Privacy

Responsible body

Responsible within the meaning of the data protection laws, in particular the Church Law on Data Protection of the Evangelical Church in Germany (DSG-EKD) and the European Data Protection Regulation (DSGVO) is

Evangelische Behindertenhilfe Dresden und Umland gGmbH Goetheallee 53a
01309 Dresden

Telephone (head office): 0351 313 90 99
info@hotel-am-schwanenhaus.de

Data protection officer

We have appointed an external data protection officer to deal with your data protection concerns:

Mr. Dirk Seeliger
T27 GmbH
Lena-Christ-Straße 2
82031 Grünwald
E-mail: info@t27.gmbh

Protection of your data

We take appropriate security measures to protect the security of your personal data and to protect you against unauthorized or unlawful processing. This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as inquiries that you send to us as the site operator via our contact form. You can recognize an encrypted connection by the fact that the address line of the browser changes from "hdp://" to "hdps://" and by the lock symbol in your browser line.

Processing of personal data

When you visit our website

Each time you visit our website, we automatically collect data and information from your device's system and store it in so-called server log files. This data is information that relates to an identified or identifiable natural person (here: website visitor). The data is automatically transmitted by your browser when you visit our website.

• IP address

The following information is recorded:

• Date & time of access, time zone difference to Greenwich Mean Time (GMT) - Browser type/version, browser language
• Operating system used and its interface
• Amount of data transferred, website from which the request originates
• Access status/hdp status code

The above data is processed by us for the following purposes: Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. The data is stored in log files to ensure the functionality of the website. We also use the data to optimize the website and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this context. The recipient of the data is our server host, who works for us as part of a contract data agreement. We use ALL-INKL.COM, Hauptstraße 68, D-02742 Friedersdorf for the hosting of this website. The legal basis for data processing is § 6 No. 4 DSG-EKD (Art. 6 para. 1, sentence 1 lit. f) GDPR). Our legitimate interest follows from the data collection purposes listed above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person. The data will be deleted in accordance with the applicable legal provisions or as soon as its purpose has been fulfilled. The maximum retention period for log files is 30 days. The privacy policy of ALL-INKL.COM can be found here: hdps://all-inkl.com/datenschutzinformationen

Contact form

For questions of any kind, we offer you the opportunity to contact us via a form provided on our website. In this context, we process the following data: Subject, name, e-mail address. Due to the nature of your request, we may require more than the mandatory information listed. If you enter additional personal data in the message field or the optional fields (telephone number, address, order number, branch number), this data will be collected and processed with the same care as your name and e-mail address. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. If your contact is aimed at the conclusion of a contract, the legal basis for the processing is § 6 No. 5 DSG-EKD (Art. 6 para. 1 lit. b) GDPR). The legal basis for the processing of the data is our legitimate interest in responding to your request in accordance with Section 6 No. 4 DSG-EKD (Art. 6 para. 1 lit. f) GDPR). Insofar as health data within the meaning of Section 4 No. 2 lit. e) DSG-EKD (Art. 9 para. 1 GDPR) is required for this purpose, the legal basis is your consent in accordance with Section 13 para. 2 No. 1 DSG-EKD (Art. 9 para. 2 a) GDPR). Your data will be deleted after final processing of your request; this is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no legal obligations to preserve data.

Our newsletter

You can subscribe to a free newsletter on our website. When registering for the newsletter, the following data from the input mask is transmitted to us:

E-mail address of the user

First name and surname

The following data is also collected during registration

The IP address of the accessing computer

The date and time of registration
Your consent is obtained for the processing of the data during the registration process and reference is made to the data protection declaration.

We use the so-called double opt-in procedure to document your consent to Newsleder and to prevent misuse of your data. This procedure ensures that the recipient also wishes to receive our Newsleder. After registering, you will receive an e-mail asking you to confirm your Newsleder registration. We will only send you our Newsleder once you have confirmed your registration.

Registrations for the Newsleder are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your stored data are also logged.

The collection of the user's e-mail address serves to deliver the newsletter. The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used.

The legal basis for the processing of data after the user has registered for the newsletter is § 6 No. 2 DSG-EKD (Art. 6 para. 1 lit. a) GDPR) if the user has given consent.

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user's email address and the date and time of registration are therefore stored for as long as the subscription to the Newsleader is active.

The subscription to the newsletter can be canceled by the user concerned at any time. For this purpose, there is a corresponding link in every newsletter. This also makes it possible to withdraw consent to the storage of personal data collected during the registration process.

Appointment booking with the help of our booking platform "Viato CBE"

Operator and contact:
Viato GmbH
Industriestr. 51
79194 Gundelfingen
Phone: +49 761 600 68560
Fax: +49 761 600 685656
info@viato.travel

Hotel bookings are made via the booking platform service provider "Viato CBE", which is operated by Viato GmbH.

The necessary data of our contractual customers, as well as their other data described in the context of these notes, are stored on the servers of "Viato CBE", whose operator is Viato GmbH.

"Viato CBE" uses this information to book your hotel stay on our behalf. However, "Viato" does not use the data of our contractual partners to write to them itself or to pass it on to Dride.

We trust in the reliability and IT and data security of "Viato CBE", and they are obliged to comply with EU data protection regulations. Furthermore, we have concluded an "order processing contract" with "Viato CBE". This is a contract in which "Viato CBE" undertakes to protect the data of our users, to process it on our behalf in accordance with its data protection provisions and, in particular, not to pass it on to third parties. You can view the data protection provisions of "Viato CBE"
here viato.travel/data-protection.

By using the booking form, we collect the following personal data by using the above booking platform "Viato CBE"
the following personal data:

• First and last name
• Company name
• Billing address
• E-mail address
• Telephone number
• Date of arrival, date of departure
• Your gender

Other wishes and details

The legal basis for the processing of the data is the conclusion of an accommodation contract with the user. The legal basis for the transmission of the data is § 6 No. 5 DSG-EKD (Art. 6 para. 1 lit. b) GDPR) (processing for the performance of a contract). We store this data in order to be able to substantiate possible legal claims. For documentation purposes, the above personal data and additional data such as IP address, date, time and information about the communication received are stored in our hotel software.

Integration of cookies, tracking tools and other services

Cookies

We sometimes use so-called cookies on our website. Cookies do not damage your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser on your next visit.

Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested are stored on the basis of Section 6 No. 4 DSG-EKD (Art. 6 para. 1 lit. f) GDPR). The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. Insofar as other cookies are stored, these are treated separately in this privacy policy.

You have the option of configuring the setting of cookies at any time.
This allows you to restrict or completely prevent the setting of cookies in your browser settings. You can also arrange for cookies to be deleted automatically when you close the browser window. You can find out how to delete cookies in the most common browsers and change the cookie settings here:

• Internet Explorer: hdps://windows.microsoft.com/en-DE/windows-vista/Block-or-allow- cookies
• Firefox: hdps://support.mozilla.org/en/kb/cookies-allow-and-reject
• Chrome: hdps://support.google.com/chrome/bin/answer.py?hl=en&hlrm=en&answer=95647
• Safari: hdps://support.apple.com/kb/ph21411?locale=en_DE
• Opera: hdps://help.opera.com/Windows/10.20/en/cookies.html

Cookie consent with Processwire

This website uses the cookie consent technology of the open source project Processwire to obtain your consent to the storage of certain cookies on your end device and to document this in compliance with data protection regulations. Open source refers to software
whose source code is public and can be viewed, modified and used by third parties. An open source development model is the process by which an open source community project develops open source software. This software is then published under an open source license so that source code can be viewed or modified by all users. The provider of this technology is the open source project Processwire: hdps://processwire.com/.

Processwire also stores a cookie in your browser in order to be able to assign the consents you have given or revoke them. The data collected in this way will be stored until you ask us to delete it, delete the Processwire cookie yourself or the purpose for storing the data no longer applies. Mandatory statutory data retention obligations remain unaffected. Processwire is used to obtain the legally required consents for the use of cookies.

The legal basis for this is § 6 No. 6 DSG-EKD (Art. 6 para. 1 sentence 1 lit. c) GDPR).

Customer Alliance

This page integrates a widget from Customer Alliance for displaying reviews.

The provider is

CA Customer Alliance GmbH
Ullsteinstr. 130 | Tower B
12109 Berlin.

In order to use the functions of the Customer Alliance widget, it is necessary to save your IP address, browser information (name, version), website, user's operating system, user's screen resolution, language settings of the browser or the user's operating system. When you enter and submit a review, this data is usually transferred to a Customer Alliance server and stored there. The provider of this site has no influence on this data transfer.

The Customer Alliance widget is used in the interest of presenting the reviews of our hotel submitted on Customer Alliance and to be able to offer the option of writing a review on Customer Alliance. This constitutes a legitimate interest within the meaning of § 6 No. 4 DSG-EKD (Art. 6 para. 1 lit. f) GDPR).

You can find more information on how Customer Alliance handles user data in the privacy policy at hdps://www.customer-alliance.com/de/datenschutzbestimmungen/.

Google Maps

We use Google Maps on our website to display our location. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google". If you call up the Google Maps component integrated into our website and consent to its use, Google stores a cookie on your end device via your Internet browser. Your user settings and data are processed in order to display our location and create directions. We cannot rule out the possibility that Google uses servers in the USA. The legal basis is § 6 No. 4 DSG-EKD (Art. 6 para. 1 lit. f) GDPR). Our legitimate interest lies in optimizing the functionality of our website. The connection to Google established in this way enables Google to determine from which website your request has been sent and to which IP address the directions are to be sent. If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your Internet browser. Details on this can be found above under "Cookies". In addition, the use of Google Maps and the information obtained via Google Maps is governed by the Google Terms of Use hdps://policies.google.com/terms?gl=DE&hl=en and the Terms and Conditions for Google Maps hdps://www.google.com/intl/de_de/help/terms_maps.html. In addition, Google offers
provides further information at hdps://adssedings.google.com/authenticated and hdps://policies.google.com/privacy.

Integration voucher store "VOUCHER - voucher management"

This site uses the software "Voucher Gutscheinverwaltung" for the sale of vouchers. The provider of the software is:

SoftTec GmbH
Hindelanger Str. 35
87527 Sonthofen
Phone: +49 (0)8321 / 6749 30 Website: www.sofdec.de

We process your personal data when you book a voucher voucher online exclusively in order to communicate with you and to prepare or process business transactions. In this context, a large number of processing activities are carried out, which are listed below:

• Preparation and processing of the online booking
• Provision of the voucher voucher for download
• Provision of the voucher voucher by e-mail
• Compliance with legal obligations, such as Accounting, bookkeeping and auditing requirements

For the above-mentioned purposes, we process personal data that you have provided yourself or that is collected in connection with your online booking with us.

We process this personal data in the course of the online booking of a voucher voucher on the basis of § 6 No. 5 DSG-EKD (Art. 6 para. 1 lit. b) GDPR), provided that your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us § 6 No. 4 DSG-EKD (Art. 6 para. 1 lit. f) GDPR) or on your consent § 6 No. 2 DSG-EKD (Art. 6 para. 1 lit. a) GDPR) if this has been requested.

We transmit your personal data as part of the online booking of a voucher voucher exclusively to the named service provider SoftTec GmbH, which may only process your data on our behalf and in accordance with our instructions pursuant to Section 30 DSG-EKD (Art. 28 GDPR). This service provider has been checked by us for compliance with data protection and has been obligated accordingly by means of an order processing contract.

Disclosure to third parties and processors

Your personal data will only be passed on to third parties or processors in accordance with the information in the data protection information. For the processing of bookings and payment and The data may be passed on to shipping service providers, banks and other service providers for this purpose. All service providers are carefully selected by us and are contractually bound to our high level of security. The companies receive personal data within the scope of so-called order processing to the extent required for the respective assignment. The use of this data by the commissioned companies for their own purposes is contractually excluded, unless otherwise stated. Section 6 no. 5 DSG-EKD (Art. 6 para. 1 lit. b) GDPR) is the relevant legal basis here, as the transfer takes place in the course of contract fulfillment or in the initiation of contracts. In addition, personal data may be passed on on the basis of the GDPR, the BDSG and, if applicable, other relevant legal regulations, insofar as we are legally obliged to do so § 6 No. 6 DSG-EKD (Art. 6 para. 1 sentence 1 lit. c) GDPR).

Data transfer outside the EU

Your data is generally processed within the EU. If, in exceptional cases, data is transferred to a third country, this will only take place if this is absolutely necessary in order to provide you with the respective services and in compliance with the requirements of the GDPR, including compliance with suitable guarantees in accordance with Section 10 DSG-EKD (Art. 44 et seq. GDPR).

Your rights

Right to information

According to § 19 DSG-EKD (Art. 15 GDPR), you have the right to request confirmation from us as to whether personal data concerning you is being processed by us. If this is the case, you have a right to information about this personal data and to further information as specified in Section 19 DSG-EKD (Art. 15 GDPR).

Right to rectification

In accordance with Section 20 DSG-EKD (Art. 16 GDPR), you have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure

You have the right to request the erasure of your data if the requirements set out in Section 21 DSG-EKD (Art. 17 GDPR) are met. For example, you can request the erasure of your data if it is no longer necessary for the purposes for which it was collected. You can also request erasure if we process your data on the basis of your consent and you withdraw this consent.

Right to restriction of processing

You have the right to request the restriction of the processing of your data if the requirements of Section 22 DSG-EKD (Art. 18 GDPR) are met. This is the case, for example, if you dispute the accuracy of your data. You can then request the restriction of processing for the duration of the verification of the accuracy of the data.

Right to data portability

In accordance with Section 24 DSG-EKD (Art. 20 GDPR), you have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller, insofar as this is technically feasible.

Right to object

If the processing of data is based on your consent, you are entitled to withdraw your consent to the use of your personal data at any time in accordance with Section 25 (1) DSG-EKD (Art. 7 (3) GDPR). Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected. Please also note that we may have to retain certain data for a certain period of time in order to comply with legal requirements.

Right to lodge a complaint

If you believe that the processing of personal data concerning you is in breach of the GDPR, you have the right - without prejudice to any other administrative or judicial remedy - to lodge a complaint with a supervisory authority pursuant to Section 46 GDPR (Art. 77 GDPR), in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

The competent supervisory authority is

The Data Protection Officer for the Protestant Church and Diaconia Berlin Branch Office for the Data Protection Region East
Invalidenstraße 29
10115 Berlin
Telephone: +49 (0)30 2005157-0
Fax: +49 (0)30 2005157-20
ost@datenschutz.ekd.de

Updates to this data protection notice

This Privacy Notice was last updated in November 2023. We reserve the right to update and amend this Privacy Notice at any time to reflect the way we use your personal data or changes in legal requirements. In the event of such changes, we will publish the amended privacy notice on our website. Any amended information will apply from the date on which it is published on our website.

Status: November 2023