Data protection
The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
Pia Schoberl
Guesthouse Schöberl
Luitpoldstr. 14
D-87629 Füssen
Tel .: +49 (0) 8362 922411
Fax: +49 (0) 8362 922423
Email: info@schoeberl-fuessen.de
WWW: www.schoeberl-fuessen.de
Rights of the data subject
If you process personal data, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible:
1. Right to information
You can request confirmation from the controller as to whether personal data concerning you will be processed by us.
If such processing is available, you can request the following information from the person responsible:
the purposes for which the personal data are processed;
The categories of personal data that are processed;
The recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
The planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
The existence of a right to correction or deletion of your personal data, a right to restriction of processing by the person responsible or a right to object to this processing;
· The right to lodge a complaint with a supervisory authority;
· All available information about the origin of the data if the personal data is not collected from the data subject;
· The existence of automated decision-making, including profiling, in accordance with Art. 22 Para. 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organization. In this context, you can request the appropriate guarantees in accordance with Art. 46 GDPR to be informed in connection with the transmission.
2. Right to rectification
You have the right to correction and / or completion to the person responsible if the processed personal data that concern you are incorrect or incomplete. The person responsible must make the correction immediately.
3. Right to restriction of processing
You can request that the processing of your personal data be restricted under the following conditions:
if you contest the accuracy of your personal data for a period of time that enables the person responsible to check the accuracy of the personal data;
The processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
The person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
If you have objected to processing in accordance with Art. 21 Para. 1 GDPR and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of your personal data has been restricted, this data - apart from its storage - may only be obtained with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest the Union or a Member State.
If the restriction of processing was restricted in accordance with the above conditions, you will be informed by the person responsible before the restriction is lifted.
4. Right to deletion
a) Obligation to delete
You can request the data controller to delete your personal data immediately, and the data controller is obliged to delete this data immediately if one of the following reasons applies:
The personal data relating to you are no longer necessary for the purposes for which they were collected or otherwise processed.
You revoke your consent on which the processing was based in accordance with Art. 6 para. 1 sentence 1 lit. a or Art. 9 Para. 2 lit. a GDPR was based, and there is no other legal basis for the processing.
· You lay according to Art. 21 para. 1 GDPR and there is no overriding legitimate reason for the processing, or you file an objection pursuant to Art. Art. 21 para. 2 GDPR to object to processing.
The personal data concerning you have been unlawfully processed.
The deletion of your personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which the controller is subject.
· The personal data concerning you was collected in relation to information society services offered in accordance with Article 8 (1) GDPR.
b) Information to third parties
If the person responsible has made your personal data public and is acc. Article 17 (1) GDPR obliges them to delete them, taking into account the available technology and the implementation costs, appropriate measures, including technical ones, to inform those responsible for data processing who process the personal data that you as the data subject Person has requested that they delete all links to this personal data or copies or replications of this personal data.
c) Exceptions
The right to deletion does not exist if the processing is necessary
to exercise the right to freedom of expression and information;
· To fulfill a legal obligation that requires processing in accordance with the law of the Union or the Member States to which the controller is subject, or to perform a task that is in the public interest or in the exercise of official authority vested in the controller;
· For reasons of public interest in the area of public health in accordance with Art. 9 Para. 2 lit. h and i and Art. 9 Para. 3 GDPR;
For archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes acc. Art. 89 Para. 1 GDPR, insofar as the right mentioned under section a) is likely to render impossible or seriously impair the achievement of the objectives of this processing, or
· To assert, exercise or defend legal claims.
5. Right to information
If you have asserted the right to correction, deletion or restriction of processing against the person responsible, he is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.
You have the right vis-à-vis the person responsible to be informed about these recipients.
6. Right to data portability
You have the right to receive the personal data that you have provided to the person responsible in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that
processing based on consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR or on a contract acc. Art. 6 para. 1 sentence 1 lit. b GDPR is based and
· The processing is carried out using automated procedures.
In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, insofar as this is technically feasible. The freedoms and rights of other people must not be affected by this.
The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been transferred to the person responsible.
7. Right to object
You have the right, for reasons that arise from your particular situation, at any time against the processing of your personal data, which is based on Art. 6 Para. 1 lit. e or f DSGVO takes place to object; this also applies to profiling based on these provisions.
The controller will no longer process your personal data unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims.
If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is connected to such direct advertising.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Regardless of Directive 2002/58 / EC, you have the option of exercising your right to object in connection with the use of information society services using automated procedures that use technical specifications.
8. Right to withdraw the data protection declaration of consent
You have the right to withdraw your declaration of consent under data protection law at any time. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.
9. Automated decision in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing - including profiling - which has legal effect on you or similarly significantly affects you. This does not apply when making the decision
is necessary for the conclusion or performance of a contract between you and the person responsible,
Is permissible on the basis of legal provisions of the Union or of the Member States to which the controller is subject and these legal provisions contain appropriate measures to safeguard your rights and freedoms as well as your legitimate interests or
With your express consent.
However, these decisions may not be based on special categories of personal data according to Art. 9 Para. 1 GDPR, unless Art. 9 Para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
With regard to the cases mentioned in (1) and (3), the person responsible takes appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the person responsible, to express your own position and heard the appeal of the decision.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your residence, your place of work or the place of the alleged violation, if you believe that the processing of your personal data is against the GDPR violates.
The supervisory authority to which the complaint was lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 GDPR.
General information on data processing
1. Scope of processing personal data
We only process the personal data of our users as far as this is necessary to provide a functional website as well as our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies in cases in which prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
2. Legal basis for the processing of personal data
Insofar as we obtain the data subject's consent for the processing of personal data, Art. 6 para. 1 sentence 1 lit. a EU General Data Protection Regulation (GDPR) as the legal basis.
In the processing of personal data, which is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 sentence 1 lit. b GDPR as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 Para. 1 S.1 lit. c GDPR as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 sentence 1 lit. d GDPR serves as the legal basis.
If processing is necessary to safeguard the legitimate interests of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 sentence 1 lit. f GDPR as the legal basis for processing.
3. Data deletion and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
Provision of the website and creation of log files
1. Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected:
Information about the browser type and the version used
· The user's operating system
· The user's Internet service provider
The user's IP address
· Date and time of access
Websites from which the user's system reaches our website
Websites that are accessed by the user's system via our website
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 Para. 1 S.1 lit. f GDPR.
3. Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. To do this, the user's IP address must remain stored for the duration of the session.
The log files are saved to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.
Our legitimate interest in data processing in accordance with Art. 6 Para. 1 S.1 lit. f GDPR.
4. Duration of storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
If the data is stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that it is no longer possible to assign the calling client.
5. Opposition and removal options
The collection of the data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. There is consequently no possibility for the user to object.
6. Use of cookies
a) Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. If a user calls up a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string that enables the browser to be clearly identified when the website is called up again.
We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.
The following data is stored and transmitted in the cookies:
language settings
Articles in shopping cart
Log-in information
We also use cookies on our website that enable an analysis of the surfing behavior of users.
The following data can be transmitted in this way:
Entered search terms
· Frequency of page views
· Use of website functions
The user data collected in this way is pseudonymized using technical measures. It is therefore no longer possible to assign the data to the accessing user. The data is not stored together with other personal data of the users.
When our website is accessed, an information banner informs users about the use of cookies for analysis purposes and refers them to this data protection declaration. In this context, there is also a note on how the storage of cookies can be prevented in the browser settings.
b) Legal basis for data processing
The legal basis for the processing of personal data using cookies is Art. 6 Abs. 1 S.1 lit. f GDPR.
c) Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for the users. Some functions of our website cannot be offered without the use of cookies. For this it is necessary that the browser is recognized even after a page change.
We need cookies for the following applications:
Acceptance of language settings
· Shopping cart
The analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies we learn how the website is used and can thus continuously optimize our offer.
For these purposes, we also have a legitimate interest in the processing of personal data in accordance with Art. 6 Para. 1 S.1 lit. f GDPR
d) Duration of storage, objection and removal options
Cookies are stored on the user's computer and transmitted from there to our website. As a user, you therefore have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may not be possible to use all functions of the website to their full extent.
The transmission of flash cookies cannot be prevented via the settings of the browser, but by changing the settings of the flash player.
Inquiry via the website
1. Description and scope of data processing
On our website there is the possibility to request rooms. If a user makes use of this option, the data entered in the input mask will be transmitted to us and saved. These can be: Title, first name, last name, email address, telephone, address, number of passengers, wishes, date, time, room selection, price.
If you make an online request from our website, this is done by DIS dürr-internet-service - DWFormmailer®, owner Dürr Wolfgang (sole proprietorship), In den Kehlen 4, D-97342 Marktsteft, Germany, phone: +49 (0) 9332 5936720, fax: +49 (0) 9332 5936722, email: webmaster@dw-formmailer.de, Internet: https://www.dw-formmailer.de.
All booking data you have entered will be encrypted. DWFormmailer® is committed to the data protection-compliant handling of your transmitted data. He takes all organizational and technical measures to protect your data.
In this context, the data will not be passed on to third parties. The data is used exclusively for processing the booking and for communication.
2. Legal basis for data processing
The legal basis for the processing of the data is the conclusion of an accommodation contract with the user.
3. Purpose of data processing
The processing of personal data from the input mask serves us only to process the booking request.
4. Duration of storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of a contractual relationship, we will delete the data received as soon as national, commercial law, statutory or contractual retention requirements have been met.
5. Opposition and removal options
The user has the option to object to the processing of their personal data at any time.
We would like to point out that in the event of an objection, the booking cannot be completed or the conversation cannot be continued.
Online Review
1. Description and scope of data processing
Former guests can post a review at our hotel after check-out. We would like to send you an email within 14 days after departure to ask you to submit a hotel review. If desired, each review can be published anonymously. If you have not felt comfortable in our hotel, we would like to take the opportunity to contact you.
If you submit an online rating on our website, the data will be saved in the rating tool of TrustYou GmbH, Agnes-Pockels-Bogen 1, D-80992 Munich, Germany. TrustYou GmbH is committed to the data protection-compliant handling of your transmitted data. It takes all organizational and technical measures to protect your data.
If a former guest takes advantage of this online evaluation option, data from the former guest is saved in the evaluation mask. These data are: e-mail address and voluntary information such as first name, surname, language and information on the evaluation.
In this context, the data will not be passed on to third parties. The data is used exclusively for the publication of the rating and for arbitration in the event of poor ratings.
2. Legal basis for data processing
The legal basis for the processing of the data is our legitimate interest in data processing.
3. Purpose of data processing
The purpose of the hotel rating is to communicate and summarize opinions of hotel guests via our website, so that interested parties can get their own picture of our services. The results also serve our internal quality management.
4. Duration of storage
The data will not be deleted.
5. Opposition and removal options
There is always the possibility to have the publication of the review deleted (right to be forgotten). Please let us know what rating it is about.
Contact form and email contact
1. Description and scope of data processing
There is a contact form on our website that can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and saved.
For the processing of the data, your consent is obtained as part of the sending process and reference is made to this data protection declaration.
Alternatively, you can contact us via the email address provided. In this case, the user's personal data transmitted with the email will be saved.
In this context, the data is not passed on to third parties. The data will only be used to process the conversation.
2. Legal basis for data processing
The legal basis for the processing of the data is Art. 6 Para. 1 S.1 lit. a GDPR.
The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 Para. 1 S.1 lit. f GDPR. If the email contact aims to conclude a contract, then an additional legal basis for the processing is Art. 6 Para. 1 S.1 lit. b GDPR.
3. Purpose of data processing
The processing of personal data from the input mask serves us only to process the contact. If you contact us by email, this is also the necessary legitimate interest in the processing of the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
4. Duration of storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those that were sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been finally clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
5. Opposition and removal options
The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
If you do not agree with the further data processing and use by us, you have the option to tick the following declaration.
I do NOT agree to the processing or use of the above data.
In this case, all personal data saved in the course of contacting us will be deleted.
Use of Facebook plugin
1. Scope of processing personal data
We use the plug-in from Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025 United States or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland , By activating this plug-in, your browser establishes a connection to the Facebook servers. Facebook learns that you are visiting our website with your IP address. In addition, Facebook receives information about the date, time, browser type and version, operating system and version as well as Facebook cookies already stored in the browser. From this, Facebook can recognize which websites with Facebook content you were on. The plug-in is part of Facebook and is only displayed on our site. Any interaction with the plug-in is an interaction on "facebook.com".
If you are logged in to Facebook, your Facebook login number will also be transmitted when the plug-in is activated. Visiting our website can thus be linked to your Facebook account. Depending on the setting of your Facebook account, clicking on the plug-in will also be published on Facebook. You can avoid this by logging out of your Facebook account before activating the plug-in and deleting all Facebook cookies after visiting websites with Facebook plug-ins.
2. Legal basis for the processing of personal data
The legal basis for the processing is Article 6 (1) (1) (a) GDPR.
3. Purpose of data processing
Facebook processes this data to find errors in its own system, to improve its own products and adapt them to user behavior, to control, place and individualize advertising. In addition, the processing also serves to localize, record the way in which websites with Facebook content are used and the purpose of market research.
4. Duration of storage
Facebook says it stores the data for up to 90 days. After that, the data will only be used in anonymised form.
5. Opposition and removal options
Further information on data usage and data collection can be found in Facebook's data protection declaration at: www.facebook.com/about/privacy.
Use of Google Maps plugin
1. Scope of processing personal data
We use the online map service Google Maps from Google Inc., 1600 Amphiteatre Parkway, Mountain View, CA 94043, United States on our website. By using Google Maps on our website, information about the use of our website, your IP address and the addresses entered in the route planner function are transmitted to a Google server in the USA and stored there. By using our website, you consent to the processing of your data collected by Google Maps.
2. Legal basis for the processing of personal data
The legal basis for the processing is Article 6 Paragraph 1 Clause 1 lit. f GDPR.
3. Purpose of data processing
We have no knowledge of the purpose of the data collection, nor of the use of the data by Google.
4. Duration of storage
We have no information about the duration of the storage.
5. Opposition and removal options
You can find more information at www.google.com/intl/de/policies/privacy.
Use of Tripadvisor plugin
1. Scope of processing personal data
We use the plug-in from TripAdvisor LLC, 7 Soho Square, London W1D 3QB, Attn: Privacy Officer / Legal Department, e-mail: privacy@tripadvisor.com By activating this plug-in, your browser connects to the servers from TripAdvisor on. TripAdvisor tells you that you visit our website with your IP address. In addition, TripAdvisor receives information about the date, time, browser type and version, operating system and version as well as TripAdvisor cookies already stored in the browser. From this, TripAdvisor can see which websites with TripAdvisor content you have been on. The plug-in is part of TripAdvisor and is only displayed on our site. Any interaction with the plug-in is an interaction on "TripAdvisor.com".
If you are registered with TripAdvisor, your TripAdvisor registration number will also be transmitted when the plug-in is activated. Visiting our website can thus be linked to your TripAdvisor account. Depending on the setting of your TripAdvisor account, clicking on the plug-in will also be published on TripAdvisor. You can avoid this by logging out of your TripAdvisor account before activating the plug-in and deleting all TripAdvisor cookies after visiting websites with TripAdvisor plug-ins.
2. Legal basis for the processing of personal data
The legal basis for the processing is Article 6 (1) (1) (a) GDPR.
3. Purpose of data processing
TripAdvisor processes this data to find errors in its own system, to improve its own products and adapt them to user behavior, to control, place and individualize advertising. In addition, the processing also serves the localization, the recording of the way of using websites with TripAdvisor content and the purpose of market research.
4. Duration of storage
We have no information about the duration of the storage.
5. Opposition and removal options
Further information on data use and collection can be found in TripAdvisor's privacy policy at: https://tripadvisor.mediaroom.com/DE-privacy-policy.
Change of data protection regulations
We reserve the right to adapt this data protection declaration so that it always complies with the current legal requirements