Data Protection Declaration

Thank you for your interest in our company. Data protection is particularly important to the Board of Gasthof Linde GmbH. The website of Gasthof Linde GmbH can be used without providing any personal data. If a data subject wishes to use the services of our company via our website, it is necessary to process personal data.

1. Basis and definitions

Our data processing is based on the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and other data protection regulations. This Data Protection Declaration uses the terms as described in Article 4 GDPR.

2. Name and address of the controller and data protection officer

The controller responsible for data processing is:

Gasthof Linde GmbH

Parkweg 2

72458 Albstadt, Germany

Phone: +49 (0)7431 1341 40

E-mail: info@gasthof-linde.com

Website: https://gasthof-linde.com/

Our data protection officer is:

Groz-Beckert KG

Ms. Pape-Lercher

Parkweg 2

72458 Albstadt, Germany

E-mail: data.protection@groz-beckert.com

Phone +49 (0)7431 1029 19

3. Collection of general data and information

The website of Gasthof Linde GmbH collects general data and information each time it is accessed by a data subject. This general data is stored in the server log files. The following may be recorded: (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which a user accesses our website (referrer ID), (4) the sub-websites via which a user reaches our website, (5) the date and time of access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the user and (8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems. Gasthof Linde GmbH does not draw any conclusions about the data subject when using this general data and information. Rather, this information is required in order to (1) deliver the content of our website correctly, (2) optimize the content of our website and advertising for the website, (3) ensure the long-term functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. This anonymously collected data and information is therefore analyzed by Gasthof Linde GmbH, on the one hand statistically, and also with the aim of improving data protection and data security in our company in order to ultimately guarantee an optimal level of protection for the personal data we process. The data of the server log files is stored without reference to a specific person.

4. Cookies

The websites of Gasthof Linde GmbH use cookies. Cookies are text information that is stored and saved on an end device via an Internet browser. We set essential cookies that are necessary for operation of the website. Optional cookies that enable us or third parties to recognize visitors to the website, analyze user behavior or display advertising tailored to the person, are only set if you have given consent when accessing the relevant site. Further information can be found in the explanations in our cookie banner: Click here  The cookie banner can also be accessed at the bottom left of the sites via the circle icon.

Data subjects can prevent the setting of cookies by our website at any time using a corresponding setting on the Internet browser they use and thus permanently object to these cookies. Furthermore, cookies that have already been set can be deleted at any time using an Internet browser or other software programs. This is possible in all common Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser they use, some functions of our website may not be usable.

5. Contact via the website

The website contains information that enables you to contact our company. If a data subject contacts the controller by e-mail or via a contact form, the personal data provided by the data subject is automatically stored. Such personal data transmitted on a voluntary basis will be stored for the purpose of processing or contacting the data subject. This personal data is not passed on to third parties. The data is deleted once the request is complete.

6. Deletion or storage period of personal data

The controller shall only process and store personal data about the data subject for the period necessary to achieve the purpose of storage. The data will be deleted when the purpose of storage no longer applies or once a statutory storage period expires. The data will also be deleted at your request. Further information can be found in the section “Rights of data subjects,” Letter d).

7. Legal basis for processing

The processing of data when visiting this website takes place on the basis of our legitimate interest in secure operation. In the event of contact or a request by e-mail or via the contact form, we process data on the basis of your implied consent. For the processing of data about interested parties and customers (guests), the basis is the pre-contractual measures or the fulfillment of a contract (accommodation contract). In some cases, our processing is based on a legal obligation, e.g. retention of accounting data for six or ten years.

8. Use of service providers and processors

We use the services of service providers and processors:

If you make a booking on our website, we will forward you to a website of the online booking tool DIRS21 of TourOnline AG, Borsigstraße 26, 73249 Wernau, Germany (www.dirs21.de). DIRS21 records the data related to your booking on our behalf and makes it available to us: Salutation, names, addresses, arrival time, notes for the hotel and booking details. We have concluded an order processing agreement with TourOnline AG. The link to information on data processing by DIRS21 of TourOnline AG can be found on the booking page.

We work with various online booking portals, which provide you with our services online. If you book a hotel room there, for example, we receive your data from the operator of the portal. Information about the processing of personal data by the portals is available from the respective providers. The portals are controllers in their own right under data protection law.

In order to run our operations efficiently, we use the services of external service providers who may receive personal data from you to fulfill the purposes described, including IT service providers, printing and telecommunication service providers, collection, consulting or distribution companies.

To ensure that the service providers comply with the same data protection standards as we do, we have concluded corresponding contracts for commissioned processing. These contracts regulate, among other things:

• that third parties only have access to the data they need to complete the tasks assigned to them;
• that at the service providers, only employees who have explicitly committed themselves to compliance with the data protection regulations are granted access to your data;
• that the service providers comply with technical and organizational measures that ensure data security and data protection;
• what happens to the data when the business relationship between the service provider and us is terminated.

We regularly check all our service providers for compliance with our specifications.

As part of our economic activity, our tax consultants and the auditor receive access to the data. The same applies to the tax office as part of a tax audit. We do not transfer your data to a third country with a lower level of data protection.

9. Use of Google Analytics and other tools

If you gave your consent when accessing the website, our website uses Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics sets cookies that enable analysis of website use. Google evaluates this information in order to compile reports about website activities and to provide other services associated with website and Internet use. The information, including your IP address, can be transferred to a Google server in the USA. If you do not consent, we will not use Google Analytics.

10. Children

Our services are aimed at adults. Persons under the age of 18 should not provide us with personal data or make a booking without the consent of their parents or guardians.

11. Information for guests (customers)

The information provided in this Data Protection Declaration also applies to our customers who do not contact us via the website. Their data is also processed in our systems. The information about the controller, the contact options, the purposes and legal basis of the processing, recipients, storage period and data protection rights apply in the same way.

In accordance with the Federal Act on Registration (BMG), we are legally obliged to ensure that our guests fill out a registration form upon arrival. The storage period is one year from the guest’s date of arrival. Once the storage period has expired, the registration forms must be destroyed within three months.

12. Information for applicants

If you apply for a job with Gasthof Linde GmbH, we process the following personal data about you in our systems (IT): Salutation, first name, surname, date of birth, e-mail address, postal address, telephone numbers, references, recommendations and data from the interviews. The legal basis for this processing is the establishment of the employment relationship and its execution in accordance with Section 26 BDSG.

If you accept a position with us, we will retain your data in the personnel file. If your application is unsuccessful, we will delete your data after six months unless you have given us permission to retain your data in order to consider you for another position within our company. In this case, we will store the data for a maximum of two years.

Your rights with regard to the processing of your data can be found below in the section “Rights of data subjects.”

Please note that the e-mail with your application documents to personal@gasthof-linde.com may be sent to us unencrypted. This involves a risk of disclosure to third parties. If you want to avoid this, you can also apply by post.

13. Social media presence (“fanpages”)

We operate pages on various social media networks:

• Facebook: https://www.facebook.com/GasthofLindeAlbstadt
• Instagram: https://www.instagram.com/gasthof_linde_albstadt

On these pages, we provide information about our company, our products and our services as well as communicate with active users.

       a) Joint responsibility for data processing by Gasthof Linde GmbH and the operators of the social networks

When you visit our pages on social networks, personal data is collected and processed by us and the operators of the social media. In its so-called Facebook fan page judgment in 2018, the European Court of Justice (ECJ) found that this constitutes processing by joint controllers in accordance with Article 26 GDPR.

       b) Data processing by network operators

Operators of the social networks process data for market survey and advertising purposes. This enables interest and usage profiles to be derived based on the surfing behavior. Interest-based advertising is shown on this basis. Network operators often use cookies for this purpose. If you are logged into the networks, data from your profiles may be linked to the collected data and incorporated into interest-based advertising. If you do not want this, you must log out of the network before accessing our site.

Social network operators do not share information about the exact circumstances of data processing. You should therefore contact the operators yourself with any questions in this regard. The same applies if you wish to assert rights under the German Federal Data Protection Act. You can find more information about this on the relevant information pages of the operators, which we have provided links to below. You can also contact Gasthof Linde GmbH and we will be happy to assist you. General information about your rights can be found in a separate section of this data protection notice.

     c) Risks of data processing outside the EU

We also inform you that data may be processed in countries outside the European Union and the European Economic Area, for example in the United States. This creates risks for visitors to the pages, e.g. regarding the transfer of data and exercising of their rights.

The purposes of the processing are:

• Market survey
• Advertising

      d) Legal basis for processing by the networks:

The legal basis for processing is the legitimate interest (Article 6 [1][f] GDPR) or your consent (Article 6 [1][a] GDPR). For more information, please refer to information from the operator.

      e) Duration of storage:

You can also find this information in the operator’s data protection notice.

      f) Data processing by Gasthof Linde GmbH

The processing of the data by Gasthof Linde GmbH concerns the following data categories:

• Data that arises when you contact us, such as names, addresses (address, e-mail, phone numbers), concerns, questions and comments, as well as posts via the social network functions.
• Statistical data on the use of our pages that is provided anonymously, i.e. not associated with a person, by operators of the networks.
• Public profile information of users, as well as information about our followers
• The purposes of our processing are:
• Providing information about Gasthof Linde GmbH
• Enabling targeted interaction with users
• Evaluating the anonymous information, analyses and statistics created and made available by the networks with regard to visitors and followers
• Processing publicly accessible information about users and followers

     g) Legal basis for processing by Gasthof Linde GmbH:

The legal basis for processing is the legitimate interest of Gasthof Linde GmbH (Article 6 [1][f] GDPR) in presenting its products and services, getting in contact with users, and gaining a better understanding of the market and users. We do not see a conflict with the interests of visitors to the online presences here, but rather a mutual interest in information and communication.

     h) Duration of storage:

• Communication data – no deletion
• Analyses and statistics – erasure 45 days after collection
• Public information about users and followers – no erasure

     i) Information about the specific social networks

Facebook and Instagram

Provider: Meta Platforms Ireland ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland, parent company: Meta Platforms, 1 Hacker Way, Menlo Park, CA 94025, USA, website: https://www.meta.com.

Gasthof Linde GmbH has concluded an agreement on joint responsibility with Meta for the Facebook and Instagram services. You can view this agreement here: https://www.facebook.com/legal/terms/page_controller_addendum. In this agreement, Meta has taken over the processing of requests based on the data subject rights. If rights of data subjects are asserted against us, we will forward these claims to Meta in accordance with the agreement. Facebook privacy policy: https://www.facebook.com/about/privacy. Instagram privacy policy: https://instagram.com/about/legal/privacy

14. Rights of data subjects

The rights of data subjects are based on Articles 12 to 23 GDPR and can be asserted against the controller using the contact options specified above.

a) Right to confirmation

Every data subject shall have the right to obtain confirmation from the controller as to whether personal data concerning them are being processed. If a data subject wishes to assert this right to confirmation, they may contact the controller at any time using the contact details provided above.

b) Right to information

Every data subject has the right to obtain information free of charge from the controller about the personal data stored about them at any time and to receive a copy of this information.

c) Right to rectification

Every data subject has the right to request the immediate rectification of inaccurate personal data concerning them.

d) Right to erasure (right to be forgotten)

Every data subject has the right to request that the controller delete personal data concerning them without undue delay where one of the following grounds applies and where the processing is not necessary:

• The personal data was obtained or otherwise processed for purposes for which they are no longer required.
• The data subject withdraws their consent, which was the basis for the processing in accordance with Article 6 (1)(a) GDPR or Article 9(2)(a) GDPR, and no other legal basis for the processing applies.
• The data subject objects to the processing in accordance with Article 21 (1) GDPR, and there are no overriding legitimate grounds for the processing.
• The personal data have been processed unlawfully.

e) Right to restriction of processing

Every data subject has the right to request that the controller restrict processing if one of the following conditions is met:

• The accuracy of the personal data is contested by the data subject, necessitating a restriction of processing for a period that allows the controller to verify the accuracy of the personal data.
• The processing is unlawful; the data subject rejects erasure of the personal data and instead requests the restriction of use of the personal data.
• The controller no longer requires the personal data for the purposes of the processing, but the data subject requires the data to establish, exercise or defend legal claims.
• The data subject has objected to the processing pursuant to Article 21 (1) GDPR and it has not yet been determined whether the legitimate reasons of the controller override those of the data subject.

f) Right to data portability

Every data subject has the right to receive the personal data concerning them, which has been made available to a controller by the data subject, in a structured, commonly used and machine-readable format.

g) Right to object

Every data subject has the right, on grounds relating to their particular situation, to object at any time to the processing of personal data concerning them, which is based on Article 6 (1)(e) or (f) GDPR.

h) Right to withdraw consent under data protection law

Every data subject has the right to withdraw their consent to the processing of personal data at any time.

i) Automated decision-making in individual cases, including profiling

No automated decision-making takes place.

j) Right to complain

You have the right to lodge a complaint about our data processing with a data protection supervisory authority. However, we ask that you direct your complaint to us first. We will try to find an amicable solution.

The competent supervisory authority for us is: “Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg” (The State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg), postal address: Postfach 10 29 32, 70025 Stuttgart, Germany, Tel.: +49 (0)711 6155 41-0, e-mail: poststelle@lfdi.bwl.de

Data protection notice as at: 10/2022