Ringhotels e.V. and Ringhotels HeimatGenuss GmbH attach great importance to data protection. We would therefore like to inform you below about how we process your personal data. Personal data is all information that we can assign to you directly or indirectly. We only process our users' personal data to the extent necessary to provide a functional website and our content and services. The processing of our users' personal data only takes place regularly with the user's consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and/or the processing of the data is permitted by law or we are obliged to process it by law.
When processing your personal data, we strictly adhere to the statutory provisions of the EU General Data Protection Regulation (hereinafter “GDPR”), the German Federal Data Protection Act and the German Telemedia Act. In principle, you can visit our websites without providing any personal data. In some cases, we need information from you, for example:
We use technical and organizational security measures to protect your data managed by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Before sensitive data is transmitted to us, we encrypt it using the SSL (Secure Socket Layer) method. This is the most secure and most commonly used method worldwide. It is also used for online banking, among other things.
You can recognize an encrypted connection by the lock symbol in the address bar of the browser.
I. Name and address of the controller
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is
Ringhotels e.V.
represented by the Managing Director Petra Weindl
Register of Associations Munich, VR 15181
Ringhotels HeimatGenuss GmbH
represented by the managing director Petra Weindl
Munich Local Court, HRB 240250
Stefan-George-Ring 22, 81929 Munich
Phone: +49 (0) 89 45 87 03-0 / Fax: +49 (0) 89 45 87 03-31
E-mail: info@ringhotels.de
Websites www.ringhotels.de and www.gast-im-schloss.de
II. Name and address of the data protection officer
You can reach the data protection officer of Ringhotels e.V., Mr. Patrick Rosenow, lawyer, by post at the above address or
Phone: +49 (0) 89 44 24 98-0
E-Mail: Patrick.Rosenow@Rosenow-Tiemann.de
III Provision of our Ringhotels and Gast-im-Schloss websites and creation of log files
1. what data is collected and used when you visit our Ringhotels and Gast-im-Schloss websites?
Each time you visit our website www.ringhotels.de or http://www.gast-im-schloss.de, your computer system sends and our system automatically collects data and information. The following data is collected:
Your IP address, which is stored anonymously, the date and time of access and the website or application from which access is made (URL).
This data is also stored in the log files of our system. We do not store this data together with your other personal data.
2. For what purpose do we collect and use your personal data?
The IP address is stored permanently during every booking and order process. This is necessary in order to be able to trace any fraudulent transactions.
The data is stored in log files to ensure the functionality of the website. We also use the data to optimize the website and to ensure the security of our information technology systems.
3. On what legal basis do we collect and use your personal data?
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR. Our legitimate interest in data processing pursuant to Art. 6 para. 1 lit. f GDPR lies in the aforementioned purposes. We use cookies and other tracking applications on our website, which we describe in section VI.
IV. Your registration as a customer in the password-protected area, your bookings via our online booking tool, your orders in the webshop and your participation in the HeimatGenuss Card program and in our competitions and their respective processing
1. What data do we collect and use when you register as a customer?
On our website, we offer you the opportunity to register as a customer by providing personal data. Your data will be entered into an input mask and transmitted to us and stored. After registering, you will receive an e-mail from us with an activation link. Once you have activated your account by clicking on the “activation link”, your account is created. For subsequent logins, you must enter your user ID and password. Registered customers can manage and/or change their profile data within the password-protected area. The data will not be passed on to third parties. The following data is collected as part of the registration process: Surname, first name, address, e-mail address, any other voluntary details and your booking and/or order data.
2. What data do we collect and use for your bookings via our online booking tool, your orders in the web store and your participation in the HeimatGenuss Card program and our competitions and their respective processing?
We collect the following data for your bookings via our online booking tool, your orders in the web store and your participation in the HeimatGenuss Card program and our competitions and their processing: Surname, first name, address, telephone number, e-mail address, date of birth, HeimatGenuss Card no., Card and ring status, turnover, information on hotel stays (arrival/departure dates, hotels booked), guest-specific requests/comments and your bank details. Your data will be passed on to the respective Ringhotel in order to process the hotel booking or package tour, or to redeem the reward rings in the HeimatGenuss Card program or to hand out prizes or to process your order in the webshop to partner and logistics companies that will deliver the goods to you.
3. For what purpose do we collect and use your personal data?
a) After registering, you can use your customer data to manage your profile data, manage and/or change and/or cancel your newsletter subscription and - if you participate in the HeimatGenuss Card program - view the status of the rings you have collected and/or redeem the collected reward rings for rewards.
b) Your data collected when making bookings via our online booking tool, when ordering in the webshop and when participating in the HeimatGenuss Card program and in our competitions are used to process your bookings, orders and deliveries, such as for the telephone consultation of booking and delivery dates. Your e-mail address is used, among other things, to send booking and order confirmations and to send invoices.
c) As part of the direct debit procedure, we pass on the data we collect when you book and order to our financial service provider in order to collect our travel price and/or purchase price claim.
4. On what legal basis do we collect and use your personal data?
a) Art. 6 para. 1 lit. a GDPR serves as the legal basis for the data you provide to us when registering as a customer. On the basis of Art. 6 para. 1 lit. f GDPR, we assign you a customer number and/or HeimatGenuss Card no. and process the data that you send us in the course of sending us an e-mail.
b) We require the data collected when you book or order in order to fulfill a contract. Art. 6 para. 1 lit. b GDPR serves as the legal basis for the processing of personal data required to carry out pre-contractual measures and to fulfill a contract or hand over prizes. The processing of your personal data is necessary to protect your and our legitimate interests, in particular for further communication with you. Art. 6 para. 1 lit. f GDPR serves as the legal basis for this. Insofar as the processing of your personal data is necessary to fulfill our legal obligation under tax and commercial law, to which we are subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
5. Data erasure and storage duration
We delete or block your personal data as soon as the purpose of storage no longer applies. Data will also be stored if this is provided for by the European or national legislator in EU regulations, laws or other provisions.
On the basis of Art. 6 para. 1 lit. c) GDPR, we store your data until the expiry of statutory warranty periods as well as the data required under commercial and tax law for the respective statutory period. The data will be blocked or deleted if a storage period prescribed by the aforementioned standards expires.
You can revoke your consent at any time. A revocation does not affect the legality of the processing that has already taken place on the basis of the consent until the revocation. You can have your data collected on the basis of your consent during registration amended at any time with effect for the future. Insofar as this data is required to fulfill a contract or to carry out pre-contractual measures, deletion is only possible if the deletion does not conflict with contractual or legal obligations.
V. Advertising / Newsletter / E-mail
We use your e-mail address for advertising purposes under the following conditions.
1. What data do we collect and use for advertising purposes?
a) You will find a contact form on our website where you can register as a customer in the password-protected area. Your e-mail address can be used for electronic contact. You can also order our brochures using a form without providing your e-mail address.
b) You can subscribe to our e-mail newsletter on our website. When you register for the newsletter, the data from the input screen is transmitted to us as described in section IV.1. The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address you use. In addition, you can be informed about our current offers and services, in particular by receiving our brochures.
2. For what purpose do we collect the data?
We collect your e-mail address in order to send you our newsletter and/or our current offers and services. Your data will be transferred to MailChimp, based in the USA, to send the newsletter.
The newsletter is sent using the mailing service provider “MailChimp”, a newsletter mailing platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the privacy policy of the mailing service provider here: https://mailchimp.com/legal/privacy/. The shipping service provider is used on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR and an order processing contract pursuant to Art. 28 para. 3 sentence 1 GDPR.
The mailing service provider may use the data of the recipients in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services, e.g. to technically optimize the mailing and presentation of the newsletter or for statistical purposes. However, the mailing service provider does not use the data of our newsletter recipients to write to them itself or to pass the data on to third parties. MailChimp is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with the European level of data protection (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG).
3. Legal basis for data processing
We will only use your contact details to send you our newsletter and/or our current offers and services if you have given your consent. The legal basis for this is Art. 6 para. 1 lit. a GDPR. If you have consented to the use of your email address for advertising purposes, we will use it in accordance with Section 7 (2) UWG. You can revoke your consent to advertising use at any time.
4. Duration of storage / objection and removal option
The data will be deleted as soon as it is no longer required for the purpose for which it was collected. The user's e-mail address will therefore be stored for as long as the subscription to the newsletter is active or the user is no longer a customer of ours.
You can unsubscribe from the newsletter at any time by e-mail or by clicking on the unsubscribe link in the newsletter itself.
You have the option of withdrawing your consent to the processing of personal data at any time.
VI. Use of cookies and website analysis services
We use cookies and website analysis services on our Ringhotels and Gast-im-Schloss websites. These are described below.
1. Cookies
1.1 What are cookies and what do we use them for?
a) Our websites use cookies. You do not have to accept cookies to visit our websites. If you do, you will unfortunately not be able to use the full functionality of our Ringhotels and Gast-im-Schloss websites.
Cookies are text files that are stored in the Internet browser or by the Internet browser of your computer system when you visit our websites. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the web pages are called up again.
We use cookies to enable a booking and ordering process in our online booking tool and/or web store. The following data is stored and transmitted in the cookies: Log-in information.
1.2 For what purpose do we use cookies?
We use technically necessary cookies to make it easier for you to use Ringhotels and Gast-im-Schloss websites. We do not use the user data collected by technically necessary cookies to create user profiles.
Some functions of our websites cannot be offered without the use of cookies, e.g. the use of the shopping basket in our web store. This requires the browser to be recognized even after a page change.
1.3 On what legal basis do we use your personal data?
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the purposes stated in section 1.2. The legal basis for the processing of personal data using cookies for analysis purposes is only carried out with your consent. In this case, Art. 6 para. 1 lit. a GDPR is the legal basis.
1.4 Data deletion and storage duration, objection and removal option
Cookies are stored on the user's computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically.
2. Website analysis services
The website analysis services used on our Ringhotels and Gast-im-Schloss websites are summarized below:
a) Google Analytics
Our websites use Google Analytics, a web analytics service provided by Google Inc (“Google”), to enable the continuous optimization of our Ringhotels and Gast-im-Schloss websites. The legal basis for the use of Google Analytics is Art. 6 para. 1 lit. f GDPR.
Google uses this information on our behalf to evaluate your use of the websites, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. Google uses cookies for this purpose, which enable your use of our websites to be analyzed. The legal basis for the use of Google is Art. 6 para. 1 lit. f GDPR.
The information generated by the cookie about your use of our websites is usually transmitted to a Google server in the USA and stored there. This involves information such as your browser type, the operating system you are using, the time of your access and the IP address. IP addresses are anonymized so that they cannot be assigned. Under no circumstances will your IP address be merged with other Google data.
You can prevent the storage of cookies by selecting the appropriate settings in your browser software. In this case, you may not be able to use all the functions of our websites. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the websites (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
You can find more information on terms of use and Google Analytics data protection at http://www.google.com/analytics/terms/de.html or at https://www.google.de/intl/de/policies/.
b) Matomo
The Ringhotels and Gast-im-Schloss websites use Matomo, an open source web analysis tool (https://matomo.org/), to collect and store data for marketing and optimization purposes. This data can be used to create user profiles under a pseudonym. Cookies can be used for this purpose. Cookies are small text files that are stored locally in the cache of the website visitor's Internet browser. Cookies make it possible to recognize the Internet browser. The data collected with Matomo will not be used to personally identify the visitor to this website without the separately granted consent of the person concerned and will not be merged with personal data about the bearer of the pseudonym.
VII. online booking tool DIRS 21
Our websites use the online booking tool DIRS21 (hereinafter “OBT”) from TourOnline AG, Borsigstraße 26, 73249 Wernau, Germany (www.dirs21.de, hereinafter “TOAG”) to enable online bookings of accommodation services and other travel services, as well as to process inquiries. Within the framework of the OBT, TOAG processes the data as the controller. The information and provisions on data protection can be found in TOAG's data protection declaration for the OBT, which you can access at any time from the OBT or at www.dirs21.de/datenschutz
VIII. DialogShift Chat Application and Other Communication Services on Our Website
Our website uses the communication services of DialogShift GmbH, Torstr. 201, 10115 Berlin. These include a chat application, email communication, and telephone communication. The applications process and store data for the purpose of web analytics, operating communication services, and responding to inquiries.
For the operation of the chat function, the chat texts are stored and a cookie with a unique ID is set - this serves to recognize you as a customer. For email and telephone communication, the communication contents are also temporarily stored to ensure efficient processing of your requests.
A cookie is a small text file that is stored locally in the cache on your device. Using this cookie, our application recognizes the device again and can retrieve past chat protocols. This cookie is stored for 90 days from last use. You can disable the storage of cookies in your browser settings. However, the chat function cannot be executed without the use of cookies.
The possible disclosure of e.g., name, email address, or telephone number is voluntary and includes consent to temporarily use and store this data for the purpose of contact until the end of the contact. This personal data will be deleted after 90 days. When using the Journey Messaging Service, your contact details may also be used for the transmission of travel-related information (such as check-in information) if you have consented to this.
The legal basis for data processing is based on Art. 6 Para. 1 lit. a GDPR, § 25
Para. 1 TTDSG on the basis of your consent.
DialogShift provides further information about the collection and use of data as well as your rights and options for protecting your privacy at https://www.dialogshift.com/privacy.
IX. Rights of the data subject
You have the right to withdraw your consent given to us at any time. If we process your personal data, you are a data subject within the meaning of the GDPR. You have the following additional rights vis-à-vis us
1. Right to information (Art. 15 GDPR)
In accordance with Art. 15 GDPR, you can request confirmation from us as to whether we are processing personal data concerning you.
If such processing is taking place, you can request information from us about
(1) the purposes for which the personal data are processed
(2) the categories of personal data being processed
(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed
(4) the envisaged period for which the personal data concerning you will be stored, or, if specific information on this is not possible, the criteria used to determine that period
(5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing
(6) the existence of a right to lodge a complaint with a supervisory authority
(7) all available information about the origin of the data if the personal data is not collected from the data subject
(8) the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
2. Right to rectification (Art. 16 GDPR)
You can request the rectification and/or completion of your personal data processed by us in accordance with Art. 16 GDPR.
3. Right to restriction of processing (Art. 18 GDPR)
In accordance with Art. 18 GDPR, you can request that we restrict the processing of your personal data under the following conditions
(1) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead
(3) the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; or
(4) if you have objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override your grounds.
If the processing of personal data concerning you has been restricted, this data - apart from its storage - may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
4. Right to erasure (Art. 17 GDPR)
In accordance with Art. 17 GDPR, you have the right to obtain from us the erasure of personal data concerning you under the following conditions
a) Obligation to erase
You can demand that we erase the personal data concerning you without undue delay if one of the following grounds applies
(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.
(3) You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
(4) The personal data concerning you has been processed unlawfully.
(5) The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
(6) The personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.
b) Information to third parties
If we have made the personal data concerning you public and are obliged to delete it in accordance with Art. 17 para. 1 GDPR, we must take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you have requested the deletion of all links to this personal data or of copies or replications of this personal data.
c) Exceptions
The right to erasure does not exist if the processing is necessary
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
(3) for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
(5) for the establishment, exercise or defense of legal claims.
5. Right to information (Art. 19 GDPR)
If you have asserted the aforementioned rights to rectification, erasure or restriction of processing against us, we are obliged under Art. 19 GDPR to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed about these recipients.
6. Right to data portability (Art. 20 GDPR)
According to Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where
(1) the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
(2) the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from us to another controller, where technically feasible. The freedoms and rights of other persons may not be impaired by this.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object (Art. 21 GDPR)
Pursuant to Art. 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 (1) (e) or (f) GDPR, including profiling based on those provisions.
If you exercise this right, we will no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the option, in connection with the use of information society services - notwithstanding Directive 2002/58/EC - to exercise your right to object by means of automated procedures that use technical specifications.
8. Right to revoke the declaration of consent under data protection law
In accordance with Art. 7 (3) GDPR, you have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
9. Automated decision-making in individual cases including profiling (Art. 22 GDPR)
In accordance with Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
(1) is necessary for the conclusion or performance of a contract between you and the controller
(2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) with your express consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.
With regard to the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision. 10.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
Status: March 2020
