We have concluded an order processing contract with AWS. This is a contract required by data protection law, which ensures that AWS only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
This US company is certified under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures.
You can find more information on AWS's data protection provisions at: https://aws.amazon.com/de/privacy/?nc1=f_pr
6.3 CDN77 (Content Delivery Network)
We use the CDN77 service of the provider DataCamp Limited, 207 Regent Street London W1B 3HEH, United Kingdom (hereinafter referred to as ‘CDN77’) for our website.
We use the Content Delivery Network or Content Distribution Network to deliver all content on our website to you.
DATA PROTECTION DECLARATION
1. introduction
With the following information, we would like to give you as a ‘data subject’ an overview of the processing of your personal data by us and your rights under data protection laws. It is generally possible to use our website without entering personal data. However, if you wish to make use of special services of our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain your consent.
The processing of personal data, such as your name, address or e-mail address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to the ‘Hotel Jagdhaus Wiese’. By means of this data protection declaration, we would like to inform you about the scope and purpose of the personal data we collect, use and process.
As the controller, we have implemented numerous technical and organisational measures to ensure that the personal data processed via this website is protected as completely as possible. Nevertheless, Internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us by alternative means, for example by telephone or post.
You can also take simple and easy-to-implement measures to protect yourself against unauthorised access to your data by third parties. We would therefore like to take this opportunity to give you some tips on how to handle your data securely:
Protect your account (login, user or customer account) and your IT system (computer, laptop, tablet or mobile device) with secure passwords.
Only you should have access to the passwords.
Make sure that you only ever use your passwords for one account (login, user or customer account).
Do not use one password for different websites, applications or online services.
Especially when using publicly accessible IT systems or IT systems shared with other people, you should always log out after logging in to a website, application or online service.
The following applies in particular when using publicly accessible IT systems or IT systems shared with other people: You should always log out after logging in to a website, application or online service.
Passwords should consist of at least 12 characters and be chosen in such a way that they cannot be easily guessed. Therefore, they should not contain common everyday words, your own name or the names of relatives, but should contain upper and lower case letters, numbers and special characters.
2. controller
The controller within the meaning of the GDPR is the:
Hotel Jagdhaus Wiese
Jagdhaus 3, 57392 Schmallenberg, Germany
Telephone: +49 (0) 2972 306 - 0
Fax: +49 (0) 2972 306 - 288
E-mail: info@jagdhaus-wiese.de
Representative of the responsible person: Stefan Wiese-Gerlach
3. data protection officer
You can contact the data protection officer as follows
Julia Borgmann
Telephone: +49 (0) 2985 99 99 690
Fax: +49 (0) 2985 99 99 693
E-mail: datenschutz@great-oak.de
You can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.
4. Legal basis of the processing
Art. 6 para. 1 lit. a) GDPR (in conjunction with. § Section 25 (1) TDDDG (formerly TTDSG)) serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose.
If the processing of personal data is necessary for the fulfilment of a contract to which you are a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 para. 1 lit. b) GDPR. The same applies to such processing operations that are necessary for the performance of pre-contractual measures, for example in cases of enquiries about our products or services.
If our company is subject to a legal obligation which requires the processing of personal data, such as for the fulfilment of tax obligations, the processing is based on Art. 6 para. 1 lit. c) GDPR.
In rare cases, the processing of personal data may become necessary in order to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured on our premises and their name, age, health insurance details or other vital information would have to be passed on to a doctor, hospital or other third party. The processing would then be based on Art. 6 para. 1 lit. d) GDPR.
Ultimately, processing operations could be based on Art. 6 para. 1 lit. f) GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if you are a customer of our company (Recital 47 Sentence 2 GDPR).
5. transfer of data to third parties
Your personal data will not be transferred to third parties for purposes other than those listed below.
We only pass on your personal data to third parties if:
you have given us your express consent in accordance with Art. 6 para. 1 lit. a) GDPR,
the disclosure pursuant to Art. 6 para. 1 lit. f) GDPR is authorised to protect our legitimate interests and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 lit. c) GDPR, and
this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 lit. b) GDPR.
As part of the processing operations described in this privacy policy, personal data may be transferred to the USA. Companies in the USA only have an adequate level of data protection if they have certified themselves under the EU-US Data Privacy Framework and thus the adequacy decision of the EU Commission pursuant to Art. 45 GDPR applies. We have explicitly stated this for the service providers concerned in the privacy policy. In order to protect your data in all other cases, we have concluded data processing agreements based on the European Commission's standard contractual clauses. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent may serve as the legal basis for the transfer to third countries in accordance with Art. 49 para. 1 lit. a) GDPR. This sometimes does not apply to data transfers to third countries for which the European Commission has issued an adequacy decision in accordance with Art. 45 GDPR.
6. Technology
6.1 SSL/TLS encryption
This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact enquiries that you send to us as the operator. You can recognise an encrypted connection by the fact that the address line of the browser contains ‘https://’ instead of ‘http://’ and by the lock symbol in your browser line.
We use this technology to protect your transmitted data.
6.2 Hosting by Amazon Web Services - AWS
We host our website with Amazon Web Services (AWS). The provider is Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg.
When you visit our website, your personal data is processed on the servers of AWS. Personal data may also be transmitted to the parent company of AWS in the USA.
The use of AWS is based on Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in displaying our website as reliably as possible.
We have concluded an order processing contract with AWS. This is a contract required by data protection law, which ensures that AWS processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
This US company is certified under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures.
You can find more information on AWS's data protection provisions at: https://aws.amazon.com/de/privacy/?nc1=f_pr
6.3 CDN77 (Content Delivery Network)
We use the CDN77 service of the provider DataCamp Limited, 207 Regent Street London W1B 3HEH, United Kingdom (hereinafter referred to as ‘CDN77’) for our website.
We use the Content Delivery Network or Content Distribution Network to deliver all content on our website to you.
The use of CDN77 significantly reduces the loading time of the website content in particular by sending our video and photo files from a server that is faster than the web server and also serves the stability of our product. This server is always located as close as possible to your location. To establish the connection and deliver the content, our website transmits your IP address to CDN77. CDN77 only stores the information received in log files in the event of an error for the purpose of error analysis. Your IP address is stored in anonymised form.
We have concluded the agreement with CDN77 required under data protection law for order processing in accordance with Art. 28 GDPR. According to this agreement, CDN77 undertakes to ensure the necessary protection of your data and to process it exclusively on our behalf in accordance with the applicable data protection regulations.
Further information about CDN77 and data processing by CDN77 can be found on the website https://www.cdn77.com/ and in the privacy policy at https://www.cdn77.com/privacy-policy.
7. Cookies
7.1 Cookiebot (consent management tool)
We use the consent management tool ‘Cookiebot’ from Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark. This service enables us to obtain and manage the consent of website visitors to data processing.
Cookiebot collects data generated by end users who use our website. When an end user gives consent via the cookie consent tool, Cookiebot automatically logs the following data:
The IP number of the end user in anonymised form (the last three digits are set to 0)
Date and time of consent.
User agent of the end user's browser.
The URL from which the consent was sent.
An anonymous, random and encrypted key.
The consent status of the end user, which serves as proof of consent.
The key and the consent status are also stored in the end user's browser in the cookie ‘CookieConsent’ so that the website can automatically read and follow the end user's consent on all subsequent page requests and future end user sessions for up to 12 months. The key is used for proof of consent and for an option to verify that the consent status stored in the end user's browser is unchanged compared to the original consent submitted to Cybot.
The functionality of the website is not guaranteed without the processing. The ‘CookieConsent’ cookie set by Cookiebot is categorised as necessary.
Cybot is the recipient of your personal data and acts as a processor for us.
Detailed information on the use of Cookiebot can be found at: https://www.cookiebot.com/de/privacy-policy/.
7.2 Usercentrics (Consent Management Tool)
We use the consent management tool ‘Usercentrics’ from Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany. This service enables us to obtain and manage the consent of website users for data processing.
Usercentrics collects data generated by end users who use our website. When an end user gives consent, Usercentrics automatically logs the following data:
Browser information.
Date and time of access.
Device information.
The URL of the page visited.
Geographical location.
Page path of the website.
The consent status of the end user, which serves as proof of consent.
The consent status is also stored in the end-user's browser so that the website can automatically read and follow the end-user's consent on all subsequent page requests and future end-user sessions for up to 12 months. The consent data (consent and revocation of consent) is stored for three years. The retention period corresponds to the regular limitation period in accordance with Section 195 of the German Civil Code (BGB). The data will then be deleted immediately or forwarded to the person responsible on request in the form of a data export.
The functionality of the website is not guaranteed without the described processing. The user has no right to object as long as there is a legal obligation to obtain the user's consent to certain data processing operations (Art. 7 para. 1, 6 para. 1 sentence 1 lit. c) GDPR).
Usercentrics is the recipient of your personal data and acts as a processor for us.
Detailed information on the use of Usercentrics can be found at: https://usercentrics.com/privacy-policy/.
0.8 Contents of our website
8.1 Data processing for order processing
The personal data collected by us will be passed on to the transport company commissioned with the delivery as part of the contract processing, insofar as this is necessary for the delivery of the goods. We pass on your payment data to the commissioned credit institution within the scope of payment processing, insofar as this is necessary for payment processing. If payment service providers are used, we provide explicit information about this below. The legal basis for the transfer of data is Art. 6 para. 1 lit. b) GDPR.
8.2 Making contact / contact form
Personal data is collected when you contact us (e.g. via contact form or email). Which data is collected when a contact form is used can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your enquiry or for contacting you and the associated technical administration. The legal basis for the processing of the data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f) GDPR. If your contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. Your data will be deleted after final processing of your enquiry; this is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and the deletion does not conflict with any statutory retention obligations.
8.3 Services / digital goods
We only transfer personal data to third parties if this is necessary in the context of contract processing, for example to the credit institution commissioned to process payments.
Any further transmission of data will not take place or will only take place if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.
The basis for data processing is Art. 6 para. 1 lit. b) GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
8.4 Moving pictures (360° panorama)
The offer on this website uses the services of mp moving-pictures gmbh (Am Flughafen 12A, D-87766 Memmingerberg).
This service enables us to present you with panoramic images on our website.
You can obtain detailed information about the data processing of mp moving-pictures via the following link https://www.moving-pictures.de/kontakt/datenschutz.html.
9. newsletter dispatch
9.1 Advertising newsletter
On our website, you are given the opportunity to subscribe to our company's newsletter. Which personal data is transmitted to us when you subscribe to the newsletter can be seen from the input mask used for this purpose.
We inform our customers and business partners about our offers at regular intervals by means of a newsletter. You can only receive our company's newsletter if
you have a valid e-mail address and
you have registered to receive the newsletter.
For legal reasons, a confirmation e-mail will be sent to the e-mail address you entered for the first time for the newsletter mailing using the double opt-in procedure. This confirmation email is used to check whether you, as the owner of the email address, have authorised the receipt of the newsletter.
When you register for the newsletter, we also store the IP address assigned by your Internet service provider (ISP) to the IT system you are using at the time of registration, as well as the date and time of registration. The collection of this data is necessary in order to be able to trace the (possible) misuse of your e-mail address at a later date and therefore serves our legal protection.
The personal data collected as part of a registration for the newsletter is used exclusively to send our newsletter. Furthermore, subscribers to the newsletter may be informed by e-mail if this is necessary for the operation of the newsletter service or a registration in this regard, as could be the case in the event of changes to the newsletter offer or changes to the technical circumstances. The personal data collected as part of the newsletter service will not be passed on to third parties. You can cancel your subscription to our newsletter at any time. The consent to the storage of personal data that you have given us for the newsletter dispatch can be revoked at any time. There is a corresponding link in every newsletter for the purpose of revoking consent. It is also possible to unsubscribe from the newsletter at any time directly on our website or to inform us of this in another way.
The legal basis for data processing for the purpose of sending the newsletter is Art. 6 para. 1 lit. a) GDPR.
9.2 Brevo (previously Sendinblue)
We use Brevo to send newsletters. The provider is Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany.
Brevo is a service that can be used to organise and analyse the sending of newsletters, among other things. The data you enter for the purpose of subscribing to the newsletter is stored on Sendinblue's servers in Germany.
If you do not wish to be analysed by Brevo, you must unsubscribe from the newsletter. We provide a corresponding link for this purpose in every newsletter message. You can also unsubscribe from the newsletter directly on the website.
You can revoke your consent at any time. You can also prevent processing at any time by unsubscribing from the newsletter. You can also prevent the storage of cookies by selecting the appropriate settings in your web browser. You can also prevent the storage and transmission of personal data by deactivating Java Script in your web browser or installing a Java Script blocker (e.g. https://noscript.net or https://www.ghostery.com). We would like to point out that these measures may mean that not all functions of our website are available.
With the help of Brevo, we are able to analyse our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links, if any, have been clicked on. In this way, we can determine which links have been clicked on particularly frequently.
We can also recognise whether certain previously defined actions were carried out after opening/clicking (conversion rate). For example, we can recognise whether you have made a purchase after clicking on the newsletter.
Brevo also enables us to divide newsletter recipients into different categories (so-called ‘clusters’). Newsletter recipients can be categorised by age, gender or place of residence, for example. In this way, the newsletters can be better customised to the respective target groups.
Detailed information on the functions of Brevo can be found at the following link: https://www.brevo.com/de/datenschutz-uebersicht/.
10. Our activities in social networks
So that we can also communicate with you on social networks and inform you about our services, we are represented there with our own pages. If you visit one of our social media pages, we are jointly responsible with the provider of the respective social media platform for the processing operations triggered by this, within the meaning of Art. 26 GDPR.
We are not the original provider of these pages, but only use them within the scope of the possibilities offered to us by the respective providers.
As a precautionary measure, we would therefore like to point out that your data may also be processed outside the European Union or the European Economic Area. Use may therefore be associated with data protection risks for you, as it may be more difficult to safeguard your rights, e.g. to information, deletion, objection, etc., and processing in social networks is often carried out directly for advertising purposes or to analyse user behaviour by the providers without us being able to influence this. If user profiles are created by the provider, cookies are often used or the user behaviour is assigned to your own social network member profile.
Data processing is based on your consent in accordance with Art. 6 para. 1 lit. a) GDPR. You can revoke this consent at any time. The legality of the data processing operations that have already taken place remains unaffected by the cancellation.
The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted from both our servers and Brevo's servers after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.
You can view Brevo's privacy policy at: https://www.brevo.com/de/datenschutz-uebersicht/.
The described processing operations of personal data are carried out in accordance with Art. 6 para. 1 lit. f) GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider in order to be able to communicate with you in a timely manner or to inform you about our services. If you have to give your consent to data processing as a user with the respective providers, the legal basis refers to Art. 6 para. 1 lit. a) GDPR in conjunction with Art. 7 GDPR. Art. 7 GDPR.
As we do not have access to the providers' databases, we would like to point out that it is best to assert your rights (e.g. to information, correction, deletion, etc.) directly with the respective provider. Further information on the processing of your data in the social networks is provided below by the respective social network provider we use:
10.1 Facebook
(Joint) controller for data processing in Europe: Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy policy (data policy): https://www.facebook.com/about/privacy
10.2 Instagram
(Joint) controller for data processing in Germany: Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy policy (data policy): https://instagram.com/legal/privacy/
11 Web analysis
11.1 Matomo
We have integrated the Matomo component of the provider InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, on this website. Matomo is a software tool for web analysis, i.e. for collecting, collating and evaluating data about the behaviour of visitors to websites. Among other things, data is collected about the website from which a data subject came to a website (so-called referrer), which subpages of the website were accessed or how often and for how long a subpage was viewed. This is used to optimise the website and for the cost-benefit analysis of internet advertising.
The software is operated on the server of the controller, and the log files, which are sensitive under data protection law, are stored exclusively on this server.
Matomo places a cookie on your IT system. By setting the cookie, we are able to analyse the use of our website. Each time you access one of the individual pages of this website, the internet browser on your IT system is automatically prompted by the Matomo component to transmit data to our server for the purpose of online analysis. As part of this technical process, we obtain knowledge of personal data, such as the IP address of the person concerned, which serves us, among other things, to trace the origin of visitors and clicks.
Cookies are used to store personal information, such as the access time, the location from which access was made and the frequency of visits to our website. Each time you visit our website, this personal data, including the IP address of the Internet connection you are using, is transmitted to our server. This personal data is stored by us. We do not pass this personal data on to third parties.
These processing operations are only carried out with your express consent in accordance with Art. 6 para. 1 lit. a) GDPR.
You can view Matomo's data protection provisions at: https://matomo.org/privacy/
11.2 Fathom
We use the data protection-friendly web analysis tool ‘Fathom’ in the version in which the data is processed exclusively in the EU.
‘Fathom’ is a data protection-friendly tool for counting and, above all, clearly visualising access to our websites. It does not use cookies.
‘Fathom’ is a service provided by Conva Ventures Inc (BOX 37058 Millstream PO, Victoria, British Columbia, V9B 0E8). As a private company, the provider of ‘Fathom’ falls under the so-called adequacy decision of the EU Commission on Canada, so that an adequate level of data protection is guaranteed.
Data processing also takes place exclusively in Europe and in EU data centres through so-called ‘EU isolation’. You can find more details here.
‘Fathom’ does not store any IP addresses of visitors to our website. A hash value is stored, which is also used, among other things, to recognise returning visitors. Neither we nor ‘Fathom’ can directly derive a personal reference from this data. Nevertheless, we have concluded an order processing contract with the provider of ‘Fathom’, which fulfils the requirements of Art. 28 GDPR.
The Fathom privacy policy can be found here: https://usefathom.com/privacy.
12. plugins and other services
12.1 Google Maps
We use Google Maps (API) on our website. The operating company of Google Maps is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Maps is a web service for displaying interactive (land) maps in order to visualise geographical information. By using this service, you can, for example, see our location and make it easier for you to find us.
Information about your use of our website (such as your IP address) is transmitted to Google servers in the USA and stored there as soon as you access those subpages in which the Google Maps map is integrated, provided that you have given your consent within the meaning of Art. 6 para. 1 lit. a) GDPR. In addition, Google Maps loads Google Web Fonts and Google Photos as well as Google stats. The provider of these services is also Google Ireland Limited. When you access a page that integrates Google Maps, your browser loads the web fonts and photos required to display Google Maps into your browser cache. The browser you are using also establishes a connection to Google's servers for this purpose. This informs Google that our website has been accessed via your IP address. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google profile, you must log out of your Google user account. Google stores your data (even for users who are not logged in) as usage profiles and analyses them. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
If you do not agree to the future transmission of your data to Google in connection with the use of Google Maps, you also have the option of completely deactivating the Google Maps web service by switching off the JavaScript application in your browser. Google Maps and thus also the map display on this website can then not be used.
These processing operations are only carried out with your express consent in accordance with Art. 6 para. 1 lit. a) GDPR.
You can view Google's terms of use at https://www.google.de/intl/de/policies/terms/regional.html, the additional terms of use for Google Maps can be found at https://www.google.com/intl/de_US/help/terms_maps.html.
The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures.
You can view the data protection provisions of Google Maps at (‘Google Privacy Policy’): https://www.google.de/intl/de/policies/privacy/.
12.2 Busy Rooms
If you make an online booking from our website, this is done through the online reservation system of Busy Rooms GmbH, Kallenberg 25 in 42929 Wermelskirchen, Germany. All booking data entered by you is transmitted in encrypted form. Our contractual partner has undertaken to handle your transmitted data in compliance with the GDPR. Busy Rooms takes all organisational and technical measures to protect your data.
You can view Busy Rooms GmbH's privacy policy here https://www.hotelwebservice.com/de/datenschutz
A separate contract data processing agreement has been concluded with Busy Rooms GmbH to ensure the protection of your personal data.
The data will not be passed on to third parties in this context. The data is used exclusively for processing the booking and for communication.
12.3 Gastronovi
A widget from the external service provider Gastronovi is used on our website for online table reservations. Gastronovi (a service of gastronovi GmbH, Buschhöhe 2, 28357 Bremen, Germany).
In order to use the functions of Gastronovi, it is necessary that your personal data, such as name, telephone number and e-mail address, are collected and stored. This data is transmitted directly to Gastronovi when you make a table reservation and processed on their servers. The provider of this website has no influence on this data transmission and processing.
We would like to expressly point out that your e-mail address will not be used for advertising or mass mailing purposes.
In the course of processing, anonymised data may be further processed for statistical purposes.
Gastronovi is used in the interest of simple and efficient processing of table reservations and to improve our customer service. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
An order processing contract in accordance with Art. 28 GDPR has been concluded with Gastronovi to ensure the protection of your personal data.
You can find more information on the handling of your user data in Gastronovi's privacy policy: https://www.gastronovi.com/de/datenschutz
12.4 WhatsApp Business
(Joint) controller for data processing in Europe: WhatsApp Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy policy (data policy): https://www.whatsapp.com/legal
13 Your rights as a data subject
13.1 Right to information Art. 15 GDPR
You have the right to receive information from us at any time free of charge about the personal data stored about you and a copy of this data in accordance with the statutory provisions.
13.2 Right to rectification Art. 16 GDPR
You have the right to request the rectification of inaccurate personal data concerning you. You also have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.
13.3 Erasure Art. 17 GDPR
You have the right to obtain from us the erasure of personal data concerning you without undue delay where one of the grounds provided for by law applies and insofar as the processing or storage is not necessary.
13.4 Restriction of processing Art. 18 GDPR
You have the right to demand that we restrict processing if one of the legal requirements is met.
13.5 Data portability Art. 20 GDPR
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us to whom the personal data has been provided, provided that the processing is based on consent pursuant to Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b) GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Furthermore, when exercising your right to data portability in accordance with Art. 20 para. 1 GDPR, you have the right to obtain that the personal data be transferred directly from one controller to another controller, insofar as this is technically feasible and provided that this does not adversely affect the rights and freedoms of other persons.
13.6 Objection Art. 21 GDPR
YOU HAVE THE RIGHT TO OBJECT, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, AT ANY TIME TO PROCESSING OF PERSONAL DATA CONCERNING YOU WHICH IS BASED ON ART. 6 ABS. 1 LIT. E) (DATA PROCESSING IN THE PUBLIC INTEREST) OR F (DATA PROCESSING ON THE BASIS OF A BALANCING OF INTERESTS) OF THE GDPR.
This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the processing serves the establishment, exercise or defence of legal claims.
In individual cases, we process personal data for direct marketing purposes. You can object to the processing of your personal data for the purpose of such advertising at any time. This also applies to profiling insofar as it is associated with such direct advertising. If you object to processing for direct marketing purposes, we will no longer process the personal data for these purposes.
You also have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you are free to exercise your right to object by automated means using technical specifications.
13.7 Revocation of consent under data protection law
You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.
13.8 Complaint to a supervisory authority
You have the right to lodge a complaint about our processing of personal data with a supervisory authority responsible for data protection.
14 Routine storage, deletion and blocking of personal data
We process and store your personal data only for the period of time required to achieve the purpose of storage or if this is provided for by the legal provisions to which our company is subject.
If the storage purpose no longer applies or if a prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
15. topicality and amendment of the data protection declaration
This privacy policy is currently valid and was last updated in October 2024.
It may become necessary to amend this privacy policy as a result of the further development of our website and services or due to changes in legal or official requirements. You can access and print out the current privacy policy at any time on the website at ‘https://www.jagdhaus-wiese.de/de/footer/datenschutz’.
16. current list of supervisory authorities
You can find a list of supervisory authorities on the website https://www.bfdi.bund.de/DE/Service/Anschriften/anschriften_table.html
This privacy policy was created by Great Oak Datenschutz GmbH & Co. KG with the support of the data protection software: GO DSM.