Controller and general information
Your data will be processed by Laasenhof Resort, owner Karsten Scholz, Weißig 21, 01796 Struppen, phone: +493502199288, e-mail: firstname.lastname@example.org within the meaning of the General Data Protection Regulation (GDPR). In this document, “Laasenhof” refers to the website www.laasenhof.de, including all subpages, content and functions (e.g. booking function) available there. Our services are intended for the general public.
Collection and processing of personal data
As a rule, you can use online services for which no payment or registration is required without providing personal data. In certain cases, however, we process the personal data listed in section 3. This is only done to the extent necessary to provide a functional website and our content and services. Furthermore, we process personal data in connection with the use of Laasenhof if you provide it voluntarily, e.g. as part of an inquiry or when booking accommodation, or because there is another legal basis for this (see section 4). If you do not wish this, you will unfortunately not be able to use our services, or not to the full extent.
Categories of processed data
As soon as you use Laasenhof, our system automatically collects information from the computer system of the accessing computer. The following data may be collected in the process:
– Information about the browser type and version used
– the user’s operating system
– Date and time of access
– Web analysis data / pseudonymous user profiles (cookie ID, ad ID, etc.)
– Websites from which the user accesses our website
– Websites that the user accesses via our website
In addition, we process the following personal data if there is a contractual relationship between you and us or if you have transmitted the data to us in some other way:
– Personal master data (name, address, date of birth)
– Communication data (telephone number, email address)
– Contract master data (contractual relationship, product or contract interest, order history)
Legal basis and purposes of processing
We process your data exclusively on all possible legal bases.
In accordance with the GDPR, personal data may be processed in particular on the basis of a contract or for the implementation of pre-contractual measures, if consent has been given, on the basis of a legitimate interest or a law and to protect vital or public interests.
When booking accommodation or obtaining other services for which payment is required, we use your contract master data, including contact details, for the performance and fulfillment of the contract, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of other services or consideration, as well as the enforcement of legal claims or receivables (Art. 6 para. 1 lit. b GDPR). The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services. In the case of paid services, we process certain data because we are subject to a legal obligation that requires the processing of personal data, such as for the fulfillment of tax obligations (Art. 6 para. 1 lit. c GDPR).
We also use your email address collected during registration or in the course of contract performance to inform you by email about our own similar goods or services and about existing bookings or about Laasenhof in general. In this case, the e-mail address is processed on the basis of our legitimate interest in advertising our goods and services (Art. 6 para. 1 lit. f GDPR).
In addition, we use your email address to send you our newsletter if you have given us your prior express consent to receive a newsletter or advertising. In this case, we process your e-mail address in order to be able to send you the newsletter as requested (Art. 6 para. 1 lit. b GDPR). You can object to the use of your e-mail address for such purposes at any time in writing or in text form to email@example.com with effect for the future, without incurring any costs other than the transmission costs according to the basic rates.
On the Internet, every device requires a unique address, the so-called IP address, for the transmission of data. The at least temporary storage of the IP address is technically necessary to enable the website to be delivered to the user’s computer. We shorten the IP addresses before any processing and only process them further in anonymized form. There is no storage or further processing of the unabridged IP addresses. Our servers also store your IP address for 14 days for our own security purposes.
In the case of processing operations that are not covered by one or more of the aforementioned legal bases, processing is carried out if it is necessary to safeguard a legitimate interest and does not outweigh your interests, fundamental rights and freedoms on the basis of a comprehensive weighing of interests (Art. 6 para. 1 lit. f GDPR). A legitimate interest can be assumed if the data subject is a customer of the controller.
Our legitimate interest in being able to offer you products that are tailored to your needs, to inform you about new products and to continuously improve our services and thereby also increase our sales is the legal basis for processing for usage-based online advertising and web analysis. For web analysis services in detail, see section 9.
Another legitimate interest is the functionality of company processes (e.g. address management / invoicing).
You can object to processing on the basis of a legitimate interest at any time (see section 14.).
In the event that the data is processed for a purpose other than that stated when the data was collected, a compatibility check is carried out in accordance with Art. 6 para. 4 GDPR. Further processing is then only permitted if the original purpose is compatible with the new purpose or is permitted on the basis of a separate legal basis. Recognized compatible purposes include the assertion, exercise or defense of civil law claims, provided that there is no overriding interest of the data subject. In this case, we will inform you of the change of purpose. If the new purpose is not compatible with the purpose stated at the time of collection, a new collection will be carried out on the basis of a new legal basis. We will also inform you of the change of purpose in this case.
Place of processing
We ourselves do not transfer your personal data to countries outside the European Economic Area, except in cases where this is permitted under the GDPR.
Transfer of your data to third parties
We only transfer your personal data to third parties if the transfer is necessary to fulfill our contractual obligations to you and this is clearly done with or together with another provider, if we are otherwise legally entitled or obliged to pass it on, or if you have given us your consent to do so.
In order to provide our services, selected personal data may be shared with certain departments within our company. These include accounting and marketing. If you have decided to book accommodation, we will forward your data within the company to the relevant department for hotel and apartment accommodation.
In certain cases, we also use external service providers or affiliated companies that are commissioned by us to process data for us in accordance with our instructions. Such service providers are contractually bound by us as processors in accordance with the strict requirements of the GDPR and may not use your data for any other purposes. The processors we use provide us with the following services in particular Registration services, hosting, newsletter dispatch, evaluation services, maintenance and support and web analysis.
The transfer of data to processors takes place on the basis of Art. 28 para. 1 GDPR, alternatively on the basis of our legitimate interest in the economic and technical advantages associated with the use of specialized processors, Art. 6 para. 1 lit. f GDPR.
If we are legally obliged to do so or if this is permitted under data protection law, we transmit personal data to authorities, for example the police or public prosecutor’s office (Art. 6 para. 1 lit. c GDPR). This data is passed on on the basis of our legitimate interest in combating misuse, prosecuting criminal offenses and securing, asserting and enforcing claims and that your rights and interests in the protection of your personal data do not prevail, Art. 6 para. 1 lit. f GDPR
Cookies and similar technologies
You can prevent the setting of cookies by us at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If you deactivate the setting of cookies in the Internet browser you are using, you may not be able to use all the functions of our website to their full extent.
Web analysis services
In order to constantly improve our content and adapt it to the interests of our users and to display usage-based online advertising, we use some analysis services that collect data on our website and evaluate it for us. These service providers process pseudonymized user data for this purpose in accordance with our instructions on the basis of an order processing agreement. The data is not stored together with other personal user data. You can deactivate the individual analysis services at any time for the future. You can find out more about the analysis services we use below:
We have integrated Google AdWords on this website. Google AdWords is an internet advertising service that allows advertisers to place ads both in Google’s search engine results and in the Google advertising network. Google AdWords allows an advertiser to specify certain keywords in advance, which are used to display an ad in Google’s search engine results only when the user uses the search engine to retrieve a keyword-relevant search result. In the Google advertising network, the ads are distributed to relevant websites using an automatic algorithm and taking into account the previously defined keywords. The operating company of the Google AdWords services is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. The purpose of Google AdWords is to advertise our website by displaying interest-relevant advertising on the websites of third-party companies and in the search engine results of the Google search engine and by displaying third-party advertising on our website. If a data subject reaches our website via a Google ad, a so-called conversion cookie is stored on the data subject’s IT system by Google. What cookies are has already been explained above. A conversion cookie loses its validity after thirty days and is not used to identify the data subject. If the cookie has not yet expired, the conversion cookie is used to track whether certain sub-pages, such as the shopping cart from an online store system, have been accessed on our website. The conversion cookie enables both us and Google to track whether a data subject who has reached our website via an AdWords ad has generated sales, i.e. completed or canceled a purchase.
The data and information collected through the use of the conversion cookie is used by Google to compile visit statistics for our website. These visit statistics are in turn used by us to determine the total number of users who were referred to us via AdWords ads, i.e. to determine the success or failure of the respective AdWords ad and to optimize our AdWords ads for the future. Neither our company nor other Google AdWords advertisers receive information from Google that could be used to identify the data subject.
The conversion cookie is used to store personal information, such as the websites visited by the data subject. Each time our websites are visited, personal data, including the IP address of the Internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may share this personal data collected through the technical process with third parties.
The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such a setting of the Internet browser used would also prevent Google from placing a conversion cookie on the data subject’s IT system. In addition, a cookie already set by Google AdWords can be deleted at any time via the Internet browser or other software programs.
Furthermore, the data subject has the option of objecting to interest-based advertising by Google. To do this, the data subject must call up the link https://www.google.de/settings/ads from each of the Internet browsers they use and make the desired settings there. Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.de/intl/de/policies/privacy/.
We have integrated components of the company Facebook on this website. Facebook is a social network and is used to share opinions, experiences and media. The operating company of Facebook is Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the USA or Canada, the controller for the processing of personal data is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. With each call-up to one of the individual pages of this website, which is operated by us and on which a Facebook component (Facebook plug-in) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding Facebook component from Facebook through the Facebook component. A complete overview of all Facebook plug-ins can be accessed at https://developers.facebook.com/docs/plugins/?locale=de_DE. During the course of this technical procedure, Facebook gains knowledge of what specific sub-page of our website was visited by the data subject. If the data subject is logged in at the same time on Facebook, Facebook detects with every call-up to our website by the data subject-and for the entire duration of their stay on our Internet site-which specific sub-page of our Internet page was visited by the data subject. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated on our website, for example the “Like” button, or if the data subject makes a comment, Facebook assigns this information to the personal Facebook user account of the data subject and stores this personal data. Facebook always receives information via the Facebook component that the data subject has visited our website if the data subject is logged in to Facebook at the same time as accessing our website; this takes place regardless of whether the data subject clicks on the Facebook component or not. If the data subject does not want this information to be transmitted to Facebook, they can prevent the transmission by logging out of their Facebook account before accessing our website. The data policy published by Facebook, which is available at https://de-de.facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. It also explains what settings options Facebook offers to protect the privacy of the data subject. In addition, various applications are available that make it possible to suppress the transmission of data to Facebook. Such applications can be used by the data subject to suppress data transmission to Facebook.
On smartphones and tablets, the aforementioned services are often not implemented through plug-ins, but through an internal “share” function on the device. Depending on the settings, information can also be sent to other social media service providers. Please refer to your device information for details.
We use components of the Instagram service. Instagram is an audiovisual platform that allows users to share photos and videos and redistribute such content on other social networks. Instagram is operated by Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA. Every time you access one of the individual pages of this website on which an Instagram component (Insta button) has been integrated, Instagram receives information about which specific subpage of our website is visited by the data subject. If you are logged in to Instagram at the same time, Instagram recognizes which specific subpage was visited each time you visit our website and for the entire duration of your stay on our website. This information is collected by the Instagram component and assigned to your Instagram account by Instagram. If you press one of the Instagram buttons integrated on our website, the data and information transferred will be assigned to the personal Instagram user account and stored and processed by Instagram. Instagram always receives information via the Instagram component that you have visited our website if you are logged in to Instagram at the same time as you access our website; This occurs regardless of whether you click on the Instagram component or not. If you do not want this information to be transmitted to Instagram, you can prevent the transmission by logging out of your Instagram account before accessing our website. Further information and Instagram’s applicable data protection regulations can be found at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.
On smartphones and tablets, the aforementioned services are often not implemented through plug-ins, but rather through an internal device “sharing” function. Depending on your settings, information can also be passed on to other social media service providers. Please refer to your device information for details.
Payment service providers
In the event that you use a paid service or purchase something via our website/app, we offer various payment methods. If you decide to use one of these payment service providers, you will leave our site. All data is then collected and processed by this payment service provider. We do not receive any personal data, in particular no bank or credit card details, but only the information that the payment was made successfully. The following payment service providers are available to you:
We have integrated the PayPal payment option on this website. PayPal is an online payment service provider owned by PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg. Payments are processed via so-called PayPal accounts, which represent virtual private or business accounts. PayPal also offers the option of processing virtual payments via credit cards if a user does not have a PayPal account. PayPal makes it possible to initiate online payments to third parties or to receive payments. If the data subject selects “PayPal” as a payment option during the ordering process in our online shop, the data of the data subject is automatically transmitted to PayPal. By selecting this payment option, the data subject consents to the transmission of personal data required for payment processing. The personal data transmitted to PayPal is usually first name, last name, address, email address, IP address, telephone number, mobile phone number or other data that is necessary for payment processing. In order to process the service contract, personal data that is related to the respective order is also necessary. The purpose of transmitting the data is to process payments and prevent fraud. We will transmit personal data to PayPal in particular if there is a legitimate interest in the transmission. The personal data exchanged between PayPal and us may be transmitted by PayPal to credit reporting agencies. The purpose of this transmission is to check identity and creditworthiness. PayPal may pass on personal data to affiliated companies and service providers or subcontractors to the extent that this is necessary to fulfill contractual obligations or the data is to be processed on behalf of the customer. The data subject has the option to revoke their consent to the handling of personal data at any time from PayPal. A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing.
PayPal’s applicable data protection regulations can be accessed at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
Instant bank transfer
We have integrated Sofortüberweisung components on this website. Sofortüberweisung is a payment service that enables cashless payment of products and services on the Internet. Sofortüberweisung is a technical process through which the online retailer immediately receives a payment confirmation. This enables a retailer to deliver goods, services or downloads to the customer immediately after the order is placed. The operating company for Sofortüberweisung is SOFORT GmbH, Fußbergstraße 1, 82131 Gauting, Germany. If the data subject selects “Sofortüberweisung” as a payment option during the ordering process in our online shop, the data of the data subject is automatically transmitted to Sofortüberweisung. By selecting this payment option, the data subject consents to the transfer of personal data required for payment processing. When purchasing via Sofortüberweisung, the buyer sends the PIN and TAN to Sofort GmbH. Sofortüberweisung then carries out a transfer to the online retailer after a technical check of the account balance and retrieval of further data to check the account funds. The online retailer is then informed automatically that the financial transaction has been carried out. The personal data exchanged with Sofortüberweisung is your first name, last name, address, email address, IP address, telephone number, mobile phone number or other data that is necessary for payment processing. The purpose of transmitting the data is to process payments and prevent fraud. We will also transmit other personal data to Sofortüberweisung if there is a legitimate interest in the transmission. The personal data exchanged between Sofortüberweisung and us may be transmitted by Sofortüberweisung to credit reporting agencies. The purpose of this transmission is to check identity and creditworthiness. Sofortüberweisung may pass on the personal data to affiliated companies and service providers or subcontractors to the extent that this is necessary to fulfill the contractual obligations or the data is to be processed on behalf of the customer. The data subject has the option to revoke their consent to the handling of personal data at any time to Sofortüberweisung. A revocation does not affect personal data that must be processed, used or transmitted for (contractual) payment processing. The applicable data protection regulations for Sofortüberweisung can be accessed at https://www.klarna.com/sofort/datenschutz/.
Other services we use include:
We use the online booking system Mews on our website. Your data will be transmitted to Mews. Mews is prohibited from selling your data or using it for purposes other than the booking process. Your data is transmitted via an encrypted SSL connection.
We only store personal data as long as we are authorized to do so and the purpose of processing has not ceased. The respective statutory retention period applies to the duration of storage of personal data. After the deadline has expired, the relevant data will be routinely deleted unless it is no longer required to fulfill the contract or initiate a contract.
Information and correction
You can obtain information from us at any time, free of charge, as to whether personal data about you is being processed by us and specifically what data is stored about you, as well as request a copy of the stored data. You can also have incorrect data corrected and completed.
Deletion, restriction and the right to be forgotten
You can request the deletion and restriction of your personal data. Please note that, for example, there are legal retention requirements for paid contracts such as booking courses and we are therefore not allowed to completely delete your data in every case. In this case, your data will be marked with the aim of restricting its future processing.
Where applicable, you also have the right to have personal data relating to you transmitted to you or another controller in a structured, commonly used and machine-readable format, provided that the processing is based on consent or a contract and is carried out using automated procedures. However, this does not apply if the processing is not necessary for the performance of a task that is in the public interest or in the exercise of official authority vested in the person responsible. Furthermore, you have the right to have the personal data transmitted directly from one person responsible to another person responsible, to the extent that this is technically feasible and provided that this does not affect the rights and freedoms of other persons.
Revocation / objection
You can revoke your consent at any time with effect for the future at. Revoke the above contact address.
In particular, you can object to the use of your e-mail address for the purpose of sending newsletters at any time in writing or in text form to firstname.lastname@example.org or Laasenhof Resort, owner Karsten Scholz, Weißig 21, 01796 Struppen with future effect, without this being necessary for others as the transmission costs arise according to the basic tariffs. Furthermore, you have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you that is based on a legitimate or public interest. This also applies to profiling based on these provisions. In the event of an objection, we will no longer process the personal data unless we can demonstrate compelling legitimate reasons for the processing which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims .
Right to lodge a complaint
You also have the right to lodge a complaint with the responsible supervisory authority and to take legal action. The supervisory authority to which the complaint was submitted will inform the complainant of the status and results of the complaint, including the possibility of a legal remedy.