Privacy Policy

The protection of your personal data is a top priority for us. We treat your data confidentially and in accordance with the applicable data protection regulations. These include, in particular, the General Data Protection Regulation (GDPR) and the Telecommunications Digital Services Act (TDDDG).
With this privacy policy, we would like to give you a transparent overview of what personal data we collect when you use our website, how we process it and what rights you have as a data subject. It does not apply to other websites to which we merely refer by hyperlink. As we cannot influence the confidential handling of your personal data on third-party websites, we cannot accept any responsibility for this.

Our aim is for you to feel safe when visiting our website. We therefore provide you with detailed information here about

• what data we collect,
• the purposes for which we use it,
• the legal basis on which the processing takes place
• how long we store your data,
• and what options you have to control or restrict the processing of your data.

We use technical and organizational measures to ensure a high level of protection of your data and to prevent misuse, loss or unauthorized access.

Responsible for data processing is

Resort Das Achental GmbH
Mietenkamer Str. 65
83224 Grassau

Dr. Karsten Kinast
External data protection officer
Nordstraße 17a
50733 Cologne
E-mail: dsb-resortachental@kinast.eu

4.1 Scope of the processing of personal data

We only process our users' personal data to the extent necessary to provide a functional website and to use the content of the website and our services. The processing of our users' personal data only takes place regularly with the user's consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

4.2 Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

4.3 Data erasure and storage duration

The personal data of the data subject will be erased or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract

5.1 Provision of the website and creation of log files

5.1.1 Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
This includes

• IP address of the end device
• Date and time of access
• Name and URL of the retrieved file
• Referrer URL (the previously visited page)
• Browser type and version and operating system

The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

5.1.2 Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.

5.1.3 Purpose of the data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. The data is stored in log files to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR. The data is not analyzed for marketing purposes in this context.

5.1.4 Duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. If the data is stored in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymized so that it is no longer possible to identify the accessing client.

5.1.5 Possibility of objection

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object.

5.2 E-mail contact

5.2.1 Description and scope of data processing

If you contact us by e-mail, we process the data you provide (e.g. name, e-mail address, message) to process your request and for follow-up questions.

5.2.2 Legal basis for data processing

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

5.2.3 Purpose of the data processing

The processing of personal data when contacting us by e-mail serves us to process the contact. This also constitutes the necessary legitimate interest in processing the data. The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

5.2.4 Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

5.2.5 Option to object

If the user contacts us by email, they can object to the storage of their personal data if the contact does not serve to initiate a contract. In such a case, the conversation cannot be continued. To do so, please contact the contact named below under "Right to object". All personal data stored in the course of contacting us will be deleted in this case.

5.3 Newsletter

5.3.1 Description and scope of data processing

You have the option of subscribing to our newsletter. We need your e-mail address for this. Optionally, you can enter further data (e.g. name, interests) to personalize content. Your data will be processed in the context of sending the newsletter.
In addition, we use a tracking pixel to collect information on opening and click behavior. Tracking pixels (also known as clear GIFs or tracking pixels) are small graphics (approx. 1×1 GIF files) that are used on websites or in HTML emails, among other things, to give website operators a better understanding of how visitors interact with the website. Interaction data is stored directly on the user in the Marketing Cloud and can be used to personalize the newsletter offer.

5.3.2 Legal basis for data processing

The legal basis for data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG.

5.3.3 Purpose of the data processing

The purpose of data processing is to send, personalize and continuously improve the newsletter service.

5.3.4 Duration of storage

The data is stored for the duration of the newsletter subscription. After unsubscribing from the newsletter, the data will be deleted.

5.3.5 Right of objection and revocation

You can revoke your consent to receive the newsletter at any time. The revocation can be made via a link in the newsletters themselves or by sending a message to the contact options below.

5.4 Smart Host

5.4.1 Description and scope of data processing

We use the Smart Host service provided by Smart Host GmbH, Große Hamburger Straße 32, 10115 Berlin, Germany. Smart Host helps us to optimize our communication with guests and to send personalized offers and newsletters. For this purpose, personal data such as name, e-mail address, dates of stay and information on booked services are processed. This data is processed by Smart Host in order to provide you with information that is of particular interest for your stay or for future trips.

5.4.2 Legal basis for data processing
Your data is processed either on the basis of our legitimate interest in targeted guest communication in accordance with Art. 6 para. 1 lit. f GDPR or, if you expressly give us your consent for this, for example when receiving the newsletter, on the basis of Art. 6 para. 1 lit. a GDPR.

5.4.3 Purpose of the data processing
The purpose of using Smart Host is to improve guest communication, provide relevant information and increase our service quality.

5.4.4 Duration of storage
Your data will only be stored for as long as is necessary for the stated purposes or until you object to further processing or withdraw your consent. If statutory retention obligations exist, the storage period is based on these requirements.

5.4.5 Right of objection and revocation

You can object to the processing of your data at any time or withdraw your consent with effect for the future. You can withdraw your consent at any time, for example by using the unsubscribe link in our emails or by sending us a message.

5.5 TrustYou

5.5.1 Description and scope of data processing

We use the TrustYou service provided by TrustYou GmbH, Steinerstraße 15, 81369 Munich, Germany. TrustYou serves us as a comprehensive communication and evaluation management tool. We use TrustYou to send newsletters, process correspondence with our guests, link the system to our property management system (PMS, e.g. Opera) and use it to collect and publish guest reviews.
If you subscribe to our newsletter or agree to receive it as part of a stay, your contact details such as name, email address and, if applicable, language or stay data will be stored and used for sending the newsletter.
We can process your inquiries or bookings via the correspondence manager, whereby contact details, booking information and the content of the communication are processed.
Through the connection to our PMS, data on stays, bookings, arrival and departure dates and booked services can also be transferred to TrustYou in order to simplify and personalize communication with you. Finally, we invite our guests to submit a review after their stay. The information you provide, such as rating text, star rating or contact details, is processed and published if necessary.

5.5.2 Legal basis for data processing

The processing of your data by TrustYou takes place, depending on the use, on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR, for example when sending newsletters or rating requests. In addition, processing may be necessary to carry out pre-contractual measures or to fulfill the contract in accordance with Art. 6 para. 1 lit. b GDPR, for example in the context of guest correspondence or the PMS interface. In addition, we base the use on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR when it comes to improving our service quality and authentic external presentation through guest reviews.

5.5.3 Purpose of the data processing

TrustYou is used to carry out and optimize guest communication, to send information and offers, to process inquiries and reservations and to collect, manage and publish guest reviews. In addition, TrustYou enables us to make our processes more efficient and improve our service.

5.5.4 Duration of storage

Your data will only be stored for as long as is necessary for the aforementioned purposes or until you object to further processing or revoke your consent. If there are statutory retention obligations, the storage period is based on these requirements.

5.5.5 Right of objection and revocation

You can stop receiving newsletters or evaluation requests at any time via the unsubscribe link contained in the messages or by notifying us. You can also object to the processing of your data in the context of guest correspondence or the PMS interface, unless there are compelling legal or contractual reasons to the contrary. You can revoke any consent you have given at any time with effect for the future.

6.1 General information

Our website may use cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. However, we only use cookies if the user consents to the use of the corresponding services. Technically necessary cookies are an exception to this.

• Necessary cookies: required for the operation of the website
• Functional cookies: improve user-friendliness
• Analysis and marketing cookies: help us to understand user behavior and optimize our offering

You can restrict or reject the storage of cookies via your browser settings. If you deactivate cookies, the functionality of the website may be limited.
You can access and change your cookie settings for this website here at any time: Cookie settings.

6.2 Web analysis with Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google Ireland Limited. (Gordon House, Barrow Street, Dublin 4, Ireland).
Google Analytics uses cookies that store information about your user behavior and help us to improve the website. Your IP address is anonymized so that it cannot be directly linked to your person.
The legal basis for data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR.
You can withdraw your consent at any time:
by making the appropriate settings in your browser,
by using the Google opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de.
The data will be deleted as soon as it is no longer required for our recording purposes.

7.2 Google Maps

On our websites we use the services of Google Google Ireland Limited. (Gordon House, Barrow Street, Dublin 4, Ireland, contact details of the data protection officer: see https://support.google.com/policies/contact/general_privacy_form) for the purpose of displaying maps.
These services collect data with the help of an API.
The following data is collected

• Date and time of the visit
• Location information
• IP address
• URL
• Usage data
• search terms
• Geographical location

The legal basis for data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR.
Your data may be transferred to Alphabet Inc. and Google LLC in the following countries: United States of America, Singapore, Taiwan, Chile.
Your data will be deleted as soon as it is no longer required for the processing purposes.

7.3 YouTube

On our websites, we use services of Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, , contact details of the data protection officer: see https://support.google.com/policies/contact/general_privacy_form) for the purpose of video display.
These services collect data with the help of cookies (if the "Privacy-Enhanced" mode is not activated).
The following data is collected

• Device information
• IP address
• referrer URL
• videos viewed.

The legal basis for data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR.
Your data may be transmitted to Alphabet Inc. and Google LLC worldwide.
Your data will be deleted as soon as it is no longer required for the processing purposes.

7.4 Facebook plugins

Plugins of the social network Facebook, provider Facebook Inc, 1 Hacker Way, Menlo Park, California 94025, USA, are integrated on our pages. You can recognize the Facebook plugins by the Facebook logo or the "Like" button on our site. You can find an overview of the Facebook plugins here: https://developers.facebook.com/docs/plugins/. When you visit our pages, a direct connection is established between your browser and the Facebook server via the plugin. Facebook receives the information that you have visited our site with your IP address.
Your personal data is processed on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR, which you give voluntarily and can revoke at any time without giving reasons.
If you click on the Facebook "Like" button while you are logged into your Facebook account, you can link the content of our pages to your Facebook profile. This allows Facebook to associate your visit to our pages with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Facebook. Further information on this can be found in Facebook's privacy policy at https://de-de.facebook.com/policy.php. If you do not want Facebook to be able to associate your visit to our pages with your Facebook user account, please log out of your Facebook user account.

We only store personal data for as long as is necessary to fulfill the respective purposes or as required by statutory retention obligations. The data is then deleted or anonymized.

9.1 General information

You have the following rights in particular under the GDPR

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object to processing (Art. 21 GDPR):

If the processing is based on Art. 6 para. 1 lit. e or f GDPR, you have the right to object at any time for reasons arising from your particular situation.
We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.
Please note: For certain technically necessary processing operations (e.g. creation of server log files for the provision and security of the website), there is an overriding legitimate interest so that data processing can continue despite an objection.
There is a separate right to object at any time without giving reasons if your data is processed for direct marketing purposes.

The objection can be made informally and should preferably be addressed to

Resort Achental GmbH
Mietenkamer Str. 65
83224 Grassau
+49 8641-4010
dsb-resortachental@kinast.eu
Right to revoke a given consent (Art. 7 para. 3 GDPR)

You can revoke any express or implied consent given to us at any time with effect for the future in accordance with Art. 7 para. 3 GDPR.
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
You have the right to lodge a complaint with a supervisory authority at any time. The Bavarian State Office for Data Protection Supervision, https://www.lda.bayern.de/de/index.html , is generally responsible.

For questions or concerns about data protection (in particular objection and revocation) you can reach us at:

Resort Das Achental GmbH
Mietenkamer Str. 65
83224 Grassau

+49 8641-4010
dsb-resortachental@kinast.eu