Data protection declaration of the BELLEVUE Hotel & Restaurant Schmölln,
Proprietor Jawaria Kanwal Chaudhary, Am Pfefferberg, 04626 Schmölln (“Bellevue Hotel” or “we”). This data protection declaration is intended to inform the user about the type, scope and purpose of the collection and use of personal data for the Bellevue Hotel. The Hotel Bellevue takes data protection very seriously and treats your personal data as strictly confidential and in accordance with legal regulations.
As changes may occur due to new technologies and constant further development of this website, we recommend that you read the data protection declaration at regular intervals.
The definition of the terms used below (e.g. “personal data” or “processing”) can be found in Art. 4 GDPR.
1. Responsible body
All data that you communicate via the website is collected, processed or stored by the Bellevue Hotel. We are therefore the “responsible body” within the meaning of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) and are therefore legally responsible for the protection of your data.
2. Data processing on our website
2.1. Calling up our website / access data
Every time you use our website, we collect the access data that your browser automatically transmits to enable you to visit the website. The access data includes in particular:
IP address of the requesting device,
date and time of the request,
Address of the accessed website and the requesting website,
Information about the browser and operating system used,
Online identifiers (e.g. device identifiers, session IDs).
The data processing of this access data is necessary to enable visits to the website and to ensure the permanent functionality and security of our systems. The legal basis is Article 6 Paragraph 1 Sentence 1 Letter b GDPR. For data protection reasons, log files are not permanently stored or analyzed by us.
You have various options for contacting us via contact forms on this website. In this context, we process data exclusively for the purpose of communicating with you. The legal basis is Art. 6 Para. 1 lit. b GDPR. The data collected by us when using the contact form will be automatically deleted after your request has been processed in full, unless we still need your request to fulfill contractual or legal obligations (see section “Storage period”).
2.3. Google Maps
On the contact page we use the Google Maps map service, which is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for users from the European Economic Area and Switzerland and by Google LLC, 1600 Amphitheater Parkway Mountain for all other users View, CA 94043, USA (“Google”). In order for the Google map material we use to be integrated and displayed in your web browser, your web browser must connect to a Google server, which may also be located in the USA, when you call up the contact page. This gives Google the information that the contact page of our website was accessed from the IP address of your device.
The legal basis is your consent, which you may have given in the cookie banner for data processing in accordance with Article 6 Paragraph 1 Clause 1 Letter a GDPR and for data transmission in accordance with Article 49 Paragraph 1 Clause 1 Letter a GDPR . For the risks associated with data transfer to third countries, please refer to point 6, data transfer to third countries. There is no connection to the Google servers without your consent. You can revoke your consent at any time or adjust your selection (see 2.7).
If you call up the Google map service on our website while you are logged into your Google profile, Google can also link this event to your Google profile. If you do not wish to be assigned to your Google profile, you must log out of Google before calling up our contact page. Google stores your data and uses it for advertising, market research and personalized Google Maps display purposes. You can object to this data collection by contacting Google.
3. Our activities on social networks
So that we can also communicate with you in social networks and inform you about our services, we are represented there with our own pages. If you visit one of our social media pages, we are jointly responsible with the provider of the respective social media platform in terms of Art.
we are not the original provider of these pages, but only use them within the scope of the possibilities offered to us by the respective provider.
Therefore, as a precautionary measure, we would like to point out that your data may also be processed outside the European Union or the European Economic Area. Use can therefore have data protection risks for you, since the protection of your rights, e.g. to information, deletion, objection, etc. can be more difficult and the processing in the social networks is often carried out directly for advertising purposes or for the analysis of user behavior by the provider without this can be influenced by us. If usage profiles are created by the provider, cookies are often used or the usage behavior is assigned directly to your own member profile of the social networks (if you are logged in here).
The processing operations of personal data described are carried out in accordance with Article 6 Paragraph 1 Letter f) GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider in order to communicate with you in an up-to-date manner or to inform you about our services to be able to If you have to give your consent to data processing as a user with the respective providers, the legal basis relates to Article 6 (1) (a) GDPR in conjunction with Article 7 GDPR.
Since we have no access to the data stocks of the providers, we would like to point out that it is best to assert your rights (e.g. to information, correction, deletion, etc.) directly with the respective provider. We have listed below further information on the processing of your data in the social networks and the possibility of exercising your right of objection or revocation (so-called opt-out) from the respective provider of social networks used by us:
(Co-)responsible for data processing in Europe:
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Opt-Out and Advertising Preferences:
(Co-)responsible for data processing in Germany:
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Opt-Out and Advertising Preferences:
4. Sharing of Data
In principle, the data collected by us will only be passed on if:
you have given your express consent to this in accordance with Article 6 (1) sentence 1 lit.
the transfer according to Article 6 paragraph 1 sentence 1 lit. f GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
we are legally obliged to pass it on according to Article 6 Paragraph 1 Clause 1 Letter c GDPR or
this is permitted by law and is required according to Article 6 Paragraph 1 Sentence 1 Letter b GDPR for the processing of contractual relationships with you or for the implementation of pre-contractual measures that take place at your request.
Part of the data processing can be carried out by our service providers. In addition to the service providers mentioned in this data protection declaration, this may include data centers that store our website and databases, IT service providers that maintain our systems, and consulting companies. If we pass on data to our service providers, they may only use the data to fulfill their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound to our instructions, have appropriate technical and organizational measures to protect the rights of the data subjects and are regularly checked by us.
In addition, data may be passed on in connection with official inquiries, court orders and legal proceedings if it is necessary for legal prosecution or enforcement.
5. Data transfer to third countries
As explained in this data protection declaration, we use services whose providers are located in so-called third countries (such as the USA), i.e. countries whose level of data protection does not correspond to that of the European Union. If this is the case and the European Commission has not issued an adequacy decision (Art. 45 GDPR) for these countries, we have taken appropriate precautions to ensure an appropriate level of data protection for any data transfers. These include the standard contractual clauses of the European Union or binding internal data protection regulations.
Where this is not possible, we support the data transmission on exceptions of Art. 49 GDPR, in particular your express consent or the necessity of the transmission for the fulfillment of the contract.
If a transfer to a third country is planned and there is no adequacy decision or suitable guarantees, it is possible and there is a risk that authorities in the respective third country (e.g. secret services) may gain access to the transferred data in order to record and analyze it, and that enforceability Your rights cannot be guaranteed. If you obtain your consent via the cookie banner, you will also be informed of this.
6. Data Security
When you visit our website, we use the widespread SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser. This is usually a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed representation of the key or lock symbol in the lower status bar of your browser. We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
7. User Rights
As a user, you have the right to request free information about what personal data has been stored about you. You also have the right to correct inaccurate data, restrict processing or delete your personal data. If applicable, you can also assert your right to data portability (right to data portability when changing providers). If you assume that your data has been processed unlawfully, you can lodge a complaint with the competent supervisory authority.
If your personal data is processed on the basis of legitimate interests in accordance with Article 6 Paragraph 1 Clause 1 Letter f GDPR, you have the right to object to the processing of your personal data in accordance with Article 21 GDPR, provided there are reasons for this, which arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which we will implement without specifying a particular situation. If you would like to make use of your right of revocation or objection, an e-mail to: firstname.lastname@example.org is sufficient.
8. Right of withdrawal and objection
You have the right to revoke any consent you have given us at any time. As a result, we will no longer continue the data processing based on this consent for the future. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.
If we process your data on the basis of legitimate interests, you have the right to object to the processing of your data at any time for reasons that arise from your particular situation. If you object to data processing for direct marketing purposes, you have a general right to object, which we will implement without giving reasons.
If you would like to make use of your right of revocation or objection, an informal message to the contact details given above is sufficient.
We occasionally update this data protection declaration, for example if we adapt our website or if the legal or official requirements change.
Status: June 2022