Legal Disclosure and Data Privacy

A. Person responsible for data processing

I. Name and contact details of the person responsible

Mirador de San Pedro Rural Hotel
Helmut Langhans
Camino San Pedro No. 1
38416 Los Realejos Santa Cruz de Tenerife

Email: web(at)sanpedro-teneriffa.com
Telephone: +34 922 343 527
Web: https://sanpedro-teneriffa.com

B. Information about the processing of personal data

I. Use of our website

1. Server log data
When you use the website, the browser used on your device sends certain information to our website server for technical reasons. This data is stored and processed on our server.

(i) We process the following data for the purpose of providing the content of the website you have accessed, ensuring the security of the IT infrastructure used, troubleshooting and managing cookies.

(ii) The data processed are:

– HTTP data
HTTP data is protocol data that is generated for technical reasons when you access the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access. HTTP(S) data is also generated on servers of service providers (e.g. when retrievingthird party content).

– Cookie settings data
This includes the data that you provide to manage the cookie settings for this website and data that is assigned to your device when you use the function to manage the cookie settings: This includes your consent, your objections (opt-out) and, if necessary, your individual selection for the use of cookies on your device.

– Error data
These are error messages from the server and individual applications that are saved.

(iii) The legal basis for the processing is our legitimate interest in accordance with Article 6 paragraph 1 letter f GDPR. Our legitimate interest lies in providing the content of the website accessed by the user and in managing the cookie settings made by the user, as well as in ensuring the security of the IT infrastructure used to provide the website, in particular for detection, removal and proof Documentation of disruptions (e.g. DDoS attacks).

(iv) The data is actively provided by the user himself or automatically by the user’s browser.

(v) Recipients of the personal data are IT service providers (e.g. hosting), which we use as part of a contract processing agreement (this is a contract required by data protection law, which ensures that they only process the personal data of our website visitors in accordance with our instructions and processed in compliance with the GDPR). In our case it is STRATO AG, Otto-Ostrowski-Straße 7, 10249 Berlin (hereinafter “Strato”). When you visit our website, Strato records various log files including your IP addresses. Further information can be found in Strato’s data protection declaration: https://www.strato.de/datenschutz/.
The use of Strato is based on Article 6 Paragraph 1 Letter f GDPR. We have a legitimate interest in ensuring that our website is presented as reliably as possible. If appropriate consent has been requested, processing is carried out exclusively on the basis of Art. 6 Para. 1 lit . B. Device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
When using the service providers, data may be transferred to third countries outside the EU. The data transfer takes place on the basis of Article 6 Paragraph 1 Letter f, 49 Paragraph 1 Sentence 1 Letter d GDPR is absolutely necessary to ensure the security of our website and your user data.

(vi) Data is stored in server log files in a form that allows the identification of the data subjects for a maximum period of 14 days, unless a security-related event occurs (e.g. a DDoS attack). In the event of a security-relevant event, server log files are stored until the security-relevant event has been eliminated and fully clarified. Cookie management information will be deleted after 6 months.
(vii) It is not possible to use the website without disclosing personal data such as the IP address. Communication via the website without providing data is technically not possible.
(viii) There is no automated decision making.

2. reCAPTCHA v3
We use the reCAPTCHA v3 service from Google on our website. This is an automated test to check whether individual website visitors are humans or an automated program (bot or malware). To do this, reCAPTCHA v3 analyzes the behavior of website visitors based on different interaction patterns with the website and associated parameters (e.g. length of stay, mouse movements). The reCAPTCHA v3 analyzes are carried out solely by Google and run completely in the background. You will not be additionally informed that this analysis is taking place.

By integrating reCAPTCHA v3, we enable Google to collect personal data on our website. The collection and processing of personal data is solely the responsibility of Google. We have no knowledge of the details of the processing of personal data within Google’s area of ​​responsibility. For information about Google’s processing of personal data, please see Google’s data policy: https://policies.google.com/privacy?hl=de

Google only provides us with the analysis results (human or automated program) created on the basis of this data in an aggregated, anonymized form. We cannot assign the information provided to us to any natural person.

The person responsible for data processing of the reCAPTCHA v3 tool is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

(i) The purpose of integrating reCAPTCHA v3 is to enable Google to collect and process user data on our website in order to ensure the security of our website and users. Google alone determines the further purposes of processing by Google (https://policies.google.com/privacy?hl=de)

(ii) We enable Google to collect HTTP data and usage data. We receive reCAPTCHA v3 analysis data from Google:

– HTTP data
HTTP data is protocol data that is generated for technical reasons when you access the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access. HTTP(S) data is also generated on servers of service providers (e.g. when accessing third-party content).

– Usage data
Usage data is data about your human interaction with the website and the associated parameters such as clicks on ads, mouse movements made or the time spent on the website.

– reCAPTCHA v3 Analyzedaten
The reCAPTCHA v3 analysis data involves the evaluation of the data processed by Google to determine whether the respective website visitor is a human or an automated program. This is completely anonymized analysis data. Google also shows us the number of requests on our site, the reCAPTCHA score distribution, the top 10 actions on our website and the top 10 actions with suspicious traffic.

(iii) The legal basis for enabling Google to collect personal data via our website is our legitimate interest in accordance with Article 6 Paragraph 1 Letter f of the GDPR. Our legitimate interest is to protect our website and our customers from automated attacks by bots and malware.

(iv) The data is automatically provided by the user’s browser and generated independently by Google. It is not known whether Google uses other data sources.(v) The recipient of the data collected via our website is Google Ireland Limited as the controller for the collection and processing of personal data. It cannot be ruled out that Google Ireland Limited transfers personal data to the USA. As an independent controller, Google Ireland Limited is responsible for ensuring appropriate data protection guarantees for the
Data transfer. Regardless of this, we assume that such a data transfer is justified on the basis of Article 6 Paragraph 1 Letter f, 49 Paragraph 1 Sentence 1 Letter d GDPR to ensure the protection of our website and your user data.

(vi) We do not collect or store this data ourselves. The collection and processing of this data is the responsibility of Google. According to Google, the individual reCAPTCHA v3 tokens are automatically deleted after 2 minutes. We have no knowledge of any further details regarding the storage period.

(vii) Without disclosing personal data, reCAPTCHA v3 cannot analyze whether you as a website visitor are a human, a bot or malicious software. Communication via the website without providing data is technically not possible.

(viii) The check by Google reCAPTCHA v3 is fully automatic and in exceptional cases may mean that you cannot make a contact or booking request online. However, you have the option of contacting us at any time by telephone on +34 922 343 527 or via emailhotel@sanpedro-teneriffa.com reach out to make inquiries.

3. Data transfer to third countries outside the EU (e.g. USA)

(i) We transfer your data to third countries outside the EU (e.g. USA) as part of certain analysis tools, as described in this data protection declaration. You will find a note in the corresponding explanation of an analysis tool.

(ii) The data transfer takes place on the basis of your express consent in accordance with Article 6 Paragraph 1 Letter a, 49 Paragraph 1 Sentence 1 Letter a GDPR, unless other legal bases are specified in the descriptions of the individual tools.

(iii) There is no data protection adequacy decision from the European Commission for the USA and a large number of other countries outside the EU. In addition, there are no suitable guarantees for these countries according to the requirements of the GDPR. There is a risk to you that government authorities may access personal data without us and/or you knowing about it. This can already happen during the transmission as such.

(iv) You can revoke your consent at any time with future effect. Disable the sliders in our cookie manager.

II. Advertising, newsletters and surveys

1. Contact and advertising

(i) We may process your data for the purpose of sending promotional offers, customer loyalty and customer reactivation.

(ii) The data processed are the name, telephone number and email address of the customers.

(iii) The legal basis for the processing of the data is either your express consent in accordance with Article 6 Paragraph 1 Letter a GDPR or our legitimate interest in accordance with Article 6 Paragraph 1 Letter f GDPR in the presentation of our offers, in promoting customer loyalty and on customer reactivation.

(iv) The data is actively provided by the customer.

(v) The data will not be transmitted to third parties for advertising purposes. However, we use service providers to provide services through order processing, in particular for the provision, maintenance and upkeep of IT systems.

(vi) The data will be deleted no later than 5 years after the last expression of interest.

(vii) There is no obligation to provide data for advertising purposes.

(viii) There is no automated decision making.

2. Newsletter and personalization

(i) If you subscribe to our newsletter, we process your data for the purpose of sending you the newsletter, which will provide you with offers that are of interest to you.

(ii) The data processed are the name and email address of the newsletter subscribers as well as the time of registration and registration confirmation (double opt-in) and the IP addresses at the time of registration and registration confirmation.

(iii) The legal basis for processing data for newsletters is your consent (Article 6 paragraph 1 letter a GDPR). You have the right to withdraw your consent at any time. Your revocation will not affect the lawfulness of the processing of your personal data until your revocation. You can declare your revocation by clicking on the link provided in every newsletter email, by email to newsletter@sanpedro-teneriffa.com or by sending a message to the contact details provided in the legal notice.

(iv) The data is actively provided by the newsletter subscriber.

(v) We use service providers through order processing to provide services, in particular for the provision, maintenance and upkeep of IT systems.

(vi) If you unsubscribe from the newsletter, your personal data will be deleted after 30 days at the latest. The IP address will be deleted 14 days after it was collected.

(vii) Without providing your data, the newsletter cannot be sent to you.

(viii) There is no automated decision making.

III. Cookies

We use cookies in connection with our website and the information provided on the website. Cookies are small text files with information that can be stored on the user’s device when visiting a website via the browser. When you access the website again with the same device, the information stored in cookies can be read and processed. We use the processing and storage functions of your device’s browser and collect information from the memory of your device’s browser.
In the structure of our data protection information, we differentiate between technically necessary cookies, statistical cookies and marketing cookies.

There are different ways to differentiate between cookies:

– On the one hand, the distinction between first- and third-party cookies, depending on where a cookie comes from:
First-party cookies are cookies that are set and accessed by the website operator as the data controller or by a processor commissioned by the website operator. Third-party cookies are cookies that are set and accessed by data controllers other than the website operator, who do not act as processors on behalf of the website operator

– You can also differentiate between transient and persistent cookies, depending on the period of validity:
Transient cookies (session cookies) are cookies that are automatically deleted when you close your browser. Persistent cookies are cookies that remain stored on your device for a certain period of time after you close the browser.

– A distinction can also be made between cookies that do not require consent and those that require consent:
Depending on their function and purpose, the user’s consent may be required for the use of certain cookies. In this respect, cookies can be differentiated according to whether the user’s consent is required for their use.

Your consent is granted using a so-called “cookie banner”:
When you access our website, we display a so-called “cookie banner”. In our cookie banner you can declare your consent to the use of all cookies requiring consent on this website by clicking the “Accept all” button. Without such consent, the cookies requiring consent will not be activated. By clicking the “Reject all” button, you can also completely reject the use of cookies that require consent. This decision is stored in a cookie. Alternatively, you have the option of accessing our cookie management by clicking on the “Customize” button. Here you can make an individual selection of cookies and adapt them individually at a later point in time. We store your cookie settings in the form of a cookie on your device so that when you visit our website again, we can determine whether you have already made cookie settings.

Cookies required for the website to function cannot be deactivated using the cookie management function of this website. However, you can generally deactivate these cookies in your browser at any time. Different browsers offer different ways to configure the cookie settings in the browser. However, we would like to point out that some functions of the website may not work or may no longer work properly if you generally deactivate cookies in your browser.

1. Technically necessary cookies

a) Google Tag Manager
We use Google Tag Manager on our website. The Google Tag Manager allows us to manage cookies and control their display. For example, we can implement your consent, a revocation of your consent or an opt-out. Google Tag Manager does not set its own cookies and does not process any data stored in cookies.

(i) The purpose of data processing is to control the display of cookies on our website and to ensure the security of the application.

(ii) The data processed are:

– HTTP data
HTTP data is protocol data that is generated for technical reasons when the website is accessed via the Hypertext Transfer Protocol (Secure) (HTTP(S)). This includes IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access.

(iii) The legal basis for the processing is our legitimate interest in accordance with Article 6 paragraph 1 letter f GDPR in the simple and reliable control of cookies.

(iv) The data is automatically provided by the user’s browser.

(v) The recipient of the data is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland as our processor. Google Ireland Limited uses Google LLC in the USA (1600 Amphitheater Parkway, Mountain View, CA 94043, USA) as a service provider. The data will only be transmitted if you have given us your consent in accordance with Article 6 Paragraph 1 Letter a, 49 Paragraph 1 Sentence 1 Letter a GDPR. Corresponding information on the risks of such data transfers and revocation options can be found under B. I. 3. We have integrated the Tag Manager on our website in such a way that, without your consent, only a reference to an empty Tag Manager container is initiated. No personal data is transmitted to Google (only standard HTTP request logs, no IP address or other user-specific data that allows you to be identified). The container will only be read and personal data exchanged with Google only if you have given your consent.

(vi) Server log data will be deleted when it is no longer required for the purposes of processing.

(vii) It is not possible to use the website without disclosing personal data such as the IP address. Communication via the website without providing data is technically not possible.

(viii) There is no automated decision making.

b) cookieyes Consent Manager
We use the cookieyes Consent Manager to manage your consent, possible revocation of consent and objections to the use of cookies.

(i) The purpose of data processing is to manage user decisions regarding cookies (consent, revocation, opt-out), as well as to ensure the security of the application.

(ii) The data processed are:

– HTTP data
HTTP data is protocol data that is generated for technical reasons when you access the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access.

– Consent cookies
User decision on individual cookies or groups of cookies. Time of decision and last visit.

(iii) The legal basis for the processing is our legitimate interest in accordance with Article 6 paragraph 1 letter f GDPR in the simple and reliable control of cookies.

(iv) The data is provided actively by the user (decision on cookies) or automatically by the user’s browser (log data, timestamp).

(v) The recipient of the data is “CookieYes Limited, 3 Warren Yard Warren Park, Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom”, as our processor.

(vi) The revocation of previously given consent will be retained for three years (accountability). The administration cookie is deleted 6 months after the last visit. Server log data is anonymized before storage.

(vii) It is not possible to use the website without disclosing personal data such as the IP address. Communication via the website without providing data is technically not possible.

(viii) There is no automated decision making.

2. Statistical Cookies

a) Google Analytics
If you have given your consent, we use the web analysis tool Google Analytics on our website. With the help of Google Analytics we can examine the user behavior of visitors to our website in a pseudonymized and anonymous form.
You can deactivate data processing by Google Analytics at any time in our cookie management. Alternatively, you can install a browser plug-in from Google, which prevents data collection by Google Analytics (http://tools.google.com/dlpage/gaoptout?hl=de) or prohibit the storage of cookies in your browser settings.

(i) The purpose of data processing is to increase the efficiency of our website, our advertising measures and the user satisfaction of our visitors through (usage-based) optimizations.
We have also activated Google Signals. This setting only affects users who have activated “personalized ads” in their Google account. This allows us to understand at an aggregate level how users received a booking request across devices and use this information to display advertising across devices. In addition, based on interests and demographic information, we can target marketing campaigns more specifically to users who are likely to be interested in our campaigns (if you have also activated “Marketing” in the cookie dashboard). We cannot draw any conclusions about the behavior of a specific person.

(ii) The data processed are:

– Google Analytics HTTP-Daten
This is log data that is generated for technical reasons when using the web analysis tool Google Analytics used on the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes your IP address, type and version Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access.

– Google Analytics device data
Data that is generated by the web analysis tool Google Analytics and assigned to your device: This includes a unique ID for (re)identifying returning visitors (so-called “client ID”) as well as certain technical parameters for controlling data collection for web analysis.

– Google Analytics measurement data
Device-related raw data (so-called “dimensions” and “measured values”) that are collected and analyzed by the web analysis tool Google Analytics when you use our website: This primarily includes information about the sources through which visitors access our website , information about the location, the browser and the device used, information about the use of the website (in particular page views, frequency of access and length of time spent on pages accessed) as well as information on the fulfillment of certain goals (in particular booking requests sent out). The data is assigned to the client ID assigned to your device. The result is device-related usage profiles in which all device-related raw data is combined into a client ID. The data that we collect using Google Analytics does not enable us to directly identify you personally (i.e. based on your real name). We also do not combine the device-related raw data and the resulting device-related usage profiles with data that directly identifies you personally without your consent.

– Google Analytics Report Data
Data included in aggregated segment and device-related reports generated by the web analytics tool Google Analytics based on the analysis of raw device-related data.
There are four reporting categories available to us in Google Analytics: target group (location, browser, devices used and other device-related data), acquisition (sources through which visitors access the website), behavior (information about accessing the content of the website, in particular the pages accessed). the website, visit time, bounce rate), conversions (information on pre-configured goals, in particular booking requests sent).

(iii) The legal basis for processing is Article 6 paragraph 1 letter a GDPR (consent).

(iv) The data is automatically provided by the user’s browser.

(v) The recipients of the data in the context of order processing are Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) and analysis and support service providers based in the EU. Google Ireland Limited uses Google LLC in the USA (1600 Amphitheater Parkway, Mountain View, CA 94043, USA) as a service provider. The data will only be transmitted if you have given us your consent in accordance with Article 6 Paragraph 1 Letter a, 49 Paragraph 1 Sentence 1 Letter a GDPR.

(vi) On this website, so-called IP anonymization is activated for the use of the web analysis tool Google Analytics. This means that the IP address transmitted by the browser for technical reasons is anonymized before storage by shortening it (deleting the last octet of the IPv4 address or the last 80 bits of the IPv6 address).

(vii) The provision of data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation on the part of the data subject to provide the data. If the data is not provided, we cannot carry out web analysis using Google Analytics.

(viii) There is no automated decision making.
Up

b) Google Optimize
If you have given your consent, we use the Google Optimize tool on our website, which is based on Google Analytics. Google Optimize allows us to compare user behavior on different designs on our website (so-called A/B testing).

You can deactivate data processing by Google Optimize at any time in our “cookie dashboard”.

(i) The purpose of data processing is to increase the efficiency of our website, our advertising measures and the user satisfaction of our visitors through (usage-based) optimizations. Google Optimize allows you to run different tests with the ability to target URL, Audience, Google Ads, Behavior, Geographic, JavaScript Variables, Own Cookies, Custom JavaScript, Search Parameters, Data Layer Variables and on UTM parameters.

(ii) The data processed are:

– Google Optimize HTTP-Daten
This is protocol data that is generated for technical reasons when using the A/B testing tool Google Optimize used on the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version Your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access.

– Google Optimize device data
Data that is generated by the A/B testing tool Google Optimize and assigned to your device: This includes a unique ID for (re)identification of returning visitors (so-called “client ID”).

– Google Analytics measurement data
Device-related raw data (so-called “dimensions” and “measured values”) that are collected and analyzed by the web analysis tool Google Analytics, on which Google Optimize is based, when you use our website: This primarily includes information about the sources, through which visitors reach our website, information about the location, the browser and device used, information about the use of the website (in particular page views, frequency of access and length of time spent on pages accessed) as well as information on the fulfillment of certain goals (in particular booking requests sent). The data is assigned to the client ID assigned to your device. The result is device-related usage profiles in which all device-related raw data is combined into a client ID. The data that we collect using Google Analytics does not enable us to directly identify you personally (i.e. based on your real name). We also do not combine the device-related raw data and the resulting device-related usage profiles with data that directly identifies you personally without your consent.

– Google Optimize test results
Data included in aggregated segment and device testing results generated by the A/B testing tool Google Optimize based on analysis of raw device data.

(iii) The legal basis for processing is Article 6 paragraph 1 letter a GDPR (consent).

(iv) The data is automatically provided by the user’s browser.

(v) The recipients of the data in the context of order processing are Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) and analysis and support service providers based in the EU. Google Ireland Limited uses Google LLC in the USA (1600 Amphitheater Parkway, Mountain View, CA 94043, USA) as a service provider. The data will only be transmitted if you have given us your consent in accordance with Article 6 Paragraph 1 Letter a, 49 Paragraph 1 Sentence 1 Letter a GDPR.

(vi) On this website, so-called IP anonymization is activated for the use of the web analysis tool Google Analytics and also for Google Optimize. This means that the IP address transmitted by the browser for technical reasons is anonymized before storage by shortening it (deleting the last octet of the IPv4 address or the last 80 bits of the IPv6 address).

(vii) The provision of data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation on the part of the data subject to provide the data. If the data is not provided, we cannot carry out web analysis using Google Optimize.

(viii) There is no automated decision making.

3. Marketing Cookies

a) Google Conversion (Ads-Tracking)
If you have given your consent, we use Google Conversion Tracking on our website. Google Conversion enables us to monitor the success of ads placed via Google.
You can control data processing by Google Conversion by switching Google Conversion on or off for the browser you are currently using in our cookie management.

(i) The purpose of data processing by Google Conversion is to understand the reach of advertisements placed via Google. If you click on our ad placed via Google, Google will store a cookie on your device for conversion tracking. If you then visit our website linked in the ad and the cookie has not yet expired, we can recognize that you clicked on the ad and were redirected to our website. We can only recognize clicks on our own ads, not any clicks on ads from other Google customers. Google uses cookies, among other things, to bill us for advertising costs. We only receive the evaluations and other information in aggregated, anonymized form and cannot assign the information to any natural person.

(ii) The data processed are:

– Google Ads HTTP-Daten
This is log data that is generated for technical reasons when using the Google AdWords tool used on the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access.

– Usage data
The usage data includes clicks on advertisements, the time spent on the website and information about websites visited.

– Conversion event
The conversion event summarizes the results of the conversion.

(iii) The legal basis for the processing of personal data via our website by Google Conversion is Article 6 paragraph 1 letter a GDPR (consent).

(iv) The Ads conversion data is automatically provided by the user’s browser.

(v) The recipients of the data in the context of order processing are Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) and analysis and support service providers based in the EU. Google Ireland Limited uses Google LLC in the USA (1600 Amphitheater Parkway, Mountain View, CA 94043, USA) as a service provider. The data will only be transmitted if you have given us your consent in accordance with Article 6 Paragraph 1 Letter a, 49 Paragraph 1 Sentence 1 Letter a GDPR.

(vi) The cookies lose their validity after 18 months at the latest, do not contain any personal data other than the cookie ID and are not used for personal identification.

(vii) The provision of the data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation on the part of the data subject to provide the data. If the data is not provided, we cannot carry out ads tracking.

(viii) We do not undertake automated decision-making.

b) Google Ads
If you have given your consent, we will use Google Ads on our website. You can control data processing by Google by switching Google Ads on or off for the browser you are currently using in our cookie management.

(i) Purpose of data processing: We use Google Ads as an administration and control platform with which we can display advertisements in a cost-optimized manner across various search engines and media channels. We can use a so-called floodlight pixel to measure how successful our advertisements are. Clicks or information about whether and how often an advertisement was seen are stored in a cookie using a cookie ID. It is also recorded whether the click on the ad was likely to result in the completion of a booking request.

The cookie ID is used to measure across channels whether a booking request was completed and thus prevents you from receiving further advertising on our website, even though you may have already booked or sent a reservation request (cross-channel means measuring activities in your PC’s browser and your mobile device).

(ii) The data processed are:
– HTTP data
Protocol data that arises for technical reasons when you access the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)):
IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access. A cookie ID is used to record how often which advertisements were played in which browser in order to control the frequency of advertising display.

– Usage data
Google Ads uses so-called Floodlight pixels to display advertising banners, measure “impressions” or track clicks on the advertising material. The measurement of so-called impressions represents an analysis of whether and how often a person has seen the advertising material.

– Conversion event
It also measures on our website whether you have carried out certain actions (e.g. sending a booking request) after clicking on one of the advertising materials. This information is stored in a cookie.

(iii) The legal basis for the processing of personal data via our website by Google Ads is Article 6 Paragraph 1 Letter a GDPR (consent).

(iv) The Google Ads data is automatically made available by the user’s browser.

(v) The recipients of the data in the context of order processing are Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) and analysis and support service providers based in the EU. Google Ireland Limited uses Google LLC in the USA (1600 Amphitheater Parkway, Mountain View, CA 94043, USA) as a service provider. The data will only be transmitted if you have given us your consent in accordance with Article 6 Paragraph 1 Letter a, 49 Paragraph 1 Sentence 1 Letter a GDPR.

(vi) The cookies usually lose their validity after 30-90 days, at the latest after 18 months, do not contain any personal data other than the cookie ID and are not used for personal identification.

(vii) The provision of the data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation on the part of the data subject to provide the data.

(viii) We do not undertake automated decision-making.

c) Google Optimize
If you have given your consent, we use the Google Optimize tool on our website, which is based on Google Analytics. In addition to statistical purposes (described in our data protection information under III. 2. b), we also use Google Optimize for marketing purposes. You can deactivate data processing by Google Optimize at any time in our cookie management.

(i) The purpose of data processing is to make our website more attractive and user-friendly. We differentiate between new users and returning users in order to show you ads on our website that are tailored to your user group (e.g. seasonal promotions). In addition, the use of Google Optimize also serves to control ads.

(ii) Further information on the processing of personal data as part of Google Optimize can be found in our data protection information under III. 2 B).

C. Information about the rights of data subjects

As a data subject, you have the following rights with regard to the processing of your personal data:
– Right to information (Article 15 GDPR)
– Right to rectification (Article 16 GDPR)
– Right to deletion (“right to be forgotten”) (Article 17 GDPR)
– Right to restriction of processing (Article 18 GDPR)
– Right to data portability (Article 20 GDPR)
– Right to object (Article 21 GDPR)
– Right to withdraw consent (Article 7 Paragraph 3 GDPR)
– Right to complain to the supervisory authority (Article 77 GDPR)

To exercise your rights, you can contact us at the address listed in Section A
Contact us for contact information. You can exercise the full extent of your rights
You can find the text of the General Data Protection Regulation at the following link
can be accessed: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679

D. Status and changes to this data protection information

This data protection information is dated January 26, 2024.
Due to technical developments, changes to the function of the website and/or due to changed legal and/or official requirements, it may become necessary to adapt this data protection information.