DATA PRIVACY STATEMENT

Welcome to our homepage and thank you for your interest in our company. The Hotel DEUTSCHE EICHE is a company of the Josef Sattler GmbH. Privacy and discretion is of utmost priority to us in our interactions with our customers and partners. We value the trust you place in us and feel obligated to handle your data in a careful manner and to protect it from any misuse.

In order to ensure that you feel safe about visiting our website, we take the protection of your personal data and its careful management very seriously. In this effort, we act according to legal requirements regarding the protection of personal data and data security. We would hereby like to provide you with information regarding data security and to inform you on when we save data, which data it is and how we use it – naturally in full accordance with the prevailing German legal framework. Data protection at the Josef Sattler GmbH follows the EU’s General Data Protection Regulation and is based on the current Federal Data Protection Law (Bundesdatenschutzgesetz, BDSG). Regarding the use of the internet, we have aligned our data protection efforts with the Telemedia Law (Telemediengesetz, TMG) of the Federal Republic of Germany.

Collection and Processing of personal Data

You can visit our web pages without letting us know who you are. Our web servers only save general pieces of information, such as the type of web browser, the operation system, the domain names of your internet service provider, the website from which you visit us, the pages that you visit on our website, as well as the date and the length of your visit. These are all pieces of information based on which it cannot be inferred, who the website visitor is. We analyze this data exclusively for statistical purposes and only on an anonymous basis.

Data Protection at Google Analytics

This website uses the web analysis service Google Analytics. The provider is Google Inc. at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google uses so-called "cookies", which are text files stored on your computer and which allow for an analysis of website usage trends. Information stored in the cookies (including your IP address) regarding the use of this website is forwarded to a Google server in the US and also saved there. The IP address is then abbreviated by Google to the last three digits to prevent the exact tracking of the IP address. Google observes the data protection clauses of the US Safe Harbor Agreement and is registered within the Safe Harbor Program of the US Department of Commerce.

Google uses the gathered information to evaluate your use of the website, to generate reports for use by the website operator regarding website activity and to provide services related to website and internet use.

Google will occasionally forward this information to third parties, as long as it is a legal requirement or if these third parties process data on behalf of Google.

Third-party providers, including Google, place advertisements on websites on the internet. Third-party providers, including Google, use saved cookies to place ads based on earlier visits of users on this website.

Google will not relate your IP address to other data it gathers. The collection and storage of data can be vetoed at any point in time regarding future actions. You can deactivate the use of cookies via Google by following the steps on the page "Disabling Google Ads".

Alternatively, users can deactivate the use of cookies by third-party providers by following the steps on the page "Deactivation network advertising". Moreover, you can prevent the collection of data carried out through the use of cookies and relating to your use of the website (including your IP address), as well as its transfer to Google or to third parties associated with Google, by downloading and installing browser plugins from the following link: download and install.

We, however, would like to draw your attention to the fact that, in this case, not all functions of this website can be fully used. By using this website, you agree to the collection of data related to you, carried out with the aforementioned method for the purpose mentioned above. The collection and storage of data can be vetoed at any point in time with regards to future actions. You can find further information on user data handling at Google Analytics in Google’s data privacy statement: Data protection Google.

Our website uses plugins from YouTube, a site affiliated with Google. The operator of the site is YouTube, LLC at 901 Cherry Ave., San Bruno, CA 94066, USA.

When you visit one of our pages, which includes a YouTube plugin, a connection will be made to YouTube’s servers. Through this connection YouTube will be informed about which of our pages you have visited.

If you are logged in with your YouTube account, you enable YouTube to directly link your surfing history to your personal profile. You can prevent this by logging out of your YouTube account. We use YouTube to be able to present our service offering online in a visually appealing manner. This represents a valid form of interest according to Article 6 Paragraph 1 of the GDPR. Further information regarding the handling of user data is available at Data protection YouTube.

This website applies web fonts provided by Google to present content in a uniform manner. When opening a page, your browser downloads the necessary fonts into a browser cache in order to display text and fonts in a correct manner.

In order to achieve this, your browser has to establish a connection to Google’s servers. Through this process, Google will learn that our website has been opened from your IP address. Google Web Fonts are used to offer a uniform and appealing presentation of our service offering online.

This represents a valid form of interest according to Article 6 Paragraph 1 of the GDPR. In case your browser does not support web fonts, your computer will use a standard font. You can find further information on Google Web Fonts and in Google’s data privacy statement.

Data Protection at Piwik

Our website employs Piwik, a web analysis service. Piwik uses so-called „cookies“, which are text files that are saved on your computer and that make the analysis of website use possible. Usage information generated by the cookie (including your abbreviated IP address) is transferred to our server and saved for the purposes of website optimization. Your IP address is immediately anonymized, which makes your identification impossible. Information generated by cookies is not forwarded to third parties. You can change your browser settings if you wish to prevent the use of cookies, but please note that this may reduce the functionality of some of our web pages.

If you do not agree with the storage and evaluation of your data, you can veto this activity through an opt-out cookie in your browser, which prevents Piwik from gathering data on your session. Please note that when you delete cookies, this will also erase the opt-out cookie, meaning that you will have to reactivate it. You can find further information regarding the handling of user data in the “Data privacy statement of Matomo (Piwik)”.

Use and Transfer of collected Data

Personal data you provide is used exclusively for agreed-upon purposes, so normally for the fulfillment of the contract made with you or to reply to your inquiries.

If you use services, only data will be collected, which is necessary to carry out the services in question. In case we ask you for further data, the provision of information to us is entirely voluntary on your part. The processing of personal data takes place exclusively to deliver service that has been demanded and to protect justified own business interests.

Is personal Data forwarded to Third Parties?

The processing and use of your data for advisory services, advertisement and market research is contingent on your explicit permission. Your data is not sold or lent out or made available to third parties in any way. The transfer of personal data to state institutions and authorities takes place only within the framework of obligatory national legal regulations.

Use of Cookies

On some of our pages so-called cookies are applied. A cookie is a small text file, which is saved onto your hard drive from a website. Cookies do not damage your computer and do not contain viruses. The cookies on our web pages do not collect personal data. We use the information contained within cookies to ease your use of our website and to adapt it to your needs. You can, of course, also visit our website without the use of any cookies. If you do not wish to have cookies saved on your computer, you may deactivate the respective option in the settings of your browser. You can delete saved cookies in the system settings of your browser at any time. However, when you do not accept cookies, you may experience reduced functionality on our web pages.

Use of Google Maps

This website uses Google Maps to present maps and to provide directions. Google Maps is operated by Google Inc. at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By visiting our website, you agree to the automatic collection, processing and use of the data you enter by Google or one of its affiliates or a related third party. Here you can find Google’s Terms of Use.

Data Protection and the Application of Partner Portals

Our website uses, among other things, technology developed by Tripadvisor Inc. By visiting this website, you agree to the automatic collection, processing and use of the data, which you submit, by our partner companies, one of their affiliates or by a related third party. Our partners ensure that the processing and use of your data for the purpose of advisory services, advertisement and market research is contingent on your explicit approval. Your data is not sold, lent out or made available in any other manner to third parties. You may veto the use of your data by our partner companies at any time. Here you can find Tripadvisor’s Terms of Use.

Safety

The Josef Sattler GmbH applies technical and organizational safety measures according to § 9 BDSG to protect your data managed by us against involuntary or intentional manipulation, loss, destruction or unauthorized access. Our safety measures are being continually improved in line with technological progress. The Josef Sattler GmbH stores information relevant to data protection only using safe systems in Germany. Access to the data is open only to a few individuals with prior authorization, who are also obliged to uphold data protection rules and who are involved in the technical, administrative or editorial management of data.

Protection of Minors

Children or youth of non-legal age are not allowed to transfer personal data to our website without the approval of their parent or guardian. The Josef Sattler GmbH will never knowingly collect, use or transfer to third parties personal data of children or youth of non-legal age.

User Declaration of Consent

User Declaration of Consent
By using our websites and their content, you declare your consent to the storage, processing and use of the data you provide us with voluntarily, in line with the concepts described in this data privacy statement.

Public procedural log of the Josef Sattler GmbH

Name of the responsible body:
Josef Sattler GmbH

General Managers:
Josef Sattler
Roger Barta

Manager responsible for data processing:
Wilhelm Kluß (Data Protection Commissioner)

Address of the responsible body:
Reichenbachstraße 13 - 80469 Munich
Phone: +49 89 – 23 11 66 0
Fax: +49 89 – 23 11 66 98
Email: info@deutsche-eiche.de
Internet: www.deutsche-eiche.de

Intended Purpose of Data Collection, Processing and Use

The management of a hotel and restaurant, as well as all other businesses associated with them are the purpose of the collection, processing and use.

Secondary purposes are accompanying or support functions in the handling of human resources, intermediaries, suppliers and service providers.

At the hotel, CCTV cameras are installed exclusively to gather evidence against vandalism, burglary, robbery or other criminal acts. Attention is drawn to the use of video cameras via the use of warning notices. Digitalized records of reservation discussions are only made with the explicit approval of interlocutors, for documentation and training purposes or to store evidence. The collection, processing and use of data is carried out for the aforementioned purposes.

Description of Affected Persons and the related Data/Data Categories

Personal data is collected, processed and used with respect to the following groups of individuals:

  • Guest data (especially address details, reservation details, guest wishes, invoicing data)
  • Customer data (especially address details, contract details, invoicing details, service details)
  • Data on prospective customers (especially lodging and room inquiries, address details)
  • Employee data, applicant data, pension holders (especially employee and wage data)
  • Business partners, external service providers (especially address and service details and invoicing data)
  • Suppliers (especially data on addresses, invoicing, service provision, functions)
  • Non-assignable group of individuals: video recordings, as long as these are necessary for the aforementioned purposes.

Categories of Recipients, to whom Data may be disclosed

Hotels, guesthouses and other accommodation providers are allowed to collect personal data of their guests and to store it in an automated process, to the extent that this is necessary within the framework of the lodging contract. These would normally constitute invoicing data on meals and drinks, telephone calls made from a hotel room and/or other hotel-specific services. Hotels and accommodation providers are obliged according to registration regulations to ask for the address details, date of birth, ID number and the citizenship of their guests and individuals accompanying them.

Data may also be disclosed to the following recipients:

  • Public authorities, which receive data based on their legal obligations (e.g. social insurance agencies)
  • Internal departments involved in carrying out the respective business processes (e.g. human resources and management, accounting, marketing, sales, IT and the central reservation desk (customer service center)
  • External contractors (service providers) according to § 11 BDSG
  • Further external bodies (e.g. financial institutions), as well as partner companies, within the limits of the services demanded by the customer

Regular Deadlines for the Deletion of Data

The legislature has introduced various obligations and deadlines related to data storage. As these deadlines pass, the relevant data and data banks are routinely deleted when they are no longer necessary for contract fulfillment (guest contracts, rental agreements and service contracts). The commercial and financially relevant data of a completed business year are deleted after ten years, in accordance with legal requirements, unless longer storage deadlines are imposed or are necessary on a justified basis. In certain areas of human resource management shorter deletion deadlines are set. This is especially the case for rejected applications and written employee warnings. If data is not affected in this way, it will be deleted automatically, as long as the purposes mentioned above are no longer relevant.

Registration forms are stored by accommodation providers in line with the prevailing registration regulation for the legally-defined minimum length, after which they are disposed of with special precaution and in a manner aligned with data protection principles.

Planned Transfer of Data to third Countries

Data transfer to third countries may occur only in exceptional cases explicitly defined by the Federal Law on Data Protection (BDSG), such as in relation to contract completion or necessary communication. A transfer of data to third countries, especially to countries where the level of data protection is deemed to be low or to those outside of the European Union, does not take place and is not planned.

Safeguarding the Processing of Data

The Josef Sattler GmbH employs technical and organizational security measures according to § 9 BDSG to protect the data being managed against unintentional or planned manipulation, loss, destruction or unauthorized access. The introduced safety measures are continually updated as the technology develops. This also means that the Josef Sattler GmbH stores personal data only by using safe systems in Germany. Access to the data is open only to a few individuals with prior authorization, who are responsible for the technical, administrative or editorial management of the data.

Name and Address of the Data Security Commissioner

Josef Sattler GmbH
Mr. Wilhelm Kluß
Data Security Commissioner

Reichenbachstraße 13
D-80469 Munich
Phone: +49 89 23 11 66 60
Email: datenschutz@deutsche-eiche.de
Public procedural log date: May 24 2018

Person responsible for the contents of the public procedural log:
Data Security Commissioner of the Josef Sattler GmbH