PRIVACY POLICY

The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is any data that can be used to identify you personally. Detailed information on the subject of data protection can be found in the following privacy policy.

1. data protection at a glance

General notes and mandatory information
We take the protection of your personal data very seriously. We therefore act in accordance with the applicable legislation on the protection of personal data and data security. Information on when we store which data and how we use it can be found in this data protection declaration, in compliance with the applicable German legislation.
When you visit and use this website, various personal data is collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.
We would like to point out that data transmission over the Internet (e.g. when communicating by email) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.

Note on the responsible body
The controller responsible for data processing on this website is

Garni Hotel Schumacher GmbH
Lilo Schumacher-Holzwarth
Adress: Volmarstr. 19, 70794 Filderstadt
Phone: +49 711 70026340
E-Mail: info@garnihotelschumacher.de

The controller decides alone or jointly with others on the purposes and means of processing personal data (e.g. names, contact details, etc.).

Basis for data processing
We only process personal data in compliance with the relevant data protection regulations. This means that user data is only processed if we have legal permission to do so, i.e,

• in order to provide our contractual services (e.g. processing orders) and online services, or if these are required by law (Art. 6 para. 1 lit. b. and c. GDPR)

• you have given your consent (Art. 6 para. 1 lit. a. and Art. 7 GDPR), as well as

• on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation and security of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR). GDPR, in particular when measuring reach, creating profiles for advertising and marketing purposes and collecting access data and using the services of third-party providers).

Data transfer to third parties
Data is only passed on to third parties within the framework of legal requirements. We only pass on user data to third parties if this is necessary, for example, for contractual purposes or on the basis of legitimate interests in the economic and effective operation of our business.

If we use subcontractors to provide our services, we take appropriate legal precautions and appropriate technical and organizational measures to ensure the protection of personal data in accordance with the relevant legal regulations.

Data transfer to a third country or an international organization

Third countries are countries in which the GDPR is not directly applicable law. This basically includes all countries outside the EU or the European Economic Area.

No data will be transferred to a third country or an international organization without your consent or without a legal basis.

Storage period
Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the deletion will take place after these reasons no longer apply.

Withdrawal of your consent to data processing
Some data processing operations are only possible with your express consent. You can withdraw your consent at any time. An informal notification by e-mail is sufficient for the revocation. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to lodge a complaint with the competent supervisory authority
As a data subject, you have the right to lodge a complaint with the competent supervisory authority in the event of a breach of data protection law. The competent supervisory authority for data protection issues is the state data protection officer of the federal state in which our company is based. The following link provides a list of data protection officers and their contact details: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party. The data will be provided in a machine-readable format. If you request the direct transfer of the data to another controller, this will only take place if it is technically feasible.

Right to information, correction, blocking, deletion
You have the right to free information about your stored personal data, the origin of the data, its recipients and the purpose of the data processing and, if necessary, a right to correction, blocking or deletion of this data at any time within the framework of the applicable legal provisions. You can contact us at any time using the contact options listed in the legal notice if you have any further questions on the subject of personal data.

SSL and TLS encryption
For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses SSL or TLS encryption. This means that data that you transmit via this website cannot be read by third parties. You can recognize an encrypted connection by the “https://” address line of your browser and the lock symbol in the browser line.

Server log files
The website provider automatically collects and stores information that your browser automatically transmits to us in server log files. These are

• Visited pages on our domain

• Date and time of the server request

• Browser type and browser version

• Operating system used

• Referrer URL

• Host name of the accessing computer

• IP address

This data is not merged with other data sources. The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.

2. data collection / cookies

cookies
We use cookies on our website. Cookies do not damage your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser.
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behavior or display advertising.
Cookies that are required to carry out the electronic communication process (necessary cookies) or to provide certain functions that you have requested (functional cookies, e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies has been requested, the cookies in question are stored exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR); consent can be revoked at any time.

Borlabs Cookies
This website uses Borlabs Cookie, which sets a technically necessary cookie (borlabs-cookie) to store your cookie consent.
Borlabs Cookie does not process any personal data.
The borlabs cookie stores the consent you gave when you entered the website. If you wish to revoke this consent, simply delete the cookie in your browser. When you re-enter/reload the website, you will be asked for your cookie consent again.

Contact form
Data submitted via the contact form, including your contact details, will be stored in order to process your request or to be available for follow-up questions. This data will not be passed on without your consent. The data entered in the contact form will be processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw your consent at any time. An informal notification by e-mail is sufficient for the revocation. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
Data transmitted via the contact form will remain with us until you ask us to delete it, revoke your consent to storage or there is no longer any need to store the data. Mandatory statutory provisions – in particular retention periods – remain unaffected.

3. plug-ins / widgets / tools / external content

Independent Analytics
We use the WordPress plugin “Independent Analytics” on this website to optimize, improve quality and monitor reach. Various data is collected and analyzed. However, this data cannot be assigned to specific persons. It is not merged with other data sources. The statistics are stored and analyzed locally.

External content
We use widgets, plugins or content from third parties on our website. The use of the service is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG. This external content will only be loaded and displayed if you accept all cookies or actively consent to the third-party content. In this case, the responsibility for data protection-compliant operation must continue to be guaranteed by the respective provider. Details on data collection and your rights and settings options can be found in the respective data protection notices.

Meta Platforms (Facebook, Instagram)
We use social media plug-ins from Facebook and Instagram, offered by Meta Platforms Ireland Limited (MERRION ROAD, DUBLIN 4, D04 X2K5, IRELAND), on our website on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR. The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of the GDPR. Responsibility for data protection-compliant operation must be guaranteed by the respective provider. We integrate these plug-ins using the so-called two-click method in order to protect visitors to our website in the best possible way. The buttons used function as external links, so that no information is transmitted to one of these providers without clicking on one of the buttons. By clicking on the buttons, the specified pages receive information such as the fact and time when you accessed the website, your IP address or details of the browser used. Information on data protection can be found in the respective data protection declarations.

4. google services

Google Web Fonts
This site uses so-called web fonts provided by Google for the uniform display of fonts. The Google fonts are installed locally. There is no connection to Google servers.

Google Maps
This site uses the map service Google Maps via an API. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. The IP address is only transmitted to Google if the website visitor consents to the transmission.
The use of Google Maps is in the interest of an appealing presentation of our online offers and to make it easy to find the places indicated by us on the website. The use of Google Maps is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG.
You can find more information on the handling of user data in Google’s privacy policy: https://policies.google.com/privacy.

reCAPTCHA
This page uses “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”). The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of reCAPTCHA is to check whether the data entry on this website (e.g. in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website by the website visitor or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place.
The data is stored and analyzed on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its website from abusive automated spying and SPAM. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
For more information about Google reCAPTCHA, please refer to the Google Privacy Policy and the Google Terms of Service at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

Google Ads
The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms into Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analyzing, for example, which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.

Google Conversion Tracking
This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
With the help of Google conversion tracking, Google and we can recognize whether the user has performed certain actions. For example, we can analyze which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We find out the total number of users who have clicked on our ads and what actions they have taken. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification purposes.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. Consent can be revoked at any time.
You can find more information about Google Conversion Tracking in Google’s privacy policy: https://policies.google.com/privacy?hl=de.
Translated with DeepL.com (free version)

Google Tag Manager
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that enables us to integrate tracking or statistical tools and other technologies on our website. Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google’s parent company in the United States.
The Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website.
If a corresponding consent has been given, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Data transmission by Google
Google Ireland Limited is a subsidiary of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

Ströer Campaign Tracking
We use the advertising services of RegioHelden GmbH, a company of Ströer Media Deutschland GmbH. RegioHelden collects certain information related to our interactions with you. RegioHelden provides us with aggregated information, which we use in accordance with our privacy policy and applicable data protection laws.
If a corresponding consent has been given, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
Translated with DeepL.com (free version)

We reserve the right to amend the privacy policy in order to adapt it to changed legal situations or in the event of changes to the service and data processing. However, this only applies with regard to declarations on data processing. If user consent is required or components of the privacy policy contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the users.