Privacy policy

The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is all data with which you can be personally identified. Detailed information on the subject of data protection can be found in the following privacy policy.

1. data protection at a glance

General notes and mandatory information
We take the protection of your personal data very seriously. That is why we act in accordance with the applicable legislation on the protection of personal data and data security. Information on when we store which data and how we use it can be found in this privacy policy in accordance with the applicable German legislation.
When you visit and use this website, various personal data is collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.
We would like to point out that data transmission over the Internet (e.g. when communicating by email) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.

Note on the responsible body

The controller responsible for data processing on this website is

Landhotel Großeiberhof
Matthias Eiber
Hocha 9
93449 Waldmünchen
Telefon: +49 (0)99 72 / 90 24 78
E-Mail: urlaub@grosseiberhof.de

The data controller decides alone or jointly with others on the purposes and means of processing personal data (e.g. names, contact details, etc.).

Basis for data processing
We only process personal data in compliance with the relevant data protection regulations. This means that user data is only processed if we have legal permission to do so, i.e,
– in order to provide our contractual services (e.g. processing orders) and online services, or if these are required by law (Art. 6 para. 1 lit. b. and c. GDPR)
– we have your consent (Art. 6 para. 1 lit. a. and Art. 7 GDPR), as well as
– on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation and security of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR, in particular when measuring reach, creating profiles for advertising and marketing purposes and collecting access data and using the services of third-party providers).

Data transfer to third parties
Data is only passed on to third parties in accordance with legal requirements. We only pass on user data to third parties if this is necessary, for example, for contractual purposes or on the basis of legitimate interests in the economic and effective operation of our business.
If we use subcontractors to provide our services, we take appropriate legal precautions and appropriate technical and organizational measures to ensure the protection of personal data in accordance with the relevant legal regulations.

Data transfer to a third country or an international organization
Third countries are countries in which the GDPR is not directly applicable law. This basically includes all countries outside the EU or the European Economic Area.
No data is transferred to a third country or an international organization without your consent or without a legal basis.

Storage duration
Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the deletion will take place after these reasons no longer apply.

Withdrawal of your consent to data processing
Some data processing operations are only possible with your express consent. You can withdraw your consent at any time. An informal notification by e-mail is sufficient for the revocation. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to lodge a complaint with the competent supervisory authority
As a data subject, you have the right to lodge a complaint with the competent supervisory authority in the event of a breach of data protection law. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. The following link provides a list of data protection officers and their contact details: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party. The data will be provided in a machine-readable format. If you request the direct transfer of the data to another controller, this will only take place if it is technically feasible.

Right to information, correction, blocking, deletion
You have the right to free information about your stored personal data, the origin of the data, its recipients and the purpose of the data processing and, if applicable, a right to correction, blocking or deletion of this data at any time within the framework of the applicable legal provisions. You can contact us at any time using the contact options listed in the legal notice if you have any further questions on the subject of personal data.

SSL and TLS encryption
For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses SSL or TLS encryption. This means that data that you transmit via this website cannot be read by third parties. You can recognize an encrypted connection by the “https://” address line of your browser and the lock symbol in the browser line.

Server log files
The website provider automatically collects and stores information that your browser automatically transmits to us in server log files. These are
– Visited page on our domain
– Date and time of the server request
– Browser type and browser version
– Operating system used
– Referrer URL
– Host name of the accessing computer
– IP address
This data is not merged with other data sources. The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.

2. data collection / cookies

Cookies
We use cookies on our website. Cookies do not damage your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser.
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or display advertising. Cookies that are required to carry out the electronic communication process (necessary cookies) or to provide certain functions that you have requested (functional cookies, e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies has been requested, the cookies in question are stored exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR); consent can be revoked at any time.

Borlabs Cookies
This website uses Borlabs Cookie, which sets a technically necessary cookie (borlabs-cookie) to store your cookie consent.
Borlabs Cookie does not process any personal data.
The borlabs cookie stores the consent you gave when you entered the website. If you wish to revoke this consent, simply delete the cookie in your browser. When you re-enter/reload the website, you will be asked for your cookie consent again.

Contact form
Data submitted via the contact form, including your contact details, will be stored in order to process your request or to be available for follow-up questions. This data will not be passed on without your consent.
The data entered in the contact form will be processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw your consent at any time. An informal notification by e-mail is sufficient for the revocation. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
Data transmitted via the contact form will remain with us until you ask us to delete it, revoke your consent to storage or there is no longer any need to store the data. Mandatory statutory provisions – in particular retention periods – remain unaffected.

3. plug-ins / tools / external links

Independent Analytics
We use the WordPress plugin “Independent Analytics” on this website to optimize, improve quality and monitor reach. This collects and analyzes various data. However, this data cannot be assigned to specific persons. It is not merged with other data sources. The statistics are stored and analyzed locally.

External content
We use widgets, plugins or content from third parties on our website. The use of the service is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG. This external content will only be loaded and displayed if you accept all cookies or actively consent to the third-party content. In this case, the responsibility for data protection-compliant operation must continue to be guaranteed by the respective provider. Details on data collection and your rights and settings options can be found in the respective data protection notices.

4 Google services

Google Web Fonts
This site uses so-called web fonts provided by Google for the uniform display of fonts. The Google fonts are installed locally. There is no connection to Google servers.

Google Maps
This site uses the map service Google Maps via an API. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. The IP address is only transmitted to Google if the website visitor consents to the transmission.
The use of Google Maps is in the interest of an appealing presentation of our online offers and to make it easy to find the places we have indicated on the website. The use of Google Maps is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG.
You can find more information on the handling of user data in Google’s privacy policy: https://policies.google.com/privacy.

We reserve the right to change the privacy policy in order to adapt it to changed legal situations or in the event of changes to the service and data processing. However, this only applies with regard to declarations on data processing. If user consent is required or components of the privacy policy contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the users.