Our Privacy Policy
1. Name and Contact Details of the controller and the company data protection officer
This data protection information applies to data processing by
Controller:
Aalernhüs Hotel OHG
represented by Ms. Claudia Gerlach
Friedrich-Hebbel-Straße 2
D-25826 St. Peter-Ording
GermanyE-mail: info@aalernhues.de
Phone: +49 (0)48 63 70 10
Fax: +49 (0)48 63 701 100
Data protection officer:
Dr. Jürgen Fechner -- dr.fechner | it-unternehmensberatung
eMail: j.fechner@fue-soft.de
2. Collection and Storage of Personal Data and Type and Purpose of Their Use
a) When Visiting the Website
When you access our website aalernhues.de, the browser used on your device automatically sends information to our website’s server. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted:
- IP address of the requesting computer,
- Date and time of access,
- Name and URL of the retrieved file,
- Website from which access occurs (referrer URL),
- Browser used and, if applicable, the operating system of your computer as well as the name of your access provider.
The mentioned data is processed by us for the following purposes:
- Ensuring a smooth connection to the website,
- Ensuring convenient use of our website,
- Evaluating system security and stability, and
- Other administrative purposes.
The legal basis for data processing is Article 6(1) sentence 1 lit. f GDPR (legitimate interest). Our legitimate interest arises from the purposes of data collection listed above. Under no circumstances do we use the collected data to draw conclusions about your person.
Furthermore, we use cookies and analysis services when you visit our website. Detailed explanations on this can be found in sections 4 and 5 of this privacy policy.
b) When Subscribing to Our Newsletter
If you have expressly consented under Article 6(1) sentence 1 lit. a GDPR, we will use your email address to regularly send you our newsletter. Providing an email address is sufficient to receive the newsletter.
You can unsubscribe at any time, for example via a link at the end of each newsletter. Alternatively, you can send your unsubscribe request to info(at)aalernhues.de by email at any time.
c) When Using Our Contact Form
For any inquiries, we offer you the opportunity to contact us via a form provided on the website. A valid email address is required so that we know who the request is from and can respond to it. Additional information can be provided voluntarily.
Data processing for the purpose of contacting us is carried out under Article 6(1) sentence 1 lit. a GDPR based on your voluntarily given consent. If the contact is made for the purpose of pre-contractual measures (e.g., request for an offer), data processing is based on Article 6(1) sentence 1 lit. b GDPR.
The personal data collected by us for the use of the contact form will be automatically deleted after the request has been processed. If the request is part of business correspondence (received business letter – retention obligation under § 257(1) no. 2 HGB, retention obligation for business and commercial letters § 147(1) no. 2, para. 3 AO), the retention period is 6 years.
d) When Using Our Flyers, Brochures, and Information Forms in PDF or Print Versions
We provide flyers, brochures, and information forms in both PDF/HTML versions on our website and as classic print versions with information about our services and those of our contractual partners. If you voluntarily provide us with personal data such as name, address, or email address, we may collect, process, and, if necessary, forward this data to our partners to address and inform you about the subject matter.
Data processing for the purpose of contacting us is carried out under Article 6(1) sentence 1 lit. a GDPR based on your voluntarily given consent. If the contact is made for the purpose of pre-contractual measures (e.g., request for an offer), data processing is based on Article 6(1) sentence 1 lit. b GDPR. The collected personal data will be automatically deleted after processing your request. If the request is part of business correspondence, the data will be deleted after 6 years.
e) Website Services
In connection with our website, we work with myhotelshop GmbH, Floßplatz 6, D-04107 Leipzig, which provides placement services (selection, setup, and optimization of campaigns), consulting and management (development of online direct sales strategies), and website services. Within the contractual relationship, data such as name, address, email address, phone number, and details of contact usage and order fulfillment of business customers and hotel customers are stored. Myhotelshop GmbH uses supporting platforms that operate in compliance with GDPR.
Partners in this collaboration include:
- easybill, easybill GmbH, Düsselstr. 21, 41564 Kaarst, Germany - https://www.easybill.de/privacy
- Google Ads, Google Tag Manager, Google Analytics - Google Germany GmbH, ABC-Strasse 19, 20354 Hamburg, Germany - https://policies.google.com/privacy
- Microsoft Advertising - Microsoft Deutschland GmbH, Walter-Gropius-Straße 5, 80807 München, Germany - https://privacy.microsoft.com/de-de/privacystatement
- Matomo - ePrivacy Holding GmbH, Große Bleichen 21, 20354 Hamburg, Germany - https://matomo.org/privacy-policy/
- Mailchimp - The Rocket Science Group LLC d/b/a Mailchimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA - https://mailchimp.com/legal/privacy/
- Pipedrive - Pipedrive OÜ, Mustamäe tee 3a, Tallinn 10615, Estonia - https://www.pipedrive.com/en/privacy
These platforms may apply tracking methods to measure service delivery and billing purposes, including:
- Cookies storing location, user agent (browser details), time & duration of access
- Use of tools such as:
- Voucher tools
- Chat tools
- Newsletter subscription forms
- Contact forms
- Web font libraries
3. Disclosure of Data
Your personal data will not be transmitted to third parties for purposes other than those listed below.
We only share your personal data with third parties if:
- You have given your express consent under Article 6(1) sentence 1 lit. a GDPR,
- The disclosure is necessary under Article 6(1) sentence 1 lit. f GDPR for the assertion, exercise, or defense of legal claims and there is no reason to assume that you have an overriding interest in non-disclosure,
- There is a legal obligation for disclosure under Article 6(1) sentence 1 lit. c GDPR, or
- It is legally permissible and necessary under Article 6(1) sentence 1 lit. b GDPR for the processing of contractual relationships with you or for the implementation of pre-contractual measures requested by the affected person.
4. Cookies
We use cookies on our website. These are small files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not harm your device, nor do they contain viruses, Trojans, or other malware.
Cookies store information related to the specific device used. However, this does not mean that we gain direct knowledge of your identity.
The use of cookies serves various purposes. First, cookies help make your experience on our website more pleasant. For example, we use session cookies to recognize that you have already visited certain pages of our website. These cookies are automatically deleted once you leave our website.
Additionally, we use temporary cookies to enhance user-friendliness. These cookies are stored on your device for a defined period. When you revisit our website to use our services, it automatically recognizes that you have been here before, along with any inputs and settings you have made, so you do not have to enter them again.
Furthermore, we use cookies to statistically analyze website usage and optimize our services for you (see section 5). These cookies enable us to recognize returning visitors. They are automatically deleted after a predefined period.
The data processed through cookies is necessary for the stated purposes to safeguard our legitimate interests as well as those of third parties under Article 6(1)(f) GDPR.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer, or a notification appears before a new cookie is placed. Disabling cookies completely may result in limited website functionality.
Opt-Out Option: If you do not wish to use cookies or want to delete existing cookies, you can disable and remove them via your internet browser settings. More information on deleting or disabling cookies can be found in your browser’s help section or online by searching for "disable cookies" or "delete cookies." (Instructions for deleting in Microsoft Internet Explorer. Instructions for deleting in Mozilla Firefox. Instructions for deleting in Safari).
5. Analysis Tools
a) Tracking Tools
The tracking measures listed below and used by us are carried out based on Article 6(1) sentence 1 lit. f GDPR. With the tracking measures used, we aim to ensure a user-friendly design and the continuous optimization of our website. Additionally, we use these tracking measures to statistically record the use of our website and evaluate it for the purpose of optimizing our offerings for you. These interests are considered legitimate within the meaning of the aforementioned regulation.
The respective data processing purposes and data categories can be found in the corresponding tracking tools.
i) Google Analytics
For the purpose of user-friendly design and continuous optimization of our pages, we use Google Analytics, a web analytics service provided by Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google"). In this context, pseudonymized usage profiles are created, and cookies (see Section 4) are used. The information generated by the cookie about your use of this website includes:
- Browser type/version,
- Operating system used,
- Referrer URL (previously visited page),
- Hostname of the accessing computer (IP address),
- Time of the server request,
This data is transmitted to a Google server in the USA and stored there. The information is used to evaluate website usage, compile reports on website activities, and provide further services related to website and internet usage for market research and user-friendly website design purposes. This information may also be transferred to third parties where required by law or where such third parties process the information on our behalf. Under no circumstances will your IP address be merged with other Google data. IP addresses are anonymized, making identification impossible (IP masking).
You can prevent the installation of cookies by adjusting your browser settings accordingly; however, please note that in this case, you may not be able to fully use all the features of this website.
Additionally, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en).
As an alternative to the browser add-on, particularly for browsers on mobile devices, you can prevent data collection by Google Analytics by clicking this link. An opt-out cookie will be set, preventing the future collection of your data when visiting this website. The opt-out cookie applies only to this browser and only to our website and is stored on your device. If you delete the cookies in this browser, you will need to set the opt-out cookie again.
Further information on data protection related to Google Analytics can be found in the Google Analytics Help section (https://support.google.com/analytics/answer/6004245?hl=en).
6. Service Providers
i) Revinate
If you have expressly consented pursuant to Article 6(1) sentence 1 lit. a GDPR, we will use your email address to send you our newsletter regularly. The newsletter is sent via "Revinate," an email marketing service provided by the U.S. company Revinate, Inc., 1 Letterman Dr., Building C, Suite CM100, San Francisco, CA 94129, USA. The email addresses and names of our guests and newsletter recipients, as well as other data described in this notice, are stored on Revinate's servers in the USA. Revinate uses this information to send and analyze newsletters on our behalf, as well as to optimize or improve its services (e.g., technical optimization of email delivery and newsletter presentation).
When opening the newsletter, a so-called "web beacon" initially collects technical information, such as details about the browser and system, as well as your IP address and the time of retrieval. This information is used to improve services based on technical data or target groups, as well as to analyze reading behavior based on retrieval locations (which can be determined using the IP address) or access times.
We have entered into so-called "Standard Contractual Clauses" with Revinate to ensure compliance with an appropriate level of data protection.
You can object to receiving the newsletter at any time in the future. This also revokes your consent to receive newsletters via Revinate. To do so, please send an email to info(at)aalernhues.de. A link to unsubscribe from the newsletter can also be found at the end of each newsletter.
7. Social Plugins
This website uses social plugins from the social network Facebook.com. The plugins are operated by Facebook Inc. (hereinafter: Facebook), 1601 S. California Ave, Palo Alto, CA 94304, USA. The plugins are marked with a white "f" and refer to our presence: Aalernhüs Hotel & Spa on Facebook. The list of Facebook plugins can be found here.
When you access a page on our website that contains such a plugin, your browser establishes a direct connection to Facebook's servers. The content of the plugin is transmitted directly from Facebook to your browser and integrated into the website. Please note that we have no control over the extent and manner of data collection and processing by Facebook through these plugins. By embedding the plugins, Facebook receives information that you have accessed the corresponding page of our website. If you are logged into Facebook, Facebook can associate your visit with your Facebook account. If you use the plugins (such as the Like button), information from your browser is directly transmitted to Facebook and stored there. Even if you are not a Facebook member, Facebook may still determine and store your device's IP address. The purpose and scope of data collection and further processing and use of the data by Facebook, as well as your rights and settings options for protecting your privacy, can be found in Facebook's privacy policy in its current version.
If you do not want Facebook to collect data about you through our website, we recommend logging out of Facebook before visiting our site.
Our website uses so-called social plugins ("Plugins") from Instagram, which is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). The plugins are marked with an Instagram logo, for example, in the form of an "Instagram camera." An overview of Instagram plugins and their appearance can be found here: https://about.instagram.com/blog/announcements/introducing-instagram-badges-for-webpage-embedding.
When you visit a page on our website that contains such a plugin, your browser establishes a direct connection to Instagram's servers. The content of the plugin is transmitted by Instagram directly to your browser and integrated into the website. This integration allows Instagram to receive information that your browser has accessed the corresponding page of our website, even if you do not have an Instagram profile or are not logged into Instagram. This information (including your IP address) is transmitted directly from your browser to an Instagram server in the USA and stored there.
If you are logged into Instagram, Instagram can directly associate your visit to our website with your Instagram account. If you interact with the plugins, such as pressing the "Instagram" button, this information is also transmitted directly to an Instagram server and stored there. The information is also published on your Instagram account and displayed to your contacts.
For details on the purpose and scope of data collection and further processing and use of data by Instagram, as well as your rights and settings options for protecting your privacy, please refer to Instagram’s privacy policy: https://help.instagram.com/155833707900388/.
If you do not want Instagram to associate the data collected through our website directly with your Instagram account, you must log out of Instagram before visiting our website. You can also completely block the loading of Instagram plugins using browser add-ons, such as the script blocker "NoScript" (http://noscript.net/).
Google Services | Google+ Button
Our website uses the “+” button of the social network Google+ (hereinafter: Google Plus), which is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA (hereinafter: Google). The button is identified by a white "G+" on a colored background and links to Aalernhüs Hotel & Spa on Google Plus. Every time you access a page on our website that features a “G+” button, your browser requests the graphical representation of the "G+" button from a Google server and displays it. In doing so, the Google server is informed which specific webpage of our website you are currently visiting.
Please note that we have no influence over the extent of the data collected by Google using this button. By embedding the “G+” button, Google is informed of the specific webpage you are visiting on our website. If you press the “G+” button while logged into Google Plus, Google collects information about the URL you recommend, your IP address, and other browser-related details through your Google profile. This information is stored and made publicly accessible as a "G+" recommendation. The “G+” recommendation may be stored together with your profile name and photo in Google services, such as in search results, your Google profile, or other locations on the Internet.
For details on the purpose and scope of data collection and further processing and use of data by Google, as well as your rights and settings options for protecting your privacy, please refer to Google’s privacy policy for the “G+” button.
If you are a Google Plus member and do not want Google to collect data about you via our website and link it with your Google member data, we recommend logging out of Google Plus before visiting our website.
8. Your Rights as a Data Subject
You have the right to:
- Request information about your personal data processed by us in accordance with Article 15 GDPR. In particular, you can request details about the purposes of processing, the categories of personal data, the recipients to whom your data has been or will be disclosed, the planned retention period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right to lodge a complaint, the source of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
- Request the immediate correction of inaccurate or completion of your personal data stored by us in accordance with Article 16 GDPR;
- Request the deletion of your personal data stored by us in accordance with Article 17 GDPR, unless processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest, or to establish, exercise, or defend legal claims;
- Request the restriction of processing of your personal data in accordance with Article 18 GDPR, insofar as you contest the accuracy of the data, the processing is unlawful, but you oppose its deletion, we no longer need the data but you require it for the establishment, exercise, or defense of legal claims, or you have objected to processing in accordance with Article 21 GDPR;
- Receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or request the transfer to another controller in accordance with Article 20 GDPR;
- Withdraw your consent at any time in accordance with Article 7(3) GDPR. This means that we will no longer be permitted to continue processing data based on this consent in the future; and
- Lodge a complaint with a supervisory authority in accordance with Article 77 GDPR. You can usually contact the supervisory authority of your usual place of residence, workplace, or our company headquarters.
9. Right to Object
If your personal data is processed based on legitimate interests pursuant to Article 6(1)(1)(f) GDPR, you have the right to object to the processing of your personal data pursuant to Article 21 GDPR, provided there are reasons for doing so that arise from your particular situation or if the objection is directed against direct marketing. In the latter case, you have a general right to object, which we will implement without requiring a specific reason.
If you wish to exercise your right of withdrawal or objection, simply send an email to info(at)aalernhues.de.
10. Data Security / Email Communication
10.1. During your visit to our website, we use the widely adopted SSL (Secure Socket Layer) protocol in combination with the highest encryption level supported by your browser. Typically, this is 256-bit encryption. If your browser does not support 256-bit encryption, we instead use 128-bit v3 technology. You can recognize whether a specific page of our website is encrypted by the closed display of the key or lock symbol in the lower status bar of your browser.
Additionally, we employ appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological advancements.
10.2. In general, emails sent over the Internet without additional security measures (encryption) are as confidential as a postcard. If you communicate with us via email without additional confidentiality safeguards, we assume that you are aware of this technical circumstance and permit us to respond to you via a simple email.
Basic Encryption Between Email Providers
We place great importance on the confidentiality of email communication. Therefore, our provider automatically offers secure email communication through your email provider.
Our German hosting provider implements additional security measures for email communication with you. The level of security depends on whether your email provider also supports the same security measures. You can check whether your email provider complies with current security standards at https://dane.sys4.de. If you have any concerns, we can discuss alternative security measures, such as the PGP email encryption mentioned below. Regarding the security measures implemented by our provider, they state:
"As security measures for email communication, DNSSEC has been implemented (for more information, see https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions). In 2015, DANE (for more details, see https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) was introduced, marking the next logical step toward enhanced security. The DANE network protocol (DNS-based Authentication of Named Entities) extends the commonly used SSL/TLS transport protocol in email traffic with an additional layer of security. Certificates are directly linked to specific DNS entries (TLSA-RR) of a domain and secured via DNSSEC. This ensures that a certificate has not been altered in the meantime and its authenticity can be confirmed. Mail servers supporting DANE can now enforce encrypted connections with each other, significantly increasing the security of email transport."
PGP Email Encryption
A more secure and therefore recommended method of encrypting data transmission is asymmetric encryption through the exchange of public keys. We are happy to provide you with our public PGP key (PGP: Pretty Good Privacy).
You can use this key to encrypt messages.
To ensure secure communication, you must install OpenPGP software on your computer. Here is a list of possible solutions for various operating systems:
- macOS: https://gpgtools.tenderapp.com/kb/how-to/erste-schritte-gpgtools-einrichten-einen-schlssel-erstellen-deine-erste-verschlsselte-mail
- Linux: https://ssd.eff.org/en/module/how-use-pgp-linux
- Windows: https://ssd.eff.org/module/how-use-pgp-windows
- iOS: https://itunes.apple.com/app/ipgmail/id430780873?mt=8
- Android: https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain
Please import the public key into your local OpenPGP key management system to encrypt a message to us.
11. Updates and Changes to This Privacy Policy
This privacy policy is currently valid as of June 25, 2021.
Due to the further development of our website and services or as a result of changes in legal or regulatory requirements, it may become necessary to amend this privacy policy. The most recent version of the privacy policy can be accessed and printed at any time from our website at https://www.aalernhues.de/en/data-protection.