1. a) Responsible person

The controller within the meaning of Art. 4 No. 7 DSGVO is the person who alone or jointly with others determines the purposes and means of the processing of personal data.

With regard to our website, the responsible person is:

GS Star GmbH

represented by the managing director: Heiko Grote
Südliche Münchner Str. 8
82031 Grünwald
E-mail: info@gsh-hotels.com
Phone: +49 (0) 89 5880 558-0

1. b) Contact details of the data protection officer

We have appointed a data protection officer in accordance with Art. 37 DSGVO. You can reach our data protection officer under the following contact details:

Sven Reinisch
Gorgeous Smiling Hotels GmbH
Wilhelm-Wagenfeld-Strasse 4
80807 Munich
E-mail: s.reinisch@gsh-hotels.com
Website: https://ana-hotels.com

1. c) Automatic data storage

Nowadays, when you visit websites, certain information is automatically created and stored, including on this website. When you visit our website, as you are doing right now, our web server automatically stores data such as, in particular

• the address (URL) of the accessed website
• Browser and browser version
• The operating system used
• the address (URL) of the previously visited page (referrer URL)
• The host name and IP address (Internet Protocol address) of the device from which access is being made.
• Date and time in files (web server log files).

As a rule, web server log files are stored for a fortnight and then automatically deleted. We do not pass on this data, but we cannot rule out the possibility that this data may be viewed in the event of unlawful behaviour.

1. Processing of personal data

Processing is any operation performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Personal data means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1. Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

1. Consent

Consent is any freely given indication of the data subject's wishes for a specific case, in an informed and unambiguous manner, in the form of a statement or any other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.

1. Profiling

Profiling is any form of automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location

Below you will find information about the use of personal data:

1. a) Nature and purpose of the data processing

The processing of personal data is necessary for all legal and contractual obligations, therefore a refusal to process it in whole or in part may result in the requested services not being provided. The processing is carried out on the basis of the provisions of the DSGVO, i.e. in particular insofar as you have given us your consent to do so, there is a legal obligation to do so or this is necessary for the contractual processing with you. Your personal data will only be used for the purposes stated and to the extent necessary to achieve these purposes.

Your personal data will not be transferred to third parties for purposes other than those listed below. We only pass on your personal data to third parties - if this takes place at all - if

• you have given your express consent to this,
• the disclosure is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
• there is a legal obligation for disclosure,
• this is legally permissible and necessary for the processing of contractual relationships with you.

The processing of the personal data from the input mask serves us solely to process the online booking and to handle the stay at the hotel. In the case of an online booking via our website, this also constitutes the necessary legitimate interest in processing the data. The other personal data processed during the submission process serve to prevent misuse of the online booking and to ensure the security of our information technology systems.

Furthermore, we have concluded an "order processing agreement" with Sabre Corporation. This is a contract in which Sabre Corporation undertakes to protect the data of our users, to process it on our behalf in accordance with its data protection provisions and, in particular, not to pass it on to third parties. You can view Sabre Corporation's → data protection provisions here.

According to Article 6 (1) a DSGVO (lawfulness of processing), the legal basis is in particular that you give us consent to process the data you have entered. You can revoke this consent at any time - an informal email is sufficient.

1. b) Collection of data

Our website collects a series of general data and information from the caller each time it is called up, which is stored in the server's log files.

This may include the following data in particular: Browser type and version, operating system, date and time of a call to our website, sub-websites used, internet service provider, IP address and referrer.

Through this general data and information, our company does not draw any conclusions about a data subject. The anonymously collected data is stored separately from all personal data.

1. c) Storage of data

Personal data that you provide to us electronically on this website, such as your name, email address, address or other personal details when submitting a form or making an online booking, together with the time and IP address, will only be used by us for the purpose stated, kept secure and not passed on to third parties.

We therefore only use your personal data for communication with those visitors who expressly wish to be contacted and for processing the services offered on this website. We do not pass on your personal data without consent, but we cannot exclude the possibility that this data may be viewed in the event of unlawful conduct.

If you send us personal data by e-mail - thus away from this website - we cannot guarantee secure transmission and protection of your data. We recommend that you never send confidential data by e-mail without encryption.

1. d) Duration of storage

The data is stored for the duration of the session and then deleted unless the user completes a booking. In the case of an online booking, all data entered by the user is stored and transmitted to the hotel for the reservation and invoicing.

In general, personal data will be stored by Gorgeous Smiling Hotels GmbH and Sabre Corporation, 3150 Sabre Drive Southlake, TX 76092 USA only for the time necessary to achieve the purposes for which it was collected, or as otherwise provided for by the European Directive and Regulation or other legislator in laws or regulations to which the controller is subject.

If the purpose of storage no longer applies or if a storage period prescribed by the European Directive and Regulation Body or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

1. e) Possibility of objection and deletion

The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he or she can object to the storage of his or her personal data at any time. In such a case, it is not possible to make an online booking via the Arthotel ANA website.

In the event that you wish to object to the processing of your personal data by us, please send an email to info@gsh-hotels.com.

All personal data stored in the course of the online booking will be deleted in this case.

1. f) Connections to third party providers

Within the scope of our products and services, there are connections to third parties that operate independently of us, in particular social media and third-party websites. We assume no responsibility for their activities, content, use or compliance with applicable data protection regulations. Our websites may also contain non-binding or informational links to other websites; these are operated independently of our company and are themselves obliged to comply with data protection laws. We are not liable for the content, use or data protection practices of these social media tools or third-party websites and apps.

1. g) Rights under the General Data Protection Regulation

According to the provisions of the GDPR, you generally have the following rights:

• Right of access (Article 15 GDPR)
• Right of rectification (Article 16 GDPR)
• Right to erasure ("right to be forgotten") (Article 17 GDPR)
• Right to restriction of processing (Article 18 GDPR)
• Right to notification - obligation to notify in connection with the rectification or erasure of personal data or the restriction of processing (Article 19 GDPR)
• Right to data portability (Article 20 GDPR)
• Right to object (Article 21 GDPR)
• Right not to be subject to a decision based solely on automated processing, including profiling (Article 22 GDPR)

The data controller shall provide any person concerned, upon request, with information about which personal data concerning the person concerned are stored in our company. At the request of the data subject, personal data will be corrected or deleted by the data controller, provided that there are no legal retention obligations in this respect.

In the event of violations of data protection law, the data subject has a right of appeal to the competent supervisory authority. The competent supervisory authority for data protection issues is the state data protection commissioner of the federal state in which our company is based. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

If we fail to meet your expectations when processing your personal data, or if you wish to make a complaint about our data protection practices, we may ask you to let us know so that we have the opportunity to rectify the problem that has arisen. We will require full details of the problem and will investigate and respond to your complaint promptly and within a reasonable time.

We use cookies on our website to make the use of our services more pleasant and efficient for you.

These are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone or similar) when you visit our website. Cookies do not cause any damage to your end device and do not contain any viruses, Trojans or other malware. Information is stored in a cookie that is related to the specific end device used. However, this does not mean that we gain direct knowledge of your identity.

Cookies can

Save entered preferences,

prevent the same information having to be entered several times during the visit

analyse the use of the services and content provided by the websites in order to optimise them

1.) Types of cookies

There are different types of cookies, in particular to display the website correctly, to use it more effectively or to activate certain functions. In detail:

• Technical cookies: these enable the website to function properly and consist of two categories; on the one hand, persistent, i.e. they remain active even after the browser is closed until they expire; on the other hand, one-off, limited to the visit to the website, i.e. they are deleted when the browser is closed.
• Analytical cookies: These collect anonymous data and information about the use of the website for statistical analysis in order to improve the use of the website and make its content more customer-friendly.
• Analytical cookies for third-party services: These collect anonymous data and information about website usage, such as pages visited, time spent, geographical origin of requests, etc. for the purpose of marketing campaigns. These cookies come from third-party domains that are located outside our website.
• Cookies to complement products and functions relating to third-party software: these are sent by third-party domains or partner websites to ensure functionality between the pages of the website and complement functions developed by third parties within the pages of the website, such as icons and preferences required on social networks for sharing website content or using third-party software services.

In the case of exclusively informational use of our website, i.e. if you do not register or transmit information or data to us by other means, only the personal data that your browser transmits to our server is collected, in particular the IP address, date and time of the request, concrete content of the request, HTTP status code, requesting website, browser, operating system or its interface, language or version of the browser software.

Regardless of which service or website the cookies come from, you always have the option to delete, only partially allow or disable cookies. For example, you can block third-party cookies but allow all other cookies. If you want to find out which cookies have been stored in your browser, or if you want to change or delete cookie settings, you can find this in your browser settings.

Chrome: Delete, activate and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have placed on your computer.

Internet Explorer: Deleting and managing cookies

Microsoft Edge: Delete and manage cookies.

The use of cookies can be prevented by the user, on the one hand by specific configuration of the browser used or the associated computer programs used to navigate the pages of the website; on the other hand by changing the settings when using third-party services. However, in each case this may result in the user not being able to view parts of the website or use its functions.

The data processed by cookies is necessary for the above purposes to protect our legitimate interests and those of third parties. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website.

If you generally do not want cookies, you can set up your browser so that it always informs you when a cookie is to be set. In this way, you can decide for each individual cookie whether you allow the cookie or not. The procedure varies depending on the browser; it is best to search for the instructions in Google using the search term "delete cookies Chrome" or "disable cookies Chrome" in the case of a Chrome browser or exchange the word Chrome for the name of your browser, for example Firefox or Safari.

2.) Tracking tools

In the following, we inform you whether and how we evaluate data from your visit to this website. The evaluation of the collected data is regularly anonymous, so that we cannot draw any conclusions about your person from your behaviour on this website.

1. a) Google Ads Conversion Tracking

In order to statistically record the use of our website and to evaluate it for the purpose of optimising our website for you, we use the so-called Google Conversion Tracking as a tracking tool on our website.

We also use Google Ads (formerly Google AdWords) as an online marketing measure to advertise our services. As part of our advertising measures through Google Ads, we use the conversion tracking of the company Google Inc. on our website. In Europe, however, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

We use Google Ads to draw attention to our offer on other websites as well. The aim is to ensure that our advertising campaigns really only reach those people who are interested in our offers.

With this conversion tracking tool, we see which keywords, ads, ad groups and campaigns lead to the desired customer actions. We see how many customers interact with our ads on a device and then make a conversion. This data allows us to calculate our cost-benefit factor, measure the success of individual advertising measures and consequently optimise our online marketing measures. We can also use the data obtained to make our website more interesting for you and adapt our advertising offer even more individually to your needs.

Google Adwords sets a cookie on your computer if you have accessed our website via a Google ad. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Adwords client's website and the cookie has not yet expired, Google and the client can recognise that the user clicked on the ad and was redirected to this page.

Each Adwords customer receives a different cookie. Cookies can therefore not be tracked via the websites of Adwords customers. The information obtained using the conversion cookie is used to create conversion statistics for Adwords customers who have opted for conversion tracking. The Adwords customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.

Duration of storage

We have included a conversion tracking tag or code snippet on our website to better analyse certain user actions. When you click on one of our Google Ads ads, the "conversion" cookie from a Google domain is stored on your computer (usually in the browser) or mobile device.

As long as you are surfing our website and the cookie has not yet expired, we and Google will recognise that you have found us via our Google Ads ad. The cookie is read and sent back to Google Ads with the conversion data. Unlike cookies set for Google domains, Google can only read these conversion cookies when you are on our website. We do not collect or receive any personal data. We receive a report from Google with statistical evaluations. For example, we learn the total number of users who clicked on our ad and we see which advertising measures were well received.

At this point, we would like to point out that we have no influence on how Google uses the collected data. According to Google, the data is encrypted and stored on secure servers. In most cases, conversion cookies expire after 30 days and do not transmit any personal data. The cookies named "Conversion" and "_gac" (which is used in connection with Google Analytics) have an expiry date of 3 months.

Possibilities of objection and deletion

You have the option of not participating in Google Ads conversion tracking. If you deactivate the Google conversion tracking cookie via your browser, you block conversion tracking. In this case, you will not be included in the statistics of the tracking tool. You can change the cookie settings in your browser at any time. This works slightly differently for each browser. Here you will find the instructions on how to manage cookies in your browser:

Chrome: Delete, enable and manage cookies in Chrome → Safari: Manage cookies and website data with Safari → Delete, enable and manage cookies with Chrome
Safari: Manage cookies and website data with Safari → Firefox: Delete cookies to remove data that websites have placed on your computer → Firefox: Delete cookies to remove data that websites have placed on your computer
Firefox: Delete cookies to remove data that websites have placed on your computer → Internet Explorer: Delete and manage cookies → Internet Explorer: Delete and manage cookies.
Internet Explorer: Delete and manage cookies → Microsoft Edge: Delete and manage cookies → Internet Explorer: Delete and manage cookies → Microsoft Edge: Delete and manage cookies
Microsoft Edge: Deleting and managing cookies →

Through the certification for the American-European data protection agreement "Privacy Shield", the American company Google LLC must comply with the data protection laws applicable in the EU. If you would like to learn more about data protection at Google, we recommend the general data protection declaration of Google: https://policies.google.com/privacy?hl=de.

If you do not wish to participate in the tracking procedure, you can also refuse the setting of a cookie required for this - for example, via a browser setting that generally deactivates the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser so that cookies from the domain"www.googleadservices.com"are blocked. Google's privacy policy on conversion tracking can be found here (https://services.google.com/sitestats/de.html).

1. b) Google Analytics

We use the analysis tracking tool Google Analytics (GA) of the American company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

With the tracking measures used, we want to ensure a needs-based design and the ongoing optimisation of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you. These interests are considered legitimate within the meaning of the GDPR.

For the purpose of demand-oriented design and continuous optimisation of our pages, we use Google Analytics, a web analytics service provided by Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google"). In this context, pseudonymised usage profiles are created and cookies are used. The information generated by the cookie about your use of this website, such as

• Browser type/version,
• Operating system used,
• Referrer URL (the previously visited page),
• Host name of the accessing computer (IP address),
• Time of the server request,

will be transmitted to and stored by Google on servers in the United States. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services associated with the use of the website and the internet for the purposes of market research and demand-oriented design of these internet pages. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymised so that an assignment is not possible (IP masking).

Google Analytics collects data about your actions on our website. For example, when you click on a link, this action is stored in a cookie and sent to Google Analytics. With the help of the reports we receive from Google Analytics, we can better adapt our website and our service to your wishes. In the following, you will mainly find information about what data is stored and how you can prevent this.

Scope of data processing

Google Analytics uses a tracking code to create a random, unique ID that is linked to your browser cookie. This is how Google Analytics recognises you as a new user. The next time you visit our site, you will be recognised as a "returning" user. All collected data is stored together with this user ID. This makes it possible to evaluate pseudonymous user profiles. This website uses a Google Analytics tracking code that has been extended by the operator gat._anonymizeIp(); to enable only anonymised collection of IP addresses (so-called IP masking).

The legal basis for the data processing is your consent in our information banner regarding the use of cookies and web tracking (consent through clear confirming action or behaviour) in accordance with Art. 6 para. 1 lit. a DSGVO.

Purpose of the data processing

On our behalf, Google will use this information for the purpose of evaluating your visit to this website, compiling reports on website activity and providing other services relating to website activity and internet usage to us.

We also need web tracking for security reasons. Web tracking allows us to track whether third parties are attacking our website. The information from the web tracker enables us to take effective countermeasures and protect ourselves from cyber attacks.

Duration of storage

Google has its servers spread all over the world. Most servers are located in America and consequently the data is mostly stored on American servers. Here you can read exactly where Google's data centres are located: https://www.google.com/about/datacenters/inside/locations/?hl=de

Google Analytics has a standard retention period of 26 months. Then the anonymised user data is deleted. However, we have the option to choose the retention period of user data ourselves. Five variants are available to us for this purpose:

• Deletion after 14 months
• Deletion after 26 months
• Deletion after 38 months
• Deletion after 50 months
• No automatic deletion

Once the specified period has expired, the data is deleted once a month. This retention period applies to your data linked to cookies, user recognition and advertising IDs (e.g. DoubleClick domain cookies). Reporting results are based on aggregated data and are stored separately from user data. Aggregated data is a merging of individual data into a larger unit.

Possibilities of objection and deletion

Under European Union data protection law, you have the right to access, update, delete or restrict your data. You can use the browser add-on to disable Google Analytics JavaScript (ga.js, analytics.js, dc.js) to prevent Google Analytics from using your data. You can download and install the browser add-on at https://tools.google.com/dlpage/gaoptout?hl=de. Please note that this add-on only disables the collection of data by Google Analytics.

If you generally want to deactivate, delete or manage cookies (independently of Google Analytics), there are separate instructions for each browser:

Chrome: Delete, enable and manage cookies in Chrome → Safari: Manage cookies and website data with Safari → Delete, enable and manage cookies with Chrome
Safari: Manage cookies and website data with Safari → Firefox: Delete cookies to remove data that websites have placed on your computer → Firefox: Delete cookies to remove data that websites have placed on your computer
Firefox: Delete cookies to remove data that websites have placed on your computer → Internet Explorer: Delete and manage cookies → Internet Explorer: Delete and manage cookies.
Internet Explorer: Delete and manage cookies → Microsoft Edge: Delete and manage cookies → Internet Explorer: Delete and manage cookies → Microsoft Edge: Delete and manage cookies
Microsoft Edge: Deleting and managing cookies →

Google Analytics is an active participant in the EU-U.S. Privacy Shield Framework, which governs the accurate and secure transfer of personal data. You can find more information about this at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&tid=311206356.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).

If you want to learn more about the tracking service, we recommend these two links: http://www.google.com/analytics/terms/de.html and https://support.google.com/analytics/answer/6004245?hl=de.

Our website offers you various functions, during the use of which we collect, process and store personal data. We explain below what happens to this data:

1.) Online booking function (Internet Booking Engine)

Our website contains a booking engine that allows our users to make online bookings at Arthotel ANA . If a user takes advantage of this option, the data entered in the input mask is transmitted to us and to our software partner Sabre Corporation, 3150 Sabre Drive Southlake, TX 76092 USA and stored.

These data are:

• Salutation of the user
• First name and surname of the user
• E-mail address of the user
• Telephone number of the user
• Date of birth of the user
• Booking data of the user
• Postal address of the user
• Country of the user
• Title of the booked guest
• First name and surname of the booked guest
• Further information/messages to the hotel - where indicated
• Payment method of the user
• Credit card data of the user

To facilitate and speed up future booking processes, it is still possible for the user to register online with a profile and to store a personal password. This password will not be transmitted to us.

The legal basis for the processing of the data is Art. 6 para. 1 lit. a DSGVO if the user has given his consent.

Purpose of the data processing

The processing of the personal data from the input mask serves us solely to process the online booking and to handle the stay at the hotel. In the case of an online booking via our website, this also constitutes the necessary legitimate interest in the processing of the data. The other personal data processed during the submission process serve to prevent misuse of the online booking and to ensure the security of our information technology systems.

Furthermore, we have concluded an "order processing agreement" with Sabre Corporation. This is a contract in which Sabre Corporation undertakes to protect the data of our users, to process it on our behalf in accordance with its data protection provisions and, in particular, not to pass it on to third parties. You can view Sabre Corporation's → data protection provisions here.

Duration of storage

The data is stored for the duration of the session and then deleted unless the user completes a booking. In the case of an online booking, all data entered by the user is stored and transmitted to the hotel for the reservation and invoicing.

In general, personal data will be stored by Gorgeous Smiling Hotels GmbH and Sabre Corporation, 3150 Sabre Drive Southlake, TX 76092 USA only for the time necessary to achieve the purposes for which it was collected, or as otherwise provided for by the European Directive and Regulation or other legislator in laws or regulations to which the controller is subject.

If the purpose of storage no longer applies or if a storage period prescribed by the European Directive and Regulation or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

Possibility of objection and deletion

The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he or she can object to the storage of his or her personal data at any time. In such a case, it is not possible to make an online booking via the Arthotel ANA website.

In the event that you wish to object to the processing of your personal data by us, please send an e-mail to info@gsh-hotels.com. All personal data stored in the course of the online booking will be deleted in this case.

2.) Email newsletter and existing customer advertising

Scope of processing and collection of personal data

Our website offers the option of subscribing to a free newsletter. If a user takes advantage of this option, the data entered in the input mask is transmitted to us and to the newsletter company MailChimp and stored. The operator of MailChimp is the company The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA.

With the e-mail newsletter, we will inform you regularly about the offers and services of the hotels and brands belonging to Gorgeous Smiling Hotels GmbH according to the preferences you have indicated.

If you would like to receive the e-mail newsletter, we require a valid e-mail address from you. We use the so-called double-opt-in procedure to register for our newsletter. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within two weeks, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.

As a precaution, we would like to point out that when sending the newsletter, your user behaviour is evaluated in order to optimise the content, service and quality of our services. You have the option of deactivating functions in your e-mail program, with the consequence that the newsletter may not be displayed to you in full or that you may not be able to use all the functions of our offer.

We reserve the right to send our guests offers from our range of services as existing customer advertising by e-mail. Our legitimate interest in advertising to existing customers is to be able to offer our guests individual offers tailored to their target group, which are based on a previous booking (transaction) or the existing customer relationship.

We may process the personal data you provide to us when you make a booking for 12 months after a previous transaction to send you customer mailings. If you do not make a new booking or any other transaction within this period, your personal data will no longer be processed for the purpose of existing customer advertising and will be deleted accordingly, unless you have subscribed to a newsletter or your personal data must continue to be stored due to other regulations.

The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 lit. a DSGVO if the user has given his consent. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG.

Purpose of the data processing

When you become a subscriber to our newsletter via our website, you confirm by email that you are a member of a MailChimp email list. So that MailChimp can also prove that you have subscribed to the "list provider", the date of subscription and your IP address are stored. Furthermore, MailChimp stores your email address, name, physical address and demographic information such as language or location. This information is used to send you emails and to enable us to perform other MailChimp functions, such as newsletter evaluation.

We have concluded a Data Processing Addendum contract with MailChimp. This contract serves to safeguard your personal data and ensures that MailChimp adheres to the applicable data protection regulations and does not pass on your personal data to third parties. You can find more information about this contract at https://mailchimp.com/legal/data-processing-addendum/.

MailChimp is an active participant in the EU-U.S. Privacy Shield Framework, which regulates the correct and secure transfer of personal data. You can find more information about this at https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&tid=311206356. You can find out more about MailChimp's use of cookies at https://mailchimp.com/legal/cookies/ and information about data protection at MailChimp (Privacy) at https://mailchimp.com/legal/privacy/.

Sometimes it may happen that you open our newsletter via a specified link for better display. This is the case, for example, if your email programme does not work or the newsletter is not displayed properly. The newsletter is then displayed via a MailChimp website. MailChimp also uses cookies (small text files that store data on your browser) on its own websites. Personal data may be processed by MailChimp and its partners (e.g. Google Analytics). This data collection is the responsibility of MailChimp and we have no influence on it.

Duration of storage

As MailChimp is an American company, all collected data is also stored on American servers. In principle, the data remains permanently stored on Mailchimp's servers and is only deleted when a request is made by you. You can have your contact deleted by us. This permanently removes all your personal data for us and anonymises you in the Mailchimp reports. However, you can also request MailChimp to delete your data directly. Then all your data will be removed there and we will receive a notification from MailChimp. After we receive the email, we have 30 days to delete your contact from all connected integrations.

Possibility of objection and deletion

As a subscriber to the e-mail newsletter, you can revoke your consent to the processing of your e-mail address for the purpose of sending the e-mail newsletter at any time and thus unsubscribe from the newsletter. You can also object to the use of your e-mail address for the purpose of sending advertising to existing customers at any time. The revocation can be made via the relevant link in each e-mail newsletter or by sending an e-mail with the subject "Unsubscribe" to info@gsh-hotels.com.

3.) Contact form and e-mail contact

Scope of processing and collection of personal data

Our website contains a contact form that can be used for electronic contact. If a user uses this option, the data entered in the input mask is transmitted to us and stored.

These data are:

• Salutation of the user
• First name and surname of the user
• E-mail address of the user
• Telephone number of the user
• Message from the user

For the processing of the data, your consent is obtained during the submission process and reference is made to this privacy policy. Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored. In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.

In the case of unencrypted communication by e-mail, we cannot guarantee complete data security on the transmission path to our IT systems, so we recommend encrypted communication or the postal service for information requiring a high level of confidentiality.

The legal basis for the processing of data is Art. 6 (1) lit. a DSGVO if the user has given his or her consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f DSGVO. If the e-mail contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.

Purpose of the data processing

The processing of the personal data from the input mask serves us solely to process the contact. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.

Possibility of objection and deletion

The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he or she can object to the storage of his or her personal data at any time. In such a case, the conversation cannot be continued. In the event that you wish to object to the processing of your personal data by us, please send an e-mail to info@gsh-hotels.com. All personal data stored in the course of contacting us will be deleted in this case.

4.) Enquiry form and e-mail request for quotation

Scope of processing and collection of personal data

Our website contains a form for requesting quotations, which can be used for electronic quotation requests. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored.

These data are:

• Salutation of the user
• First name and surname of the user
• Company of the user
• E-mail address of the user
• Telephone number of the user
• Period for arrival and departure
• Number of rooms/apartments
• Number of persons
• Message from the user

For the processing of the data, your consent is obtained during the submission process and reference is made to this data protection declaration. Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored. In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the request for quotation.

In the case of unencrypted communication by e-mail, we cannot guarantee complete data security on the transmission path to our IT systems, so we recommend encrypted communication or the postal service for information requiring a high level of confidentiality.

The legal basis for the processing of data is Art. 6 (1) lit. a DSGVO if the user has given his or her consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f DSGVO. If the e-mail contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.

Purpose data processing

The processing of the personal data from the input mask serves us solely to process the offer enquiry. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data. The other personal data processed during the submission process serve to prevent misuse of the enquiry form and to ensure the security of our information technology systems.

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the enquiry form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.

Possibility of objection and deletion

The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he or she can object to the storage of his or her personal data at any time. In such a case, the conversation cannot be continued. In the event that you wish to object to the processing of your personal data by us, please send an e-mail to info@gsh-hotels.com. All personal data stored in the course of the offer request will be deleted in this case.

We use social media plugins on our website, in particular from the social networks Facebook, Instagram and Twitter, in order to raise awareness of our company. The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of the GDPR. The responsibility for data protection-compliant operation is to be ensured by their respective providers. We integrate these plugins using the so-called 2-click method in order to protect visitors to our website as best as possible.

When you visit pages that display these elements, data is transmitted from your browser to the respective social media service and stored there. We have no access to this data.

The following links will take you to the pages of the respective social media services where it is explained how they handle your data: Instagram privacy policy: https://help.instagram.com/519522125107875; for YouTube, the Google privacy policy applies: https://policies.google.com/privacy?hl=de; Facebook privacy policy: https://www.facebook.com/about/privacy; Twitter privacy policy: https://twitter.com/de/privacy.

1.) Facebook

Social media plug-ins from Facebook are used on our website to make their use more interesting and personal. For this purpose, there is the "Like" or "Share" button, which in each case represents an offer from Facebook.

When you call up a page of our website that contains such a plug-in, your browser establishes a direct connection with the Facebook servers. The content of the plug-in is transmitted directly from Facebook to your browser, which then integrates it into the website. By integrating the plug-ins, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not currently logged in to Facebook. This information, including your IP address, is transmitted by your browser directly to a Facebook server in the USA and stored there.

If you are logged in to Facebook, Facebook can directly assign your visit to our website to your Facebook account. When you click the "Like" or "Share" button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends. Facebook may use this information for the purposes of advertising, market research and the needs-based design of Facebook pages. For this purpose, Facebook may create usage, interest and relationship profiles, for example, to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services associated with the use of Facebook.

If you do not want Facebook to assign the data collected via our website to your Facebook account, you must log out of Facebook before visiting our website.

For the purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and setting options for protecting your privacy, please refer to Facebook's privacy policy(https://www.facebook.com/about/privacy/).

2.) Instagram

Our website also uses so-called social plugins from Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). The plugins are marked with an Instagram logo, for example in the form of an "Instagram camera".

When you call up a page of our website that contains such a plugin, your browser establishes a direct connection to the Instagram servers. The content of the plugin is transmitted by Instagram directly to your browser and integrated into the page. Through this integration, Instagram receives the information that your browser has called up the corresponding page of our website, even if you do not have an Instagram profile or are not currently logged in to Instagram.

This information (including your IP address) is transmitted by your browser directly to an Instagram server in the USA and stored there. If you are logged in to Instagram, Instagram can directly assign your visit to our website to your Instagram account. If you interact with the plugins, for example by clicking the "Instagram" button, this information is also transmitted directly to an Instagram server and stored there. The information is also published on your Instagram account and displayed to your contacts there.

If you do not want Instagram to directly assign the data collected via our website to your Instagram account, you must log out of Instagram before visiting our website. For more information, please see the Instagram privacy policy (https://help.instagram.com/155833707900388).

3.) Twitter

Our website contains plug-ins of the short message network of Twitter Inc. (Twitter) are integrated. You can recognise the Twitter plug-ins (tweet button) by the Twitter logo on our site. You can find an overview of tweet buttons here (https://about.twitter.com/resources/buttons).

When you visit a page of our website that contains such a plug-in, a direct connection is established between your browser and the Twitter server. Twitter thereby receives the information that you have visited our site with your IP address. If you click the Twitter "tweet button" while you are logged into your Twitter account, you can link the content of our pages on your Twitter profile. This enables Twitter to associate your visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Twitter.

If you do not want Twitter to be able to associate your visit to our pages, please log out of your Twitter user account. You can find more information on this in Twitter's privacy policy (https://twitter.com/privacy).

VII. INTEGRATION OF EXTERNAL WEB SERVICES AND DATA PROCESSING OUTSIDE THE EU

On our website, we use active content from external providers, so-called web services. By calling up our website, these external providers may receive personal information about your visit to our website. This may involve the processing of data outside the EU. You can prevent this by installing an appropriate browser plug-in or deactivating the execution of scripts in your browser. This may result in functional restrictions on our website.

We use the following external web services:

• Google Maps
• Google reCAPTCHA
• Google Tag Manager
• Google Ads
• Microsoft Advertising
• Web Fonts from Adobe Typekit
• Cookiebot
• WordPress

1.) Google Maps

We use Google Maps from Google Inc. on our website. The company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services for the European region. By integrating Google Maps, we can provide you with relevant information about your hotel stay, such as restaurants, shops or places of interest nearby. In addition, you can see at a glance where our hotels are located. By using Google Maps, data is transmitted to Google and stored on Google servers. Here we would like to go into more detail about which data is stored and how you can prevent this.

Duration of storage

Since we have integrated Google Maps into our website, Google sets at least one cookie (name: NID) in your browser. The information generated by the cookie about your use of this function is usually transmitted to a Google server in the USA and stored there. This cookie stores data about your user behaviour. Google uses this data primarily to optimise its own services and to provide you with individual, personalised advertising.

Note: We cannot guarantee the completeness of the stored data. Especially when using cookies, changes can never be ruled out. Google stores some data for a fixed period of time. For other data, Google only offers the option of deleting it manually. Furthermore, the company also anonymises information (such as advertising data) in server logs by deleting part of the IP address and cookie information after 9 or 18 months.

Possibilities of objection and deletion

With the automatic deletion of location and activity data introduced in 2019, location and web/app activity information will be stored for either 3 or 18 months - depending on your decision - and then deleted. In addition, you can also manually delete this data from your history at any time via your Google Account. If you want to completely prevent your location tracking, you must pause the "Web and App Activity" section in the Google Account. Click "Data and personalisation" and then on the "Activity setting" option. Here you can switch the activities on or off.

You can also deactivate, delete or manage individual cookies in your browser. Depending on which browser you use, this always works slightly differently. The following instructions show how to manage cookies in your browser:

Chrome: Delete, enable and manage cookies in Chrome → Safari: Manage cookies and website data with Safari → Delete, enable and manage cookies with Chrome
Safari: Manage cookies and website data with Safari → Firefox: Delete cookies to remove data that websites have placed on your computer → Firefox: Delete cookies to remove data that websites have placed on your computer
Firefox: Delete cookies to remove data that websites have placed on your computer → Internet Explorer: Delete and manage cookies → Internet Explorer: Delete and manage cookies.
Internet Explorer: Delete and manage cookies → Microsoft Edge: Delete and manage cookies → Internet Explorer: Delete and manage cookies → Microsoft Edge: Delete and manage cookies
Microsoft Edge: Deleting and managing cookies →

Google is an active participant in the EU-U.S. Privacy Shield Framework, which governs the accurate and secure transfer of personal data. You can find more information about this at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI. If you would like to learn more about Google's data processing, we recommend that you read the company's own privacy policy at https://policies.google.com/privacy?hl=de.

2.) Google reCAPTCHA

Our primary goal is to secure and protect our website for you and for us in the best possible way. To ensure this, we use Google reCAPTCHA from the company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. reCAPTCHA is a free captcha service from Google that protects websites from spam software and abuse by non-human visitors. This service is used on our website when you use a contact or enquiry form or sign up to our email newsletter.

Duration of storage

reCAPTCHA collects personal data from users in order to determine whether the actions on our website actually originate from people. The IP address and other data required by Google for the reCAPTCHA service may therefore be sent to Google. IP addresses are almost always shortened beforehand within the member states of the EU or other contracting states to the Agreement on the European Economic Area before the data ends up on a server in the USA. The IP address is not combined with other data from Google unless you are logged in with your Google account while using reCAPTCHA. First, the reCAPTCHA algorithm checks whether Google cookies from other Google services (YouTube. Gmail, etc.) are already placed on your browser. Then, reCAPTCHA sets an additional cookie in your browser and captures a snapshot of your browser window.

Note: Google does not clearly state where exactly and for how long this data is stored.

Possibilities of objection and deletion

If you would like to ensure that no data about you and your behaviour is transmitted to Google, you must log out of Google completely and delete all Google cookies before filling out one of our forms on the website or using the reCAPTCHA software. In principle, the data is automatically transmitted to Google as soon as you call up our site. To delete this data again, you must contact Google support at https://support.google.com/?hl=de&tid=311206356. Therefore, by using our website, you consent to the automatic collection, processing and use of data by Google LLC and its agents.

You can find out more about reCAPTCHA on Google's web developer page at https://developers.google.com/recaptcha/. Google does go into more detail here about the technical development of reCAPTCHA, but you will search in vain for precise information about data storage and privacy-related topics there as well. A good overview of Google's basic use of data can be found in the company's own privacy policy at https://www.google.com/intl/de/policies/privacy/.

3.) Google Tag Manager

For our website, we use the Google Tag Manager of the company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. The Google Tag Manager allows us to centrally integrate and manage code sections of various tracking tools that we use on our website. The Tag Manager itself is a domain that does not set any cookies or store any data. It acts as a mere "manager" of the implemented tags. The data is collected by the individual tags of the various web analysis tools. The data is virtually passed through to the individual tracking tools in the Google Tag Manager and is not stored.

An exception to this is Google Analytics and Google Ads, which uses cookies to collect, store and process various data about your web behaviour. Please read our data protection text on Google Analytics and Google Ads on this page.

Duration of storage

When Google stores data, this data is stored on Google's own servers. The servers are distributed all over the world. Most of them are located in America. You can find out exactly where the Google servers are located at https://www.google.com/about/datacenters/inside/locations/?hl=de. You can find out how long the individual tracking tools store data from you in our individual data protection texts for Google Analytics and Google Ads.

Possibilities of objection and deletion

The Google Tag Manager itself does not set cookies, but manages tags from various tracking websites. In our data protection texts on the individual tracking tools, you will find detailed information on how you can delete or manage your data.

Google is an active participant in the EU-U.S. Privacy Shield Framework, which regulates the correct and secure transfer of personal data. You can find more information about this at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&tid=311206356. If you want to learn more about the Google Tag Manager, we recommend the FAQs at https://www.google.com/intl/de/tagmanager/faq.html.

4.) Microsoft Advertising

For our online marketing activities, we also use the Microsoft Advertising programme of Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA) to promote our services. Microsoft Advertising allows us to promote our services to the people who are really interested in them. We want to present our hotels not only on the famous search engine Google, but also on Bing and Yahoo! With Microsoft Advertising we also have the possibility to place ads in the so-called "Microsoft Audience Network". For example, we can also place ads in LinkedIn. Through conversion tracking, we learn, for example, through which ad you found us, which subpages you particularly like and which actions you perform on our website. This data enables us to adapt our website, our advertisements and our offers much better to your needs.

Duration of storage

We have integrated a conversion tracking tag (i.e. a small code snippet) from Microsoft Advertising into our website. This is the so-called Universal Event Tracking (UET) tag. If you come to our website via a Microsoft advertisement, we can use this tracking tool to find out more about your user behaviour on our website. For example, we learn which keyword or ad you used to come to our site, what you click on on our site, how many people visit our site through Microsoft Ads, and how long you stay on our site. All this data relates to user behaviour and not personal data. We therefore only receive data or evaluations on your web behaviour, but no personal information.

At this point we would like to point out that we have no influence on how Microsoft uses the collected data. Microsoft operates its own servers worldwide. Most of them are located in the United States and therefore your data may also be stored, managed and processed on American servers. Microsoft will retain personal data for as long as is necessary to provide its services or products or for legal purposes. Microsoft also mentions that the actual retention period varies greatly and depends on the product in question. For searches via Bing, Microsoft deletes your stored searches after 6 months by deleting your IP address. Cookie IDs, which are generated via the cookie MUID, for example, are made unrecognisable after 18 months.

Possibilities of objection and deletion

You always have the option not to participate in the conversion tracking of Microsoft Ads. If you do not want to be shown interest-based advertisements from Microsoft Advertising, you can switch off this function via https://account.microsoft.com/privacy/ad-settings/signedout. You can also disable, manage or delete all cookies in your browser. This works a little differently in each browser. You can find the instructions for the most common browsers here:

Chrome: Delete, enable and manage cookies in Chrome → Safari: Manage cookies and website data with Safari → Delete, enable and manage cookies with Chrome
Safari: Manage cookies and website data with Safari → Firefox: Delete cookies to remove data that websites have placed on your computer → Firefox: Delete cookies to remove data that websites have placed on your computer
Firefox: Delete cookies to remove data that websites have placed on your computer → Internet Explorer: Delete and manage cookies → Internet Explorer: Delete and manage cookies.
Internet Explorer: Delete and manage cookies → Microsoft Edge: Delete and manage cookies → Internet Explorer: Delete and manage cookies → Microsoft Edge: Delete and manage cookies
Microsoft Edge: Deleting and managing cookies →

For more information, we also recommend that you read Microsoft's privacy policy at https://privacy.microsoft.com/de-de/privacystatement.

5.) Web Fonts from Adobe Typekit

For our website we use web fonts from Adobe Typekit. These are the "Adobe fonts of the company Adobe Inc. For the European area, the company Adobe Systems Software Ireland Limited (4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland) is responsible for all Adobe services. This site uses so-called web fonts, which are provided by Adobe Typekit, for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to Adobe Typekit's servers. This enables Adobe Typekit to know that our website has been accessed via your IP address. Adobe Typekit Web Fonts are used in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO.

If your browser does not support web fonts, a default font is used by your computer. For more information about Adobe Typekit Web Fonts, please visit https://typekit.com/ and read the Adobe Typekit privacy policy: https://www.adobe.com/de/privacy/policies/typekit.html

6.) Cookiebot

We use functions of the provider Cookiebot on our website. The company behind Cookiebot is Cybot A/S, Havnegade 39, 1058 Copenhagen, DK. The software automatically creates a DSGVO-compliant cookie notice for visitors to our website. In addition, the technology behind Cookiebot scans, monitors and evaluates all cookies and tracking measures on our website. We want to show you what is going on on our website and what data is stored from you. Cookiebot helps us to get a good overview of all our cookies (first-party and third-party cookies). This way we can inform you about the use of cookies on our website in an accurate and transparent way. You always get an up-to-date and data protection-compliant cookie notice and decide for yourself which cookies you allow and which you do not.

Scope of data processing

In order for you to be able to set your desired privacy settings for visiting our website as individually as possible, we give you the opportunity below to set your preferences with regard to the categories necessary, preferences, statistics and marketing for you.

1. aa) Necessary functions: These cookies contribute significantly to improving your movement and booking experience on our website. Basic functionalities and applications such as shopping baskets or electronic billing procedures are thereby optimised and their handling facilitated. These cookies do not collect information about you that can be used for marketing campaigns or statistical analysis. These cookies are necessary for the use of the website.

1. bb) Preferences: We use these cookies to make it easier for you to use the site. For example, based on a previous hotel search, you can conveniently access it when you visit our website again.

1. cc) Statistical analysis: In order to further improve our offer and our website, we collect anonymised data for statistics and analyses. With the help of these cookies, we can, for example, determine the number of visitors and the effect of certain pages of our website and optimise our content.

1. dd) Marketing: Certain functions of websites and apps are used to display personalised advertising (ads or commercials) to users in other contexts, for example on other websites, platforms or apps. For this purpose, conclusions about the interests of users are drawn from demographic information, search terms used, contextual content, user behaviour on websites and in apps or from the location of users. Based on these interests, advertising materials will be selected and displayed on other online content providers in the future.

In general, in the case of cookies that are collected on the basis of a legitimate interest, our legitimate interest is to ensure the functionality of our website and the services integrated on it. The legal basis for this is Art. 6 para. 1 lit. f DSGVO (legitimate interest). In addition, it may be that the cookies increase their user-friendliness and enable a more individualised approach. With the help of cookie technology, we can only identify, analyse and track individual website visitors if the website visitor has consented to the use of the cookie in accordance with Art. 6 para. 1 lit. a DSGVO.

Purpose of the data processing

The cookies are set by our website or the external web services to maintain the full functionality of our website, to improve the user experience or to pursue the purpose stated with your consent.

Duration of storage

The cookies are stored in your browser until they are deleted or, in the case of a session cookie, until the session has expired. You can see an overview of the cookies used and their duration in our cookie consent tool "Cookiebot". All data collected is transmitted, stored and forwarded exclusively within the European Union. The data is stored in an Azure data centre (cloud provider is Microsoft). You can find out more about all "Azure regions" at https://azure.microsoft.com/de-de/global-infrastructure/regions/.

Possibilities of objection and deletion

You have the right to access and also delete your personal data at any time. You can prevent data collection and storage, for example, by rejecting the use of cookies via the cookie notice. Your browser offers another possibility to prevent data processing or to manage it according to your wishes. Depending on the browser, cookie management works slightly differently. Here you will find the instructions for the currently most popular browsers:

Chrome: Delete, enable and manage cookies in Chrome → Safari: Manage cookies and website data with Safari → Delete, enable and manage cookies with Chrome
Safari: Manage cookies and website data with Safari → Firefox: Delete cookies to remove data that websites have placed on your computer → Firefox: Delete cookies to remove data that websites have placed on your computer
Firefox: Delete cookies to remove data that websites have placed on your computer → Internet Explorer: Delete and manage cookies → Internet Explorer: Delete and manage cookies.
Internet Explorer: Delete and manage cookies → Microsoft Edge: Delete and manage cookies → Internet Explorer: Delete and manage cookies → Microsoft Edge: Delete and manage cookies
Microsoft Edge: Deleting and managing cookies →

If you would like to learn more about the privacy policy of "Cookiebot" or the company behind it, Cybot, we recommend that you read through the privacy policy at https://www.cookiebot.com/de/privacy-policy/.

7.) WordPress

A web service of the company Automattic Inc., 60 29th Street #343, CA 94110 San Francisco, United States of America (hereinafter: WordPress) is reloaded on our website. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to WordPress. The legal basis for the data processing is Art. 6 para. 1 lit. f DSGVO. The legitimate interest consists in the error-free functioning of the website. Automattic Inc. has self-certified under the EU-US Privacy Shield Agreement (see https://www.privacyshield.gov/list).

Here you can find the link to the EU adequacy decision regarding the EU-US Privacy Shield:
http://data.europa.eu/eli/dec_impl/2016/1250/oj. The deletion of the data takes place as soon as the purpose of its collection has been fulfilled.

You can find more information on the handling of the transmitted data in the WordPress privacy policy: https://automattic.com/privacy/. You can prevent the collection and processing of your data by WordPress by deactivating the execution of script code in your browser or installing a script blocker.

To prevent unauthorised access by third parties to your personal data, in particular financial data, the ordering process is encrypted using SSL or TLS technology:

1. a) SSL procedure

We use the widespread SSL procedure (Secure Socket Layer) in connection with the highest encryption level supported by your browser when visiting the website. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether a single page of our website is encrypted by the closed display of the key or lock symbol in the lower status bar of your browser.

1. b) TLS encryption with https

We use https to transmit data tap-proof on the internet (data protection by design of technology Article 25(1) DSGVO). By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data. You can recognise the use of this data transmission protection by the small lock symbol at the top left of the browser and the use of the https scheme (instead of http) as part of our internet address.

If the SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

We also use appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

In the following, we would like to inform you about the way in which personal data is processed and collected in the context of cash or contactless payment transactions.

1.) Payment methods

Payment by card

Please indicate whether you would like to pay by credit card or debit card. The accepted cards are in particular American Express, Visa, MasterCard. If you use a prepaid or disposable card, please remember to keep it after the purchase as this could be useful for any credit. We guarantee that every purchase is made in complete security. Payment details are collected using the most advanced technological coding system. We use a server that has been certified by Verisign to ensure maximum protection and security.

Payment by bank transfer

Please select "Bank transfer" as the method of payment. The total amount is to be transferred to the account of our company. As soon as your order is completed, you will receive the details of the current account to which the transfer is to be made.

Payment via PayPal

You can also pay with your PayPal account.

2.) Data protection information

1. (a) the nature of the personal data

Personal data that we may collect in the context of cashless payment transactions are all information by which natural persons can be identified or personal data that arise in connection with a payment transaction, in particular account number, card number and its validity or expiry date, card verification number, credit card operator, date and total amount of the transaction, as well as, where applicable, further information in connection with financial institutions or processors if and to the extent that they act on behalf of such institutions; furthermore, information that arises in connection with the use of credit cards or debit cards or EC cards or also other payment methods, in particular mobile phones, mobile apps or also PayPal. Furthermore, information that is collected in the context of the use of credit cards, debit cards, EC cards or other payment methods, in particular mobile phones, mobile apps or PayPal accounts, as well as comparable data that is collected by means of automated processes, for example in the form of cookies or similar technical tools; furthermore, service- or product-related information, in particular payment data as well as programme-specific data that is generated when requesting or purchasing products or services or participating in marketing programmes.

In the course of providing our services and processing payment transactions, we may receive information about personal data; we may also receive or collect information about you from your financial institutions or other business partners in order to carry out the processing operations required to process your payment. We process your personal data to process payment transactions. In doing so, we act on behalf of and in accordance with the instructions of the relevant responsible financial institutions or other business partners, from whom you can obtain further information on the processing of your personal data.

1. b) Use of the personal data

Your personal data is used in particular to carry out your payment transactions, to protect or prevent payment fraud and personal data, security risks, to provide personalised services, to provide or improve our products and services, and for marketing activities. In case of use for other purposes, we will inform you separately at the time of collection.

We will also use your personal data to the extent necessary to comply with legal, regulatory or contractual obligations, in particular to provide you with our products and services or to respond to your enquiries. We may also use your personal data to protect legitimate and overriding interests, i.e. to ensure and improve the performance of our products and services.

If you provide us with data relating to another person, it is your responsibility to ensure that the disclosure to us and further use by us is in compliance with data protection law, i.e., for example, to inform the data subject about the processing of his or her personal data and to obtain any consent that may be required.

1. c) Disclosure of personal data

Your personal data will be shared with financial institutions or payment card issuing organisations solely for the purpose of processing your payment transactions. It is possible that your personal data may be shared for fraud prevention and monitoring purposes and to ensure the security of transactions. It is also possible that your personal data may be shared with third parties whose functionalities you use in connection with our products and services, including social networks. Your personal information may be disclosed to other third parties only if you have given us your consent to do so, or if required to do so by applicable law or legal process, or if disclosure is necessary to protect an individual's vital interests, to enforce our Terms and Conditions, to protect our business from harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or unlawful activity. Finally, disclosure may occur if we sell or transfer all or part of our business or assets, in which case we will act reasonably to instruct the acquirer to use the personal information you provide to us in a privacy compliant manner. Following a sale or transfer, you may make enquiries about the processing of your personal data to the company to which we have transferred your personal data in that context.

1. d) Protection of personal data

Particularly in the context of international data transfer or cashless payment transactions, your personal data may be transferred to the United States of America or other countries that may not have comparable data protection laws. We take appropriate security precautions to protect your personal data and only store or delete it in accordance with legal requirements. We take organisational, technical and physical precautions to protect your personal data from loss, destruction, alteration, access, disclosure or use, including, but not limited to, the technical security of data transmission through encryption.

Within the scope of our products and services, there are connections to third parties that operate independently of us, in particular social media and third-party websites. We assume no responsibility for their activities, content, use or compliance with applicable data protection regulations. Our websites may also contain non-binding or informational links to other websites; these are operated independently of our company and are themselves obliged to comply with data protection laws. We are not liable for the content, use or data protection practices of these social media tools or third-party websites and apps.

Up-to-dateness and amendment of this privacy policy

Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time on the website at https://www.

I/we have taken note of the above information on the GDPR and agree to the recording, collection and processing of personal data accordingly.

Link/ Opt-In Clause