Privacy policy

The purpose of this privacy policy is to inform you about the nature, scope and purpose of processing (collection, storage, use) of personal data (information concerning the personal or material circumstances of an identified or identifiable natural person) within the meaning of the Federal Data Protection Act and the General Data Protection Regulation (GDPR) by b&b Zentrale Witt u. Hildebrecht GbR.

I. Name and contact details of the controller

The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection provisions is:

b&b Zentrale Witt u. Hildebrecht GbR Stefanie Witt, Susanne Hildebrecht Markusstr. 9 D-20355 Hamburg, Germany Tel.: (040) 414314575 Fax: (040) 414314575-0 Email: info@bed-and-breakfast.de

II. Processing of personal data

We only process data (collect, store or disclose data to third parties),

  • if you have given us your express consent to do so, or
  • if it is legally permissible and necessary for the performance of a contract with you, or
  • if we are required by law to do so, or
  • the disclosure is necessary for the establishment, exercise or defence of legal claims and there is no reason to assume that you have an overriding legitimate interest in non-disclosure of your data.

1. Provision of the website and creation of log files:

When you visit our website, the browser on your device automatically sends information to the server on our website (host). This information is temporarily stored by the host in so-called log files.

The following information is collected without your intervention and stored until it is deleted:

  • IP address of the requesting computer,
  • Date and time of access,
  • Name and URL of the accessed file,
  • Website used to access our website (referrer URL),
  • Websites accessed by the user's system via our website
  • Browser used and, if applicable, the operating system of your computer as well as the name of your internet service provider.

The data is also stored in the log files of our system.This data is not stored together with other personal data of the user. The legal basis for the temporary storage of data is Article 6 (1) (f) GDPR.

The temporary storage of the aforementioned data is necessary to display the website on the user’s computer.

The data is stored in log files to ensure the website's functionality. This helps us to identify and eliminate technical errrs on our website. Logging ultimately serves to improve the quality of our website from a technical point of view.

In accordance with Article 6 (1) (f), our legitimate interest lies in the processing of data for the above purposes.

IP addresses are deleted, at the latest after 72 hours.

There is a data processing agreement with the host. The data stored by the host will be deleted after 60 days. The collection of data for the purpose of providing the website and the temporary storage of data in log files is essential for the operation of the website. Users, therefore, do not have the option to object in this case.

2. Booking enquiry

When you use our website to make a booking enquiry, we will collect and store the data required to process the request and forward it to our agencies (franchise partners). Mandatory information is marked. Any other information you provide is voluntary.

The mandatory information includes:

  • Salutation, name and surname
  • Address
  • Telephone and email:
  • Arrival date/ departure date
  • Number of guests (adults and children)
  • Destination, accommodation, category

The data is processed based on your enquiry for the purposes specified under Article 6 (1) (b) GDPR, i.e. it is necessary for the implementation of pre-contractual measures.

We will erase the data as soon as it is no longer required for the purpose for which it was originally stored (after we have processed your inquiry) provided this does not conflict with any statutory retention or documentation requirements (under commercial or tax laws).

As a user, you also have the right to request the erasure or rectification of the data we store on you at any time. If the data is required for performance of a contract or implementation of pre-contractual measures, advance data erasure is only possible if it does not conflict with statutory or contractual obligations or retention requirements.

3. Cookies

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. If a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a distinctive character string that enables unique identification of the browser when the website is accessed again.

We use cookies to make our website more user-friendly. Some elements of our website require that the browser's accessing can be identified even after changing the page. Without the use of cookies, the function “wish list” of our website will not be available. The wish list function allows you to pick up to three properties and place them on the wish list during your website visit. The search criteria are automatically transferred to the enquiry form when you make an enquiry. You have the option to group the booking enquiry for up to three properties into one enquiry or to send an enquiry for each property separately. To provide this function, we use session cookies to store the selected properties for the duration of the website visit. The cookies are used to store and transmit data generated when the website is displayed or log files created. The purpose of using cookies is to facilitate the use of the website and to offer the wish list function. Cookies also help to recognise your browser again after you visited a different website. This represents our legitimate interest in the processing of personal data. The legal basis for the processing of personal data is Article 6 (1) (f) GDPR. The cookies we use do not store any personal data. The cookies we use, therefore, cannot be used to identify any particular person and cannot be traced back to you. Upon activation of the cookie, it is assigned an identification number. This identification number cannot be traced to your personal data. Thanks to cookie-based technology, we only receive pseudonymised information, for example about the pages of our store you visited or the products viewed, etc. When users visit our website, they receive information about the use of cookies for analytical purposes and we obtain the user's consent to the processing of personal data used in this context. We also refer users to this privacy policy.

Popup on the website: I consent to the processing of data for the purpose of establishing contact. I can revoke this consent at any time for the future. Further information can be found in the privacy policy].

These temporary or persistent cookies are stored on your hard drive and are automatically deleted after your visit. You can also delete these cookies yourself by using the appropriate setting in your browser. Similarly, you can disable or restrict the transmission of cookies. If cookies are deactivated for our website, it may no longer be possible to use all of the website's features in full.

4. Contact form, feedback, email contact

On our website, we offer a contact form and a feedback form, which can be used to contact us online and send us messages. If you use this option, the data you enter into the form will be transmitted to us and stored.

The data includes:

  • Name, surname
  • Agency
  • Email address
  • Subject
  • Message
The following data is also stored at the time the message is sent:
  • IP address of the user
  • Date and time of the enquiry

    During the sending process, your consent is obtained for processing data and reference is made to this data protection declaration. Note on the website: [I consent to the processing of data to establish contact. I can revoke this consent at any time with effect for the future. For additional information, please refer to the privacy policy]. The legal basis for the processing of data where the user has given consent to the processing is Article 6 (1) (a) GDPR. Alternatively, you can use the email address provided to contact us. In this case, the user's personal data that is transmitted along with the email will be stored. We do not pass this data on to third parties. Such data will only be used to process the communication. The legal basis for the processing of data transmitted when sending an email is Article 6 (1) (f) GDPR. If the purpose of the email is to conclude a contract, then the additional basis for the processing of data will be Article 6 (1) (b) GDPR. The processing of personal data in the input screen is used by us only for processing the contact. In the event of contact by email, this also constitutes the necessary legitimate interest in processing the data. The data will be erased when it is no longer required for the purpose for which it was originally collected. With respect to personal data collected from the contact form entries or sent by email, this is the case when the relevant communication has ended or the enquiry has been processed. You have the right to revoke your consent to the processing of personal data at any time. Users can use email to contact us and object to the storage of their personal data. In this case, the parties will no longer be able to engage in further communications. All personal data stored when communicating with us will be erased as a result.

    5. Google Analytics

    We have integrated the Google Analytics component (with anonymisation function) into this website. Google Analytics is a web analytics service. Web analytics is the generation, gathering, and analysis of data about the behaviour of visitors to websites. A web analysis service collects, inter alia, data about the website from which a data subject has accessed a website (so-called referrer website), which sub-pages were visited, or how often and for how long a sub-page was viewed. The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States. We have activated the IP anonymisation feature on this website. This means that Google will truncate your IP address within Member States of the European Union or other Contracting States to the Agreement on the European Economic Area before it is transmitted to the US. Only in exceptional cases will the full IP address be transmitted to Google servers in the United States and truncated there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing them with other services relating to website activity and internet use. The IP address transmitted by your browser within the scope of Google Analytics, will not be associated with any other data held by Google.

    Google Analytics will install a Cookie on your IT system. The installation of this Cookie enables Google to analyse the use of our website. Whenever you access an individual page of this website on which a Google Analytics component was integrated, the Google Analytics component will automatically trigger your browser to transmit data for online analysis. The Cookie stores personal data, such as the time of access, the referring website, the IP address and frequency of visits to our website. Every time you visit our website, your personal data, including your IP address, is sent to Google in the US and stored there. Google may pass this personal data collected as part of the technical process to third parties. You can prevent Cookies from being installed by our website by adjusting the relevant option in the settings of your browser and in this way prevent Cookies from being installed permanently. Please note that if you do this, you may not be able to use all the functions and features of this website fully. In addition, a Cookie already set by Google Analytics can be deleted at any time through the browser or other software. Furthermore, you have the right to object to or to prevent the collection and processing by Google of data generated by Google Analytics and based on the use of this website. To do this, you will have to download and install the browser add-on from Google using the following link: https://tools.google.com/dlpage/gaoptout. This browser add-on tells Google Analytics through a JavaScript, that no data and information about visits to the web pages may be transmitted to Google Analytics. The installation of the browser add-on is considered an objection by Google. Opt-Out Cookies prevent the future collection of your data when you visit this website. Click here to install the Opt-Out Cookie: Google Analytics deaktivieren

    Additional information and Google's privacy policy can be found at https://www.google.com/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html.

    The legal basis for storage of Google Analytics Cookies is Article 6 (1) point (f) of the GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. The data linked to Cookies, user identification (e.g. user IDs) or advertising IDs we send will be automatically erased after 24 months. The deletion of data whose retention period has expired is done automatically once every month. We have concluded an agreement on contract data processing with Google and we fully implement the strict requirements of the German data protection authorities when using Google Analytics.

    6. Google AdWords and Google Conversion Tracking

    This website uses Google AdWords. Google AdWords is an online advertising service that allows advertisers to run adverts in both Google search engine results and on the Google advertising network. Google AdWords allows advertisers to select keywords in advance through which their advertisements will only be displayed in Google search engine results if the user retrieves search results relevant to the keyword through the search engine. In the Google advertising network, Ads are distributed to topic-relevant websites using an automatic algorithm and in accordance with the previously defined keywords. The operating company for the services of Google AdWords is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA. The purpose of Google AdWords is to advertise our website by displaying interest-related advertising on the websites of third parties and in the search engine results of the Google search engine and by displaying third-party advertising on our website. When you access our website through an advertisement displayed on Google, Google will store a so-called conversion Cookie on your device. A conversion Cookie will expire after thirty days and it cannot be used to identify the data subject. If the Cookie has not yet expired, the conversion Cookie is used to track whether certain sub-pages have been visited on our website. The conversion cookie allows us and Google to understand if a person who came to our website through an AdWords Ad has completed or cancelled a transaction. The data and information collected through the use of the conversion Cookie are used by Google to compile visitor statistics for our website. We often use these visitor statistics to determine the total number of users who have been referred to us through AdWords Ads, i.e. to determine the success or failure of each AdWords Ad and to optimise our AdWords Ads for the future. Neither our company nor any other Google AdWords advertiser receives any information from Google that could be traced back to you. You can prevent Cookies from being installed by our website by adjusting the relevant option in the settings of your browser and hence prevent the installation of Cookies permanently. Please note that such a browser setting will also prevent Google from setting up a conversion Cookie. In general, a Cookie already stored by Google AdWords can be deleted at any time through the browser or other software. You also have the option to opt out of Google's interest-based advertising. To do this, click on the link www.google.de/settings/ads from each browser you use and change the settings there. The legal basis for storage of conversion Cookies is Article 6 (1) point (f) of the GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.

    For more information about Google AdWords and Google conversion tracking, please refer to Google's privacy policy at http://www.google.de/policies/privacy/

    We have concluded an agreement on contract data processing with Google and we fully implement the strict requirements of the German data protection authorities when using Google Adwords.

    7. Google Web Fonts

    For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required Web Fonts into your browser cache in order to display texts and fonts correctly. When you access a page of our website which contains a social Plugin, your browser makes a direct connection with Google servers. Google is therefore aware that our web page was accessed via your IP address. The use of Google Web Fonts is done in the interest of a uniform and appealing presentation of our website. This constitutes a legitimate interest within the meaning of Article 6 (1) point (f) of the GDPR. If your browser does not support Web Fonts, your computer will use a standard font.

    Further information about Google Web Fonts is available at https://developers.google.com/fonts/faq and in Google's privacy policy at https://www.google.com/policies/privacy/.

    8. Google Maps

    This site uses the Google Maps map service via an API. These are operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To use Google Maps, it is necessary for us to store your IP address. This information is typically transmitted to and stored by Google on servers in the US. The provider of this site has no influence on this data transfer. The use of Google Maps is done in the interest of making our website appealing and to facilitate location of the places we specify on the website. This constitutes a legitimate interest within the meaning of Article 6 (1) point (f) GDPR.

    For further information on handling of user data, please refer to Google's privacy policy: https://www.google.de/intl/de/policies/privacy/.

    III. Rights of data subjects

    If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights in relation to the data Controller.

    1. Right of access

    In accordance with Article 15 of the GDPR, you have the right to receive Information about the personal data we process and in particular the following information

    • the purposes of the processing,
    • the categories of personal data concerned,
    • categories of recipients to whom your personal data has been or will be disclosed,
    • the envisaged period for which the personal data will be stored,
    • the existence of the right to request from the Controller rectification or erasure of personal data or restriction of processing of personal data or to object to such processing,
    • the right to lodge a complaint with a supervisory authority,
    • where the personal data was not collected by us, any available information as to its source,
    • the existence of automated decision-making, including profiling and meaningful information about the logic involved.

    2. Right to rectification

    In accordance with Article 16 of the GDPR, you have the right to demand from us without undue delay the rectification of inaccurate personal data or completion of incomplete data concerning you, if the personal data we process is inaccurate or incomplete.

    3. Right of erasure

    In accordance with Article 17 of the GDPR, you have the right to demand from us the erasure of your personal data without undue delay and we have the obligation to erase personal data without undue delay, where one of the following grounds applies

    - the relevant personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;

    - you are withdrawing your consent to the processing and there is no other legal ground for the processing;

    - you object to the processing pursuant to Article 21 (1) of the GDPR and there are no overriding legitimate grounds for the processing, or your objection to the processing is based on Article 21 (2) of the GDPR;

    - the personal data has been unlawfully processed;

    - the personal data has to be erased for the fulfilment of a legal obligation in compliance with the EU regulations or the regulations of Member States, to which we are subject;

    - your personal data was collected in relation to the services of the information society offered, in accordance with Article 8 (1) of the GDPR.

    The right to erasure does not apply as long as the need for processing exists

    - for purposes of exercising the right of freedom of expression and information,

    - for the performance of a task carried out in the public interest or for the assertion, exercise or defence of legal claims

    4. Right to restriction of processing

    In accordance with Article 18 of the GDPR, you have the right to demand from the Controller restriction of processing where one of the following reasons applies:

    - the accuracy of the personal data is contested by you

    - the processing is unlawful, but you oppose the erasure of personal data and we no longer need the personal data but you require the data for the assertion, exercise or defence of legal claims or

    - you have objected to the processing of your data pursuant to Article 21 (1), but it has not yet been determined whether our legitimate grounds override yours.

    5 Right to receive notifications

    If you have exercised your rights with respect to rectification or erasure of personal data or restriction of processing, we shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom your personal data has been disclosed, unless this proves impossible or involves disproportionate expense and effort. You have the right to demand information from us about these recipients.

    6. Right to data portability

    In accordance with Article 20 of the GDPR, you have the right to receive your personal data, which you have provided to us, in a structured, standard and machine-readable format.

    In addition, you have the right to transmit this data to another Controller without hindrance from us, where the processing is based on your consent or is for the fulfilment of a contract, and the processing is carried out by automated means. In exercising this right, you also have the right to have the personal data transmitted directly from us to another Controller, where technically feasible. This process should not, however, adversely affect the rights and freedoms of others.

    7. Right to withdraw consent to data processing

    In accordance with Article 7 (3) of the GDPR, you have the right to withdraw your consent at any time. As a result, we shall no longer be allowed to process data based on this consent going forward.

    8. Right to lodge a complaint

    Without prejudice to any other administrative or judicial remedy, you have the right under Article 77 of the GDPR to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes on the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

    9. Right to object

    If your personal data are processed based on legitimate interests pursuant to Article 6 (1) point (f) of the GDPR, you have the right to raise objection against the processing of your personal data in accordance with Article 21 of the GDPR on grounds relating to your particular situation; this also applies to profiling based on these provisions. After your objection, we shall no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the processing is for purposes of asserting, exercising or defending legal claims. Where personal data is processed for direct marketing purposes, you will have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling, as long as it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.

    If you wish to object to the use of your personal data or if you wish to withdraw your consent, please send an email to info@bed-and-breakfast.de.

    10. Automated individual decision-making, including profiling

    You have the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

    (1) is necessary for the conclusion or performance of a contract between you and the data Controller,

    (2) is based on the legal provisions of the EU or a Member State to which the Controller is subject and which also lays down suitable measures for safeguarding your rights and freedoms, as well as your legitimate interests, or

    (3) is based on your explicit consent.

    However, these decisions may not be based on special categories of personal data referred to in Article 9 (1) of the GDPR, unless point (a) or (g) of Article 9 (2) applies and suitable measures to safeguard the data subject's rights and freedoms and legitimate interests are in place. In the cases referred to in points (1) and (3), the data Controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the Controller, to express your point of view and to contest the decision. We do not use automatic decision-making or profiling.

    11. Data security

    In the course of your visit to the website, we use the most common SSL (Secure Socket Layer) or TLS method in connection with the highest level of encryption supported by your browser. In most cases, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

    We also use technical and organisational measures to protect your data against accidental or intentional manipulation, full or partial loss, destruction or unauthorised third-party access. Our security measures are revised on a continual basis and brought into line with the latest technology standards.

    Privacy policy version: May 2018