Privacy Policy | Parkhotel Quellenhof Aachen

We are pleased that you are visiting our website and thank you for your interest in our company. The protection of personal data is of great importance to us. In general, you can use our website without providing any personal data. However, if a user wishes to utilize specific services offered by the company through this website, the processing of personal data may be necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.

You may withdraw your consent at any time, effective for the future. The contact information for the data controllers required for this purpose can be found at the end of this Privacy Policy.

The processing of personal data (name, address, email address, or phone number) of users of this website is always carried out in accordance with the General Data Protection Regulation and applicable national data protection laws.
In this privacy policy, DI Parkhotel Quellenhof Aachen Nr. 33 GmbH & Co. KG publicly discloses the nature, purpose, and scope of the personal data it processes. Furthermore, this privacy policy informs data subjects of their rights.

This Privacy Policy uses the following terms, which were defined when the EU General Data Protection Regulation was adopted. To keep this Privacy Policy simple and easy to understand, these terms are explained here.

Personal data – as defined in Article 4(1) of the GDPR:

Any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”). A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Data subject

Any identified or identifiable natural person whose personal data is processed by the controller.

Processing – as defined in Article 4(2) of the GDPR:

Any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or any other form of disclosure, the alignment or combination, restriction, erasure, or destruction.

Restriction of processing

The marking of stored personal data for the purpose of restricting its future processing.

Profiling – as defined in Article 4(4) of the GDPR:

Any form of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

Pseudonymization

The processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures that ensure the personal data is not attributed to an identified or identifiable natural person.

The controller, pursuant to Article 4(7) of the GDPR, is:

The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law.

Recipient

A natural or legal person, public authority, agency, or other body to whom personal data is disclosed, regardless of whether or not that entity is a third party. However, public authorities that may receive personal data in the course of a specific investigative mandate under Union law or the law of the Member States are not considered recipients.

Third

A natural or legal person, public authority, agency, or other body other than the data subject, the controller, the processor, and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.
We will only disclose personal data to third parties after entering into appropriate data processing agreements.

Data processor – as defined in Article 4(8) of the GDPR:

A natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.

Consent – as defined in Article 4(11) of the GDPR:

Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, expressed in the form of a statement or other clear affirmative action, by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.

Name and address of the data controller:

DI Parkhotel Quellenhof Aachen No. 33 GmbH & Co. KG
Kölnstrasse 91
52351 Düren
Email: info@parkhotel-quellenhof.de
Website: www.parkhotel-quellenhof.de

Registration on our website

The data subject has the option to register on the controller’s website by providing personal data. The specific personal data transmitted to the controller in this process is determined by the respective input form used for registration. The personal data entered by the data subject is collected and stored exclusively for internal use by the controller and for its own purposes. The controller may arrange for the transfer of such data to one or more processors, such as a mailing service provider, who will also use the personal data exclusively for internal purposes attributable to the controller.
Furthermore, when registering on the controller’s website, the IP address assigned by the data subject’s Internet Service Provider (ISP), as well as the date and time of registration, are stored. This data is stored because it is the only way to prevent misuse of our services, and this data enables the investigation of criminal offenses if necessary. In this respect, the storage of this data is necessary to protect the controller. This data is generally not disclosed to third parties unless there is a legal obligation to do so or the disclosure serves the purpose of criminal prosecution.
The registration of the data subject, involving the voluntary provision of personal data, enables the controller to offer the data subject content or services that, by their very nature, can only be provided to registered users. Registered individuals are free to modify the personal data provided during registration at any time or to have it completely deleted from the controller’s database. Upon request, the controller will provide any data subject with information at any time regarding which personal data concerning the data subject is stored. Furthermore, the controller will correct or delete personal data at the request or upon notification by the data subject, provided that no legal retention obligations preclude this. All employees of the controller are available to the data subject as contact persons in this regard.

Subscribe to our newsletter

Our website offers users the opportunity to subscribe to our hotel’s newsletter. The personal data transmitted to the controller when subscribing to the newsletter is determined by the form used for this purpose. The Parkhotel Quellenhof regularly informs its customers and business partners about the company’s offers via a newsletter. In principle, the data subject can only receive our company’s newsletter if (1) the data subject has a valid email address and (2) the data subject registers to receive the newsletter. For legal reasons, a confirmation email is sent to the email address provided by the data subject when first registering for the newsletter using the double opt-in procedure. This confirmation email serves to verify whether the owner of the email address, as the data subject, has authorized the receipt of the newsletter.
When registering for the newsletter, we also store the IP address assigned by the Internet Service Provider (ISP) to the computer system used by the data subject at the time of registration, as well as the date and time of registration. The collection of this data is necessary to be able to trace the (possible) misuse of a data subject’s email address at a later date and therefore serves to provide legal protection for the controller.
The personal data collected in connection with a newsletter subscription is used exclusively for sending our newsletter. Furthermore, newsletter subscribers may be informed by email if this is necessary for the operation of the newsletter service or a related registration, as might be the case with changes to the newsletter offering or alterations to the technical conditions. The personal data collected as part of the newsletter service is not disclosed to third parties. The data subject may cancel their subscription to our newsletter at any time. Consent to the storage of personal data provided by the data subject for the purpose of sending the newsletter may be revoked at any time. A link for revoking consent is included in every newsletter. Furthermore, it is possible to unsubscribe from the newsletter at any time directly on the controller’s website or to notify the controller of this in another manner.

Newsletter Tracking

The newsletters from Parkhotel Quellenhof contain so-called web beacons. A web beacon is a tiny graphic embedded in emails sent in HTML format to enable log file recording and analysis. This allows for a statistical evaluation of the success or failure of online marketing campaigns. Using the embedded web beacon, Parkhotel Quellenhof can determine whether and when an email was opened by a data subject and which links contained in the email were clicked by the data subject. Such personal data collected via the tracking pixels contained in the newsletters is stored and analyzed by the controller to optimize newsletter distribution and to tailor the content of future newsletters even better to the interests of the data subject. This personal data is not disclosed to third parties. Data subjects are entitled at any time to revoke the separate declaration of consent provided via the double opt-in procedure. Following revocation, this personal data will be deleted by the controller. The controller automatically interprets unsubscribing from the newsletter as a revocation.

Inquiries via email, phone, or fax
If you contact us via email, phone, or fax, your inquiry, including all personal data contained therein (name, inquiry), will be stored and processed by us for the purpose of handling your request. We will not disclose this data without your consent.
The processing of this data is based on Article 6(1)(b) of the GDPR, provided that your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of inquiries directed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if such consent was requested.
The data you send to us via contact requests will remain with us until you request its deletion, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions—in particular statutory retention periods—remain unaffected.

Data Transfer via Forms
The data subject has the option of registering on the website of the controller by providing personal data for data transmission via forms. The personal data transmitted to the controller in this process is determined by the respective input form used for the entries. The personal data entered by the data subject is collected and stored exclusively for internal use by the data controller and for its own purposes. Data transmission via forms is always encrypted.
The data controller may arrange for the transfer of data to one or more processors (such as a parcel delivery service), who will also use the personal data exclusively for internal purposes attributable to the data controller.
Furthermore, when data is transmitted via the controller’s website, the IP address assigned by the data subject’s Internet Service Provider (ISP), as well as the date and time of the transmission, are stored. This data is stored because it is the only way to prevent misuse of the services offered, and this data enables the investigation of criminal offenses and copyright infringements if necessary. In this respect, the storage of this data is necessary to protect the data controller. This data is generally not disclosed to third parties unless there is a legal obligation to do so or the disclosure serves the purpose of criminal or legal prosecution.
The data subject’s entries, made through the voluntary provision of personal data, enable the data controller to offer the data subject content or services that, by their very nature, can only be offered to these users.
The processing of this data is based on Art. 6(1)(b) GDPR, provided that your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of inquiries directed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if such consent was requested.
The data you send to us via contact requests will remain with us until you request its deletion, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions—in particular statutory retention periods—remain unaffected.

Web hosting

Amazon Web Services (AWS) Germany GmbH

38 Krausen Street

10117 Berlin

Germany

The Amazon Web Services servers used to store the data are located in Frankfurt am Main, within the territory of the Federal Republic of Germany, and are subject to the data protection laws of both national and European authorities. Amazon Web Services also handles your data in accordance with the relevant legal provisions. The Amazon Web Services Privacy Policy can be accessed via the following link:

https://aws.amazon.com/de/privacy/

Execution of a Data Processing Agreement

To ensure that data is processed in compliance with data protection regulations, we have entered into a data processing agreement with our hosting provider.

Contact

Personal data is also processed by DI Parkhotel Quellenhof Aachen Nr. 33 GmbH & Co. KG when you voluntarily provide it. This occurs, for example, every time you contact us. We will, of course, use the personal data transmitted in this manner exclusively for the purpose for which you provided it to us when contacting us. The provision of this information is expressly voluntary and subject to your consent. Insofar as this involves information regarding communication channels (e.g., email address, phone number), you also consent to us contacting you via this communication channel, if necessary, to respond to your inquiry.

Online Booking Engine / Selfbook Booking System

On our website, you can make a reservation using Selfbook. The booking engine is a service provided by Selfbook Inc., 9000 W. Sunset Blvd., FL3, West Hollywood, CA 90069, USA, which allows you to make reservations.

When you click the corresponding button, a form will open. There you can enter your reservation details. Selfbook Inc. processes the information you provide on our behalf. This may include the following information: first and last name, credit card information, address, phone numbers, and date of birth.

Your personal data will then be used to process your booking and will be deleted once the statutory retention periods have expired.

We receive anonymized, aggregated statistical data from Selfbook—such as country statistics, agency reports, and sales reports—which we use to improve our services. The use of Selfbook is based on Article 6(1)(f) of the GDPR. It is carried out in the legitimate interest of providing a customer-friendly booking option for our services, as well as for the subsequent fulfillment of your reservation in accordance with Article 6(1)(b) of the GDPR.

You can view Selfbook's privacy policy here: https://selfbook.com/legal/privacy-policy/

Privacy Policy Regarding the Use of myhotelshop

This website uses the "myhotelshop" service to check availability and process bookings. "myhotelshop" is provided by myhotelshop GmbH, Floßplatz 6, 04107 Leipzig (hereinafter referred to as "myhotelshop").

When you use the booking system on our website, myhotelshop receives your contact information as well as the details necessary to process the booking (e.g., date and duration of stay, reservation number, accommodation). We use the MHS tracking pixel from myhotelshop on our booking confirmation page. For this purpose, we use cookies from myhotelshop in accordance with the “Cookies” section. The integration of the MHS tracking pixel allows us to determine the conversion rate—that is, how many website visitors have completed a transaction—in order to improve our service. Through the MHS tracking pixel, we receive transaction data such as revenue, currency, etc. Additionally, the reservation number is shared with us for the purpose of fraud prevention.

The legal basis for the processing is Article 6(1)(f) of the GDPR or Article 6(1)(b) of the GDPR, provided that the processing is carried out for the purpose of fulfilling or preparing a contract. Your data is processed within the European Union; there are no plans to transfer it to third countries. The processing is carried out for the purposes of contract fulfillment, fraud prevention, measuring website traffic, designing websites to meet user needs, and for billing purposes. The data is processed by myhotelshop to fulfill contractual obligations with us and will be deleted upon request, unless there are legal retention requirements.

You have the right to object to the processing of your data. Your right to object applies for reasons arising from your particular situation, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing serves to assert, exercise, or defend legal claims (Art. 21(1) GDPR). You can disable or restrict the transmission of cookies by changing the settings in your web browser. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may no longer be possible to use all of the website’s features to their full extent.

For more information on the purpose and scope of data processing by the provider, please refer to the myhotelshop Privacy Policy at: https://www.myhotelshop.com/de/site-policy

Booking wellness packages through Shore.com

To book appointments or treatments in the wellness area, we use the Shore Bookings tool provided by Shore GmbH, Ridlerstrasse 31, 80339 Munich. When you make a booking, your personal data will be forwarded to Shore GmbH and to the operator of the wellness area, Dr. Babor GmbH & Co. KG. The use of Shore is based on Article 6(1)(a) and (f) of the GDPR.

Data Transfer Upon Contract Conclusion: Firstvoucher Voucher Store

When you order a gift certificate through our website, you must enter the following information:

Title of the customer
First name, last name of the person placing the order
The customer's address information (e.g., for mailing the gift certificate or for billing purposes)
Customer's email address (for booking confirmation and invoice)
Credit card information (only if you are paying by credit card)

You have the option to pay for the selected voucher via prepayment or credit card. We will send your booking confirmation to the email address you provided. If necessary, personal data will be shared with the companies (see “Data Recipients” in Section 14) involved in the fulfillment of this contract, such as financial institutions for payment processing. The data required for the fulfillment of the contract will be deleted no later than 6 months after the contract ends and will only be retained for that period to address any potential inquiries.

We only share data with third parties when necessary for the fulfillment of the contract, such as with the payment platform responsible for processing payments or with the party handling the mailing of the gift certificate (using the provided shipping address).

Transactions are processed through Firstvoucher, a product of prointernet GmbH & Co.KG, Marktplatz 8, 56288 Kastellaun. You can find the privacy policy at https://firstvoucher.com/datenschutz

Sharing of data with payment providers

Your data is transmitted exclusively via secure SSL encryption to the payment provider you selected during the ordering process for the purpose of processing your payment. The transfer of your data to the payment providers is based on Article 6(1)(a) of the GDPR (consent) and Article 6(1)(b) of the GDPR (processing necessary for the performance of a contract). You have the option to withdraw your consent to data processing at any time. Withdrawal does not affect data processing operations that have already taken place.

Payment by Visa, Mastercard, American Express

When you pay by credit card, the payment is processed by the payment service provider Concardis GmbH, Helfmann-Park 7, 65760 Eschborn, Germany. The necessary data (card number, expiration date, and security code) is transmitted to the payment service provider in encrypted form and is not visible to the website operator. The electronic payment method via credit card is PCI-DSS certified and offers customers the highest possible level of data security.

Sharing of data with Airplus International

If you make a booking through Airplus, your data will be transmitted exclusively via secure SSL encryption to Lufthansa AirPlus Servicekarten GmbH, Dornhofstrasse 10, 63263 Neu-Isenburg, for the purpose of processing your payment. The transfer of your data to Airplus is based on Article 6(1)(a) of the GDPR (consent) and Article 6(1)(b) of the GDPR (processing necessary for the performance of a contract). You have the option to withdraw your consent to data processing at any time. Withdrawal does not affect data processing operations that have already taken place.

Payment Method: Privacy Policy for PayPal as a Payment Method

The data controller has integrated PayPal components into this website. PayPal is an online payment service provider. Payments are processed through so-called PayPal accounts, which are virtual personal or business accounts. PayPal also allows users to make virtual payments via credit card if they do not have a PayPal account. A PayPal account is managed via an email address, which is why there is no traditional account number. PayPal enables users to initiate online payments to third parties or to receive payments. PayPal also acts as a trustee and offers buyer protection services.

The European operating entity of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If the data subject selects “PayPal” as the payment method during the ordering process in our online store, the data subject’s information is automatically transmitted to PayPal. By selecting this payment option, the data subject consents to the transmission of personal data necessary for payment processing.

The personal data transmitted to PayPal typically includes first name, last name, address, email address, IP address, phone number, mobile phone number, or other data necessary for processing the payment. Personal data related to the specific order is also required to fulfill the purchase agreement.

The purpose of transferring this data is to process payments and prevent fraud. The data controller will transfer personal data to PayPal, in particular when there is a legitimate interest in doing so. The personal data exchanged between PayPal and the data controller may be transferred by PayPal to credit reporting agencies. The purpose of this transfer is to verify identity and creditworthiness.

PayPal may share personal data with affiliated companies, service providers, or subcontractors to the extent necessary to fulfill contractual obligations or where the data is to be processed on its behalf.

The data subject may withdraw their consent to the processing of personal data at any time by notifying PayPal. Such withdrawal does not affect personal data that must be processed, used, or transmitted for the purpose of (contractual) payment processing.

PayPal's current privacy policy is available at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Table reservations via Teburio

You can make a table reservation through our website. To do so, we work with the service provider Teburio (Teburio UG (limited liability), Technologiepark 8, 33100 Paderborn). Teburio is responsible for processing your personal data. Before you enter your personal data, Teburio will inform you of both its Terms of Use and its Privacy Policy.

The legal basis for the use of Teburio is our legitimate interest under Article 6(1)(f) of the GDPR in providing a simple and user-friendly reservation system.

When you make a reservation, we subsequently receive the personal data you provided from Teburio so that we can process your reservation at our restaurant. The legal basis for this data processing is Article 6(1)(b) of the GDPR.

For more information about data protection at Teburio, please visit https://teburio.de/datenschutzerklaerung

Privacy Policy Regarding the Use of Stripe

We offer the option to process payments through the payment service provider Stripe Payments Europe Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland (Stripe). This is in line with our legitimate interest in offering an efficient and secure payment method (Art. 6(1)(f) GDPR). In this context, we share the following data with Stripe to the extent necessary for the performance of the contract (Art. 6(1)(b) GDPR).

Cardholder's name
Email address
Customer number
Order number
Bank details
Credit card information
Credit card expiration date
Credit card verification code (CVC)
Date and time of the transaction
Transaction amount
Name of the provider
Location

The processing of the data specified in this section is not required by law or contract. Without the transmission of your personal data, we cannot process a payment via Stripe. You have the option of choosing a different payment method.

Stripe acts in a dual role as both a data controller and a data processor in its data processing activities. As a data controller, Stripe uses the data you provide to comply with regulatory obligations. This is based on Stripe’s legitimate interest (pursuant to Article 6(1)(f) of the GDPR) and serves the purpose of performing the contract (pursuant to Article 6(1)(b) of the GDPR). We have no influence over this process.

Stripe acts as a data processor to facilitate transactions within the payment networks. Under the data processing agreement, Stripe acts solely on our instructions and is contractually obligated, in accordance with Article 28 of the GDPR, to comply with data protection regulations.

Stripe has implemented compliance measures for international data transfers. These measures apply to all global activities in which Stripe processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs).

For more information on how to object to or have your data deleted by Stripe, please visit: https://stripe.com/privacy-center/legal

We will store your data until the payment process is complete. This includes the time required to process refunds, manage accounts receivable, and prevent fraud.

Additional data may be stored for a longer period in accordance with statutory retention periods.

Data Protection for Job Applications and the Hiring Process

The data controller collects and processes applicants’ personal data for the purpose of conducting the application process. Processing may also be carried out electronically. This is particularly the case when an applicant submits the relevant application documents to the data controller electronically, for example via email. If the data controller enters into an employment contract with an applicant, the submitted data will be stored for the purpose of managing the employment relationship in accordance with legal requirements. If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, provided that no other legitimate interests of the controller preclude such deletion. Other legitimate interests in this context include, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).

hotelcareer Job Openings

To provide hotelcareer's services, a hotelcareer widget has been integrated into this page. The provider of this widget is YOURCAREERGROUP GmbH, Völklinger Straße 1, 40219 Düsseldorf.

To use the features of the hotelcareer widget, it is necessary to store your IP address, browser information (name, version), website, user’s operating system, user’s screen resolution, and language settings of the browser or the user’s operating system. When you use hotelcareer, this data is typically transmitted to a hotelcareer server and stored there. The provider of this site has no influence over this data transfer. The use of hotelcareer is intended to ensure a simple and convenient user experience.

The legal basis for the use of the hotelcareer widget is your consent pursuant to Article 6(1)(a) of the GDPR. For more information on how hotelcareer handles user data, please see the privacy policy at: https://www.hotelcareer.de/datenschutzerklärung

Safety

DI Parkhotel Quellenhof Aachen Nr. 33 GmbH & Co. KG takes numerous technical and organizational measures to protect your personal data against accidental or unlawful destruction, alteration, loss, unauthorized disclosure, or unauthorized access. However, internet-based data transmissions, for example, may inherently contain security vulnerabilities, meaning that absolute protection cannot be guaranteed. For this reason, any data subject is free to provide personal data to us via alternative means, such as by telephone.

Links to other websites

This website contains links to other websites (so-called external links). As the provider of its own content, DI Parkhotel Quellenhof Aachen Nr. 33 GmbH & Co. KG is responsible for such content in accordance with applicable European and national laws. A distinction must be made between this own content and links to content provided by other providers. We have no influence over whether the operators of other websites comply with applicable European and national legal provisions. Please refer to the privacy policies provided on the respective websites for further information. DI Parkhotel Quellenhof Aachen Nr. 33 GmbH & Co. KG assumes no responsibility for third-party content made available via links and specifically marked as such, and does not endorse such content. The provider of the website to which the link refers is solely liable for illegal, incorrect, or incomplete content, as well as for damages resulting from the use or non-use of the information.

Collection of general data and information

The website of DI Parkhotel Quellenhof Aachen Nr. 33 GmbH & Co. KG collects a range of general data and information each time a data subject or an automated system accesses the website. This general data and information is stored in the server’s log files. The following may be recorded: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrer), (4) the subpages accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) other similar data and information that serve to prevent threats in the event of attacks on our information technology systems. DI Parkhotel Quellenhof Aachen Nr. 33 GmbH & Co. KG does not draw any conclusions about the data subject when using this general data and information. Rather, this information is required to (1) deliver the content of our website correctly, (2) optimize the content of our website and the advertising for it, (3) ensure the continued functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyberattack. This anonymously collected data and information is therefore evaluated by DI Parkhotel Quellenhof Aachen No. 33 GmbH & Co. KG for statistical purposes and further with the aim of ensuring data protection and the security of the processed personal data. The anonymous data from the server log files is stored separately from all personal data provided by a data subject.

Routine Deletion and Blocking of Personal Data

The controller processes and stores the data subject’s personal data only for the period necessary to achieve the purpose of storage, or to the extent provided for by the European legislator or another competent authority in laws or regulations to which the controller is subject. If the purpose of storage no longer applies or if a retention period prescribed by the European legislator or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with legal requirements.

Rights of the data subject

Right to Confirmation

Every data subject has the right, granted by European legislation, to request confirmation from the controller as to whether personal data concerning them is being processed. If a data subject wishes to exercise this right to confirmation, they may contact a representative of the controller at any time.

Right to Information

Every data subject affected by the processing of personal data has the right, granted by European legislation, to obtain from the controller, at any time and free of charge, information regarding the personal data stored about them and a copy of such information. Furthermore, European legislation grants the data subject the right to obtain the following information:

the purposes of processing
the categories of personal data that are processed
the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations
if possible, the planned period for which the personal data will be stored, or, if this is not possible, the criteria used to determine that period
the existence of a right to have personal data concerning them rectified or erased, or to have processing restricted by the controller, or a right to object to such processing
the existence of a right to lodge a complaint with a supervisory authority
if the personal data is not collected from the data subject: all available information regarding the origin of the data
the existence of automated decision-making, including profiling, as referred to in Article 22(1) and (4) of the GDPR, and—at least in such cases—meaningful information regarding the logic involved, as well as the significance and the intended consequences of such processing for the data subject

Furthermore, the data subject has the right to be informed whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to be informed of the appropriate safeguards in connection with the transfer. If a data subject wishes to exercise this right, they may contact a representative of the controller at any time.

Right to rectification

Every data subject affected by the processing of personal data has the right, granted by European legislation, to request the immediate rectification of inaccurate personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data—including by means of a supplementary statement—taking into account the purposes of the processing. If a data subject wishes to exercise this right to rectification, they may contact a representative of the controller at any time.

Right to erasure (right to be forgotten)

Any individual whose personal data is being processed has the right, as granted by European legislation, to request that the controller erase their personal data without delay, provided that one of the following grounds applies and the processing is not necessary:

The personal data was collected or otherwise processed for purposes for which it is no longer necessary.
The data subject withdraws their consent on which the processing was based pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, and there is no other legal basis for the processing.
The data subject objects to the processing pursuant to Article 21(1) of the GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
The personal data was processed unlawfully.
The erasure of personal data is necessary for compliance with a legal obligation under Union law or the law of the Member States to which the controller is subject.
The personal data was collected in connection with the information society services offered, in accordance with Article 8(1) of the GDPR.

If any of the above reasons apply and a data subject wishes to request the erasure of personal data stored by DI Parkhotel Quellenhof Aachen Nr. 33 GmbH & Co. KG, they may contact a representative of the controller at any time. The employee of DI Parkhotel Quellenhof Aachen Nr. 33 GmbH & Co. KG will ensure that the request for erasure is complied with immediately.

If the personal data has been made public by DI Parkhotel Quellenhof Aachen Nr. 33 GmbH & Co. KG and our company, as the controller, is obligated under Article 17(1) of the GDPR to erase the personal data, DI Parkhotel Quellenhof Aachen Nr. 33 GmbH & Co. KG shall take appropriate measures, including technical measures, taking into account available technology and the cost of implementation, to inform other controllers processing the published personal data that the data subject has requested that these other data controllers delete all links to such personal data or copies or replicas of such personal data, insofar as the processing is not necessary. The employee of DI Parkhotel Quellenhof Aachen No. 33 GmbH & Co. KG will take the necessary steps on a case-by-case basis.

Right to restriction of processing

Any individual whose personal data is being processed has the right, granted by European legislation, to request that the controller restrict the processing if any of the following conditions are met:

The data subject disputes the accuracy of the personal data for a period of time that allows the controller to verify the accuracy of the personal data.
The processing is unlawful, the data subject objects to the erasure of the personal data, and instead requests that the use of the personal data be restricted.
The controller no longer needs the personal data for the purposes of processing, but the data subject needs it to establish, exercise, or defend legal claims.
The data subject has objected to the processing pursuant to Article 21(1) of the GDPR, and it has not yet been determined whether the controller’s legitimate interests override those of the data subject.

If any of the above conditions are met and a data subject wishes to request the restriction of personal data stored by DI Parkhotel Quellenhof Aachen Nr. 33 GmbH & Co. KG, they may contact a representative of the controller at any time. The representative of DI Parkhotel Quellenhof Aachen Nr. 33 GmbH & Co. KG will arrange for the processing to be restricted.

Right to data portability

Any data subject whose personal data is being processed has the right, as granted by European legislation, to receive the personal data concerning them—which they have provided to a controller—in a structured, commonly used, and machine-readable format. They also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR, and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, when exercising their right to data portability under Article 20(1) of the GDPR, the data subject has the right to have their personal data transmitted directly from one controller to another, provided that this is technically feasible and does not adversely affect the rights and freedoms of others.

To exercise the right to data portability, the data subject may contact a representative of DI Parkhotel Quellenhof Aachen Nr. 33 GmbH & Co. KG at any time.

Right to object

Any data subject affected by the processing of personal data has the right, granted by European legislation, to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them that is carried out pursuant to Article 6(1)(e) or (f) of the GDPR. This also applies to profiling based on these provisions.

In the event of an objection, DI Parkhotel Quellenhof Aachen Nr. 33 GmbH & Co. KG will no longer process the personal data, unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or the processing is necessary for the establishment, exercise, or defense of legal claims.

If DI Parkhotel Quellenhof Aachen Nr. 33 GmbH & Co. KG processes personal data for the purpose of direct marketing, the data subject has the right to object at any time to the processing of personal data for such marketing purposes. This also applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to DI Parkhotel Quellenhof Aachen No. 33 GmbH & Co. KG regarding the processing for direct marketing purposes, DI Parkhotel Quellenhof Aachen No. 33 GmbH & Co. KG will no longer process the personal data for these purposes.

In addition, the data subject has the right to object, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her carried out by DI Parkhotel Quellenhof Aachen Nr. 33 GmbH & Co. KG for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) of the GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

To exercise the right to object, the data subject may contact any employee of DI Parkhotel Quellenhof Aachen Nr. 33 GmbH & Co. KG or another employee directly. The data subject is also free, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise their right to object by means of automated procedures that use technical specifications.

Automated decisions in individual cases, including profiling

Any data subject affected by the processing of personal data has the right, granted by the European legislator, not to be subject to a decision based solely on automated processing—including profiling—that produces legal effects concerning the data subject or similarly significantly affects the data subject, provided that the decision (1) is not necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) is authorized by Union or Member State law to which the controller is subject, and that law provides for appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, or (3) is based on the data subject’s explicit consent.

If the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) is it made with the data subject’s explicit consent, DI Parkhotel Quellenhof Aachen Nr. 33 GmbH & Co. KG shall take appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject, including at least the right to request human intervention by the controller, to present their own point of view, and to challenge the decision.

If the data subject wishes to exercise their rights regarding automated decision-making, they may contact a representative of the controller at any time.

Right to withdraw consent under data protection law

Any individual whose personal data is being processed has the right, granted by European legislation, to withdraw consent to the processing of personal data at any time.

If the data subject wishes to exercise their right to withdraw consent, they may contact a representative of the controller at any time.

Privacy Policy Regarding the Use of Google Analytics v. 4.0

This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies,” which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is typically transmitted to and stored on a Google server in the United States. However, if IP anonymization is enabled on this website, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website and internet usage to the website operator.
The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You can prevent the storage of cookies by adjusting your browser settings accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
This website uses Google Analytics with the “_anonymizeIp()” extension. This shortens IP addresses during processing, thereby preventing any personal identification. If the data collected about you is personally identifiable, this is immediately excluded, and the personal data is promptly deleted.
We use Google Analytics to analyze and regularly improve the use of our website. The statistics obtained allow us to improve our offerings and make them more interesting for you as a user. For the rare cases in which personal data is transferred to the U.S., Google has submitted to the EU-U.S. Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6(1)(a) of the GDPR.
Third-party provider information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
Terms of Use: http://www.google.com/analytics/terms/de.html
Privacy Policy Overview: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the privacy policy: http://www.google.de/intl/de/policies/privacy.

This website also uses Google Analytics to track visitor activity across devices using a user ID. You can disable cross-device tracking of your usage in your customer account under “My Data” > “Personal Data.”

https://myaccount.google.com
We retain user- and event-level data linked to cookies, user identifiers (e.g., User ID), and advertising IDs (e.g., DoubleClick cookies, Android Advertising ID, IDFA [Apple Identifier for Advertisers]) for 14 months before it is automatically deleted.

Privacy Policy Regarding the Use of Google Tag Manager
Use of Google Tag Manager: Google Tag Manager is a solution that allows marketers to manage website tags via a single interface. The Tag Manager tool itself (which implements the tags) is a cookie-free domain and does not collect any personal data. The tool triggers other tags, which may in turn collect data. Google Tag Manager does not access this data. If deactivation has been performed at the domain or cookie level, it remains in effect for all tracking tags implemented with Google Tag Manager. https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/

Privacy Policy Regarding the Use of Web Fonts

This site uses web fonts from Monotype GmbH (fonts.com or fast.fonts.net) to ensure consistent font display. When you visit a page, your browser loads the required web fonts into its cache.
To do this, your browser connects to the servers of fonts.com.
fonts.com may log this request. This means your IP address is associated with our website by fonts.com.
The use of these web fonts is in the interest of a consistent and appealing presentation. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR.
If your browser does not support web fonts, a standard font from your computer will be used.
For more information about fonts.com, please visit https://www.fonts.com/info/legal and in the privacy policy of Fonts.com: https://www.monotype.com/legal/privacy-policy and in the privacy policy of Monotype GmbH: https://www.monotype.com/legal/privacy-policy/

Privacy Policy Regarding the Use of TrustYou

This website uses tools to retrieve current customer reviews of our hotel from the review portal trustyou.de (TrustYou GmbH, TrustYou Headquarters, Munich Center of Technology, Agnes-Pockels-Bogen 1, 80992 Munich) and display them on the website. To do this, the IP address is transmitted to the review portal’s server. Customer reviews are displayed to provide comprehensive, unbiased information about our hotel.
The TrustYou widget is used to present the reviews of our hotel posted on TrustYou. The legal basis for the use of the TrustYou widget is your consent pursuant to Art. 6(1)(a) GDPR.
For more information on how TrustYou handles user data, please see TrustYou’s Privacy Policy at: https://www.trustyou.com/privacy-policy/?utm_source=chatgpt.com

Privacy Policy Regarding the Use of OpenStreetMap and Maptiler
This site uses the OpenStreetMap map service via an API. The provider is the OpenStreetMap Foundation, St. John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. Maptiler is a map service provided by Maptiler AG, Höfnerstrasse 98, Unterägeri, Zug, 6314, Switzerland.
To use the features of OpenStreetMap and Maptiler, it is necessary to store your IP address. This information is generally transmitted to an OpenStreetMap server in the United Kingdom and stored there. The provider of this site has no influence over this data transmission.
The use of OpenStreetMap and Maptiler serves the purpose of presenting our online offerings in an appealing manner and ensuring that the locations listed on our website are easy to find. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR.
For more information on the handling of user data, please refer to the privacy policies of OpenStreetMap and Maptiler, available at: Privacy Policy – OpenStreetMap Foundation (osmfoundation.org) or Privacy Policy – MapTiler .

Privacy Policy Regarding the Use of Instagram

The data controller has integrated components of the Instagram service into this website. Instagram is a service that qualifies as an audiovisual platform and enables users to share photos and videos, as well as to repost such content on other social networks.
The operator of Instagram’s services is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.
Each time a user visits a page on this website operated by the data controller that includes an Instagram component (Instagram button), the user’s web browser on their computer automatically downloads a representation of the corresponding Instagram component. As part of this technical process, Instagram learns which specific subpage of our website is being visited by the data subject.
If the data subject is logged into Instagram at the same time, Instagram recognizes which specific subpage the data subject is visiting each time the data subject accesses our website and throughout the entire duration of their visit to our website. This information is collected by the Instagram component and assigned by Instagram to the data subject’s respective Instagram account. If the data subject clicks on one of the Instagram buttons integrated into our website, the data and information transmitted thereby are assigned to the data subject’s personal Instagram user account and stored and processed by Instagram.
Instagram receives information via the Instagram component that the data subject has visited our website whenever the data subject is logged into Instagram at the same time as accessing our website; this occurs regardless of whether the data subject clicks on the Instagram component or not. If the data subject does not wish for this information to be transmitted to Instagram, they can prevent the transmission by logging out of their Instagram account before visiting our website.
Further information and Instagram’s applicable privacy policy can be found at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

Privacy Policy Regarding the Use of YouTube

The controller has integrated YouTube components into this website. YouTube is an online video platform that allows video publishers to upload video clips for free and enables other users to view, rate, and comment on them, also free of charge. YouTube permits the publication of all types of videos, which is why complete films and television programs, as well as music videos, trailers, and user-generated videos, are available via the website.

YouTube is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Each time a user accesses one of the individual pages of this website—which is operated by the data controller and on which a YouTube component (YouTube video) has been integrated—the web browser on the data subject’s computer is automatically prompted by the respective YouTube component to download a display of that YouTube component from YouTube. Further information about YouTube can be found at https://www.youtube.com/yt/about/de/. As part of this technical process, YouTube and Google learn which specific subpage of our website is being visited by the data subject.
If the data subject is logged into YouTube at the same time, YouTube recognizes which specific subpage of our website the data subject is visiting when a subpage containing a YouTube video is accessed. This information is collected by YouTube and Google and associated with the data subject’s respective YouTube account.
YouTube and Google always receive information via the YouTube component that the data subject has visited our website whenever the data subject is logged into YouTube at the same time as accessing our website; this occurs regardless of whether the data subject clicks on a YouTube video or not. If the data subject does not wish for this information to be transmitted to YouTube and Google, they can prevent the transmission by logging out of their YouTube account before visiting our website.
The privacy policy published by YouTube, which is available at https://www.google.de/intl/de/policies/privacy/, provides information about the collection, processing, and use of personal data by YouTube and Google.

Privacy Policy Regarding the Use of Facebook Pixel and Facebook Custom Audiences
On our website, we use the so-called “Facebook Pixel” provided by the company “Facebook” (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). The Facebook Pixel allows us to categorize visitors to our website into specific target groups so that we can display relevant advertisements (“Ads”) to you on Facebook. The data collected (e.g., IP addresses, information about the web browser, the website’s location, clicked buttons, pixel IDs if applicable, and other characteristics) is not visible to us directly but is only used in the context of displaying specific advertisements. Cookies are also set as part of the use of the Facebook Pixel code.
If you have a Facebook account and are logged in, your visit to this website will be associated with your Facebook user account.
We also use the “Custom Audiences” remarketing feature provided by Facebook. This allows interest-based advertisements (“Facebook Ads”) to be displayed to website users when they visit Facebook or other websites that also use this feature. We use this to show you advertisements tailored to your interests, thereby making our website more relevant to you.
To exchange the relevant data, your browser automatically establishes a direct connection with Facebook’s server. We have no influence over the scope and further use of the data collected by Facebook through the use of this tool and therefore inform you to the best of our knowledge: Through the integration of Facebook Custom Audiences, Facebook receives the information that you have visited the corresponding page of our website or clicked on an ad from us. If you are registered with a “Facebook” service, “Facebook” can associate the visit with your account. Even if you are not registered with Facebook or have not logged in, there is a possibility that the provider may obtain and store your IP address and other identifying characteristics.
To learn how the Facebook Pixel is used for advertising campaigns, visit https://www.facebook.com/business/learn/facebook-ads-pixel

For more information about Facebook's data policy, visit https://www.facebook.com/policy.php

For more information about Facebook's data processing practices, please visit https://www.facebook.com/about/privacy

We use these features to provide you with advertising tailored to your interests. We process your data because you have consented to this (Art. 6(1)(a) GDPR) or because we have a legitimate interest in processing the data (Art. 6(1)(f) GDPR).

We store your data for as long as we need it for the respective purpose (displaying interest-based advertising), unless you have objected to the storage of your data or withdrawn your consent.
Logged-in users can disable the “Facebook Custom Audiences” feature at https://www.facebook.com/settings/?tab=ads# .

You can manage your ad settings on Facebook at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen as long as you are logged into Facebook.

Privacy Policy Regarding the Use of Bench Direct

To optimize the user experience on our website, we use the BenchDirect software provided by The Hotels Network, S.L.P. GmbH, Muntaner 262, 3rd Floor, 08021 Barcelona, Spain. Data processing with ‘BenchDirect’ from The Hotels Network is always GDPR-compliant and subject to commissioned data processing in accordance with Article 28 of the GDPR. Personal data processed with BenchDirect is processed exclusively in an anonymized form. Data processing takes place exclusively within the EU. For further information on data protection, please refer to the details on the manufacturer’s website.

With the help of this software, we are able to analyze user behavior anonymously to better understand how users interact with our website and to provide a more relevant user experience. To do this, The Hotels Network uses cookies that store user data such as browser information, page visits, scrolling activity, etc. Since all analysis and processing is always performed anonymously, it is impossible to personally identify users through this data.
For more information on how The Hotels Network handles user data, please see the Privacy Policy at: https://www.thehotelsnetwork.com/de/privacy-policyDatenschutz/

Legal basis for processing

Article 6(1)(a) of the GDPR serves as the legal basis for our company’s processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party—as is the case, for example, with processing operations required for the delivery of goods or the provision of other services or consideration—the processing is based on Article 6(1)(b) of the GDPR. The same applies to processing operations necessary for the implementation of pre-contractual measures, such as in cases of inquiries regarding our products or services. If our company is subject to a legal obligation that requires the processing of personal data, such as to fulfill tax obligations, the processing is based on Article 6(1)(c) of the GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured on our premises and their name, age, health insurance information, or other vital information subsequently had to be disclosed to a doctor, a hospital, or other third parties. In such cases, the processing would be based on Article 6(1)(d) of the GDPR. Finally, processing operations may be based on Article 6(1)(f) of the GDPR. This legal basis applies to processing operations not covered by any of the aforementioned legal bases, provided that the processing is necessary to safeguard a legitimate interest of our company or a third party, unless the interests, fundamental rights, and freedoms of the data subject override such interests. We are permitted to carry out such processing operations in particular because they were specifically mentioned by the European legislator. In this regard, the legislator took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47, Sentence 2 of the GDPR).

Legitimate interests in processing pursued by the controller or a third party

If the processing of personal data is based on Article 6(1)(f) of the GDPR, our legitimate interest is the conduct of our business activities for the benefit of all our employees and shareholders.

The period for which personal data is stored

The criterion for determining how long personal data is stored is the applicable statutory retention period. Once this period has expired, the relevant data is routinely deleted, provided it is no longer necessary for the performance or initiation of a contract.

Legal or contractual requirements regarding the provision of personal data; necessity for the conclusion of the contract; the data subject’s obligation to provide personal data; possible consequences of failure to provide such data

We would like to inform you that the provision of personal data is in some cases required by law (e.g., tax regulations) or may also arise from contractual provisions (e.g., information about the contracting party). In some cases, it may be necessary for a data subject to provide us with personal data in order to conclude a contract, which we must then process. For example, the data subject is obligated to provide us with personal data when our company enters into a contract with them. Failure to provide the personal data would result in the contract with the data subject not being able to be concluded. Before providing personal data, the data subject must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of personal data is required by law or contract, or is necessary for the conclusion of the contract; whether there is an obligation to provide the personal data; and what consequences failure to provide the personal data would have.

Existence of automated decision-making

We do not use automated decision-making or profiling.

Competent supervisory authority

State Commissioner for Data Protection and Freedom of Information
North Rhine-Westphalia
Ms. Helga Block
Kavalleriestrasse 2-4
40213 Düsseldorf
Email: poststelle@ldi.nrw.de
Website: www.ldi.nrw.de

Name and address of the Data Protection Officer:

Great Oak Datenschutz, LLC
Attorney Michael Schnurbusch
Ruhrstraße 16, 59955 Winterberg
Phone: +49 2985/99 99 69-0
Email: datenschutz@great-oak.de
Web: www.great-oak-datenschutz.de

For any questions regarding data protection, please contact our Data Protection Officer directly. We reserve the right to modify our data protection practices and this policy to comply with changes in relevant laws or regulations, or to better meet your needs. Any changes to our data protection practices will be announced here accordingly. Please note the current version date of the Privacy Policy.