IMG_0076.jpg

Privacy policy

 

PRIVACY POLICY

 
 

PRIVACY POLICY

This privacy policy explains to you the type, scope and purpose of the processing of personal data (hereinafter referred to as ‘data’) on our website and the associated web pages, functions and content as well as through our external online presences, e.g. our social media profiles (hereinafter referred to collectively as the ‘website’). With regard to the terms used, such as 'processing' and 'controller', we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).


CONTROLLER

Hotel Fregehaus
Sabine Fuchshuber
Katharinenstraße 11
04109 Leipzig

Telephone: +49 341 26393157
Fax: 49 341 26394184
Email: kontakt@hotel-fregehaus.de

Link to legal notice: https://hotel-fregehaus.de/legal-notice


TYPES OF DATA PROCESSED

  • inventory data (e.g. names, addresses)
  • contact details (e.g. email, telephone numbers)
  • content data (e.g. text input, photographs, videos)
  • usage data (e.g. web pages visited, interest in content, access times)
  • meta/communication data (e.g. device information, IP addresses)


PURPOSE OF PROCESSING

  • provision of the website, its functions and content
  • response to contact requests and communication with users
  • security measures
  • reach measurement/marketing


TERMS USED

‘Personal data’ means all information related to an identified or identifiable natural person (hereinafter referred to as a ‘data subject’); a natural person is considered identifiable if he or she can be identified by means of assignment to an identifier such as a name, to an identification number, to location data, to an online identifier (e.g. a cookie) or to one or more special features that are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person. ‘Processing’ means every operation or set of operations carried out with or without the aid of automated procedures in connection with personal data. The term is broad and covers more or less every handling of data. ‘Controller’ is used to describe the natural or legal person, authority, institution or other body who or which, alone or together with others, decides on the purposes and means of the processing of personal data.


APPLICABLE LEGAL BASES

In accordance with Art. 13 GDPR, we inform you of the legal bases of our data processing. If the legal basis is not mentioned in this privacy policy, the following applies: The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR, the legal basis for processing for the performance of our services and implementation of contractual measures as well as for responding to enquiries is Art. 6(1)(b) GDPR, the legal basis for processing to fulfil our legal obligations is Art. 6(1)(c) GDPR, and the legal basis for processing to safeguard our legitimate interests is Art. 6(1)(f) GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.


SECURITY MEASURE

We ask you that you keep yourself informed about the contents of our privacy policy. We will adapt this privacy policy as soon as changes in the way we process data make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.


COOPERATION WITH PROCESSORS AND THIRD PARTIES

If we disclose data to other persons and companies (processors or third parties) within the scope of our processing, transmit it to them or otherwise grant them access to the data, this shall only occur on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as payment service providers, is necessary in accordance with Art. 6(1)(b) GDPR for contract performance), if you have consented, if a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosting services etc.). If we commission third parties with the processing of data on the basis of what’s known as a data processing contract, this is done on the basis of Art. 28 GDPR.


TRANSFERS TO THIRD COUNTRIES

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or the disclosure or transfer of data to third parties, this only takes place if it occurs for the performance of our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process the data, or have the data processed, in a third country only if the special requirements of Art. 44 ff. GDPR are met. This means, for example, that processing is carried out on the basis of special safeguards, such as the officially recognised recognition of a data protection level corresponding to that of the EU (e.g. for Privacy Shield in the case of the USA) or compliance with officially recognised, special contractual obligations (known as ‘standard contractual clauses’).


RIGHTS OF DATA SUBJECTS

You have the right to request confirmation about whether data concerning you is processed and to request access to data as well as further information and a copy of the data in accordance with Art. 15 GDPR. Pursuant to Art. 16 GDPR, you have the right to request the completion of data concerning you or the correction of incorrect data concerning you. In accordance with Art. 17 GDPR, you have the right to demand that relevant data be deleted without delay or, alternatively, to demand a restriction on the processing of the data pursuant to Art. 18 GDPR. Pursuant to Article 20 GDPR, you have the right to request that you receive the data concerning you that you have provided to us, and to request that it be transmitted to other controllers. Furthermore, under Art. 77 GDPR you also have the right to lodge a complaint with the competent supervisory authority.

RIGHT OF WITHDRAWAL

Pursuant to Art. 7(3), you have the right to withdraw consent granted with effect for the future.

RIGHT TO OBJECT

In accordance with Art. 21 GDPR, you can object to the future processing of the data concerning you at any time. In particular, you may object to processing for direct marketing purposes.


COOKIES AND RIGHT TO OBJECT TO DIRECT MARKETING

Cookies are small files that are stored on the user’s device. Different data can be stored within the cookies. A cookie serves primarily to store information about a user (or the device on which the cookie is stored) during or after his or her visit to a website. Temporary cookies, also known as ‘session cookies’ or ‘transient cookies’, are cookies that are deleted after a user leaves a website and closes his or her browser. Such a cookie can, for example, be used to store the contents of a shopping basket in an online shop or a login status. Cookies are described as ‘permanent’ or ‘persistent’ if they remain stored even after the browser is closed. For example, the user’s login status can be saved for when the user visits a site again after several days. Such cookies can also be used to store user interests, which serve to measure reach or marketing purposes. ‘Third-party cookies’ are cookies that are offered by providers other than the controller who operates the website (otherwise, the term ‘first-party cookies’ refers to the controller’s cookies alone). We may use temporary and permanent cookies, and explain this as part of our privacy policy. If users do not want cookies to be stored on their computer, they are asked to disable the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. Disabling cookies may restrict the functionality of this website. A general objection to the use of cookies used for online marketing purposes can be declared for many of the services, especially in the case of tracking, via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, preventing the storage of cookies can be achieved by deactivating them in the browser settings. Please note that if you do this you may not be able to use all functions of this website.


ERASURE OF DATA

The data processed by us will be deleted, or its processing restricted, in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and its erasure does not conflict with any statutory retention obligations. If the data is not deleted because it is necessary for other and legally permissible purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. For example, this applies to data that must be retained for reasons under commercial or tax law. In accordance with statutory requirements in Germany, data is kept in particular for 6 years in accordance with Section 257(1) of the German Commercial Code (HGB) (account books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents etc.) and for 10 years in accordance with Section 147(1) of the Fiscal Code (AO) (accounts, records, situation reports, accounting documents, commercial and business letters, documents relevant for taxation etc.). In accordance with legal requirements in Austria, storage is carried out in particular for 7 years in accordance with Section 132(1) of the Federal Fiscal Code (BAO) (accounting documents, receipts/invoices, accounts, receipts, business papers, statement of income and expenses etc.), for 22 years in connection with real estate and for 10 years in the case of documents in connection with services provided electronically, telecommunications, radio and television services which are provided to non-entrepreneurs in EU Member States and for which the Mini-One-Stop-Shop (MOSS) scheme is used.


BUSINESS-RELATED PROCESSING

In addition, we process

  • contract data (e.g. contract object, term, customer category)
  • payment data (e.g. bank details, payment history)

from our customers, interested parties and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.


COLLECTION OF ACCESS DATA AND LOG FILES

On the basis of our legitimate interests within the meaning of Art. 6(1)(f) GDPR, we, or our hosting provider, collect data on each access to the server on which this service is located (so-called server log files). Access data includes the name of the website accessed, file, date and time of access, transferred data volume, notification of successful access, browser type and version, the user’s operating system, referrer URL (the page visited previously), IP address and the requesting provider. Log file information is stored for a maximum of 7 days for security reasons (e.g. to investigate misuse or fraud) and then erased. Data whose further storage is required for evidence is excluded from erasure until the respective incident has been finally clarified.


ADMINISTRATION, ACCOUNTING, OFFICE ORGANISATION, CONTACT MANAGEMENT

We process data within the framework of administrative tasks as well as the organisation of our operations, accounting and compliance with legal obligations, e.g. archiving. We process the same data that we process when performing our contractual services. The bases of this processing are Art. 6(1)(c) GDPR, Art. 6(1)(f) GDPR. Customers, interested parties, business partners and website visitors are affected by the processing. The purpose of and our interest in the processing lies in administration, accounting, office organisation and archiving of data, meaning tasks which serve the maintenance of our business activities, the fulfilment of our tasks and the provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information provided in these processing activities. We disclose or transmit data to the tax authorities, consultants, such as tax consultants or auditors, as well as other fee offices and payment service providers. Furthermore, we store information on suppliers, event organisers and other business partners on the basis of our business interests, e.g. for the purpose of making contact at a later date. In principle we store this data, which is mainly company-related, permanently.


BUSINESS ANALYSES AND MARKET RESEARCH

In order to operate our business economically and to identify market trends, customer and user requirements, we analyse the data available to us about business transactions, contracts, enquiries etc. We process inventory data, communication data, contract data, payment data, usage data, metadata on the basis of Art. 6(1)(f) GDPR; and data subjects in this respect include customers, interested parties, business partners, visitors and users of the website. The analyses are carried out for the purpose of business evaluations, marketing and market research. In doing so, we can consider the profiles of registered users with information e.g. about their purchase processes. The analyses serve us to increase the user-friendliness of our website, to optimise it and improve economic efficiency. The analyses serve us alone and are not disclosed externally, unless they are anonymous analyses with aggregated values. If these analyses or profiles are personal, they will be deleted or made anonymous upon termination by the user, or otherwise after two years from the conclusion of the contract. In all other respects, the macroeconomic analyses and general insights into trends are prepared anonymously wherever possible.


DATA PROTECTION INFORMATION IN THE APPLICATION PROCEDURE

We process applicant data only for the purpose and in the context of the application procedure in accordance with the legal requirements. The processing of applicant data occurs in order to fulfil our (pre-)contractual obligations in the context of the application procedure within the meaning of Art. 6(1)(b) GDPR, Art. 6(1)(f) GDPR, if data processing becomes necessary for us, e.g. within the framework of legal procedures (in Germany Section 26 BDSG applies in addition). The application procedure requires that applicants provide us with their data. Where we offer an online form, the necessary applicant data is marked as such; otherwise the necessary applicant data is specified in the job descriptions and generally includes information about your person, postal and contact addresses and documents belonging to the application, such as a cover letter, curriculum vitae and certificates. In addition, applicants may voluntarily provide us with extra information. By submitting an application to us, the applicant agrees to the processing of his or her data for the purposes of the application procedure in accordance with the type and scope set out in this privacy policy. Insofar as special categories of personal data within the meaning of Art. 9(1) GDPR are voluntarily communicated within the scope of the application procedure, they are processed additionally in accordance with Art. 9(2)(b) GDPR (e.g. health data, such as severely disabled status or ethnic origin). Insofar as special categories of personal data within the meaning of Art. 9(1) GDPR are requested from applicants as part of the application procedure, this data is processed additionally in accordance with Art. 9(2)(a) GDPR (e.g. health data, if this is required to practise the profession). If made available, applicants can send us their applications via an online form on our website. Data will be encrypted and transmitted to us in accordance with the latest standards. Applicants can also send us their applications by email. Please note, however, that emails are in principle not sent in encrypted form and that applicants themselves must ensure that they are encrypted. We cannot therefore accept any responsibility for the transmission of the application between the sender and recipient on our server and thus recommend that you use an online form or submit your application by post. Instead of using the online application form and email, applicants can still send us their application by post. If the application is successful, the data provided by the applicant may be further processed by us for the purpose of employment. Otherwise, if an application for a vacancy is not successful, the applicant’s data will be erased. Applicants’ data will also be erased if an application is withdrawn, which applicants are entitled to do at any time. Subject to a justified withdrawal by the applicant, the erasure will take place after a period of six months, so that we can answer any follow-up questions concerning the application and meet our documentation obligations under the German Act on Equal Treatment. Invoices for any reimbursement of travel expenses are archived in accordance with tax regulations.


MAKING CONTACT

When contacting us (e.g. by contact form, email, telephone or social media), the user’s details are processed in order to process the contact enquiry and its handling in accordance with Art. 6(1)(b) GDPR. User information may be stored in a customer relationship management system (CRM system) or using comparable organisation processes. We delete requests if they are no longer necessary. We review this requirement every two years; statutory archiving obligations also apply.


Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called ‘cookies’. These are text files placed on your computer which enable the analysis of how you use the website. The information generated by the cookie about your use of this website will usually be transmitted to and stored by Google on a server in the United States.

IP-Anonymisierung

We have activated IP anonymization on this website. This means that, within EU Member States or in other member states of the European Economic Area, Google will shorten your IP address before transmitting it to the United States. Only in exceptional cases will the full IP address be transmitted to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of this website, compiling reports on website activity and providing other services for the website operator relating to website usage and internet usage. Google will not associate your browser’s IP address transmitted for Google Analytics purposes with any other data held by Google.

BROWSER PLUG-IN

You may prevent the storage of cookies by selecting the appropriate settings in your browser. However, we would like to point out that if you do so you may not be able to use the full functionality of this website. Furthermore, you can prevent the collection of data generated by the cookie about your use of the website (including your IP address) and its processing by Google by downloading and installing the browser plug-in available via the following link: http://tools.google.com/dlpage/gaoptout?hl=en

OBJECTION TO DATA COLLECTION

You can prevent Google Analytics from collecting your data by clicking on the following link. This will place an opt-out cookie, preventing the collection of your data during future visits to this website: Deactivate Google Analytics

More information on how Google Analytics handles user data can be found in Google’s privacy policy:
https://support.google.com/analytics/answer/6004245?hl=en

COMMISSIONED PROCESSING OF DATA

We have concluded a contract with Google for the commissioned processing of data and fully implement the strict requirements of the German data protection authorities for the use of Google Analytics.

DEMOGRAPHICS ON GOOGLE ANALYTICS

This website uses the Demographics feature from Google Analytics. This makes it possible to create reports containing information about the age, gender and interests of visitors to the site. This data comes from interest-related advertising by Google and from visitor data from third-party providers. This data cannot be assigned to a specific person. You can, at any time, disable this feature via your Google Account Ads settings or generally prohibit the collection of your data by Google Analytics, as described under ‘Objection to data collection’.


Squarespace Analytics & Cookies

This website uses Squarespace Analytics, a web analytics service provided by Squarespace, Inc.

Squarespace complies with the EU-US Privacy Shield; for more information see www.privacyshield.gov/list

Squarespace uses so-called ‘cookies’.

Cookies do not damage your computer and contain no viruses. Cookies are used to make the website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies used are so-called ‘session cookies’. They are automatically deleted at the end of your visit. Other cookies remain stored on your computer or mobile device until you delete them. These cookies make it possible to recognise your browser the next time you visit.

The information generated by cookies about your use of this website (including your IP address) will be transmitted to and stored by www.squarespace.com on a server in the United States. www.squarespace.com will use this information for the purpose of evaluating your use of this website, compiling reports on website activity for the website operators, and providing other services relating to website usage and internet usage. Furthermore, www.squarespace.com may in some cases transmit this information to third parties, provided this is required by law or to the extent that third parties will process this data on behalf of www.squarespace.com.

By using this website, you agree to the processing of the data collected about you by www.squarespace.com in the manner and for the purposes set out above. For more information about www.squarespace.com’s privacy policy, please visit www.squarespace.com/privacy

You can set your browser so that it either informs you about the placement of cookies and only allows cookies in individual cases, or so that it prevents your browser from accepting cookies in certain cases or generally, or you can activate the automatic deletion of cookies when the browser is closed. Disabling cookies may restrict the functionality of this website. Cookies which are necessary to carry out the electronic communication process or to provide certain functions desired by you (e.g. shopping basket function) are stored on the basis of Art. 6 para. 1(f) GDPR. The website operator has a legitimate interest in the storage of cookies for technically error-free and optimized provision of its services.


Google Maps

This website uses Google Maps to display interactive maps and to create directions. Google Maps is a map service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. By using Google Maps, information about the use of this website including your IP address and the (start) address entered in the route planner function can be transmitted to Google in the USA. When you visit a website on our website that contains Google Maps, your browser establishes a direct connection to Google’s servers. The map content is transmitted by Google directly to your browser and integrated into the website. Therefore, we have no influence on the amount of data collected by Google in this way. According to our knowledge this is at least the following data:

  • Date and time of the visit to the relevant website,
  • Internet address or URL of the accessed web page,
  • IP address,
  • (Start) address entered in route planning.

We have no influence on the further processing and use of the data by Google and can therefore assume no responsibility for this.

If you do not want Google to collect, process or use data about you via our website, you can deactivate JavaScript in your browser settings. In this case, however, you cannot use the map display.

The purpose and scope of the data collection and the further processing and use of the data by Google as well as your rights and setting options for the protection of your privacy can be found in Google’s data protection information.

By using our website, you consent to the processing of data about you by Google Maps in the manner and for the purposes set out above.


YouTube

We embed videos from the platform “YouTube”, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.


Adobe Typekit

This page uses web fonts from the Adobe Typekit service. If you have JavaScript enabled, your browser downloads font files from Adobe Typekit and the provider has the ability to collect information about you. Typekit assures in its privacy policy that no cookies are set or visitor data (neither IP address, browser version, nor other personal information) is collected when loading the fonts. The information submitted is used to identify this website itself and the associated Typekit account. Read more: http://www.adobe.com/de/privacy/typekit.html


SSL ENCRYPTION

For security reasons and to protect the transmission of confidential content, such as requests you send to us as the operator of the site, this site uses SSL encryption. You can recognise an encrypted connection by the fact that the browser address bar changes from ‘http://’ to ‘https://’ and by the padlock symbol in the address bar.

If SSL encryption is activated, then the data you transmit to us cannot be read by third parties.


OBJECTION TO ADVERTISING EMAILS

We hereby object to the use of contact details published as part of our legal duty to provide those contact details for the sending of unsolicited advertising and information. The operators of this website expressly reserve the right to take legal action if they are sent unsolicited advertising information, such as spam emails.