Analytics and third-party tools
You can object to this analysis. We will inform you below about how to exercise your options in this regard.
Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.
Revocation of your consent to the processing of your data
Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
Right to file complaints with regulatory authorities
If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar.
If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
Encrypted payments in our Web Booking Engine or Voucher Shop
If you enter into a contract which requires you to send us your payment information (e.g. account number for direct debits), we will require this data to process your payment.
Payment transactions using common means of payment (Visa/MasterCard, direct debit) are only made via encrypted SSL or TLS connections. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon in your browser line is visible.
In the case of encrypted communication, any payment details you submit to us cannot be read by third parties.
Information, blocking, deletion
As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.
Opposition to promotional emails
We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements with regard to sending promotional and informational materials not expressly requested. The website operator reserves the right to take specific legal action if unsolicited advertising material, such as email spam, is received.
Statutory data protection officer
We have appointed a data protection officer for our company.
Note on data transfer to the USA
Among other things, our website includes tools from companies based in the USA. If these tools are active, your personal data may be transferred to the US servers of these companies. We would like to point out that the USA is not a safe third country in terms of EU data protection law. US companies are obliged to release personal data to security authorities without you as the affected party being able to take legal action against this. Therefore, it cannot be excluded that US authorities (e.g. secret services) may process, evaluate and permanently store your data on US servers for monitoring purposes. We have no influence on these processing activities.
Most of the cookies we use are so-called “session cookies.” They are automatically deleted after your visit. Other cookies remain in your device’s memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.
Server log files
The website provider automatically collects and stores information that your browser automatically transmits to us in “server log files”. These are:
These data will not be combined with data from other sources.
The basis for data processing is Art. 6 (1) (f) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
Cookie Consent with Borlabs Cookie
Our website uses Borlabs Cookie Content technology to obtain your consent to store certain cookies in your browser and to document this consent in a manner consistent with data protection. The provider of this technology is Borlabs – Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg, Germany (hereafter Borlabs).
When you enter our website, a Borlabs cookie is stored in your browser, in which the consents you have given or the revocation of these consents are stored. This data is not passed on to the Borlabs cookie provider. The data collected will be stored until you request us to delete it or until you delete the Borlabs cookie itself or until the purpose for which the data is stored no longer applies. Mandatory legal retention periods remain unaffected. You can find details on the data processing of Borlabs cookie at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie
Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
Registration on this website
You can register on our website in order to access additional functions offered here. The input data will only be used for the purpose of using the respective site or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration.
To inform you about important changes such as those within the scope of our site or technical changes, we will use the email address specified during registration.
We will process the data provided during registration only based on your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will continue to store the data collected during registration for as long as you remain registered on our website. Statutory retention periods remain unaffected.
Leaving comments on this website
If you use the comment function on this site, the time at which you created the comment and your email address will be stored along with your comment, as well as your username, unless you are posting anonymously.
Storage of the IP address
Our comment function stores the IP addresses of those users who post comments. Since we do not check comments on our site before they go live, we need this information to be able to pursue action for illegal or slanderous content.
How long comments are stored
The comments and the associated data (e.g. IP address) are stored and remain on our website until the content commented upon has been completely deleted or the comments are required to be removed for legal reasons (slander, etc.).
The comments are stored based on your consent per Art. 6 (1) (a) DSGVO. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
Data transmitted when entering into a contract with online booking or voucher shop
We transmit personally identifiable data to third parties only to the extent required to fulfill the terms of your contract, for example, to companies entrusted to deliver goods to your location or banks entrusted to process your payments. Your data will not be transmitted for any other purpose unless you have given your express permission to do so. Your data will not be disclosed to third parties for advertising purposes without your express consent.
The basis for data processing is Art. 6 (1) (b) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
Online booking for bedrooms or voucher sales on this website
If you make an online booking or if you buy a gift voucher from our website, this is done via the online reservation system of the company Hotelnetsolutions GmbH, whose provider is our contractual partner. All data you enter will always be encrypted. HotelNetSolutions GmbH, Genthiner Str. 8, 10785 Berlin, Tel. +49 (0) 30 – 770 193 000, Fax +49 (0) 30 – 770 193 050, E-Mail: firstname.lastname@example.org, Internet: www. hotelnetsolutions.de. Our contractual partner has committed himself to the privacy-compliant handling of your transmitted data. He takes all organizational and technical measures to protect your data.
Storage and processing of your data in a database software
When you make a booking in our hotel, data is stored in a hotel software. Our software contract partner has committed itself to handling your transmitted data in accordance with data protection regulations. He takes all organizational and technical measures to protect your data.
The basis for data processing is Art. 6 Para. 1 lit. b DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
Table reservation on this website
If you make an online table reservation from our website, this is done via the online reservation system of OpenTable GmbH, Zeil 109, Frankfurt 60313, whose provider is our contractual partner. All data entered by you is always transmitted in encrypted form. Our contractual partner has undertaken to handle the data you have transmitted in a manner that complies with data protection regulations. It takes all organizational and technical measures to protect your data.
Data analysis by Smarthost
With the help of Smarthost we are able to analyze our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links have been clicked on, if any. In this way we can determine, among other things, which links were clicked on particularly often. We can also see whether certain previously defined actions were carried out after opening/clicking (conversion rate). This tool also allows us to cluster the newsletter recipients according to different categories, so that we can see whether you have made a purchase after clicking on the newsletter. The newsletter recipients can be subdivided according to age, gender, place of residence or the dates of stay. In this way, the newsletters can be better adapted to the respective target groups.
The basis for data processing is Art. 6 Para. 1 lit. b DSGVO, which permits the processing of data for the performance of a contract or pre-contractual measures.
The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of Smarthost after the newsletter has been cancelled. Data that has been stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected.
Conclusion of a contract for commissioned data processing
We have a contract with Smarthost in which we commit Smarthost to protect our customers’ data and not to pass it on to third parties.
Social media Share content via plugins (Facebook, Twitter, etc.)
The content on our pages can be shared on other social networks like Facebook, Twitter etc. This page uses Safe Sharing Tools, like Shariff Share Buttons. This tool establishes direct contact between the networks and users only after users click on one of these buttons.
This tool does not automatically transfer user data to the operators of these platforms. If users are logged into one or more of the social networks, the Like- and Share buttons for Facebook, Twitter, etc. will display an information window in which the user can edit the text before it is sent.
Our users can share the content of this page on social networks without their providers creating profiles of users’ surfing behavior.
This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
Google Analytics cookies are stored based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.
We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
Objecting to the collection of data
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics.
Outsourced data processing
We have entered into an agreement with Google for the outsourcing of our data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Demographic data collection by Google Analytics
This website uses Google Analytics’ demographic features. This allows reports to be generated containing statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This collected data cannot be attributed to any specific individual person. You can disable this feature at any time by adjusting the ads settings in your Google account or you can forbid the collection of your data by Google Analytics as described in the section “Refusal of data collection”.
This website uses the WordPress Stats tool to perform statistical analyses of visitor traffic. This service is provided by Automattic Inc., 60 29th Street # 343, San Francisco, CA 94110-4929, USA.
WordPress Stats cookies remain on your device until you delete them.
The storage of “WordPress Stats” cookies is based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.
You can object to the collection and use of your data at any time with future effect by clicking on this link and setting an opt-out cookie in your browser: https://www.quantcast.com/opt-out/.
If you delete the cookies on your computer, you will have to set the opt-out cookie again.
Google Analytics Remarketing
Our websites use the features of Google Analytics Remarketing combined with the cross-device capabilities of Google AdWords and DoubleClick. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
This feature makes it possible to link target audiences for promotional marketing created with Google Analytics Remarketing to the cross-device capabilities of Google AdWords and Google DoubleClick. This allows advertising to be displayed based on your personal interests, identified based on your previous usage and surfing behavior on one device (e.g. your mobile phone), on other devices (such as a tablet or computer).
Once you have given your consent, Google will associate your web and app browsing history with your Google Account for this purpose. That way, any device that signs in to your Google Account can use the same personalized promotional messaging.
To support this feature, Google Analytics collects Google-authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad promotion.
You can permanently opt out of cross-device remarketing/targeting by turning off personalized advertising in your Google Account; follow this link: https://www.google.com/settings/ads/onweb/.
The aggregation of the data collected in your Google Account data is based solely on your consent, which you may give or withdraw from Google per Art. 6 (1) (a) DSGVO. For data collection operations not merged into your Google Account (for example, because you do not have a Google Account or have objected to the merge), the collection of data is based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing anonymous user behavior for promotional purposes.
Google AdWords and Google Conversion Tracking
This website uses Google AdWords. AdWords is an online advertising program from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States (“Google”).
As part of Google AdWords, we use so-called conversion tracking. When you click on an ad served by Google, a conversion tracking cookie is set. Cookies are small text files that your internet browser stores on your computer. These cookies expire after 30 days and are not used for personal identification of the user. Should the user visit certain pages of the website and the cookie has not yet expired, Google and the website can tell that the user clicked on the ad and proceeded to that page.
Each Google AdWords advertiser has a different cookie. Thus, cookies cannot be tracked using the website of an AdWords advertiser. The information obtained using the conversion cookie is used to create conversion statistics for the AdWords advertisers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, advertisers do not obtain any information that can be used to personally identify users. If you do not want to participate in tracking, you can opt-out of this by easily disabling the Google Conversion Tracking cookie by changing your browser settings. In doing so, you will not be included in the conversion tracking statistics.
Conversion cookies are stored based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.
Our website measures conversions using visitor action pixels from Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”).
These allow the behavior of site visitors to be tracked after they click on a Facebook ad to reach the provider’s website. This allows an analysis of the effectiveness of Facebook advertisements for statistical and market research purposes and their future optimization.
You can also deactivate the custom audiences remarketing feature in the Ads Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You will first need to log into Facebook.
If you do not have a Facebook account, you can opt out of usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.
If you would like to receive our newsletter, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1) (a) DSGVO. You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. through the “unsubscribe” link in the newsletter. The data processed before we receive your request may still be legally processed.
The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted. Data we have stored for other purposes (e.g. email addresses for the members area) remain unaffected.
8. Plugins and toolsYouTube
Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited.
If you’re logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.
Further information about handling user data, can be found in the data protection declaration of YouTube under https://www.google.de/intl/de/policies/privacy.
Google Web Fonts
For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
For this purpose your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.
If your browser does not support web fonts, a standard font is used by your computer.
This site uses the Google Maps map service via an API. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use Google Maps, it is necessary to save your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
The use of Google Maps is in the interest of making our website appealing and to facilitate the location of places specified by us on the website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.
Further information about handling user data, can be found in the data protection declaration of Google at https://www.google.de/intl/de/policies/privacy/.
Our website accepts payments via PayPal. The provider of this service is PayPal (Europe) S.à.r.l & Cie, S.C.A. (22-24 Boulevard Royal, L-2449 Luxembourg.
If you select payment via PayPal, the payment data you provide will be supplied to PayPal based on Art. 6 (1) (a) (Consent) and Art. 6 (1) (b) DSGVO (Processing for contract purposes). You have the option to revoke your consent at any time with future effect. It does not affect the processing of data previously collected.
Our website accepts payments via Klarna. This service is provided by Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden.
Data is transmitted to Klarna based on Art. 6 (1)(a) (Consent) and Art. 6 (1)(b) DSGVO (Processing for contract purposes). You have the option to revoke your consent at any time with future effect. It does not affect the processing of data previously collected.
Our website accepts payments via Sofortüberweisung. The provider of this service is Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany.
Sofortüberweisung provides us with real-time payment confirmations, allowing us to begin fulfilling our end of our contract right away.
If you opt to pay using Sofortüberweisung, you will be submitting a PIN and a valid TAN to Sofort GmbH so that it can access your online banking account. Sofort GmbH will automatically check your account balance and perform the transfer to our account using the TAN you supply. It then sends an immediate transaction confirmation. After logging in, your income, the overdraft protection, and the availability of other accounts and their balances will be checked.
In addition to the PIN and TAN, the payment details you provide as well as personal information will be sent to Sofort GmbH. This personal information includes your name, address, telephone numbers, email address, IP address, and any other data required to process your payment. This data must be transferred to identify you securely and to prevent fraud.
Data is transmitted to Sofort GmbH based on Art. 6 (1) (a) (Consent) and Art. 6 (1) (b) DSGVO (Processing for contract purposes). You have the option to revoke your consent at any time with future effect. It does not affect the processing of data previously collected.
Our website accepts payments via Paydirekt. The provider of this service is Paydirekt GmbH, Hamburger Allee 26-28, 60486 Frankfurt am Main, Germany (hereafter referred to as “Paydirekt”).
When you make payments through Paydirekt, Paydirekt collects various pieces of transaction data and forwards it to the bank you have indicated to Paydirekt. In addition to the data required for the payment, Paydirekt will also collect such data as your shipping address or the items in your shopping cart. Paydirekt then authenticates the transaction by using the authentication method your bank has set up. The payment is then transferred from your account to ours. Neither we nor third parties have access to your account information.
Data processing through social networks
We maintain publicly available profiles in social networks. The individual social networks we use can be found below.
Social networks such as Facebook, Google+ etc. can generally analyse your user behaviour comprehensively if you visit their website or a website with integrated social media content (e.g. like buttons or banner ads). When you visit our social media pages, numerous data protection-relevant processing operations are triggered.
In detail: If you are logged in to your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.
Using the data collected in this way, the operators of the social media portals can create user profiles in which their preferences and interests are stored. This way you can see interest-based advertising inside and outside of your social media presence. If you have an account with the social network, interest-based advertising can be displayed on any device you are logged in to or have logged in to.
Our social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 (1) (a) GDPR).
Responsibility and assertion of rights
If you visit one of our social media sites (e.g., Facebook), we, together with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can in principle protect your rights (information, correction, deletion, limitation of processing, data portability and complaint) vis-à-vis us as well as vis-à-vis the operator of the respective social media portal (e.g. Facebook).
Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.
The data collected directly from us via the social media presence will be deleted from our systems as soon as the purpose for their storage lapses, you ask us to delete it, you revoke your consent to the storage or the purpose for the data storage lapses. Stored cookies remain on your device until you delete them. Mandatory statutory provisions – in particular, retention periods – remain unaffected.
The DPO Regulation stipulates in Art. 30 that the data protection officer must make the following information available to anyone in a suitable manner.
General information and mandatory information
Note to the responsible body
The responsible data controller on this website and in the hotels, restaurants and the spa is the operating company:
Hotel Erb GmbH & Co. KG
Postholder ring 1
85599 Munich / Parsdorf
Telephone: +49 (0) 89 99 11 00
Fax: +49 (0) 89 99 11 01 55
Authorized Managing Director: Christian Erb
Responsible entity is the natural or legal person who, alone or in concert with others, decides on the purposes and means of processing personal data (such as names, e-mail addresses, etc.).
What do we use your data for?
Which persons are affected and which data / data categories are collected, processed and stored
In essence, personal data is collected, processed and used for the following groups of people:
Standard deadlines for the deletion of the data
The person responsible takes into account the various retention obligations and deadlines stipulated by the legislator. After expiry of these periods, the corresponding data and data records are routinely deleted if they are no longer required for fulfillment of the contract (guest, rental and service contracts). Thus, the commercial or financial data of a completed financial year are deleted in accordance with the legal provisions after another ten years, as long as no longer retention periods prescribed or required for legitimate reasons. In the area of personnel administration and personnel control, shorter deletion periods are used in special areas. This applies in particular to rejected applications or warnings. Unless this data is affected, it will be deleted unsolicited if the purposes mentioned above are omitted.
Entry forms are according to the valid registration law in the individual hotel and accommodation establishments acc. kept for a minimum of legal period and then subjected under special precautionary measures a destruction in accordance with data protection.
Data transmission to third countries
Data transfers to third countries arise only in the context of the performance of the contract, necessary communication, as well as other exceptions expressly provided for in the DS-BER.
A transfer of data to other third countries, in particular those whose data protection level is considered low or to countries outside the EU is currently not; such is not planned.
Ensuring security during data processing
The person responsible implements technical and organizational security measures. Article 32, in order to protect the data managed by them against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. The security measures used are continually being improved in line with technological developments. This means that the person responsible stores their data protection-relevant information exclusively on secure systems in Germany. Access to it is only possible for a small number of authorized persons who are subject to special data protection and who are responsible for technical, administrative or editorial support.