Hotel Goldener Ochsen Goeppingen Hohenstaufen

Ailstrasse 1 Germany 73037 GGoeppingen - Hohenstaufen Telephone (+49) (0) 7165 8062 Proprietors : Hermann Mayer

Privacy Policy:

The processing of data on this website is carried out by the website operator.

You can find the contact details in the section “Name and Address of the Controller” in this privacy policy.

Please note:

This English translation of our privacy policy is provided for informational purposes only.

The German version is the sole legally binding document.

Overview of the Legal Basis for Data Processing:

The processing of your personal data on this website complies with applicable data protection regulations, in particular the GDPR.

Consent:

If you have consented to the processing, it is based on Article 6(1)(a) or, for special categories of data, Article 9(2)(a) GDPR.

In the case of explicit consent to data transfers to third countries, the processing is additionally based on Article 49(1)(a) GDPR.

Cookies:

Our site does not use cookies.

Contract-Related Data:

If the processing is necessary for the performance of a contract or to carry out pre-contractual measures, it is based on Article 6(1)(b) GDPR.

Legal Obligation:

Processing required by law is carried out in accordance with Article 6(1)(c) GDPR.

Legitimate Interest:

In certain cases, we base the processing on our legitimate interest pursuant to Article 6(1)(f) GDPR.

Further details on the respective legal basis can be found in the following sections of this privacy policy.

Name and Address of the Controller:

Goldener Ochsen

Hermann Mayer

Ailstrasse 1 73037 Goeppingen - Hohenstaufen

Phone 07165 8062

e-mail: info@hotel-goldener-ochsen-hohenstaufen.de

Web Hosting:

This website is hosted by an external service provider.

The personal data collected is stored on the hoster's servers.

This includes, in particular, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses, and other data generated through the use of the website.

External hosting is carried out to fulfill contracts with our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of a secure, fast, and efficient provision of our online services by a professional provider (Art. 6(1)(f) GDPR).

If consent has been obtained, the data processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) as per TDDDG.

This consent can be revoked at any time.

Our hoster(s) process your data only to the extent necessary to fulfill their contractual obligations and follow our instructions regarding this data.

We host the content of our website with the following hoster: Strato
The provider is Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin (following “Strato”).

When you visit our website, Strato collects various log files, including your IP addresses.
For more information, please refer to Strato’s privacy policy:
https://www.strato.de/datenschutz/.
The use of Strato is based on Art. 6(1)(f) GDPR.

We have a legitimate interest in ensuring the most reliable presentation of our website.

If corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) as per TDDDG.

We have concluded a data processing agreement (DPA) with Strato, which ensures that Strato processes personal data only in accordance with our instructions and in compliance with strict German and European data protection standards.

Strato processes the data on our behalf and is contractually obliged to comply with data protection regulations.

The consent can be revoked at any time.

E-Mail Hosting and E-Mail Communication:

For sending and receiving e-mails, we use the services of our hoster Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin (following “Strato”).

When you send us an e-mail or we send you an e-mail, the e-mail addresses, the content of the e-mails, and technical metadata (such as the date sent, IP address of the sender and recipient) are stored and processed on Strato’s servers.

The processing of this data serves to provide reliable and secure e-mail communication, handle your inquiries, and fulfill our contractual obligations to you.

The legal basis for this processing is Art. 6(1)(b) GDPR (contract performance or pre-contractual measures) for inquiries or bookings related to a contract, and Art. 6(1)(f) GDPR (legitimate interest) for general e-mail communication and our interest in efficient and secure communication.

Strato processes the data on our behalf and is contractually obliged to comply with data protection regulations.

Further information on data protection at Strato can be found in their privacy policy at: https://www.strato.de/datenschutz/.

E-mails and the data contained therein are stored as long as necessary for the purpose of communication, legal retention obligations, or the assertion, exercise, or defense of legal claims.

Data Processing Agreement:

We have concluded a data processing agreement (DPA) for the use of the above-mentioned services (web hosting, e-mail hosting, and e-mail communication) with our hoster.

This is a contract required by data protection law that ensures that the hoster processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Server Log Files:

We (or our web service provider) collect data about every access to the website (so-called server log files). The access data includes: the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address, and the requesting provider.
The log data is used only for statistical evaluations for the purpose of operation, security, and optimization of the offering.
We (or our web service provider) reserve the right to subsequently review the log data if there is a justified suspicion of unlawful use based on specific indications.
No merging of this data with other data sources is performed.
The collection of this data is based on Art. 6(1)(f) GDPR.
We have a legitimate interest in the technically error-free presentation of our website, which requires the collection of server log files.
The server log files are stored for a period of 3 months and then automatically deleted.
Internet Security:
We have our web and mail servers in Germany.
Nevertheless, routing of data traffic via transit routes outside Germany and the European Union cannot be ruled out.
We expressly point out that data transmission on the Internet (e.g., during communication via e-mail) may have security vulnerabilities and cannot be completely protected from access by third parties.
For information with a high need for confidentiality, we recommend using postal mail or appropriate electronic protection measures.

SSL Encryption:

Our website uses SSL encryption for the transmission of confidential or personal content of our users.
This SSL encryption is activated, for example, during payment transactions and for contact requests you make to us via our website.
Please ensure that SSL encryption is activated for the relevant activities on your end.
The use of encryption is easy to recognize: The display in your browser bar changes from “http://” to “https://”.
Contacting Us:
When you contact us (e.g., via contact form, letter, phone, or e-mail), the user’s details are stored for the purpose of processing the inquiry and in case follow-up questions arise.
Personal data is collected by us when you voluntarily provide it, for example, when you contact us.
The personal data provided to us in this way will, of course, be used solely for the purpose for which you provided it when contacting us.
The provision of this information is expressly on a voluntary basis and with your consent.
Insofar as this involves information about communication channels (e.g., e-mail address, phone number), you also consent to us contacting you via this communication channel, if necessary, to address your concern.
Data processing is carried out in accordance with Art. 6(1)(b) GDPR if your inquiry relates to contract performance or pre-contractual measures.
In all other cases, the processing is based on our legitimate interest in the efficient processing of your inquiries (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if it has been obtained.
You can, of course, revoke your consent at any time.
The data sent to us via contact requests remains with us until you request its deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your concern has been resolved). Mandatory legal provisions – in particular statutory retention periods – remain unaffected.
Objection to Advertising E-Mails:
As part of the legal imprint obligation, we must publish our contact details.
These are sometimes used by third parties to send unsolicited advertising and information.
We hereby object to any sending of advertising material of any kind that we have not expressly authorized.
We expressly reserve the right to take legal action against the unsolicited and unrequested sending of advertising material.
This applies in particular to so-called spam e-mails, spam letters, and spam faxes.
We point out that the unauthorized transmission of advertising material may involve competition law, civil law, and criminal law violations.
In particular, spam e-mails and spam faxes can lead to high claims for damages if they disrupt business operations by overloading mailboxes or fax machines.

Information, Deletion, Blocking: Sie erhalten jederzeit unentgeltlich Auskunft über die von uns gespeicherten personenbezogenen Daten zu Ihrer Person sowie zur Herkunft, dem Empfänger und dem Zweck von Datenerhebung sowie Datenverarbeitung. Außerdem haben Sie das Recht, die Berichtigung, die Sperrung oder Löschung Ihrer Daten zu verlangen.

This does not apply to data that must be retained due to legal requirements or is needed for proper business operations.

To enable a data block at any time, data is kept in a block file for control purposes.

If the data is not subject to a legal archiving obligation, we will delete your data upon your request.

If an archiving obligation applies, we will block your data.

For all questions and concerns regarding the correction, blocking, or deletion of personal data, please contact us using the contact details in this privacy policy or the address provided in the imprint.

Are personal data shared with third parties?:

Processing and use of your data for consulting, advertising, and market research purposes occur only with your explicit consent.

Your data will not be sold, rented, or otherwise provided to third parties. Transfers of personal data to government institutions and authorities occur only within the scope of mandatory national legal provisions.

Your Rights as a Data Subject:

As a data subject, you have various rights under the GDPR.

You can assert these rights at any time against the controller.

Please direct your inquiries to the contact address provided in this privacy policy or in the imprint.

Right to Rectification (Art. 16 GDPR):

You have the right to request from us the immediate rectification of inaccurate personal data concerning you.

Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data – including by means of a supplementary statement.

Right to Restriction of Processing (Art. 18 GDPR):

You have the right to request the restriction of the processing of your personal data if one of the following conditions is met: the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data; the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; we no longer need the personal data for the purposes of the processing, but you require them for the establishment, exercise, or defense of legal claims; or you have objected to processing pursuant to Art. 21(1) GDPR pending the verification of whether the legitimate grounds of our company override yours.

If processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the EU or a Member State.

We will inform you before the restriction is lifted.

Right to Data Portability (Art. 20 GDPR):

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and you have the right to transmit those data to another controller without hindrance from us, where: the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR; and the processing is carried out by automated means.

In exercising your right to data portability, you have the right to have the personal data transmitted directly from us to another controller, where technically feasible.

General Right to Object (Art. 21 GDPR):

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Art. 6(1)(e) (public interest or exercise of official authority) or Art. 6(1)(f) (legitimate interest) GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR):

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged will inform the complainant about the progress and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

Competent Supervisory Authority for Baden-Württemberg:

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg

Lautenschlagerstraße 20

70173 Stuttgart

Phone: 0711/61 55 41 – 0

Fax: 0711/61 55 41 – 15

E-Mail: poststelle@lfdi.bwl.de

Website: https://www.baden-wuerttemberg.datenschutz.de

Youth Protection:

Children and adolescents with limited legal capacity may not, as a rule, transmit personal data to our websites without the consent of their parents or guardians. We will under no circumstances knowingly collect, use, or disclose personal data from children or adolescents with limited legal capacity to third parties without authorization.