Data protection | Hotel Deimann
Book
Enquiry
Das 5 Sterne Hotel Deimann im Sauerland

HOTEL DEIMANN

Privacy policy

STAND AUGUST 2025

With the following information, we would like to give you as a "data subject" an overview of the processing of your personal data by us and your rights under data protection laws. It is generally possible to use our website without entering personal data. However, if you wish to make use of special services of our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain your consent.

The processing of personal data, such as your name, address or e-mail address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to the "Hotel Deimann GmbH & Co. KG". By means of this data protection declaration, we would like to inform you about the scope and purpose of the personal data we collect, use and process.

As the controller, we have implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, internet-based data transmissions can generally have security gaps, meaning that absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us by alternative means, for example by telephone or post.

You can also take simple and easy-to-implement measures to protect yourself against unauthorized access to your data by third parties. We would therefore like to take this opportunity to give you some tips on how to handle your data securely:

  • Protect your account (login, user or customer account) and your IT system (computer, laptop, tablet or mobile device) with secure passwords.

  • Only you should have access to the passwords.

  • Make sure that you only ever use your passwords for one account (login, user or customer account).

  • Do not use the same password for different websites, applications or online services.

  • Especially when using publicly accessible IT systems or IT systems shared with other people: You should always log out after logging in to a website, application or online service.

Passwords should consist of at least 12 characters and be chosen so that they cannot be easily guessed. Therefore, they should not contain common everyday words, your own name or the names of relatives, but should contain upper and lower case letters, numbers and special characters.

The controller within the meaning of the GDPR is:

Hotel Deimann GmbH & Co KG
Alte Handelsstraße 5, 57392 Schmallenberg, Germany

Phone: +49 (0) 2975 - 810
Fax: +49 (0) 2975 - 81289

E-mail: info@deimann.de

Representative of the responsible person: Andreas Deimann

You can contact the data protection officer as follows:

Julia Borgmann

Phone: +49 (0)2985 99 99 690
Email: datenschutz@great-oak.de

You can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

Art. 6 para. 1 lit. a) GDPR (in conjunction with § 25 para. 1 TTDSG) serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 para. 1 lit. b) GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services.

If our company is subject to a legal obligation which requires the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 6 para. 1 lit. c) GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and their name, age, health insurance details or other vital information would have to be passed on to a doctor, hospital or other third party. The processing would then be based on Art. 6 para. 1 lit. d) GDPR.

Finally, processing operations could be based on Art. 6 para. 1 lit. f) GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if you are a customer of our company (Recital 47 Sentence 2 GDPR).

Your personal data will not be transferred to third parties for purposes other than those listed below.

We will only pass on your personal data to third parties if:

  1. You have given us your express consent to do so in accordance with Art. 6 para. 1 lit. a) GDPR,
  2. the disclosure in accordance with Art. 6 para. 1 lit. f) GDPR to protect our legitimate interests and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data,
  3. in the event that the disclosure pursuant to Art. 6 para. 1 lit. c) GDPR, and
  4. this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 lit. b) GDPR.

Personal data may be transferred to the USA as part of the processing operations described in this privacy policy. Companies in the USA only have an adequate level of data protection if they have certified themselves under the EU-US Data Privacy Framework and thus the adequacy decision of the EU Commission pursuant to Art. 45 GDPR applies. We have explicitly stated this for the service providers concerned in the privacy policy. In order to protect your data in all other cases, we have concluded data processing agreements based on the European Commission's standard contractual clauses. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent may serve as the legal basis for the transfer to third countries in accordance with Art. 49 para. 1 lit. a) GDPR. This may not apply to data transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR.

6.1 SSL/TLS encryption

This site uses SSL or TLS encryption to guarantee the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact requests that you send to us as the operator. You can recognize an encrypted connection by the fact that the address line of the browser contains a "https://" instead of a "http://" and by the lock symbol in your browser line.

We use this technology to protect your transmitted data.

6.2 Data collection when visiting the website

When using our website for information purposes only, if you do not register or otherwise provide us with information or do not give your consent to processing that requires consent, we only collect data that is technically necessary for the provision of the service. This is regularly data that your browser transmits to our server ("in so-called server log files"). Our website collects a range of general data and information each time you or an automated system accesses a page. This general data and information is stored in the server log files. The following can be recorded:

1. browser types and versions used,

2. the operating system used by the accessing system,

3. the website from which an accessing system accesses our website (so-called referrer),

4. the sub-websites which are accessed via an accessing system on our website,

5. the date and time of access to the website,

6. a shortened Internet Protocol address (anonymized IP address) and,

7. the Internet service provider of the accessing system.

We do not draw any conclusions about your person when using this general data and information. Rather, this information is required to

1. correctly deliver the content of our website,

2. optimize the content of our website and the advertising for it,

3. ensure the long-term functionality of our IT systems and the technology of our website, and

4. to provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyberattack.

This collected data and information is therefore evaluated by us both statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

The legal basis for data processing is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest follows from the data collection purposes listed above.

6.3 jsDelivr (Bootstrap CDN)

Our website has integrated components from jsDelivr, operated by Prospect One, Królewska 65A/1, PL-30-081 Kraków, Poland.

We use the open source service jsDelivr on our website in order to be able to deliver the content of our website to various user devices as quickly and technically flawlessly as possible.

jsDelivr is a content delivery network (CDN) that distributes the content on our website via various servers in order to ensure optimal worldwide accessibility. A CDN generally uses servers that are geographically close to the respective website user. It can therefore be assumed that users within the EU are provided with content via servers within the EU. To provide the content, jsDelivr collects user data such as the IP address.

According to the provider, jsDelivr does not use cookies or similar tracking technologies, but is only necessary for the technical reasons mentioned above.

Data processing is based on your consent in accordance with Art. 6(1)(a) GDPR.

You can view jsDelivr's privacy policy at: https://www.jsdelivr.com/terms/privacy-policy-jsdelivr-net.

6.4 DigitalOcean (Content Delivery Network)

We use the services of DigitalOcean CDN, a content delivery network, for our website. The service provider is the American company DigitalOcean LLC, New York, NY, 101 6th Ave, USA.

DigitalOcean also processes your data in the USA, among other places. DigitalOcean is a participant in the EU-US Data Privacy Framework, which ensures and regulates the correct and secure transfer of personal data from EU citizens to the USA. Further information on the EU-US Data Privacy Framework can be found at https://ec.europa.eu/commission/presscorner/detail/en/ip_23_3721.

In addition, DigitalOcean uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, DigitalOcean undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914.

The DigitalOcean CDN terms and conditions for data processing (Data Protection Agreement), which corresponds to the standard contractual clauses, can be found at https://www.digitalocean.com/legal/data-processing-agreement.

To find out more about the data processed through the use of DigitalOcean CDN, please refer to the privacy policy at https://www.digitalocean.com/legal.

6.5 Hosting by netcup GmbH

We host our website with netcup GmbH, Daimlerstraße 25, D-76185 Karlsruhe (hereinafter referred to as netcup).

When you visit our website, your personal data (e.g. IP addresses in log files) are processed on the servers of netcup.

The use of netcup is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the most reliable presentation, provision and security of our website.

We have concluded a data processing agreement (DPA) with netcup in accordance with Art. 28 GDPR. This is a contract required by data protection law, which ensures that netcup only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

For more information on netcup's data protection regulations, please visit: https://www.netcup.de/kontakt/datenschutzerklaerung.php

7.1 Usercentrics (Consent Management Tool)

We use the Consent Management Tool "Usercentrics" of Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany. This service enables us to obtain and manage the consent of website users for data processing.

Usercentrics collects data generated by end users who use our website. When an end user gives consent, Usercentrics automatically logs the following data:

- Browser information.

- Date and time of access.

- Device information.

- The URL of the page visited.

- Geographic location.

- Page path of the website.

- The end-user's consent status, which serves as proof of consent.

The consent status is also stored in the end-user's browser so that the website can automatically read and follow the end-user's consent on all subsequent page requests and future end-user sessions for up to 12 months. The consent data (consent and withdrawal of consent) is stored for three years. The retention period corresponds to the regular limitation period in accordance with Section 195 of the German Civil Code (BGB). The data will then be deleted immediately or forwarded to the person responsible on request in the form of a data export.

The functionality of the website is not guaranteed without the processing described. The user has no right to object as long as there is a legal obligation to obtain the user's consent to certain data processing operations (Art. 7 para. 1, 6 para. 1 sentence 1 lit. c) GDPR).

Usercentrics is the recipient of your personal data and acts as a processor for us.

Detailed information on the use of Usercentrics can be found at: https://usercentrics.com/privacy-policy/.

8.1 Making contact / contact form

Personal data is collected when you contact us (e.g. via contact form or email). The data collected when a contact form is used can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. Your data will be deleted after final processing of your request; this is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and the deletion does not conflict with any statutory retention obligations.

8.2 Application management / job market

We collect and process the personal data of applicants for the purpose of handling the application process. Processing may also be carried out electronically. This is particularly the case if an applicant submits the relevant application documents to us electronically, for example by email or via a web form on the website. If we conclude an employment or service contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If we do not conclude a contract with the applicant, the application documents will be automatically deleted two months after notification of the rejection decision, provided that no other legitimate interests on our part prevent deletion. Another legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

The legal basis for processing your data is Art. 6 para. 1 lit. b), 88 GDPR in conjunction with Art. 26 para. 1 BDSG. § Section 26 (1) BDSG.

8.3 Application (Hogapage)

We offer you the opportunity to apply for jobs online on our website. For this purpose, we use the services of Hogapage (Alfred-Nobel-Straße 9, D-86156 Augsburg). The purpose of processing your data is to carry out the application process.

We process the following personal data as part of the application process:

- Master data (e.g. first and last name, address)

- Contact data (e.g. email address, telephone number)

- Application data (e.g. cover letter, CV, certificates and other evidence).

The legal basis for the processing of personal data is the fulfillment of the contract and the implementation of pre-contractual measures in accordance with Art. 6 para. 1 lit. f GDPR. Art. 6 para. 1 lit. b, Art. 88 para. 1 GDPR in conjunction with § 26 para. 1 Federal Data Protection Act (BDSG).

If we obtain your consent (e.g. for inclusion in our applicant pool), this constitutes the legal basis for data processing in accordance with Art. 6 para. 1 lit. a GDPR.

Hogapage acts as a processor for us and also ensures the security of your data through suitable and state-of-the-art technical and organizational measures. As our partner, Hogapage is not permitted to use the personal data provided for purposes other than those for which it was provided. Further information can be found at https://www.hogapage.de/datenschutz/. Hogapage does not store user data for longer than required by law.

8.4 Job application (softgarden)

We offer you the opportunity to apply for jobs online on our website. For this purpose, we use the services of softgarden e-recruiting GmbH (Tauentzienstraße 14, D-10789 Berlin), hereinafter referred to as 'softgarden'. The purpose of processing your data is to carry out the application process.

We process the following personal data as part of the application process:

- Master data (e.g. first and last name, address)

- Contact data (e.g. e-mail address, telephone number)

- Application data (e.g. cover letter, CV, certificates and other evidence).

The legal basis for the processing of personal data is the fulfillment of the contract and the implementation of pre-contractual measures in accordance with Art. 6 para. 1 lit. f GDPR. Art. 6 para. 1 lit. b, Art. 88 para. 1 GDPR in conjunction with § 26 para. 1 Federal Data Protection Act (BDSG).

If we obtain your consent (e.g. for inclusion in our applicant pool), this constitutes the legal basis for data processing in accordance with Art. 6 para. 1 lit. a GDPR.

Softgarden acts as a processor for us and also ensures the security of your data through suitable and state-of-the-art technical and organizational measures. As our partner, softgarden is not permitted to use the personal data provided for purposes other than those for which it was provided. Further information can be found at https://softgarden.com/de/datenschutz-software-und-service/. The user data will not be stored by softgarden for longer than required by law.

8.5 Moving Pictures (360° Panorama)

The offer on this website uses the services of mp moving-pictures gmbh (Am Flughafen 12A, D-87766 Memmingerberg).

This service enables us to present you with panoramic images on our website.

Detailed information on data processing by mp moving-pictures can be found via the following link https://www.moving-pictures.de/kontakt/datenschutz.html.

So that we can also communicate with you on social networks and inform you about our services, we have our own pages there. If you visit one of our social media pages, we are jointly responsible with the provider of the respective social media platform for the processing operations triggered by this, within the meaning of Art. 26 GDPR.

We are not the original provider of these pages, but only use them within the scope of the possibilities offered to us by the respective providers.

As a precaution, we would therefore like to point out that your data may also be processed outside the European Union or the European Economic Area. Use may therefore be associated with data protection risks for you, as it may be more difficult to safeguard your rights, e.g. to information, deletion, objection, etc., and processing in social networks is often carried out directly for advertising purposes or for the analysis of user behavior by the providers without us being able to influence this. If user profiles are created by the provider, cookies are often used or the user behavior is assigned to your own member profile of the social networks.

The described processing of personal data is carried out in accordance with Art. 6 para. 1 lit. f) GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider in order to communicate with you in a timely manner or to inform you about our services. If you have to give your consent to data processing as a user to the respective providers, the legal basis is Art. 6 para. 1 lit. a) GDPR in conjunction with Art. 7 GDPR. Art. 7 GDPR.

As we do not have access to the providers' databases, we would like to point out that your rights (e.g. to information, correction, deletion, etc.) are best exercised directly with the respective provider. We have listed further information on the processing of your data in the social networks below with the respective social network provider we use:

9.1 Facebook

(Joint) controller for data processing in Europe:
Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Privacy Policy (Data Policy): https://www.facebook.com/about/privacy

9.2 Instagram

(Joint) controller for data processing in Germany:
Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Privacy Policy (Data Policy): https://instagram.com/legal/privacy/

9.3 TikTok

(Joint) controller for data processing in Germany:
TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.

Data protection declaration:
https://www.tiktok.com/legal/page/eea/privacy-policy/de

9.4 X (Twitter)

(Joint) controller for data processing in Europe:
Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland

Privacy policy:
https://twitter.com/de/privacy

Information about your data:
https://twitter.com/settings/your_twitter_data

10.1 eTracker

Our website uses the analytics service etracker. The provider is etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany. Usage profiles can be created from the data under a pseudonym. Cookies can be used for this purpose. The data collected using etracker technologies will not be used to personally identify visitors to our website without your separate consent and will not be merged with personal data about the bearer of the pseudonym.

etracker cookies remain on your end device until you delete them.

These processing operations are only carried out with your express consent in accordance with Art. 6 para. 1 lit. a) GDPR.

You can object to the collection and storage of data at any time with effect for the future.

You can view eTracker's privacy policy at: https://www.etracker.com/en/privacy.html.

We have concluded a contract with etracker for commissioned data processing and fully implement the strict requirements of the German data protection authorities when using etracker.

10.2 Google Analytics 4 (GA4)

On our websites, we use Google Analytics 4 (GA4), a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

In this context, pseudonymized user profiles are created and cookies (see point "Cookies") are used. The information generated by the cookie about your use of this website may include:

- A short-term collection of the IP address without permanent storage

- Location data

- Browser type/version

- Operating system used

- Referrer URL (previously visited page)

- Time of the server request

The pseudonymized data may be transmitted by Google to a server in the USA and stored there.

The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage for the purposes of market research and the needs-based design of this website. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf.

These processing operations are only carried out if express consent is given in accordance with Art. 6 para. 1 lit. a) GDPR.

Google's default data storage period is 14 months. Otherwise, the personal data is stored for as long as it is required to fulfill the purpose of processing. The data is deleted as soon as it is no longer required to achieve the purpose.

The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may also be transferred without further guarantees or additional measures.

For more information on data protection when using GA4, please visit: https://support.google.com/analytics/answer/12017362?hl=en.

10.3 Google Analytics Remarketing

We have integrated Google Remarketing services on this website. The operating company of Google Remarketing services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Remarketing is a function of Google AdWords that enables a company to display advertisements to Internet users who have previously visited the company's website. The integration of Google Remarketing therefore allows a company to create user-related advertising and consequently to display interest-relevant advertisements to the Internet user.

The purpose of Google Remarketing is to display interest-relevant advertising. Google Remarketing enables us to display advertisements via the Google advertising network or on other websites that are tailored to the individual needs and interests of Internet users.

Google Remarketing places a cookie on the data subject's IT system. By setting the cookie, Google is able to recognize the visitor to our website when he or she subsequently visits websites that are also members of the Google advertising network. Each time you access a website on which the Google Remarketing service has been integrated, your internet browser automatically identifies itself to Google. As part of this technical process, Google obtains knowledge of personal data, such as your IP address or surfing behavior, which Google uses, among other things, to display interest-relevant advertising.

The cookie is used to store personal information, such as the websites you have visited. Each time you visit our website, personal data, including your IP address, is therefore transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties.

These processing operations are only carried out with your express consent in accordance with Art. 6 para. 1 lit. a) GDPR.

The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may also be transferred without further guarantees or additional measures.

You can view the data protection provisions of Google analytics Remarketing at: https://www.google.de/intl/de/policies/privacy/

10.4 Matomo

We have integrated the Matomo component of the provider InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, integrated on this website. Matomo is a software tool for web analysis, i.e. for the collection, compilation and evaluation of data on the behavior of visitors to websites. Among other things, data is collected about the website from which a data subject came to a website (so-called referrer), which subpages of the website were accessed or how often and for how long a subpage was viewed. This is used to optimize the website and for the cost-benefit analysis of Internet advertising.

The software is operated on the server of the controller, the log files, which are sensitive under data protection law, are stored exclusively on this server.

Matomo places a cookie on your IT system. By setting the cookie, we are able to analyze the use of our website. Each time you visit one of the individual pages of this website, the Internet browser on your IT system is automatically prompted by the Matomo component to transmit data to our server for the purpose of online analysis. As part of this technical process, we obtain knowledge of personal data, such as the IP address of the data subject, which we use, among other things, to trace the origin of visitors and clicks.

The cookie is used to store personal information, such as the access time, the location from which access was made and the frequency of visits to our website. Each time you visit our website, this personal data, including the IP address of the internet connection you are using, is transmitted to our server. This personal data is stored by us. We do not pass this personal data on to third parties.

These processing operations are only carried out with your express consent in accordance with Art. 6 para. 1 lit. a) GDPR.

You can view Matomo's privacy policy at: https://matomo.org/privacy/.

11.1 Google Ads (AdWords) Remarketing/Retargeting

We have integrated Google Ads on this website. The operating company of the Google Ads services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

This allows us to advertise this website in Google search results and on third-party websites. For this purpose, Google places a cookie in the browser of your end device, which automatically enables interest-based advertising by means of a pseudonymous cookie ID and on the basis of the pages you visit.

Further data processing will only take place if you have consented to Google linking your internet and app browsing history to your Google account and using information from your Google account to personalize ads you view on the web. In this case, if you are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, your personal data is temporarily linked by Google with Google Analytics data in order to create target groups.

These processing operations are carried out exclusively with your express consent in accordance with Art. 6 para. 1 lit. a) GDPR.

The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may also be transferred without further guarantees or additional measures.

You can view Google Ads' privacy policy and further information at: https://www.google.com/policies/technologies/ads/

11.2 Google Ads with conversion tracking

We have integrated Google Ads on this website. The operating company of the Google Ads services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads is an internet advertising service that allows advertisers to place ads both in Google's search engine results and in the Google advertising network. Google Ads allows an advertiser to pre-define certain keywords that are used to display an ad in Google's search engine results only when the user uses the search engine to retrieve a keyword-relevant search result. In the Google advertising network, the ads are distributed on topic-relevant websites using an automatic algorithm and taking into account the previously defined keywords.

The purpose of Google Ads is to promote our website by displaying interest-relevant advertising on the websites of third-party companies and in the search engine results of the Google search engine and by displaying third-party advertising on our website.

If you access our website via a Google ad, a so-called conversion cookie is stored on your IT system by Google. A conversion cookie loses its validity after thirty days and is not used to identify you. If the cookie has not yet expired, the conversion cookie is used to track whether certain sub-pages, such as the shopping cart from an online store system, have been accessed on our website. The conversion cookie enables both us and Google to track whether a user who has reached our website via an AdWords ad has generated sales, i.e. completed or abandoned a purchase of goods.

The data and information collected through the use of the conversion cookie is used by Google to compile visit statistics for our website. These visit statistics are in turn used by us to determine the total number of users who were referred to us via Ads ads, i.e. to determine the success or failure of the respective Ads ad and to optimize our Ads ads for the future. Neither our company nor other Google Ads advertisers receive information from Google that could be used to identify you.

The conversion cookie is used to store personal information, such as the web pages you have visited. Each time you visit our website, personal data, including the IP address of the Internet connection you are using, is therefore transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may share this personal data collected via the technical process with third parties.

These processing operations are only carried out if express consent is given in accordance with Art. 6 para. 1 lit. a) GDPR.

The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may also be transferred without further guarantees or additional measures.

You can view Google AdSense's privacy policy and further information at: https://www.google.de/intl/de/policies/privacy/.

12.1 DoubleClick

This website contains components of DoubleClick by Google. DoubleClick is a trademark of Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), under which special online marketing solutions are marketed to advertising agencies and publishers.

DoubleClick by Google transmits data to the DoubleClick server with every impression as well as with clicks or other activities. Each of these data transfers triggers a cookie request to your browser. If the browser accepts this request, DoubleClick places a cookie on your IT system. The purpose of the cookie is to optimize and display advertising. Among other things, the cookie is used to place and display user-relevant advertising and to create reports on advertising campaigns or to improve them. The cookie is also used to avoid multiple displays of the same advertisement.

DoubleClick uses a cookie ID that is required for the technical process. The cookie ID is required, for example, to display an advertisement in a browser. DoubleClick can also use the cookie ID to record which advertisements have already been displayed in a browser in order to avoid duplication. The cookie ID also enables DoubleClick to record conversions.

A DoubleClick cookie does not contain any personal data. However, a DoubleClick cookie may contain additional campaign IDs. A campaign identifier is used to identify the campaigns with which you have already been in contact.

Each time you access one of the individual pages of this website, which is operated by us and on which a DoubleClick component has been integrated, the Internet browser on your IT system is prompted by the respective DoubleClick component to transmit data to Google for the purpose of online advertising and billing of commissions. As part of this technical process, Google obtains knowledge of data that Google also uses to create commission statements. Among other things, Google can see that you have clicked on certain links on our website.

These processing operations are only carried out with your express consent in accordance with Art. 6 para. 1 lit. a) GDPR.

The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may also be transferred without further guarantees or additional measures.

You can view the data protection provisions of DoubleClick by Google at https://www.google.com/intl/de/policies/.

13.1 Adobe Typekit

We use Adobe Typekit for the visual design of our website. The operating company of Typekit is Adobe Systems Software Ireland Ltd, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland. By using Typekit, we are granted access to a font library on Adobe servers (headquartered in the USA). To integrate the fonts we use, your browser establishes a connection to an Adobe server in the USA to dynamically download the font required for our website. Adobe thereby receives the information that our website has been accessed from your IP address.

These processing operations are carried out exclusively with your express consent in accordance with Art. 6 para. 1 lit. a) GDPR.

The parent company Adobe Inc. is certified as a US company under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures.

You can view Typekit's privacy policy at: https://www.adobe.com/privacy/policies/adobe-fonts.html.

13.2 Google Maps

We use Google Maps (API) on our website. The operating company of Google Maps is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Maps is a web service for displaying interactive (land) maps in order to visualize geographical information. By using this service, you can, for example, view our location and make it easier for you to find us.

When you access those subpages in which the Google Maps map is integrated, information about your use of our website (such as your IP address) is transmitted to Google servers in the USA and stored there if you have given your consent within the meaning of Art. 6 para. 1 lit. a) GDPR. In addition, Google Maps loads Google Web Fonts and Google Photos as well as Google stats. The provider of these services is also Google Ireland Limited. When you access a page that integrates Google Maps, your browser loads the web fonts and photos required to display Google Maps into your browser cache. The browser you use also establishes a connection to Google's servers for this purpose. This informs Google that our website has been accessed via your IP address. This occurs regardless of whether Google provides a user account that you are logged into or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google profile, you must log out of your Google user account. Google stores your data (even for users who are not logged in) as usage profiles and analyzes them. You have the right to object to the creation of these user profiles, but you must contact Google to exercise this right.If you do not agree to the future transmission of your data to Google when using Google Maps, you also have the option of completely deactivating the Google Maps web service by switching off the JavaScript application in your browser. Google Maps and thus also the map display on this website can then not be used.These processing operations are only carried out with your express consent in accordance with Art. 6 para. 1 lit. a) GDPR.

You can view Google's terms of use at https://www.google.de/intl/de/policies/terms/regional.html, the additional terms of use for Google Maps can be found at https://www.google.com/intl/de_US/help/terms_maps.html.

The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures.

You can view the data protection provisions of Google Maps at ("Google Privacy Policy"): https://www.google.de/intl/de/policies/privacy/.

13.3 Google Tag Manager

We use the Google Tag Manager service on this website. The operating company of Google Tag Manager is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Through this tool, "website tags" (i.e. keywords that are integrated into HTML elements) can be implemented and managed via an interface. By using Google Tag Manager, we can automatically track which button, link or personalized image you have actively clicked on and can then record which content on our website is of particular interest to you.

The tool also triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If you have made a deactivation at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.

These processing operations are only carried out with your express consent in accordance with Art. 6 (1) (a) GDPR.

The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures.

Further information on Google Tag Manager and Google's privacy policy can be found at https://www.google.com/intl/de/policies/privacy/.

13.4 Spotify

Functions of the Spotify music service are integrated on our website. The provider is Spotify AB, Regeringsgatan 19, 111 53 Stockholm, Sweden. You can recognize the Spotify plugins by the green logo on our site.

When you visit our website, a direct connection is established between your browser and the Spotify server via the plugin. Spotify receives the information that you have visited our site with your IP address. If you click on the Spotify button while you are logged into your Spotify account, you can link the content of our pages to your Spotify profile. This allows Spotify to associate your visit to our pages with your user account. If you do not want Spotify to be able to associate your visit to our website with your Spotify user account, please log out of your Spotify user account before visiting our website.

These processing operations are carried out exclusively with your express consent in accordance with Art. 6 para. 1 lit. a) GDPR.

You can view Spotify's privacy policy at: https://www.spotify.com/de/legal/privacy-policy/. You can find an overview of the Spotify plugins at https://developer.spotify.com.

13.5 DIRS21 online booking tool

The booking functionality on this website as part of this online booking tool (OBT) is provided to you by TourOnline AG, Borsigstraße 26, D-73249 Wernau, Germany (www.dirs21.de), hereinafter referred to as 'TOAG'. Your data is always collected and used in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 (GDPR), the German Federal Data Protection Act (BDSG) and the German Telemedia Act (TMG).

You can find more information on TOAG's data protection provisions at www.dirs21.de/datenschutz.

13.6 GreenSign

This page integrates a plug-in from GreenSign for the presentation and certification of environmentally friendly and sustainable hotel standards via the Sustainability Barometer.

The provider is GreenSign Institut GmbH, Katharinenstraße 12, 10711 Berlin, Germany.

In order to use the functions of the GreenSign plug-in, it is necessary to save your IP address, browser information (name, version), website, user's operating system, user's screen resolution and language settings of the browser or the user's operating system. When you interact with the plug-in, this data is usually transmitted to a GreenSign server and stored there. The provider of this site has no influence on this data transfer.

The use of the GreenSign plug-in is in the interest of a transparent presentation of the environmental and sustainability standards of our hotel and to provide potential guests with information about our efforts in these areas. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

More information on how GreenSign handles user data can be found in GreenSign's privacy policy at https://www.greensign.de/datenschutz/

13.7 Online Voucher Shop (Incert)

This website uses the service Incert eTourismus (INCERT eTourismus GmbH & Co KG, Wirtschaftspark Lederfabrik, Leonfeldnerstraße 328, A-4040 Linz) for the purpose of ordering vouchers online.

Incert eTourismus acts as a processor for us and also ensures the security of your data through suitable and state-of-the-art technical and organizational measures. As our partner, Incert eTourismus is not permitted to use the personal data provided for purposes other than those for which it was provided. Further information can be found at https://www.incert.at/datenschutz/. Incert eTourismus does not retain user data for longer than is legally required.

13.8 Online bookings (OnepageBooking)

You have the option of booking rooms and/or arrangements on our website. If you make use of this option, the data entered in the input mask will be transmitted to us and stored.

These personal data are Title, first name, surname, email address, telephone, billing address and contact person for corporate customers, number, names and contact details of fellow travelers if applicable, arrival and departure dates, requests, payment details (payment method - such as credit card and payment amount - total price), date & time of booking.

If you make an online booking on our website, this is done through the online reservation system OnepageBooking of Hotelnetsolutions GmbH (Genthiner Str. 8, D-10785 Berlin).

OnepageBooking acts as a processor for us and also ensures the security of your data through suitable and state-of-the-art technical and organizational measures. As our partner, OnepageBooking is not permitted to use the personal data provided for purposes other than those for which it was provided. Further information can be found at https://hotelnetsolutions.de/datenschutz/. The user data will not be stored by OnepageBooking for longer than required by law.

We process the data you provide exclusively for the purpose of processing your order. For this purpose, the service provider may pass on your payment data to the respective company specified by you (e.g. credit card company, PayPal or Sofortüberweisung) for payment processing. The legal basis for this is Article 6(1) sentence 1 point (b) GDPR.

14.1 Right to confirmation

You have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed

.

14.2 Right of access Art. 15 GDPR

You have the right to receive information from us free of charge at any time about the personal data stored about you and a copy of this data in accordance with the statutory provisions.

14.3 Right to rectification Art. 16 GDPR

You have the right to request the rectification of inaccurate personal data concerning you. You also have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.

14.4 Erasure Art. 17 GDPR

You have the right to obtain from us the erasure of personal data concerning you without undue delay where one of the grounds provided for by law applies and insofar as the processing or storage is not necessary.

14.5 Restriction of processing Art. 18 GDPR

You have the right to obtain from us restriction of processing where one of the legal requirements is met

.

14.6 Data portability Art. 20 GDPR

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from us to which the personal data have been provided, where the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, in exercising your right to data portability pursuant to Art. 20(1) GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.

14.7 Objection Art. 21 GDPR

you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on art. 6 ABS. 1 LIT. E) (PROCESSING OF DATA IN THE PUBLIC INTEREST) OR F (PROCESSING OF DATA ON THE BASIS OF A CONSIDERATION OF INTEREST) of the GDPR.

THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS WITHIN THE MEANING OF ART. 4 NO. 4 GDPR.

if you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing, WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR WHERE THE PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

IN INDIVIDUAL CASES WE PROCESS PERSONAL DATA FOR THE PURPOSE OF DIRECT ADVERTISING. YOU CAN OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING AT ANY TIME. THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS ASSOCIATED WITH SUCH DIRECT ADVERTISING. if you object to us processing your personal data for direct marketing purposes, we will no longer process your personal data for these purposes.

Furthermore, you have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which we process for scientific or historical research purposes or for statistical purposes in accordance with art. 89 ABS. 1 GDPR, UNLESS SUCH PROCESSING IS NECESSARY FOR THE PERFORMANCE OF A TASK OF PUBLIC INTEREST.

YOU ARE FREE TO EXERCISE YOUR RIGHT TO OBJECT IN CONNECTION WITH THE USE OF INFORMATION SOCIETY SERVICES, REGARDLESS OF DIRECTIVE 2002/58/EC, BY MEANS OF AUTOMATED PROCEDURES USING TECHNICAL SPECIFICATIONS.

14.8 Withdrawal of consent under data protection law

You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.

14.9 Complaint to a supervisory authority

You have the right to complain to a supervisory authority responsible for data protection about our processing of personal data

.

We process and store your personal data only for the period of time required to achieve the purpose of storage or if this is provided for by the legal provisions to which our company is subject.

If the purpose of storage ceases to apply or if a prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

We process and store your personal data only for the period of time required to achieve the purpose of storage or if this is provided for by the legal provisions to which our company is subject.

The criterion for the duration of the storage of personal data is the respective statutory retention period. Once this period has expired, the corresponding data is routinely deleted, provided it is no longer required for contract fulfillment or contract initiation.

Newsletter tracking

Our newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in e-mails that are sent in HTML format to enable log file recording and log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns to be carried out. Based on the embedded tracking pixel, the company can recognize whether and when an email was opened by you and which links in the email were accessed by you.

Such personal data collected via the tracking pixels contained in the newsletters are stored and evaluated by us in order to optimize the newsletter dispatch and to adapt the content of future newsletters even better to your interests. This personal data will not be passed on to third parties. Data subjects are entitled at any time to revoke the separate declaration of consent given in this regard via the double opt-in procedure. After revocation, this personal data will be deleted by us. We automatically interpret unsubscribing from the newsletter as a revocation.

Such an evaluation is carried out in particular in accordance with Art. 6 para. 1 lit. f) GDPR on the basis of our legitimate interests in the display of personalized advertising, market research and/or demand-oriented design of our website.

Data protection officer email newsletter (Numbirds)

On our website you have the possibility to subscribe to our newsletter by registering voluntarily. The legal basis for sending our newsletter is your consent in accordance with Art. 6 (1) lit. a of the GDPR. We use the service provider NumBirds CRM GmbH, Brixnerstraße 3/3, A-6020 Innsbruck, Austria, to distribute our newsletter. In the following only referred to as NumBirds.

The registration for our newsletter takes place in the so-called double opt-in procedure. This ensures that no third party can register with your e-mail address without authorization. You can withdraw your consent at any time free of charge by clicking on the "Unsubscribe" link at the end of each newsletter. The legality of the data processing operations that have already taken place up to that point remains unaffected by the revocation.

After you unsubscribe from the newsletter, we may store your email address for another 3 years. for 3 years, based on our legitimate interest (Art. 6 (1) lit. f GDPR), in order to be able to prove your originally given consent.

With the help of NumBirds we can analyze our newsletter campaigns. When an email sent with the NumBirds newsletter tool is opened, a connection is established with the NumBirds servers. This allows us to determine whether a newsletter message has been opened and which links, if any, have been clicked on. The purpose of these analyses is to better adapt future newsletters to the interests of the recipients. In addition, technical information such as the time of retrieval, the IP address, the browser type and the operating system used by the recipient are registered.

We have concluded an order processing agreement with NumBirds in accordance with Art. 28 GDPR to ensure that your data is only processed to the extent desired by us and permitted by you.

For more information on NumBirds' data protection, please visit: https://numbirds.com/datenschutzerklaerung/.

Person responsible for data processing

Hotel Deimann GmbH & Co. KG
Andreas Deimann
Alte Handelsstraße 5
57392 Schmallenberg
Tel. +49 (0) 2975 - 810
Email: verwaltung@deimann.de

Data Protection Officer

Great Oak Datenschutz GmbH & Co. KG
Julia Borgmann
Ruhrstraße 16
59955 Winterberg
Tel. + 49 (0) 2985 99 99 690
Email: datenschutz@great-oak.de
https://great-oak-datenschutz.de

Purpose of processing

We process the data that you have sent us in connection with your application in order to assess your suitability for the position (or, if applicable, other open positions in our company). other open positions in our company) and to carry out the application process.

Legal basis for processing

Art. 6 para. 1 lit. b GDPR - Initiation and performance of a contract, here: Employment contract/employment relationship including termination
Art. 6 para. 1 lit. a GDPR - Consent by the data subject pursuant to Art. 4 no. 11 GDPR in conjunction with Art. 26 para. 2 BDSG
. § Section 26 (2) BDSG
Section 26 (3) BDSG - Processing of particularly sensitive data in accordance with Art. 9 GDPR for the purposes of the employment relationship, the exercise of rights or the fulfilment of legal obligations under employment law, social security law and social protection law.

Data recipients

We use a specialized software provider for the application process. This provider acts as a service provider for us and may also obtain knowledge of your personal data in connection with the maintenance and servicing of the systems. We have concluded a so-called order processing contract with this provider, which ensures that the data processing is carried out in a permissible manner.

Your applicant data will be reviewed by the HR department after receipt of your application. Suitable applications are then forwarded internally to the department managers responsible for the respective open position. The next steps are then agreed. Within the company, only those persons have access to your data who need it for the proper course of our application process.

Duration of storage

Applicant data will be deleted after 6 months in the event of a rejection. In the event that you have consented to further storage of your personal data, we will transfer your data to our applicant pool. The data will be deleted there after two years.

If you have been accepted for a position as part of the application process, the data will be transferred from the applicant data system to our personnel information system.

Rights of data subjects

As a data subject affected by data processing, you are entitled to the following protective rights free of charge:
a) You can revoke your voluntary consent at any time (right of withdrawal)
b) You can request an overview of all the data we have stored about you at any time (right to information)
c) For data that is not subject to a legal or contractual retention obligation, you can request deletion at any time free of charge (right of deletion)
d) You can restrict your consent to data processing to certain areas at any time (right of restriction)
e) Data processing operations which are necessary for the purposes of the public interest or the legitimate interests pursued by the legitimate interests pursued by the controller, you may object at any time on grounds relating to your particular situation (right to object)
f) For data that has been stored incorrectly by you, you have the right to correct this data at any time (right of rectification)
g) You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to have it transmitted to another body. (Right to data portability)

Consequences of not providing the data

The data processing based on voluntary consent (data collection form) has no effect on the fulfillment of the contract. However, not doing so would mean a loss of convenience for you. All other data is collected and processed on the basis of contract fulfillment or statutory provisions. It is not possible to consider you in the application process or for you to be employed by us at a later date without this data.

Right to lodge a complaint

Every person affected by data processing has the right to lodge a complaint with the data protection supervisory authority in their country or with the supervisory authority responsible for the processor of your data. The supervisory authority responsible for the employer is:

The State Commissioner for Data Protection of North Rhine-Westphalia

Kavalleriestraße 2-4, 40213 Düsseldorf

Tel. 0211 384240, e-mail poststelle@ldi.nrw.de

Person responsible for data processing

Hotel Deimann GmbH & Co. KG
Andreas Deimann
Alte Handelsstraße 5
57392 Schmallenberg

Tel.: +49 (0) 2975 - 810
Email: verwaltung@deimann.de


Data Protection Officer

Great Oak Datenschutz GmbH & Co. KG
Julia Borgmann
Ruhrstraße 16
59955 Winterberg
Tel. + 49 (0) 2985 99 99 690
Email: datenschutz@great-oak.de
https://great-oak-datenschutz.de


Purpose and legal basis of processing

Art. 6 para. 1 lit. a GDPR - Consent by the data subject in accordance with Art. 4 No. 11 GDPR
We inform those interested in staying at our hotel about current offers
and interesting information via various contact channels in accordance with their
consent. In addition, we store additional
information about our guests and their interests after consent has been
given in order to be able to offer you the most pleasant and fulfilling stay possible.
Art. 6 para. 1 lit. b GDPR - Initiation and fulfillment of the contract
We process the data of our guests and interested parties for the preparation of offers,
the provision of accommodation and care, as well as for the billing of the
services provided and goods received.
Art. 6 para. 1 lit. c GDPR - Fulfillment of a legal obligation
Due to the Federal Registration Act (§ 29, 30), we are obliged to
collect data of the guest and pass it on to the relevant official body.
Art. 6 para. 1 lit. f GDPR - Safeguarding the legitimate interests of the company
In order to safeguard our domiciliary rights and to protect against burglary and theft,
we also carry out video surveillance of certain areas.


Explanation of legitimate interests

The purpose of video camera recording is to comply with security regulations for the protection of the
company. These require, among other things, that the area you enter be monitored by video. In particular, theft and
vandalism should be prevented. Misuse of our facilities should also be prevented or
resolved.


Recipients of the data

In the event of late payment, data is
forwarded to our law firm.
If our guests and interested parties have registered to receive current offers and
interesting information by newsletter (digital or analog), their data is
forwarded to the relevant mailing service providers.
In the context of the registration obligation, the data of the registration form will be passed on to the responsible
registration authority.
If guests have decided on additional programs, events or wellness offers
we will transmit the data necessary to fulfill the guest's request to
the respective provider.
We use specialized software providers to make your stay in our house as
pleasant as possible. This provider acts as a service provider for us and may also gain knowledge of your
personal data in connection with the maintenance and care of the systems.
We have concluded a so-called order processing contract with this provider, which
ensures that the data processing is carried out in a permissible manner.


Duration of storage

In accordance with the statutory retention periods and, in the case of non-statutory and
voluntary data, unless otherwise agreed, until you withdraw your
consent.


Rights of data subjects

As a data subject, you have the following protective rights free of charge:
a) You can revoke your voluntary consent at any time (right of revocation)
b) You can request an overview of all data
stored by us at any time (right of access)
c) For data that is not subject to a legal or contractual retention obligation
, you can request the erasure of data at any time free of charge (right to erasure)
d) You can restrict consent to data processing to certain areas
at any time (right to restriction)
e) Data processing that is necessary to safeguard the public interest or legitimate
interests of the data subject. interests of the processor, you can object to data processing at any time for reasons
related to your particular situation (right to object)
f) In the case of data that you have stored incorrectly, you have the right to
rectify this data at any time (right to rectification)
g) You have the right to receive the personal data concerning you in a
structured, commonly used and machine-readable format or to have it transmitted to
another body. (Right to data portability)


Consequences of not providing the data

The data processing based on voluntary consent has no effect
on the fulfillment of the contract. However, not doing so would mean a loss of convenience for you.
All other data provided is collected and
processed on the basis of the performance of the contract. It is not possible to fulfill the contract without this data.
This also applies to the data based on the Federal Registration Act. Without this data, an overnight stay in our hotel is also not possible. In addition, the law provides for a
fine of up to one thousand euros for refusal to register.


Right to lodge a complaint

Every person affected by data processing has the right to lodge a complaint with the
data protection supervisory authority in their country or with the supervisory authority responsible for the processor of your data
. The supervisory authority responsible for the hotel is:
The State Commissioner for Data Protection of North Rhine-Westphalia
Kavalleriestraße 2-4, 40213 Düsseldorf
Tel. 0211 384240, e-mail poststelle@ldi.nrw.de

Data sheet Art. 13 DSVGO

This privacy policy is valid as of August 2025.

It may become necessary to amend this privacy policy as a result of the further development of our website and services or due to changes in legal or official requirements. You can access and print out the current privacy policy at any time on the website at "https://www.deimann.de/home/datenschutz".

This privacy policy was created by Great Oak Datenschutz GmbH & Co. KG with the support of the data protection software: GO DSM.