We are pleased that you are visiting our website and would like to thank you for your interest in our hotel. Protecting personal data is very important to us. Therefore, personal data, for example the name, address, email address or telephone number of a data subject, is always processed in accordance with the valid European and national legislation.
If the processing of personal data is necessary and there is no legal basis for such processing, in general we obtain the consent of the data subject.
You may, of course, revoke your consent with future effect at any time. Please contact the controller in order to do so. The contact details can be found below.
The GHOTEL Group currently operates a portfolio in the budget, mid-scale and upscale segments. In addition to the GHOTEL hotel & living brand, we operate the nestor hotels as well as franchised hotels with international brands. We also cooperate with strong partners such as AccorHotels and InterContinental Hotels Group at selected locations and we add well-known brands to our range of hotel services.
1. Name and address of the data controller responsible for the processing
The controller within the meaning of the General Data Protection Regulation, other data protection laws that are valid in the member states of the European Union and other provisions concerning data protection is:
GHOTEL Group GmbH
Graurheindorfer Straße 92
Phone: 0228 96 10 98 – 0
2. Name and address of the data protection officer
The data protection officer for the data controller responsible for the processing is:
ADDAG GmbH & Co KG
Dr Ralf Schadowski
Krefelder Straße 121
Each data subject may contact our data protection officer directly at any time if they have any questions and comments relating to data protection.
3. Object of the data protection
a) personal data
Personal data is all information that relates to an identified or identifiable natural person (hereinafter referred to as a “data subject”). Identifiable is understood to mean a natural person who, directly or indirectly, can be identified, in particular, by means of a name, assignment to an identification number, location data, an online identification or to one or more special features that express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
b) data subject
The term data subject refers to every identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.
Processing is understood to mean any process that is carried out with or without the help of automated procedures or any such series of processes in connection with personal data, such as collection, recording, organisation, filing, storage, adaptation or amendment, reading, querying, use, disclosure by transmission, distribution or another form of provision, comparison or linkage, restriction, erasure or destruction.
d) restriction of processing
Restriction of processing refers to the marking of personal data that is saved with the goal of restricting the future processing of this personal data.
Profiling is any kind of automated processing of personal data in which this personal data is used to evaluate certain personal aspects that relate to a natural person, in particular to analyse or predict aspects relating to work performance, economic situation, health, personal preferences, interests, reliability, behaviour, place of residence or change of location of this natural person.
Pseudonymisation is the processing of personal data in a manner in which the personal data can no longer be assigned to a specific data subject without additional information being used, provided that this additional information is stored separately and is subject to technical and organisational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.
g) controller or controller responsible for the processing
The controller or the controller responsible for the processing is the natural or legal person, authority, institution or other organisation which, independently or together with us, makes decisions about the purposes and means of the processing of personal data. If the purposes and means of this processing are set out in Union law or the law of the member states, the controller or the specific criteria for the appointment of the controller may be prescribed by Union law or the law of the member states.
The processor is a natural or legal person, authority, institution or other organisation which processes personal data on behalf of the controller.
The recipient is a natural or legal person, authority, institution or other organisation to whom the personal data is disclosed, regardless of whether this entity constitutes a third party or not. However, authorities which may be provided with personal data within the framework of a specific investigation mandate pursuant to Union law or the law of the member states, do not constitute recipients.
j) third party
A third party is a natural or legal person, authority, institution or other organisation other than the data subject, the controller, the processor and the persons who are authorised under the direct responsibility of the controller or the processor which is authorised to process the personal data.
Consent is any unambiguous declaration of intent provided by the data subject on a voluntary basis for the specific case in question in an informed manner and in the form of a declaration or other unambiguous confirmatory act, with which the data subject clarifies that he/she consents to the processing of the personal data concerning him/her.
4. Access data / server log files
The provider (and/or its webspace provider) collects data about each instance of access to the website (known as server log files). The access data includes: Name of the website that is accessed, file, data and time of the access, data quantity transmitted, report about successful access, browser type and version, the user’s operating system, the referrer URL (the website that was previously visited), the IP address and the requesting provider.
The provider only uses the log data for statistical evaluation for the purposes of the operation, safety and optimisation of the website. However, the provider retains the right to review the log data at a later stage if there are reasonable grounds based on concrete indications to suspect unlawful use.
5. Routine erasure and blocking of personal data
The controller responsible for the processing only processes (and, in this context, also saves) personal data of the data subject for the period of time that is necessary to achieve the purpose of the storage or insofar as this has been provided for by European issuers of directives and regulators or another legislative authority in laws or provisions to which the controller is subject with regard to the processing.
If the purpose of the storage ceases to apply if another storage period set out by European issuers of directives and regulators or another responsible legislative authority expires, the personal data is routinely blocked or deleted in accordance with the statutory provisions.
6. Rights of the data subject
a) Right to confirmation: Each data subject has the right to require confirmation from the controller responsible for the processing as to whether the personal data concerning him/her is subject to processing. If a data subject wishes to exercise this right of confirmation, he/she may contact the controller responsible for the processing at any time.
b) Right to be informed: Every data subject whose personal data is processed has the right to receive information from the controller responsible for the processing free of charge at any time about the personal data concerning him/her that is saved, as well as a copy of this information. Further, the European issuers of directives and regulators has granted the data subject the right to the following information:
- the purposes of processing
- the categories of personal data being processed
- the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular in the case of recipients in third countries or for international organisations
- if possible, the planned period of time for which the personal data will be stored or, if this is not possible, the criteria for determining this period
- the existence of a right to rectification or erasure of the personal data concerning the data subject or to restriction of processing by the controller or the right to object to this processing
- the existence of the right to lodge a complaint with a supervisory authority • in circumstances in which the personal data is not collected from the data subject: All the available information about the provenance of the data
- the existence of automated decision making including profiling in accordance with Article 22 (1) and (4) EU GDPR and, at least in these cases, clear information about the logic involved, as well as the scope and the desired effects of processing of this kind for the data subject
Further, the data subject has the right to be informed with regard to whether personal data has been transmitted to a third country or to an international organisation. If this is the case, the data subject also has the right to information about the suitable guarantees in connection with the transmission.
If a data subject wishes to exercise this right to information, he/she may contact the controller responsible for the processing at any time.
c) Right to rectification: Every data subject whose personal data is processed has the right to require the incorrect personal data concerning him/her to be rectified without undue delay. Further, the data subject has the right to require the incomplete personal data to be completed, also including a supplementary declaration, taking into account the purposes of the processing.
If a data subject wishes to exercise this right to rectification, he/she may contact the controller responsible for the processing at any time.
d) Right to erasure (right to be forgotten): Every data subject whose personal data is processed has the right to require the controller to delete the personal data concerning him/her without undue delay insofar as one of the following reasons is applicable and insofar as the processing is not essential:
- The personal data was collected for purposes for which it is no longer required or in another manner for which it is no longer required.
- The data subject withdraws his/her consent on which the processing was based in accordance with Article 6 (1) lit. a EU GDPR or Article 9 (2) lit. a GDPR and there is no other legal basis for the processing.
- The data subject objects to the processing in accordance with Article 21 (1) EU GDPR and there are no compelling legitimate reasons for the processing or the data subject objects to the processing in accordance with Article 21 (2) EU GDPR.
- The personal data was processed unlawfully.
- The erasure of the personal data is necessary to fulfil a legal obligation pursuant to Union law or the law of the member states to which the controller is subject.
- The personal data was collected in relation to the services offered by the information society pursuant to Article 8 (1) EU GDPR.
If one of the above-mentioned reasons applies and a data subject wishes to cause the personal data that is saved by GHOTEL GmbH to be erased, he/she may contact the controller responsible for the processing at any time for this purpose. The erasure request will then be followed up without undue delay.
If the personal data has been published by GHOTEL Group GmbH and if our company, as the controller, is obliged to erase the personal data pursuant to Article 17 (1) EU GDPR, GHOTEL Group GmbH shall take appropriate measures, taking into account the available technology and the implementation costs, including technical measures, to inform other controllers responsible for the data processing that process the published personal data that the data subject has requested the erasure of all links to the personal data, or copies or reproductions of this personal data, from the other controller responsible for data processing, insofar as the processing is not essential. The controller responsible for the processing will then initiate the necessary measures in the individual case.
e) Right to restriction of processing: Every data subject whose personal data is processed has the right to require the controller to restrict the processing if one of the following prerequisites is in place:
- The correctness of the personal data is disputed by the data subject and for a period of time that enables the controller to review the correctness of the personal data.
- The processing is unlawful, the data subject objects to the erasure of the personal data and, instead, requires the restriction of the use of the personal data.
- The controller no longer requires the personal data for the purposes of the processing. However, the data subject requires them to assert, exercise or defend legal claims.
- The data subject has raised an objection to the processing in accordance with Article 21 (1) EU GDPR and it has not yet been established whether the legitimate grounds of the controller outweigh those of the data subject.
If one of the above-mentioned pre-requisites applies and a data subject wishes to require the personal data that is saved by GHOTEL GmbH to be restricted, he/she may contact the controller responsible for the processing at any time for this purpose. The restriction of the processing will then take place without undue delay.
f) Right to data portability: Every data subject whose personal data is processed has the right to receive the personal data concerning him/her in question which has been provided to a controller by the data subject in a structured, commonly used and machine-readable format. He/she also has the right to transfer the data to another controller without hindrance by the controller to whom the personal data was transmitted insofar as the processing is based on consent in accordance with Article 6 (1) lit. a EU GDPR or Article 9 (2) lit. a EU GDPR or on a contract pursuant to Article 6 (1) lit. b EU GDPR and the processing takes place using automated procedures insofar as the processing is not essential for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Further, when exercising his/her right to data portability in accordance with Article 20 (1) EU GDPR, the data subject has the right to require the personal data to be directly transmitted from one controller to another controller insofar as this is technically possible and insofar as this does not affect the rights and freedoms of another individual.
The data subject may contact the controller responsible for processing at any time in order to assert the right to data portability.
g) Right to object: Every data subject whose personal data is processed has the right to raise an objection to the processing of the personal data concerning him/her that takes place on the basis of Article 6 (1) lit. e or f at any time for reasons relating to his/her personal situation. This also applies to profiling that is based on these provisions.
GHOTEL Group GmbH ceases to process the personal data in the event of the objection unless we are able to provide proof of compelling and legitimate grounds for the processing which outweigh the interests, rights and freedoms of the data subject or the processing serves to assert, exercise or defend legal claims.
If GHOTEL Group GmbH processes personal data to carry out direct advertising, the data subject has the right to object to the processing of his/her personal data for the purpose of advertising of this kind at any time. This also applies to profiling insofar as this is connected to such direct advertising. If the data subject objects to the processing for the purpose of direct advertising by GHOTEL Group GmbH, then GHOTEL Group GmbH will no longer process the personal data for this purpose.
In addition, the data subject has the right to raise an objection to the processing of the personal data concerning him/her that is carried out by GHOTEL Group GmbH for scientific or historical research reasons or for statistical purposes pursuant to Article 89 (1) EU GDPR for reasons arising from his/her particular situation, unless such processing is necessary in order to fulfil a task in the general public interest.
The data subject may contact the controller responsible for the processing directly in order to exercise the right to object. Further, the data subject has the right to exercise his/her right to object using automated procedures in which technical specifications are used in connection with the use of information society services, regardless of Directive No. 2002/58/EC.
h) Automated decision making in individual cases including profiling: Every data subject whose personal data is processed has the right to not be subject to a decision that is solely based on automated processing, including profiling, that has legal effect on the data subject or has any significant negative effect on him/her in a similar manner, insofar as the decision:
- is not necessary for the conclusion or performance of a contract between the data subject and the controller or
- is permissible on the basis of legal provisions of the Union or member states to which the controller is subject and these legal provisions contain suitable measures for protecting the rights and freedoms, as well as the legitimate interests of the data subject or
- takes place with the express consent of the data subject.
If the decision is necessary for the conclusion or performance of a contract between the data subject and the controller or if it takes place with the express consent of the data subject, GHOTEL Group GmbH will take appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, which as a minimum at least includes the right to effect the intervention of an individual on the part of the controller, to state your own position and to object to a decision.
If the data subject wishes to exercise rights with regard to automated decisions, he/she may contact the controller responsible for the processing at any time.
i) Right to withdraw consent under data protection law: Every data subject whose personal data is processed has the right to withdraw consent to processing of personal data at any time.
If the data subject wishes to exercise his/her right to withdraw consent, he/she may contact the controller responsible for the processing at any time for this purpose.
7. Data protection for applications and in the application process
The controller responsible for the processing collects and processes the personal data of applicants for the purpose of processing the application procedure. The processing may take place electronically. This is in particular the case if an applicant sends the corresponding application documents to the controller responsible for the processing electronically, for example by email. If the controller responsible for the processing concludes an employment contract with an applicant, the data that is transmitted for the purpose of concluding the employment relationship will be saved, taking the legal provisions into account. If no employment contract is concluded between the applicant and the controller responsible for the processing, the application documents are deleted automatically 6 months after notification of the negative decision is provided insofar as no other legitimate interests of the controller responsible for the processing prevent the erasure of the data. In this regard, another legitimate interest is the obligation to provide proof in a procedure pursuant to the General Act on Equal Treatment (AGG).
On the GHOTEL Group GmbH website, users have the opportunity to subscribe to our company’s newsletter. The entry screen used for this purpose determines which personal data is transmitted to the controller responsible for the processing.
GHOTEL Group GmbH informs its customers and business partners about the company’s offers at regular intervals using a newsletter. Our company’s newsletter can, in principle, only be received by the data subject if (1) the data subject has a valid email address and (2) the data subject registers for the newsletter. For legal reasons, a confirmation email will first be sent as part of the double opt-in procedure to the email address entered by the data subject for the newsletter. This confirmation email serves to review whether the owner of the email address has authorised the receipt of the newsletter as the data subject.
Further, as part of the newsletter registration, we save the IP address, which is assigned by the internet service provider (ISP), of the computer system used by the data subject at the point in time of registration, as well as the date and time of registration. The collection of this data is required to trace the (possible) misuse of a data subject’s email address at a later point in time and therefore serves to provide legal protection for the controller responsible for the processing.
The personal data collected within the framework of a newsletter registration is solely used to send our newsletter. Further, subscribers to the newsletter may be kept informed by email insofar as this is necessary for operating the newsletter service or registration for this, as is the case if changes are made to the newsletter service or the technical conditions.
This website uses Sendinblue to send newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.
Sendinblue is a service which, for example, organises and analyses the distribution of newsletters. The data entered by you for the purpose of receiving the newsletter will be stored on the Sendinblue servers in Germany.
If you do not want your usage of the newsletter to be analysed by Sendinblue, you will have to unsubscribe from the newsletter. We provide a link for this in each newsletter email. Furthermore, you can also directly unsubscribe from the newsletter on the website.
10. Contact form
Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, in order to answer your question and any follow-up questions. We do not share this data without your permission.
Thus, the data entered on the contact form will only be processed on the basis of your consent (Article 6 (1) lit. a GDPR). You may revoke your consent at any time. An informal message sent to firstname.lastname@example.org by email is sufficient in order to do so. The lawfulness of the processing that has already taken place before consent is withdrawn mains unaffected by this.
The data you enter on the contact form will be stored by us until you request its erasure, withdraw your consent to storage or the purpose of the data storage expires (e.g. after your enquiry has been processed in full). Mandatory statutory provisions, especially those regarding mandatory data retention periods remain unaffected.
11. Links to other websites
This website contains links to other website (known as external links).
GHOTEL Group GmbH takes a number of technical and organisational measures to protect your personal data against accidental or unlawful destruction, alteration or loss and against unauthorised disclosure or access.
Nevertheless, internet-based data transmission, for example, is in principle subject to security vulnerabilities, and so absolute protection cannot be guaranteed. For this reason, every data subject is also free to transmit personal data to us by alternative means, for example by telephone.
13. Registration and booking
In connection with online booking, we provide users with the opportunity to register by providing personal data on our website. This data is entered into an entry screen and transmitted to us. The data is processed and stored by our service provider Quality Reservations Deutschland GmbH and their partner SHS Sabre Hospitality. The company makes a contractual commitment to ensure that suitable technical and organisational measures are carried out such that the processing takes place in compliance with the EU GDPR and the rights of the data subject are protected. This data shall not be passed on to third parties.
The following data is collected during the registration process:
- First name
- Email address
- Security question / answer
- Telephone number for questions
- Invoicing address
The following data is also stored at the point in time of registration:
Date and time of registration
Legal basis for data processing
The registration serves the purpose of the performance of a contract, to which the contracting party is the user or to implement pre-contractual measures. The legal basis for the processing of the data is Article 6 (1) lit. b GDPR.
Purpose of data processing
The user must register in order for certain content and services to be provided on our website or in order to perform a contract.
The user has the opportunity to create a customer account before or during a booking process. The creation of a customer account simplifies any repeated booking processes because once the customer has registered and logged in, the data that has been saved is pre-filled on the booking screen. In addition, the user has the opportunity to access his/her current bookings by logging in using his/her email and password.
When carrying out an online booking, the user is required to provide his/her email address, title, first name, surname and telephone number. The processing and storage of the data is necessary to process the booking, including in order to clarify any questions about the booking.
All data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of data collected during the registration process for the performance of a contract or to implement pre-contractual measures, this is the case when the data is no longer required for the performance of the contract. Even after conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to fulfil contractual or legal obligations.
Options for objecting to the collection of your data and requesting its deletion
You may delete the registration at any time or have the data stored during this process amended. In order to do so, send an email to email@example.com. If the data is required to fulfil a contract or implement pre-contractual measures, premature erasure of data is only possible insofar as contractual or legal obligations do not preclude erasure.
The option of placing an online booking with our Franchised Partner Hotels via their websites, to which links are provided on the homepage of the GHOTEL Group, also exists as part of the online booking process with our above-mentioned service provider Quality Reservations and the partner SHS Sabre Hospitality.
You can find out more about data protection by our franchise partners at:
14. Statistical analyses and plug-ins
a) Use of Google Maps
This site uses the Google Maps map service via an API. The provider is Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001
In order to use the functions of Google Maps, it is necessary to save your IP address. This information is generally transmitted to a Google server ti Irland and stored there. The provider of this site has no influence on this data transfer.
The use of Google Maps takes place in the interest of making our online services visually appealing and making it easy to find the locations mentioned by us on the website. This constitutes a legitimate interest within the meaning of Article 6 (1) lit. f GDPR.
b) Use of Google Analytics
This website uses Google Analytics, a web analysis service by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files that are stored on your computer and enable your use of the website to be analysed. The information generated by the cookie about your use of this website is generally transmitted to a Google server to Irland and stored there. If IP anonymisation is activated on this website, your IP address will, however, be abbreviated by Google within the member states of the European Union or in other contracting states to the Agreement on the European Economic Area before such transmission. The full IP address will only be transmitted to a Google server in the USA and abbreviated there in exceptional circumstances. On behalf of the operator of this website, Google will use this information to analyse your use of the website, to compile reports about the website activities and to provide the website operator with additional services associated with the website use and internet use. The IP address of your browser that is transmitted within the framework of Google Analytics will not be linked to other data by Google. You may prevent the storage of cookies by changing the settings of your browser software accordingly. However, we would point out to you that, if you do so, you may not be able to use all the functions of this website in full. Furthermore, you may prevent the collection of the data generated by the cookie that relates to your use of the website (including your IP address) by Google, as well as the processing of such data by Google, by downloading and installing the browser plug-in that is available via the following link (http://tools.google.com/dlpage/gaoptout).
You may prevent collection by Google Analytics by clicking on the link below. This installs an “opt-out cookie” on your browser, meaning that no collection of your data will take place when you visit this website in the future: Deactivate Google Analytics
In view of the discussion regarding the use of analysis tools with full IP addresses, we would like to point out that, in order to prevent the identification or identifiability of a natural person, IP addresses are only processed to a limited extent on this website because we use Google Analytics with the extension “_anonymizelp()”.
c) Use of Google Ads
Within the framework of the use of the advertising programme Google Ads (“Ads”) by Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001, conversion tracking is used to analyse campaign performance on this website. The information that is obtained using the conversion cookie serves to create conversion statistics for Ads customers who have opted to use conversion tracking. This enables the customers to find out the total number of users who have clicked on their advert and have been linked to a web page that features a conversion tracking tag. However, they do not receive any information that can be used to reveal the personal identity of users.
When you click on an advert that has been placed by Google, a cookie is stored on your computer. Conversion statistics are created using the information that is collected by the Ads cookie. The cookies that are used within the framework of conversion tracking lose their validity after 30 days, do not contain any personal data and therefore do not serve the purpose of personal identification. If our website is accessed before this deadline, we and Google are able to ascertain that the user clicked on the advert and followed the link to this web page via the cookie. Each Google Ads customer receives a different cookie. This means that there is no possibility of cookies being tracked via the websites of Ads customers.
If you do not wish to participate in the tracking process, you may also block the setting of cookies that is required for tracking to take place, for example by changing your browser settings to deactivate the automatic setting of cookies in general.
You may prevent collection by Google Ads by clicking on the link below. This installs an “opt-out cookie” on your browser, meaning that no collection of your data will take place when you visit this website in the future: Deactivate Google Ads
d) Use of Facebook
Facebook processes the data in accordance with the Facebook Data Policy. Accordingly, general information about the display of Facebook ads, is provided in the Facebook Data Policy. For specific information and details about the Facebook pixel and how it works, see the Help section of Facebook.
You may prevent collection by the Facebook pixel by clicking on the link below. This installs an “opt-out cookie” on your browser, meaning that no collection of your data will take place when you visit this website in the future: Deactivate Facebook pixel
e) Use of Twitter
The data controller has integrated components from Twitter into this website. Twitter is a multilingual public microblogging service on which users can publish and distribute so-called tweets, i.e. short messages limited to 280 characters. These short messages are available for everyone to view, including people who are not registered on Twitter. The tweets are also displayed to the so-called followers of the respective user. Followers are other Twitter users who follow a user’s tweets. Furthermore, Twitter makes it possible to address a broad audience via hashtags, links or retweets.
Twitter is operated by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
With each access of one of the individual pages of this website, which is operated by the controller responsible for processing and which has integrated a Twitter component (Twitter button), the internet browser on the data subject’s information technology system is automatically prompted by the respective Twitter component to download a representation of the corresponding Twitter component from Twitter. Further information on the Twitter buttons can be found at https://about.twitter.com/de/resources/buttons. As part of this technical process, Twitter receives information about the specific sub-page of our website visited by the data subject. The purpose of integrating the Twitter component is to enable our users to disseminate the content of this website, to make this website known in the digital world and to increase our visitor numbers.
If the data subject is also logged into Twitter at the same time, each time the data subject accesses our website and for the entire duration of the time spent on our website, Twitter recognises which specific sub-page of our website the data subject visits. This information is collected by the Twitter component and assigned to the respective Twitter account of the data subject by Twitter. If the data subject presses one of the Twitter buttons integrated on our website, the data and information transmitted in this manner will be assigned to the personal Twitter user account of the data subject and stored and processed by Twitter.
Twitter always receives information via the Twitter component that the data subject has visited our website whenever the data subject is logged into Twitter at the same time as accessing our website; this takes place regardless of whether the data subject clicks on the Twitter component or not. If the data subject does not wish such information to be transmitted to Twitter, he/she can prevent the transmission by logging out of his/her Twitter account before accessing our website.
f) Use of YouTube
The controller responsible for processing has integrated components from YouTube into this website. YouTube is an online video portal that enables video publishers to upload video clips free of charge and other users to view, review and comment on these videos free of charge too. YouTube authorises the publication of all kinds of videos, whereby both complete films and TV programmes, as well as music videos, trailers or videos created by the users themselves can be accessed via the internet portal.
The operator company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
With each access of one of the individual pages of this website, which is operated by the controller responsible for processing and which has integrated a YouTube component (YouTube video), the internet browser on the data subject’s information technology system is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. You can find out more about YouTube at https://www.youtube.com/intl/en-GB/about/. As part of this technical process, YouTube and Google receive information about the specific sub-page of our website visited by the data subject.
If the data subject is also logged into YouTube at the same time, when the data subject accesses a sub-page that contains a YouTube video, YouTube recognises which specific sub-page of our website the data subject is visiting. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.
YouTube and Google receive information via the YouTube component that the data subject has visited our website whenever the data subject is logged into YouTube at the same time as accessing our website; this takes place regardless of whether the data subject clicks on a YouTube video or not. If the data subject does not wish such information to be transmitted to YouTube and Google, he/she can prevent the transmission by logging out of his/her YouTube account before accessing our website.
e) Use of Instagram
Functions of the Instagram service are integrated onto this website. This functions are provided and integrated by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.
When you are logged into your Instagram account, you can link the content of this website with your Instagram profile by clicking on the Instagram button. This enables Instagram to assigned the visit to this website to your user account. We would point out that, as the provider of the website, we do not receive any information about the content of the data that is transmitted and the use thereof by Instagram.
The use of the Instagram plug-in takes place on the basis of Article 6 (1) lit. f GDPR. The website operator has a legitimate interest in making the website as visible as possible on social media.
h) Use of script libraries (Google Web Fonts)
In order to present our content in a manner that is correct across different browser types and appealing from a graphics point of view, we use script libraries and font libraries on this website, for example Google Web Fonts (https://www.google.com/webfonts/). Google Web Fonts are transferred to your browser cache so that they do not have to be loaded multiple times. If the browser does not support Google Web Fonts or prevents this access, the content will be displayed in a standard font.
Accessing script libraries or font libraries automatically establishes a connection to the library operator. In doing so, it is theoretically possible, albeit currently unclear whether and, if applicable, for which purposes, that operators of libraries of this kind collect data.
We use external hosting services which provide the following services: Infrastructure and platform services, computing capacity, storage resources and database services, security and technical maintenance services. In order to do so, all data that is required for the operation and use of our website is processed.
We use external hosting services to operate this website. The purpose of using external hosting services is to provide our website in an efficient and secure manner. The legal basis for the processing is Article 6 (1) S. 1 lit. f GDPR.
The collection of data to provide and use the website and the processing of the data via external web hosting services is absolutely essential for operating the website. You may object to the processing. In the event you make a reasonable objection, we will review the case and will either suspend and/or adapt the data processing or provide you with details of our legitimate grounds, on the basis of which we continue the processing.
16. Payment providers
On our customer portals we provide you, for example, with the option of payment using VISA, MasterCard and Diners Club credit cards. With regard to this payment method, we use the payment provider Elavon Financial Services DAC, German branch, Lyoner Str. 36, 60528 Frankfurt, Germany. Registered office of the company: Loughlinstown, Co. Dublin, Ireland. The company is registered in Ireland under No. 418442 (hereinafter referred to as “Elavon”).
If you select to pay, for example, using a VISA, MasterCard or Diners Club credit card, the payment details you enter will be transmitted to Elavon to process the payment.
The transmission of your data to Elavon takes place on the basis of Article 6 (1) lit. a GDPR (consent) and Article 6 (1) lit. b GDPR (processing in performance of a contract). You have the option to withdraw your consent to data processing at any time. Withdrawal of consent does not exclude the effectiveness of the data processing procedures that have taken place in the past.