Privacy Policy
General notice and mandatory information
Designation of the responsible body
The responsible body for data processing on this website is:
Spa & Golf Resort Weimarer Land Betriebsgesellschaft mbH
Lindenallee 1
99444 Blankenhain, Germany
Phone +49 (0) 36459 6164-0
Fax +49 (0) 36459 6164-4009
E-mail info (at) spahotel-weimar.de
The responsible body decides alone or jointly with others on the purposes and means of the processing of personal data (e.g. names, contact details or similar).
Server log files
In server log files, the provider of the website (domainfactory GmbH, Oskar-Messter-Str. 33, 85737 Ismaning, Germany) automatically collects and stores information that your browser automatically transmits to us. These are:
- name of the accessed website
- file, date and time of the retrieval
- amount of data transferred
- message about successful retrieval
- browser type and browser version
- the user's operating system
- referrer URL (the previously visited page)
- your IP address
There is no merging of this data with other data sources. The data processing is based on Art. 6 (1) lit. b DSGVO, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content that you send to us as site operator, our website uses SSL or TLS encryption. This means that data you transmit via this website cannot be read by third parties. You can recognize an encrypted connection by the "https://" address line of your browser and the lock symbol in the browser line.
E-mail communication
E-mail communication takes place via an open network that is accessible to anyone and crosses borders. It is not encrypted. It can therefore not be ruled out that data sent in this way can be viewed by third parties and thus the contact with us can be traced.
Inquiry form
Data transmitted via inquiry form, including your contact data, will be stored in order to process your inquiry or to be available for follow-up questions. This data will not be passed on without your consent.
The processing of the data entered in the inquiry form is based exclusively on your consent (Art. 6 para. 1 lit. a DSGVO). A revocation of your already given consent is possible at any time. For the revocation, an informal communication by e-mail to info (at) spahotel-weimar.de is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
Data transmitted via the inquiry form will remain with us until you request us to delete it, revoke your consent to store it, or there is no longer any need to store the data. Mandatory legal provisions - in particular retention periods - remain unaffected.
Newsletter data
To send our newsletter, we need an e-mail address from you. Additional data is not collected or is voluntary. The data is used exclusively for sending the newsletter.
The data provided during the newsletter registration will be processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a DSGVO). A revocation of your already given consent is possible at any time. For the revocation, an informal message by e-mail to marketing (at) spahotel-weimar.de is sufficient, or use the unsubscribe newsletter function. The legality of the data processing operations already carried out remains unaffected by the revocation.
Data entered to set up the subscription will be deleted in the event of unsubscription. If this data has been transmitted to us for other purposes and elsewhere, it will remain with us.
Secure reservations
When you choose to make an online reservation on our website, you will be connected to a booking system provided by our partner Bookassist. The provider of the booking system is Automatic Netware Limited, acting as Bookassist, 1st Floor South Block, Rockfield Central, Dublin D16 R6V0, Ireland. All information is transmitted securely using SSL or TLS encryption and is protected against disclosure to third parties. Bookassist is certified according to PCI DSS (Payment Card Industry Data Security Standards). The use of the services of Bookassist is based on Art. 6 para. 1 lit. f DSGVO.
You can read the security, cookie and privacy policy, as well as revocation notices of Bookassist here: https://www.bookassist.com/global/security.jsp
Use of PC CADDIE://online services
To enable you to register for tournaments online, we use the services of PC CADDIE. These services are provided by "PC CADDIE://online GmbH & Co. KG", Stubber Weg 39, 23847 Pölitz, Germany. If you call up an Internet page of our Internet presence, with an embedded tournament calendar, tournament registration, tournament start lists, tournament results, start time reservation or score cards, a connection is established to servers of PC CADDIE in order to display the corresponding element. For technical reasons, data from your browser is transferred to PC CADDIE. If you are logged in as a member to use further functions such as tournament registrations, start time reservations, etc., the data necessary for processing your tournament registration/reservation/etc. will be transmitted via a secure connection to PC CADDIE as technical service provider. A transfer of data to other third parties does not take place.
PC CADDIE uses so-called cookies to store your login status. If you have deactivated the saving of cookies in your Internet browser, this may lead to a restriction of the functions and user-friendliness of PC CADDIE. Further information about cookies can be found in the section "Cookies" of this privacy policy.
Further information on data processing and data protection by PC CADDIE can be found at https://www.pccaddie.net/clubs/0491627/app.php?cat=policy&lang=en
Integration of TrustYou
On this website, functions of the service TrustYou are integrated. The provider of these functions is TrustYou GmbH, Steinerstraße 15, 81369 Munich, Germany. TrustYou collects and analyzes guest reviews, questionnaires and social media posts. Your reviews are the ideal and most efficient way for us to improve our service.
The data processing is based on Art. 6 (1) lit. f DSGVO. Reviews that you voluntarily provide to TrustYou are received, stored and processed there.
Further information on this can be found in the TrustYou privacy policy. https://www.trustyou.com/downloads/privacy-policy.pdf
Use of the Issuu platform
On our website, we use the services of the electronic publishing platform Issuu. The provider of the platform is Issuu Inc, 131 Lytton Ave, Palo Alto, CA 94301, USA. Issuu Inc. may set cookies and transfer browser data to Issuu Inc. in the USA.
Issuu is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO.
Information on the data protection provisions of Issuu Inc. can be viewed at the following link: https://issuu.com/legal/privacy
YouTube
For integration and display of video content, our website uses plugins from YouTube. The provider of the video portal is YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.
When a page with an integrated YouTube plugin is called up, a connection to the YouTube servers is established. YouTube thereby learns which of our pages you have accessed. YouTube can assign your surfing behavior directly to your personal profile if you are logged into your YouTube account. By logging out beforehand, you have the option to prevent this.
YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.
Details on the handling of user data can be found in YouTube's privacy policy at: https://policies.google.com/privacy?hl=en&gl=en.
Online payments
If you make an online payment, the secure payment processing takes place via a paylink of the payment provider Concardis GmbH, Helfmann-Park 7, 65760 Eschborn, Germany.
The credit card data required for this purpose (card number, validity and verification number) are recorded and processed in encrypted form exclusively by the payment provider and not by the responsible party, are not forwarded and cannot be viewed by the hotel. Concardis GmbH is certified according to PCI DSS (Payment Card Industry Data Security Standards). The use of the payment provider is based on Art. 6 para. 1 lit. f DSGVO.
The security, cookie and privacy policy, as well as revocation information of Concardis can be read here https://www.concardis.com/de-en/protecting-your-data.
CCM19
Our website uses CCM19 to obtain your consent to store certain cookies on your device or to use certain technologies and to document this in accordance with data protection regulations. The provider of this technology is Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn (hereinafter “CCM19”).
When you enter our website, a connection will be established to CCM19's servers to obtain your consent and other declarations regarding the use of cookies. CCM19 then stores a cookie in your browser in order to be able to assign you the consent given or its revocation. The data collected in this way will be stored until you request us to delete it, delete the CCM19 cookie yourself or the purpose for storing the data no longer applies. Mandatory legal retention obligations remain unaffected. CCM19 is used to obtain the legally required consent for the use of cookies. The legal basis for this is Article 6 Paragraph 1 Sentence 1 Letter c GDPR.
Order processing
We have concluded an order processing contract (AVV) for the use of the above-mentioned service. This is a contract required by data protection law that ensures that we only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
Revocation of your consent to data processing
Some data processing operations are only possible with your express consent. A revocation of your already given consent is possible at any time. For the revocation, an informal communication by e-mail to info (at) spahotel-weimar.de is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to third parties. The data will be provided in a machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done insofar as it is technically feasible.
Right to complain to the competent supervisory authority
As a data subject, you have the right to complain to the competent supervisory authority in the event of a data protection violation. The competent supervisory authority regarding data protection issues is the State Data Protection Commissioner of Thuringia.
The following link refers to its contact details: https://www.tlfdi.de (German)
Changes to our privacy policy
We reserve the right to adapt this data protection statement so that it always complies with the current legal requirements or to implement changes to our services in the data protection statement, e.g. when introducing new services. The new data protection statement will then apply to your next visit.
Questions to the data protection officer
If you have any questions about data protection, please email us at info (at) spahotel-weimar.de or contact the person responsible for data protection in our organization directly. The contact details of our data protection officer can be found in our imprint.
State: 22.06.2018