Privacy Policy

We are pleased that you are visiting our website and would like to thank you for your interest in our hotel. Protecting personal data is very important to us. Therefore, personal data, for example the name, address, email address or telephone number of a data subject, is always processed in accordance with the valid European and national legislation.

If the processing of personal data is necessary and there is no legal basis for such processing, in general we obtain the consent of the data subject.

You may, of course, revoke your consent with future effect at any time. Please contact the controller in order to do so. The contact details can be found below.

In the following, the GHOTEL Group would like to inform the public about the nature, scope and purpose of the personal data it collects from them. Data subjects can also use this Privacy Policy to obtain information about their rights.

The GHOTEL Group currently operates a portfolio in the budget, mid-scale and upscale segments. In addition to the GHOTEL hotel & living brand, we operate the nestor hotels as well as franchised hotels with international brands. We also cooperate with strong partners such as AccorHotels and InterContinental Hotels Group at selected locations and we add well-known brands to our range of hotel services.

1. Name and address of the data controller responsible for the processing

The controller within the meaning of the General Data Protection Regulation, other data protection laws that are valid in the member states of the European Union and other provisions concerning data protection is:
GHOTEL GmbH
Graurheindorfer Straße 92
53117 Bonn
Germany
Phone: 0228 96 10 98 – 0
Email: info@ghotel.de
Website: https://www.ghotel-group.de/en/home-en/

2. Name and address of the data protection officer

The data protection officer for the data controller responsible for the processing is:

ADDAG GmbH & Co KG
Dr Ralf Schadowski
Krefelder Straße 121
52070 Aachen
Germany
Phone: 0049-(0)241-44688-0 Email: info@addag.de
Website: www.addag.de

Each data subject may contact our data protection officer directly at any time if they have any questions and comments relating to data protection.

3. Object of the data protection

In this Privacy Policy, we use the following terms for example:

a)    personal data
Personal data is all information that relates to an identified or identifiable natural person (hereinafter referred to as a “data subject”). Identifiable is understood to mean a natural person who, directly or indirectly, can be identified, in particular, by means of a name, assignment to an identification number, location data, an online identification or to one or more special features that express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.

b)    data subject
The term data subject refers to every identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

c)    processing
Processing is understood to mean any process that is carried out with or without the help of automated procedures or any such series of processes in connection with personal data, such as collection, recording, organisation, filing, storage, adaptation or amendment, reading, querying, use, disclosure by transmission, distribution or another form of provision, comparison or linkage, restriction, erasure or destruction.

d)    restriction of processing
Restriction of processing refers to the marking of personal data that is saved with the goal of restricting the future processing of this personal data.

e)    profiling
Profiling is any kind of automated processing of personal data in which this personal data is used to evaluate certain personal aspects that relate to a natural person, in particular to analyse or predict aspects relating to work performance, economic situation, health, personal preferences, interests, reliability, behaviour, place of residence or change of location of this natural person.

f)     pseudonymisation
Pseudonymisation is the processing of personal data in a manner in which the personal data can no longer be assigned to a specific data subject without additional information being used, provided that this additional information is stored separately and is subject to technical and organisational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.

g)    controller or controller responsible for the processing
The controller or the controller responsible for the processing is the natural or legal person, authority, institution or other organisation which, independently or together with us, makes decisions about the purposes and means of the processing of personal data. If the purposes and means of this processing are set out in Union law or the law of the member states, the controller or the specific criteria for the appointment of the controller may be prescribed by Union law or the law of the member states.

h)    processor
The processor is a natural or legal person, authority, institution or other organisation which processes personal data on behalf of the controller.

i)      recipient
The recipient is a natural or legal person, authority, institution or other organisation to whom the personal data is disclosed, regardless of whether this entity constitutes a third party or not. However, authorities which may be provided with personal data within the framework of a specific investigation mandate pursuant to Union law or the law of the member states, do not constitute recipients.

j)      third party
A third party is a natural or legal person, authority, institution or other organisation other than the data subject, the controller, the processor and the persons who are authorised under the direct responsibility of the controller or the processor which is authorised to process the personal data.

k)    consent
Consent is any unambiguous declaration of intent provided by the data subject on a voluntary basis for the specific case in question in an informed manner and in the form of a declaration or other unambiguous confirmatory act, with which the data subject clarifies that he/she consents to the processing of the personal data concerning him/her.

4. Access data / server log files

The provider (and/or its webspace provider) collects data about each instance of access to the website (known as server log files). The access data includes: Name of the website that is accessed, file, data and time of the access, data quantity transmitted, report about successful access, browser type and version, the user’s operating system, the referrer URL (the website that was previously visited), the IP address and the requesting provider.
The provider only uses the log data for statistical evaluation for the purposes of the operation, safety and optimisation of the website. However, the provider retains the right to review the log data at a later stage if there are reasonable grounds based on concrete indications to suspect unlawful use.

5. Routine erasure and blocking of personal data

The controller responsible for the processing only processes (and, in this context, also saves) personal data of the data subject for the period of time that is necessary to achieve the purpose of the storage or insofar as this has been provided for by European issuers of directives and regulators or another legislative authority in laws or provisions to which the controller is subject with regard to the processing.

If the purpose of the storage ceases to apply if another storage period set out by European issuers of directives and regulators or another responsible legislative authority expires, the personal data is routinely blocked or deleted in accordance with the statutory provisions.

6. Rights of the data subject

a) Right to confirmation:
Each data subject has the right to require confirmation from the controller responsible for the processing as to whether the personal data concerning him/her is subject to processing. If a data subject wishes to exercise this right of confirmation, he/she may contact the controller responsible for the processing at any time.

b) Right to be informed:
Every data subject whose personal data is processed has the right to receive information from the controller responsible for the processing free of charge at any time about the personal data concerning him/her that is saved, as well as a copy of this information. Further, the European issuers of directives and regulators has granted the data subject the right to the following information:

  • the purposes of processing
  • the categories of personal data being processed
  • the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular in the case of recipients in third countries or for international organisations
  • if possible, the planned period of time for which the personal data will be stored or, if this is not possible, the criteria for determining this period
  • the existence of a right to rectification or erasure of the personal data concerning the data subject or to restriction of processing by the controller or the right to object to this processing
  • the existence of the right to lodge a complaint with a supervisory authority • in circumstances in which the personal data is not collected from the data subject: All the available information about the provenance of the data
  • the existence of automated decision making including profiling in accordance with Article 22 (1) and (4) EU GDPR and, at least in these cases, clear information about the logic involved, as well as the scope and the desired effects of processing of this kind for the data subject

Further, the data subject has the right to be informed with regard to whether personal data has been transmitted to a third country or to an international organisation. If this is the case, the data subject also has the right to information about the suitable guarantees in connection with the transmission.

If a data subject wishes to exercise this right to information, he/she may contact the controller responsible for the processing at any time.

c) Right to rectification:
Every data subject whose personal data is processed has the right to require the incorrect personal data concerning him/her to be rectified without undue delay. Further, the data subject has the right to require the incomplete personal data to be completed, also including a supplementary declaration, taking into account the purposes of the processing.

If a data subject wishes to exercise this right to rectification, he/she may contact the controller responsible for the processing at any time.

d) Right to erasure (right to be forgotten):
Every data subject whose personal data is processed has the right to require the controller to delete the personal data concerning him/her without undue delay insofar as one of the following reasons is applicable and insofar as the processing is not essential:

  • The personal data was collected for purposes for which it is no longer required or in another manner for which it is no longer required.
  • The data subject withdraws his/her consent on which the processing was based in accordance with Article 6 (1) lit. a EU GDPR or Article 9 (2) lit. a GDPR and there is no other legal basis for the processing.
  • The data subject objects to the processing in accordance with Article 21 (1) EU GDPR and there are no compelling legitimate reasons for the processing or the data subject objects to the processing in accordance with Article 21 (2) EU GDPR.
  • The personal data was processed unlawfully.
  • The erasure of the personal data is necessary to fulfil a legal obligation pursuant to Union law or the law of the member states to which the controller is subject.
  • The personal data was collected in relation to the services offered by the information society pursuant to Article 8 (1) EU GDPR.

If one of the above-mentioned reasons applies and a data subject wishes to cause the personal data that is saved by GHOTEL GmbH to be erased, he/she may contact the controller responsible for the processing at any time for this purpose. The erasure request will then be followed up without undue delay.

If the personal data has been published by GHOTEL GmbH and if our company, as the controller, is obliged to erase the personal data pursuant to Article 17 (1) EU GDPR, GHOTEL GmbH shall take appropriate measures, taking into account the available technology and the implementation costs, including technical measures, to inform other controllers responsible for the data processing that process the published personal data that the data subject has requested the erasure of all links to the personal data, or copies or reproductions of this personal data, from the other controller responsible for data processing, insofar as the processing is not essential. The controller responsible for the processing will then initiate the necessary measures in the individual case.

e) Right to restriction of processing:
Every data subject whose personal data is processed has the right to require the controller to restrict the processing if one of the following prerequisites is in place:

  • The correctness of the personal data is disputed by the data subject and for a period of time that enables the controller to review the correctness of the personal data.
  • The processing is unlawful, the data subject objects to the erasure of the personal data and, instead, requires the restriction of the use of the personal data.
  • The controller no longer requires the personal data for the purposes of the processing. However, the data subject requires them to assert, exercise or defend legal claims.
  • The data subject has raised an objection to the processing in accordance with Article 21 (1) EU GDPR and it has not yet been established whether the legitimate grounds of the controller outweigh those of the data subject.

If one of the above-mentioned pre-requisites applies and a data subject wishes to require the personal data that is saved by GHOTEL GmbH to be restricted, he/she may contact the controller responsible for the processing at any time for this purpose. The restriction of the processing will then take place without undue delay.

f) Right to data portability:
Every data subject whose personal data is processed has the right to receive the personal data concerning him/her in question which has been provided to a controller by the data subject in a structured, commonly used and machine-readable format. He/she also has the right to transfer the data to another controller without hindrance by the controller to whom the personal data was transmitted insofar as the processing is based on consent in accordance with Article 6 (1) lit. a EU GDPR or Article 9 (2) lit. a EU GDPR or on a contract pursuant to Article 6 (1) lit. b EU GDPR and the processing takes place using automated procedures insofar as the processing is not essential for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Further, when exercising his/her right to data portability in accordance with Article 20 (1) EU GDPR, the data subject has the right to require the personal data to be directly transmitted from one controller to another controller insofar as this is technically possible and insofar as this does not affect the rights and freedoms of another individual.

The data subject may contact the controller responsible for processing at any time in order to assert the right to data portability.

g) Right to object:
Every data subject whose personal data is processed has the right to raise an objection to the processing of the personal data concerning him/her that takes place on the basis of Article 6 (1) lit. e or f at any time for reasons relating to his/her personal situation. This also applies to profiling that is based on these provisions.

GHOTEL GmbH ceases to process the personal data in the event of the objection unless we are able to provide proof of compelling and legitimate grounds for the processing which outweigh the interests, rights and freedoms of the data subject or the processing serves to assert, exercise or defend legal claims.

If GHOTEL GmbH processes personal data to carry out direct advertising, the data subject has the right to object to the processing of his/her personal data for the purpose of advertising of this kind at any time. This also applies to profiling insofar as this is connected to such direct advertising. If the data subject objects to the processing for the purpose of direct advertising by GHOTEL GmbH, then GHOTEL GmbH will no longer process the personal data for this purpose.

In addition, the data subject has the right to raise an objection to the processing of the personal data concerning him/her that is carried out by GHOTEL GmbH for scientific or historical research reasons or for statistical purposes pursuant to Article 89 (1) EU GDPR for reasons arising from his/her particular situation, unless such processing is necessary in order to fulfil a task in the general public interest.

The data subject may contact the controller responsible for the processing directly in order to exercise the right to object. Further, the data subject has the right to exercise his/her right to object using automated procedures in which technical specifications are used in connection with the use of information society services, regardless of Directive No. 2002/58/EC.

h) Automated decision making in individual cases including profiling:
Every data subject whose personal data is processed has the right to not be subject to a decision that is solely based on automated processing, including profiling, that has legal effect on the data subject or has any significant negative effect on him/her in a similar manner, insofar as the decision:

  • is not necessary for the conclusion or performance of a contract between the data subject and the controller or
  • is permissible on the basis of legal provisions of the Union or member states to which the controller is subject and these legal provisions contain suitable measures for protecting the rights and freedoms, as well as the legitimate interests of the data subject or
  • takes place with the express consent of the data subject.

If the decision is necessary for the conclusion or performance of a contract between the data subject and the controller or if it takes place with the express consent of the data subject, GHOTEL GmbH will take appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, which as a minimum at least includes the right to effect the intervention of an individual on the part of the controller, to state your own position and to object to a decision.

If the data subject wishes to exercise rights with regard to automated decisions, he/she may contact the controller responsible for the processing at any time.

i) Right to withdraw consent under data protection law:
Every data subject whose personal data is processed has the right to withdraw consent to processing of personal data at any time.

If the data subject wishes to exercise his/her right to withdraw consent, he/she may contact the controller responsible for the processing at any time for this purpose.

7. Data protection for applications and in the application process

The controller responsible for the processing collects and processes the personal data of applicants for the purpose of processing the application procedure. The processing may take place electronically. This is in particular the case if an applicant sends the corresponding application documents to the controller responsible for the processing electronically, for example by email. If the controller responsible for the processing concludes an employment contract with an applicant, the data that is transmitted for the purpose of concluding the employment relationship will be saved, taking the legal provisions into account. If no employment contract is concluded between the applicant and the controller responsible for the processing, the application documents are deleted automatically 6 months after notification of the negative decision is provided insofar as no other legitimate interests of the controller responsible for the processing prevent the erasure of the data. In this regard, another legitimate interest is the obligation to provide proof in a procedure pursuant to the General Act on Equal Treatment (AGG).

8. Cookies

The GHOTEL GmbH website uses cookies. Cookies are text files that are placed and saved on a computer system using an internet browser.

Numerous websites and servers use cookies. Lots of cookies contain a cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a character string using which websites and servers can be assigned to the concrete internet browser on which the cookie was saved. This enables the websites and servers to distinguish between the individual browser of the data subject and other internet browsers that contain other cookies. A specific internet browser can be recognised again via the unique cookie ID and identified in this manner.

By using cookies, GHOTEL GmbH can provide the users of this website with services that are more user-friendly and this would not be possible without the use of cookies.

Information and services on our website can be optimised for the user using a cookie. As previously mentioned, cookies enable us to recognise the users of our website. The purpose of this recognition is to make it easier for users to use our website. Users of a website that uses cookies do not have to, for example, enter their login details on each visit because this is carried out by the website and the cookie that has been placed on the user’s computer system. One further example is the cookie for a shopping basket on the online shop. The online shop remembers the items that a customer has placed in the virtual shopping basket via a cookie.

The data subject can prevent our website from setting cookies at any time by changing the settings of the browser he/she uses accordingly and therefore permanently objecting to the use of cookies. Further, cookies that have already been placed may be deleted at any time via an internet browser or other software programmes. This is possible in all commonly used internet browsers. If the data subject deactivates the placement of cookies in the internet browser that is being used, it may not be possible to use all of the functions of our website in full.

9. Newsletter

On the GHOTEL GmbH website, users have the opportunity to subscribe to our company’s newsletter. The entry screen used for this purpose determines which personal data is transmitted to the controller responsible for the processing.

GHOTEL GmbH informs its customers and business partners about the company’s offers at regular intervals using a newsletter. Our company’s newsletter can, in principle, only be received by the data subject if (1) the data subject has a valid email address and (2) the data subject registers for the newsletter. For legal reasons, a confirmation email will first be sent as part of the double opt-in procedure to the email address entered by the data subject for the newsletter. This confirmation email serves to review whether the owner of the email address has authorised the receipt of the newsletter as the data subject.

Further, as part of the newsletter registration, we save the IP address, which is assigned by the internet service provider (ISP), of the computer system used by the data subject at the point in time of registration, as well as the date and time of registration. The collection of this data is required to trace the (possible) misuse of a data subject’s email address at a later point in time and therefore serves to provide legal protection for the controller responsible for the processing.

The personal data collected within the framework of a newsletter registration is solely used to send our newsletter. Further, subscribers to the newsletter may be kept informed by email insofar as this is necessary for operating the newsletter service or registration for this, as is the case if changes are made to the newsletter service or the technical conditions.

This website uses Newsletter2Go to send newsletters. The provider is Newsletter2Go GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.

Newsletter2Go is a service which, for example, organises and analyses the distribution of newsletters. The data entered by you for the purpose of receiving the newsletter will be stored on the Newsletter2Go servers in Germany.

If you do not want your usage of the newsletter to be analysed by Newsletter2Go, you will have to unsubscribe from the newsletter. We provide a link for this in each newsletter email. Furthermore, you can also directly unsubscribe from the newsletter on the website.

For more information, see the privacy policy of Newsletter2Go at: https://www.newsletter2go.com/data-protection/.

10. Contact form

Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, in order to answer your question and any follow-up questions. We do not share this data without your permission.

Thus, the data entered on the contact form will only be processed on the basis of your consent (Article 6 (1) lit. a GDPR). You may revoke your consent at any time. An informal message sent to info@ghotel.de by email is sufficient in order to do so. The lawfulness of the processing that has already taken place before consent is withdrawn mains unaffected by this.

The data you enter on the contact form will be stored by us until you request its erasure, withdraw your consent to storage or the purpose of the data storage expires (e.g. after your enquiry has been processed in full). Mandatory statutory provisions, especially those regarding mandatory data retention periods remain unaffected.

11. Links to other websites

This website contains links to other website (known as external links).

As a provider, GHOTEL GmbH is responsible for its own content pursuant to the valid European and national legal provisions. Links to content provided by other providers is to be distinguished from our own content. We have no influence on whether the operators of other websites comply with the valid European and national legal provisions. Please find out more about this by reading the privacy policy provided on the website in question. GHOTEL GmbH does not accept any responsibility for external content that is provided for use via links and is specially marked as such and does not adopt such content as its own. Only the provider of the website that is linked is liable for any illegal, incorrect, or incomplete content and for damages resulting from the use or non-use of such information.

12. Security

GHOTEL GmbH takes a number of technical and organisational measures to protect your personal data against accidental or unlawful destruction, alteration or loss and against unauthorised disclosure or access.

Nevertheless, internet-based data transmission, for example, is in principle subject to security vulnerabilities, and so absolute protection cannot be guaranteed. For this reason, every data subject is also free to transmit personal data to us by alternative means, for example by telephone.

13. Registration and booking

In connection with online booking, we provide users with the opportunity to register by providing personal data on our website. This data is entered into an entry screen and transmitted to us. The data is processed and stored by our service provider Quality Reservations Deutschland GmbH and their partner SHS Sabre Hospitality. The company makes a contractual commitment to ensure that suitable technical and organisational measures are carried out such that the processing takes place in compliance with the EU GDPR and the rights of the data subject are protected. This data shall not be passed on to third parties.

The following data is collected during the registration process:

Mandatory information:

  1. Title
  2. First name
  3. Surname
  4. Email address
  5. Password
  6. Security question / answer
  7. Telephone number for questions

Optional fields:

  1. Company
  2. Country
  3. Invoicing address
  4. Town
  5. Postcode
  6. State/Province

The following data is also stored at the point in time of registration:
Date and time of registration

Legal basis for data processing

The registration serves the purpose of the performance of a contract, to which the contracting party is the user or to implement pre-contractual measures. The legal basis for the processing of the data is Article 6 (1) lit. b GDPR.

Purpose of data processing

The user must register in order for certain content and services to be provided on our website or in order to perform a contract.

The user has the opportunity to create a customer account before or during a booking process. The creation of a customer account simplifies any repeated booking processes because once the customer has registered and logged in, the data that has been saved is pre-filled on the booking screen. In addition, the user has the opportunity to access his/her current bookings by logging in using his/her email and password.

When carrying out an online booking, the user is required to provide his/her email address, title, first name, surname and telephone number. The processing and storage of the data is necessary to process the booking, including in order to clarify any questions about the booking.

Storage period

All data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of data collected during the registration process for the performance of a contract or to implement pre-contractual measures, this is the case when the data is no longer required for the performance of the contract. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to fulfil contractual or legal obligations.

Options for objecting to the collection of your data and requesting its deletion

You may delete the registration at any time or have the data stored during this process amended. In order to do so, send an email to info@ghotel.de. If the data is required to fulfil a contract or implement pre-contractual measures, premature erasure of data is only possible insofar as contractual or legal obligations do not preclude erasure.

The option of placing an online booking with our Franchised Partner Hotels via their websites, to which links are provided on the homepage of the GHOTEL Group, also exists as part of the online booking process with our above-mentioned service provider Quality Reservations and the partner SHS Sabre Hospitality.

We would highlight 11. of our Privacy Policy in this regard.

You can find out more about data protection by our franchise partners at:

https://www.ihg.com/content/gb/en/customer-care/privacy_statement

https://www.accorhotels.com/security-certificate/index.en.shtml

14. Statistical analyses and plug-ins

a) Use of Google Maps
This site uses the Google Maps map service via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

In order to use the functions of Google Maps, it is necessary to save your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.

The use of Google Maps takes place in the interest of making our online services visually appealing and making it easy to find the locations mentioned by us on the website. This constitutes a legitimate interest within the meaning of Article 6 (1) lit. f GDPR.

Further information about the handling of user data can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=en-GB&gl=de .

b) Use of TrustYou
This site integrates a TrustYou widget in order to display reviews. The provider is TrustYou GmbH, Munich Centre of Technology, Agnes-Pockels-Bogen 1, 80992 Munich, Germany (https://www.trustyou.com/imprint).

In order to use the functions of the TrustYou widget, it is necessary to save your IP address. This information is generally transmitted to a TrustYou server in Germany and saved there. The provider of this site has no influence on this data transfer.

The use of the TrustYou widget takes place in the interest of presenting the reviews of our hotels provided on TrustYou and in order to be able to provide the option of creating a review using TrustYou. This constitutes a legitimate interest within the meaning of Article 6 (1) lit. f GDPR.

You can find out more about the handling of user data by TrustYou in the TrustYou Privacy Policy: https://www.trustyou.com/wp-content/uploads/2018/05/2017-01-19-TY-Privacy-Policy.pdf

c) Data protection regulations on the use and application of WordPress Stats
This website uses the WordPress Stats tool to perform statistical analyses of visitor traffic. The provider is Automattic Inc., 60 29th Street #343, San Francisco, CA 94110-4929, USA.

WordPress Stats uses cookies that are stored on your computer and allow an analysis of the use of the website. The information generated by the cookies about the use of our website is stored on servers in the USA. Your IP address will be anonymised after processing and before storage.

WordPress Stats cookies remain on your device until you delete them.

The storage of WordPress Stats cookies takes place on the basis of Article 6 (1) lit. f GDPR. The website operator has a legitimate interest in the anonymised analysis of user behaviour in order to optimise both its website and its advertising.

You can configure your browser in a manner that means you are always informed when a cookie is set and you can choose on a case-by-case basis whether or not to authorise this. You can also set up your browser to prohibit the setting of cookies in general or to delete cookies automatically when you close the browser. Disabling cookies may limit the functionality of our website.

You may object to the collection and use of your data in the future by clicking

d) Use of Facebook
Facebook processes the data in accordance with the Facebook Data Policy. Accordingly, general information about the display of Facebook ads, is provided in theFacebook Data Policy. For specific information and details about the Facebook pixel and how it works, see the Help section of Facebook.

e) Use of Twitter
The data controller has integrated components from Twitter into this website. Twitter is a multilingual public microblogging service on which users can publish and distribute so-called tweets, i.e. short messages limited to 280 characters. These short messages are available for everyone to view, including people who are not registered on Twitter. The tweets are also displayed to the so-called followers of the respective user. Followers are other Twitter users who follow a user’s tweets. Furthermore, Twitter makes it possible to address a broad audience via hashtags, links or retweets.

Twitter is operated by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

With each access of one of the individual pages of this website, which is operated by the controller responsible for processing and which has integrated a Twitter component (Twitter button), the internet browser on the data subject’s information technology system is automatically prompted by the respective Twitter component to download a representation of the corresponding Twitter component from Twitter. Further information on the Twitter buttons can be found at https://about.twitter.com/de/resources/buttons. As part of this technical process, Twitter receives information about the specific sub-page of our website visited by the data subject. The purpose of integrating the Twitter component is to enable our users to disseminate the content of this website, to make this website known in the digital world and to increase our visitor numbers.

If the data subject is also logged into Twitter at the same time, each time the data subject accesses our website and for the entire duration of the time spent on our website, Twitter recognises which specific sub-page of our website the data subject visits. This information is collected by the Twitter component and assigned to the respective Twitter account of the data subject by Twitter. If the data subject presses one of the Twitter buttons integrated on our website, the data and information transmitted in this manner will be assigned to the personal Twitter user account of the data subject and stored and processed by Twitter.

Twitter always receives information via the Twitter component that the data subject has visited our website whenever the data subject is logged into Twitter at the same time as accessing our website; this takes place regardless of whether the data subject clicks on the Twitter component or not. If the data subject does not wish such information to be transmitted to Twitter, he/she can prevent the transmission by logging out of his/her Twitter account before accessing our website.

Twitter’s current privacy policy is available at  https://twitter.com/privacy?lang=de.

f) Use of YouTube
The controller responsible for processing has integrated components from YouTube into this website. YouTube is an online video portal that enables video publishers to upload video clips free of charge and other users to view, review and comment on these videos free of charge too. YouTube authorises the publication of all kinds of videos, whereby both complete films and TV programmes, as well as music videos, trailers or videos created by the users themselves can be accessed via the internet portal.

The operator company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

With each access of one of the individual pages of this website, which is operated by the controller responsible for processing and which has integrated a YouTube component (YouTube video), the internet browser on the data subject’s information technology system is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. You can find out more about YouTube at https://www.youtube.com/intl/en-GB/about/. As part of this technical process, YouTube and Google receive information about the specific sub-page of our website visited by the data subject.

If the data subject is also logged into YouTube at the same time, when the data subject accesses a sub-page that contains a YouTube video, YouTube recognises which specific sub-page of our website the data subject is visiting. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.

YouTube and Google receive information via the YouTube component that the data subject has visited our website whenever the data subject is logged into YouTube at the same time as accessing our website; this takes place regardless of whether the data subject clicks on a YouTube video or not. If the data subject does not wish such information to be transmitted to YouTube and Google, he/she can prevent the transmission by logging out of his/her YouTube account before accessing our website.

The YouTube Privacy Policy can be viewed at  https://policies.google.com/privacy?hl=en and provide information about the collection, processing and use of personal data by YouTube and Google.

e) Use of Instagram
Functions of the Instagram service are integrated onto this website. This functions are provided and integrated by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.

When you are logged into your Instagram account, you can link the content of this website with your Instagram profile by clicking on the Instagram button. This enables Instagram to assigned the visit to this website to your user account. We would point out that, as the provider of the website, we do not receive any information about the content of the data that is transmitted and the use thereof by Instagram.

The use of the Instagram plug-in takes place on the basis of Article 6 (1) lit. f GDPR. The website operator has a legitimate interest in making the website as visible as possible on social media.

You can find out more about this in the Instagram Privacy Policy:

https://instagram.com/about/legal/privacy/.

h) Use of script libraries (Google Web Fonts)

In order to present our content in a manner that is correct across different browser types and appealing from a graphics point of view, we use script libraries and font libraries on this website, for example Google Web Fonts (https://www.google.com/webfonts/). Google Web Fonts are transferred to your browser cache so that they do not have to be loaded multiple times. If the browser does not support Google Web Fonts or prevents this access, the content will be displayed in a standard font.

Accessing script libraries or font libraries automatically establishes a connection to the library operator. In doing so, it is theoretically possible, albeit currently unclear whether and, if applicable, for which purposes, that operators of libraries of this kind collect data.

You can find the Privacy Policy of the library operator Google here: https://www.google.com/policies/privacy/

15. Hosting

We use external hosting services which provide the following services: Infrastructure and platform services, computing capacity, storage resources and database services, security and technical maintenance services. In order to do so, all data that is required for the operation and use of our website is processed.

We use external hosting services to operate this website. The purpose of using external hosting services is to provide our website in an efficient and secure manner. The legal basis for the processing is Article 6 (1) S. 1 lit. f GDPR.

The collection of data to provide and use the website and the processing of the data via external web hosting services is absolutely essential for operating the website. You may object to the processing. In the event you make a reasonable objection, we will review the case and will either suspend and/or adapt the data processing or provide you with details of our legitimate grounds, on the basis of which we continue the processing.

16. Change to the Privacy Policy

Please note that data protection provisions and data protection measures may change on an ongoing basis, which would necessitate changes to be made to this Privacy Policy. We would therefore recommend that you stay up-to-date about changes to the statutory provisions and our company’s practice.

Version 27.09.2019