this is a 256 bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. Whether a single page of our website is transmitted in encrypted form can be seen from the closed display of the key or lock symbol in the status bar of your browser. We make use of the rest of the adequate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
This data protection declaration is currently valid and has the status as of May 2018. Due to further development of our website and offers or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time on the website at www.hollenstedterhof.de/en/privacy-policy.html.