Data Protection Statement of Panorama Hotel & Service GmbH
We appreciate you visiting our websites and we thank you for your interest in our hotel. Protection of personal data is a very important issue for us. Therefore, the processing of personal data of a data subject, for instance of names, postal or e-mail addresses and phone numbers, is carried out in accordance with the applicable European and national legislation.
If data processing is necessary, but there is no legal basis for such processing, we generally request a consent from the data subject.
You can revoke your declaration of consent with future effect at any time. Please contact then the controller. Contact information is indicated at the end of this data protection statement.
In the following chapters, our company Panorama Hotel & Service GmbH would like to inform the general public about nature, extent and purpose of the data processed. In this data protection statement the persons concerned shall furthermore be informed of the rights granted to them.
Definitions
The data protection statement of our company, Panorama Hotel & Service GmbH, is based on the terms, which the European legislative and regulatory authority uses in the EU General Data Protection Regulation (hereinafter called “GDPR”). Our data protection statement aims to be easy to read and to understand by general public as well as by our guests or business partners. To guarantee this we shall first explain the terms used.
We use in this data protections statement and on our internet homepage, inter alia, following terminology:
Personal data means any information relating to an identified or identifiable natural person (‚data subject‘). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data subject means any identified or identifiable natural person whose personal data is processed by the party responsible for the processing.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Controller or the party responsible for the processing means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Rights of the data subject
Right to confirmation: Every data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed.
If a data subject wishes to make use of this right of confirmation, he/she can contact the controller at any time.
Right of access by the data subject: Any data subject affected by the processing of personal data shall have the right at any time and free of charge to obtain from the controller information concerning the personal data stored about him or her and to get a copy of such information. Furthermore, the European legislative and regulatory authorities have granted to the data subject rights on the following information:
the purposes of the processing
the categories of personal data concerned
the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
the right to lodge a complaint with a supervisory authority
where the personal data are not collected from the data subject, any available information as to their source
the existence of automated decision-making, including profiling, referred to in the GDPR, Article 22 (1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject
Further, the data subject has also right of access to information, whether personal data are transferred to a third country or to an international organisation. If that is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.
When the data subject wishes to make use of this right of access, he or she can at any time contact the data processing controller.
Right to rectification: Every data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Further, taking into account the purposes of the processing, the data subject shall also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
If the data subject wishes to make use of this right of rectification, he or she can at any time contact the data processing controller.
Right to erasure (right to be forgotten): Every data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay, where one of the following grounds applies and data processing is not necessary:
The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
The data subject withdraws consent on which the processing is based according to GDPR, point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing.
The data subject objects to the processing pursuant to GDPR, Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2).
The personal data have been unlawfully processed.
The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
The personal data have been collected in relation to the offer of information society services referred to in GDPR, Article 8(1).
If one of the abovementioned reasons applies and the data subject would like to demand erasure of his or her personal data, which have been stored by the Panorama Hotel & Service GmbH, he or she can at any time contact the controller. The request of the data subject will be fulfilled promptly.
If the personal data have been made public by our company, Panorama Hotel & Service GmbH, and if our company as controller is obliged pursuant to GDPR, article 17, paragraph 1 to erase the personal data, our company, Panorama Hotel & Service GmbH, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers which process the disclosed personal data that the data subject has requested from these other data controllers the erasure of all links to such personal data or of copies or replications of such personal data. This paragraph shall not apply if processing is necessary. The controller will then case-by-case make the necessary arrangements.
Right to restriction of processing: Each data subject affected by the processing of personal data shall have the right to request from the controller restriction of processing where one of the following condition applies:
The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
The data subject has objected to processing pursuant to GDPR, Article 21(1) and the verification is pending, whether the legitimate grounds of the controller override those of the data subject.
If one of the abovementioned reasons is present and the data subject would like to request restriction of his or her personal data, which have been stored by the Panorama Hotel & Service GmbH, he or she can at any time contact the controller. The restriction of processing will be effectuated without delay.
Right to data portability: Each data subject affected by the processing of personal data shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. He or she has also the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to GDPR, point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1) and the processing is carried out by automated means. Right of data portability shall not apply to processing necessary for the performance of a task to be carried out in the public interest or in the exercise of official authority delegated to the controller.
In exercising his or her right to data portability pursuant to GDPR, Article 20, paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this right shall not adversely affect the rights and freedoms of others.
In order to enforce the right to data portability the data subject can at any time contact the controller.
Right to object: Each data subject affected by the processing of personal data shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on GDPR, point (e) or (f) of Article 6(1). This also applies to profiling based on those provisions.
In case of an objection our company, Panorama Hotel & Service GmbH, shall no longer process the personal data, unless we can show compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves the purposes of establishment, exercise or defence of legal claims.
Where personal data are processed by our company, Panorama Hotel & Service GmbH, for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. This includes also profiling to the extent that it is related to such direct marketing.
Where the data subject submits an objection to Panorama Hotel & Service GmbH against processing for direct marketing purposes, the personal data shall no longer be processed for such purposes by Panorama Hotel & Service GmbH.
Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to GDPR, Article 89(1), the data subject, on grounds relating to his or her particular situation, shall have the right to make an objection to Panorama Hotel & Service GmbH against processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
In order to exercise the right to object, the data subject may directly contact the controller. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
Automated individual decision-making, including profiling: Each data subject affected by the processing of personal data shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on him or her, or in a similar manner significantly affects him or her. The aforementioned right shall not apply, if the decision
is necessary for entering into, or performance of, a contract between the data subject and a data controller;
is authorised by Union or Member State law to which the controller is subject, and this legislation lays down suitable measures to safeguard the rights, freedoms and legitimate interests of the data subject; or
is based on explicit consent of the data subject
If the decision to enter into, or to perform, a contract between the data subject and the controller is required, or if the decision is made with the explicit consent of the data subject, our company, Panorama Hotel & Service GmbH, shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
If the data subject wishes to assert the right of automated individual decision-making, he or she can contact the controller at any time.
Right to revoke the declaration of consent: Each data subject affected by the processing of personal data shall have the right to withdraw his or her consent at any time.
If the data subject wishes to make use of the right to revoke the declaration of consent, he or she can contact the controller at any time.
Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.
Competent authority:
The State Commissioner for Data Protection and Freedom of Information
Baden-Wuerttemberg
Post office box 10 29 32
70025 Stuttgart
Phone.: +49 711 – 615541-0
Fax: +49 711 – 615541-15
Cooperation with processors and third parties
If we disclose data to other people and companies (processors or third parties) as part of our processing, transmit them to them or otherwise grant them access to the data, this will only be done on the basis of legal permission (e.g. if the data is transmitted to third parties, as to payment service providers, in accordance with Art. 6 Para. 1 b GDPR for the fulfillment of the contract), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we commission third parties to process data on the basis of a so-called „order processing contract“, this is done on the basis of Art. 28 GDPR.
Routine deletion and blocking of personal data
The controller processes (in this connection also: stores) the personal data of the data subject only for the period necessary to achieve the purpose of the storage or,
if the processing is required by the European legislative and regulatory authorities, or laid down in another law or regulation to which the controller is liable.
If the purpose of the storage ceases to apply, or if a storage period prescribed by the European directives and regulations or by any other relevant legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
Privacy in recruitment and in the application process
The controller collects and processes personal data for the purposes of the application procedure. The processing can also be done electronically. This is particularly the case where an applicant submits the corresponding documents to the controller by means of electronic communications, e.g. by e-mail. If the controller concludes a contract of employment with one applicant, the transmitted data are stored for the purpose of executing the employment relationship in compliance with the statutory provisions. If the controller does not conclude a contract of employment with any of the applicants, the application documents will automatically be deleted six months after the notification of letter of rejection, provided that deletion does not conflict with any other legitimate interests of the controller. In this context other legitimate interest means for instance a burden of proof in legal proceedings pursuant to the General Law on Equal Treatment (AGG).
Security of personal data
Our company, Panorama Hotel & Service GmbH, shall take numerous technical and organizational measures in order to protect your personal data against accidental or illegal destruction, alteration, loss, unlawful disclosure or unauthorized access.
Nevertheless, for instance internet-based data transfer can principally bear gaps in the security, and therefore absolute protection cannot be guaranteed. For this reason, any data subject is free to communicate personal data to us in an alternative way, for instance by telephone.
Website Encryption
This site uses encryption for security reasons and to protect the transmission of confidential content, such as the requests you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from „http: //“ to „https: //“ and by the lock symbol in the browser line.
If encryption is activated, the data that you transmit to us cannot be read by third parties.
Collection of general data and information
The website of Panorama Hotel & Service GmbH collects a number of general data and information each time the website is accessed by data subject or an automated system. This general data and information is stored in the log files of the server. Following data can be collected:
browser types and versions used
operating system used by the accessing computer
website from which an accessing system gets to our website (so called referrers)
sub-websites, which are accessed via an accessing system on our website
date and time of access to our website
web protocol address (IP address)
Internet service provider of the accessing system
other similar data and information, which is used to protect our information technology systems against possible attacks
When using this general data and information, our company, Panorama Hotel & Service GmbH, does not draw any conclusions about the data subject. In fact, this information is needed in order:
to deliver the contents of our website correctly
to optimize the content of our website as well as the advertising for it
to ensure long-term functionality of our information technology systems and of the technology on our website
to provide law enforcement authorities with necessary information related to criminal prosecution in case of a cyberattack
This anonymously collected data and information is therefore evaluated by our company, Panorama Hotel & Service GmbH, on the one hand statistically, and on the other hand to increase data protection and data security in our company, and last but not least to ensure the best possible level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by the data subject.
Contact
Personal data are also processed by our company, Panorama Hotel & Service GmbH, when you give these data to us. This occurs for instance each time when you contact us. The personal data we acquire this way shall be used only for the purpose, which you provide us when contacting us. This information shall be communicated only on a voluntary basis and with your consent. In the event that this data is information regarding communication channels (e.g. e-mail address or phone number), you further agree that we may possibly contact you through this channel of communication to answer your questions.
Data transmission via web form
Data subject has an option to register on the website of the controller stating his or her personal data. During the registration process the respective entry windows indicate, which personal data are transmitted to the controller. The personal data entries made by the data subject are exclusively intended for internal use of the controller, this data is collected and stored for the purposes of own use. The controller can transmit the data to one or to several processor(s), e.g. to parcel service which also makes only internal use of the personal data and acts under the responsibility of the controller.
By registration on the website of the controller the following data is also stored: data subject’s IP address, which the internet service provider has assigned, the date and the exact time at the moment of the registration. These data are stored against the background of being the only way to prevent misuse of our services. If necessary, these data can enable clearing up offences or copyright infringements committed. Insofar it is necessary to store this data as to protect the controller. In general, these data are not transmitted to a third party, unless there is a legal obligation to a transmission, or the data transmission serves legal pursuit of rights or criminal prosecution.
When the data subject registers himself or herself on the website and voluntarily supplies personal data, it enables the controller to offer to him or her content and services, which can by the very nature of the issues only be offered to registered users. Registered persons are entitled to have the personal data they have supplied at the registration completely deleted from the data files of the controller.
The controller shall inform the data subject on request at any time by stating, which personal data he has stored about the data subject. The controller shall furthermore also correct or delete personal data of the data subject, if he requests or indicates so, and if there are no statutory retention obligations to contradict such request.
Newsletter
If you would like to subscribe to our newsletter, you must provide your email address to which we can send the newsletter. You can provide us with this e-mail address as a voluntary information when registering. We use the so-called double opt-in procedure for sending newsletters online. When you register for our newsletter, your IP address and the date and time of registration are saved. This only serves as proof of the verification of your identity and to prevent misuse with your email address. We use this data to manage the sending of newsletters. By subscribing to the newsletter, you consent to the use of this data. Your data will not be used for any other purpose, in particular will not be passed on to third parties.
The legal basis for sending the newsletter results from your consent and is therefore Art. 6 Para. 1 lit. a GDPR.
Of course, you have the option of unsubscribing from the newsletter at any time and revoking your consent for the future. To do this, please click the corresponding button in the newsletter sent or send an email to info@panoramahotel-waldenburg.de
Links to other websites
Our websites contain links to other websites (so called external links).
Our company, Panorama Hotel & Service GmbH, is as a supplier responsible for the contents of our own as required by the European and national legislation in force. Our own contents are to be distinguished from links to contents provided by other suppliers. We have no influence over whether or not operators of other websites comply with the European and national data protection regulations in force. Please learn more about the data protection statements on the websites of the respective suppliers.
Cookies
We use cookies in order to further improve our internet presentation for you, make it more user-friendly and to tailor it as well as possible to meet your needs. Cookies are small text data files, which a webserver sends to your internet browser when you visit a website. The cookies are stored locally on your terminal (personal computer, notebook, tablet, smartphone etc.).
Numerous websites and servers use cookies. Many cookies contain so called cookie ID, which is a unique identifier of the cookie. Cookie ID consists of a string of characters through which websites and servers can trace back the actual web browser, on which the cookie is stored. This allows the visited web pages and servers to distinguish the individual browser of the data subject from other web browsers that contain other cookies. A specific web browser can be recognized and identified by the unique cookie ID. The purpose of this information is to automatically recognize you and to facilitate your navigation, when you visit the website again with the same device.
The consent or rejection of cookies – also for web tracking – can be set by changing the settings of your web browser. You can configure your web browser so that it blocks cookies generally, or you will be warned in advance when a new cookie is about to be stored. In this case, however, the functionality of the website may be impaired (for example when placing orders). Your browser also offers a function to delete cookies (for instance by choosing “Clear browsing data”. This is possible in all common web browsers. Further information can be found in the user manual or in the settings of your browser.
First-party cookies: First-party cookies are permanent cookies that are stored on the computer and only lose their validity when the expiry date assigned to them has expired. The word „party“ refers to the domain from which the cookie originated. In contrast to third-party cookies, first-party cookies usually come from the website operator itself. They are therefore not accessible to browsers across domains. For example, website A assigns a cookie A, which is not recognized by website B, but can only be recognized by website A. This means that data cannot be passed on to third parties.
Third-party cookies: With a third-party cookie, the cookie is set and recorded by a third party. The downside is that some browsers are set up to not accept this type of tracking. The advantage of third-party cookies, however, is that you do not have to install any code on the landing page. For this reason, the use of third-party cookies is technically easier than that of first-party cookies.
Booking system Vioma
A booking system from Vioma GmbH (Industriestraße 27, 77656 Offenburg) is integrated on our website, which is used for electronic contact when making online bookings and for displaying offers and vouchers. If a user makes use of this option, the data entered in the input mask will be transmitted to Vioma and saved.
At the time of sending the booking or request, the user’s IP address, the date and time of registration, browser information and the address of the website visited are stored in addition to their details.
For the processing of the data, your consent is obtained as part of the sending process and reference is made to this data protection statement.
In this context, the data is not passed on to third parties. The data will only be used to process the booking or request.
A Data Processing Agreement was concluded with Vioma GmbH in accordance with Art. 28 Para. 3 GDPR.
The legal basis is Art. 6 Para. 1 lit. b GDPR. Regarding the voluntary data, the legal basis for the processing of the data is Art. 6 Para. 1 lit. a GDPR.
The processing of personal data from the input mask serves us only to process the booking or request.
The other personal data processed during the sending process serve to prevent misuse of the system and to ensure the security of our information technology systems.
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
In this case, all personal data saved during the booking or request will be deleted.
More information on data protection at Vioma GmbH can be found at: https://www.vioma.de/de/service/datenschutzerklaerung/
Voucher purchase through Incert
On our website we have integrated the voucher and ticket system of Incert eTourismus GmbH & Co. KG (Leonfeldnerstr. 328, A-404 Linz, Austria) to order vouchers.
If you order vouchers from us, it is necessary for the conclusion of the contract that you provide your personal data, which we need to process your order. Mandatory information required for the execution of the contracts is marked separately, further information is voluntary. The data is entered in an input mask and transmitted to us and saved.
At the time of sending the booking or request, the user’s IP address, the date and time of registration, browser information and the address of the website visited are stored in addition to their details.
For the processing of the data, your consent is obtained as part of the sending process and reference is made to this data protection Statement.
In addition, the data will only be passed on to third parties if the transfer is necessary for the purpose of contract execution or for billing purposes or for collecting the fee or if you have given your express consent. In this regard, we only pass on the data required in each case. The data recipients are typically delivery / shipping companies, payment institutions, payment service providers and, in the event of payment default, also collection agencies.
A Data Processing Agreement was concluded with Incert eTourismus GmbH & Co. KG in accordance with Art. 28 Para. 3 GDPR.
The legal basis is Art. 6 Para. 1 lit. b GDPR. Regarding the voluntary data, the legal basis for the processing of the data is Art. 6 Para. 1 lit. a GDPR.
The processing of personal data from the input mask serves us only to process the booking or request.
The other personal data processed during the sending process serve to prevent misuse of the system and to ensure the security of our information technology systems.
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
In this case, all personal data saved during the booking or request will be deleted.
More information on data protection at Incert eTourismus GmbH & Co. KG can be found at: https://www.incert.at/unternehmen/datenschutz/
Google Analytics
If you have given your consent, Google Analytics, a web analysis service of Google Ireland Limited („Google“) is used on this website. The use includes the „Universal Analytics“ operating mode. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyze a user’s activities across devices.
Google Analytics uses „cookies“, which are text files placed on your computer, to help the website analyze how users interact with the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, Google will reduce your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area beforehand. We would like to point out that on this website Google Analytics has been extended to include IP anonymisation in order to ensure anonymous collection of IP addresses (so-called IP masking). The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. For more information on terms of use and data protection, please visit https://www.google.com/analytics/terms/gb.html or https://policies.google.com/?hl=en.
Purposes of the Processing
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website and Internet use.
Legal Basis
The legal basis for the use of Google Analytics is your consent in accordance with Art. 6 para. 1 lit. a GDPR.
Recipients or Categories of Recipients
The recipient of the collected data is Google.
Transfer to Third Countries
Personal data will be transferred to the USA under the EU-US Privacy Shield on the basis of the European Commission’s adequacy decision. You can download the certificate here.
Duration of Data Storage
The data sent by us and linked to cookies, user-identifiers (e.g. User-IDs) or advertising-identifiers are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.
Rights of the Persons affected
You can revoke your consent at any time with effect for the future by blocking the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functionalities of this website to their full extent.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the Browser Add-on. Opt-out cookies will prevent future collection of your data when you visit this website. To prevent Universal Analytics from collecting data across different devices, you must opt-out on all systems used. If you click here, the opt-out cookie will be set: Disable Google Analytics
Google Tag Manager
This website uses the Google Tag Manager. This service allows website tags to be managed through an interface. The Google Tag Manager only implements tags. This means that no cookies are used, and no personal data is collected. The Google Tag Manager triggers other tags, which in turn collect data if necessary. However, the Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it remains valid for all tracking tags if they are implemented with the Google Tag Manager.
The legal basis for the use of Google Maps is our legitimate interest in optimizing our online services and thus Art. 6 Para. 1 lit. f GDPR.
Google Maps
Our website uses Google Maps for presentation of maps and for creation of driving directions. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
The legal basis for the use of Google Maps is our legitimate interest in optimizing our online services and thus Art. 6 Para. 1 lit. f GDPR. The terms of use for Google Maps can be read under:
https://www.google.com/intl/en-US_US/help/terms_maps.html
https://policies.google.com/terms
https://www.google.com/policies/privacy
Google Translate
We use „Google Translate“ on our website. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”).
With Google Translate our website can be translated into different languages.
For this purpose, the browser you are using must connect to the Google servers. This gives Google knowledge that our website has been accessed via your IP address. The website operator has within the meaning of Art. 6 Para. 1 lit. f GDPR a legitimate interest in making its website available in several languages.
Further information on Google Translate and Google’s privacy policy can be found at the following link: https://policies.google.com/privacy
Gstatic
A web service from Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter: Gstatic) is loaded on our website. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to Gstatic.
The legal basis for data processing is Art. 6 Para. 1 lit. f GDPR. The legitimate interest consists in the correct functioning of the website. The data will be deleted as soon as the purpose of their collection has been fulfilled.
You can prevent Gstatic from collecting and processing your data by deactivating the execution of script code in your browser or installing a script blocker in your browser.
Further information on the handling of the transferred data can be found in Gstatic’s data protection declaration: https://policies.google.com/privacy
Google reCAPTCHA
We use „Google reCAPTCHA“ (hereinafter „reCAPTCHA“) on our website. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA („Google“).
reCAPTCHA is used to check whether the data entered on our website (such as on a contact form) have been entered by a human or by an automated program. To do this, reCAPTCHA analyses the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, how long the visitor has been on the website, or mouse movements made by the user).The data collected during the analysis will be forwarded to Google.
reCAPTCHA analyses take place entirely in the background. Visitors are not advised that such an analysis is taking place.
Data processing is carried out under Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting its site from abusive automated crawling and SPAM.
Further information about Google reCAPTCHA and Google’s privacy policy can be found at:
https://policies.google.com/privacy
https://www.google.com/recaptcha/intro/android.html.
A web service from Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter: Google) is downloaded from our website. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to Google.
The legal basis for data processing is Art. 6 Para. 1 lit. f GDPR. The legitimate interest consists in the correct functioning of the website.
Google has certified itself under the EU-US Privacy Shield Agreement (see https://www.privacyshield.gov/list). The data will be deleted as soon as the purpose of their collection has been fulfilled.
You can prevent Google from collecting and processing your data by deactivating the execution of script code in your browser or installing a script blocker in your browser (you can find this, for example at www.noscript.net or www.ghostery. com).
Further information on the handling of the transferred data can be found in Google’s data protection declaration: https://policies.google.com/privacy
Name and address of the controller:
Party responsible for the processing of personal data for the purposes of the European Union General Data Protection Regulation (GDPR), or of other applicable data protection laws in the Member States of the European Union, and of other provisions relating to protection of personal data, is
Panorama Hotel & Service GmbH
Hauptstraße 84
74638 Waldenburg
Phone: +49 79 42 – 91 00-0
Fax: +49 79 42 – 91 00-888
E-Mail: info@panoramahotel-waldenburg.de
Managing Directors:
Markus Berdyszak, Jürgen Wegmann
Name and address of the data protection officer:
SHIELD GmbH
Martin Vogel
Ohlrattweg 5
25497 Prisdorf
Phone: +49 4101 – 80 50 600
E-Mail: info@shield-datenschutz.de
Waldenburg, april 2020
Amendments in Privacy Policy
We reserve the right to amend our data protection practices and this data protection statement in order to adjust the aforesaid to reflect possible changes in relevant laws or regulations, or to meet your needs better. Possible amendments in our data protection practices will correspondingly be published here. Please inform yourself about the current date of our data protection policy.