The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection provisions is:
b&b Zentrale Witt u. Hildebrecht GbR Stefanie Witt, Susanne Hildebrecht Markusstr. 9 D-20355 Hamburg, Germany Tel.: (040) 414314575 Fax: (040) 414314575-0 Email: firstname.lastname@example.org
We only process data (collect, store or disclose data to third parties),
When you visit our website, the browser on your device automatically sends information to the server on our website (host). This information is temporarily stored by the host in so-called log files.
The following information is collected without your intervention and stored until it is deleted:
The data is also stored in the log files of our system.This data is not stored together with other personal data of the user. The legal basis for the temporary storage of data is Article 6 (1) (f) GDPR.
The temporary storage of the aforementioned data is necessary to display the website on the user’s computer.
The data is stored in log files to ensure the website's functionality. This helps us to identify and eliminate technical errrs on our website. Logging ultimately serves to improve the quality of our website from a technical point of view.
In accordance with Article 6 (1) (f), our legitimate interest lies in the processing of data for the above purposes.
There is a data processing agreement with the host. The data stored by the host will be deleted after 60 days. The collection of data for the purpose of providing the website and the temporary storage of data in log files is essential for the operation of the website. Users, therefore, do not have the option to object in this case.
When you use our website to make a booking enquiry, we will collect and store the data required to process the request and forward it to our agencies (franchise partners). Mandatory information is marked. Any other information you provide is voluntary.
The mandatory information includes:
The data is processed based on your enquiry for the purposes specified under Article 6 (1) (b) GDPR, i.e. it is necessary for the implementation of pre-contractual measures.
We will erase the data as soon as it is no longer required for the purpose for which it was originally stored (after we have processed your inquiry) provided this does not conflict with any statutory retention or documentation requirements (under commercial or tax laws).
As a user, you also have the right to request the erasure or rectification of the data we store on you at any time. If the data is required for performance of a contract or implementation of pre-contractual measures, advance data erasure is only possible if it does not conflict with statutory or contractual obligations or retention requirements.
These temporary or persistent cookies are stored on your hard drive and are automatically deleted after your visit. You can also delete these cookies yourself by using the appropriate setting in your browser. Similarly, you can disable or restrict the transmission of cookies. If cookies are deactivated for our website, it may no longer be possible to use all of the website's features in full.
On our website, we offer a contact form and a feedback form, which can be used to contact us online and send us messages. If you use this option, the data you enter into the form will be transmitted to us and stored.
The data includes:
We have integrated the Google Analytics component (with anonymisation function) into this website. Google Analytics is a web analytics service. Web analytics is the generation, gathering, and analysis of data about the behaviour of visitors to websites. A web analysis service collects, inter alia, data about the website from which a data subject has accessed a website (so-called referrer website), which sub-pages were visited, or how often and for how long a sub-page was viewed. The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States. We have activated the IP anonymisation feature on this website. This means that Google will truncate your IP address within Member States of the European Union or other Contracting States to the Agreement on the European Economic Area before it is transmitted to the US. Only in exceptional cases will the full IP address be transmitted to Google servers in the United States and truncated there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing them with other services relating to website activity and internet use. The IP address transmitted by your browser within the scope of Google Analytics, will not be associated with any other data held by Google.
The legal basis for storage of Google Analytics Cookies is Article 6 (1) point (f) of the GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. The data linked to Cookies, user identification (e.g. user IDs) or advertising IDs we send will be automatically erased after 24 months. The deletion of data whose retention period has expired is done automatically once every month. We have concluded an agreement on contract data processing with Google and we fully implement the strict requirements of the German data protection authorities when using Google Analytics.
This website uses Google AdWords. Google AdWords is an online advertising service that allows advertisers to run adverts in both Google search engine results and on the Google advertising network. Google AdWords allows advertisers to select keywords in advance through which their advertisements will only be displayed in Google search engine results if the user retrieves search results relevant to the keyword through the search engine. In the Google advertising network, Ads are distributed to topic-relevant websites using an automatic algorithm and in accordance with the previously defined keywords. The operating company for the services of Google AdWords is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA. The purpose of Google AdWords is to advertise our website by displaying interest-related advertising on the websites of third parties and in the search engine results of the Google search engine and by displaying third-party advertising on our website. When you access our website through an advertisement displayed on Google, Google will store a so-called conversion Cookie on your device. A conversion Cookie will expire after thirty days and it cannot be used to identify the data subject. If the Cookie has not yet expired, the conversion Cookie is used to track whether certain sub-pages have been visited on our website. The conversion cookie allows us and Google to understand if a person who came to our website through an AdWords Ad has completed or cancelled a transaction. The data and information collected through the use of the conversion Cookie are used by Google to compile visitor statistics for our website. We often use these visitor statistics to determine the total number of users who have been referred to us through AdWords Ads, i.e. to determine the success or failure of each AdWords Ad and to optimise our AdWords Ads for the future. Neither our company nor any other Google AdWords advertiser receives any information from Google that could be traced back to you. You can prevent Cookies from being installed by our website by adjusting the relevant option in the settings of your browser and hence prevent the installation of Cookies permanently. Please note that such a browser setting will also prevent Google from setting up a conversion Cookie. In general, a Cookie already stored by Google AdWords can be deleted at any time through the browser or other software. You also have the option to opt out of Google's interest-based advertising. To do this, click on the link www.google.de/settings/ads from each browser you use and change the settings there. The legal basis for storage of conversion Cookies is Article 6 (1) point (f) of the GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.
We have concluded an agreement on contract data processing with Google and we fully implement the strict requirements of the German data protection authorities when using Google Adwords.
For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required Web Fonts into your browser cache in order to display texts and fonts correctly. When you access a page of our website which contains a social Plugin, your browser makes a direct connection with Google servers. Google is therefore aware that our web page was accessed via your IP address. The use of Google Web Fonts is done in the interest of a uniform and appealing presentation of our website. This constitutes a legitimate interest within the meaning of Article 6 (1) point (f) of the GDPR. If your browser does not support Web Fonts, your computer will use a standard font.
This site uses the Google Maps map service via an API. These are operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To use Google Maps, it is necessary for us to store your IP address. This information is typically transmitted to and stored by Google on servers in the US. The provider of this site has no influence on this data transfer. The use of Google Maps is done in the interest of making our website appealing and to facilitate location of the places we specify on the website. This constitutes a legitimate interest within the meaning of Article 6 (1) point (f) GDPR.
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights in relation to the data Controller.
In accordance with Article 15 of the GDPR, you have the right to receive Information about the personal data we process and in particular the following information
In accordance with Article 16 of the GDPR, you have the right to demand from us without undue delay the rectification of inaccurate personal data or completion of incomplete data concerning you, if the personal data we process is inaccurate or incomplete.
In accordance with Article 17 of the GDPR, you have the right to demand from us the erasure of your personal data without undue delay and we have the obligation to erase personal data without undue delay, where one of the following grounds applies
- the relevant personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
- you are withdrawing your consent to the processing and there is no other legal ground for the processing;
- you object to the processing pursuant to Article 21 (1) of the GDPR and there are no overriding legitimate grounds for the processing, or your objection to the processing is based on Article 21 (2) of the GDPR;
- the personal data has been unlawfully processed;
- the personal data has to be erased for the fulfilment of a legal obligation in compliance with the EU regulations or the regulations of Member States, to which we are subject;
- your personal data was collected in relation to the services of the information society offered, in accordance with Article 8 (1) of the GDPR.
The right to erasure does not apply as long as the need for processing exists
- for purposes of exercising the right of freedom of expression and information,
- for the performance of a task carried out in the public interest or for the assertion, exercise or defence of legal claims
In accordance with Article 18 of the GDPR, you have the right to demand from the Controller restriction of processing where one of the following reasons applies:
- the accuracy of the personal data is contested by you
- the processing is unlawful, but you oppose the erasure of personal data and we no longer need the personal data but you require the data for the assertion, exercise or defence of legal claims or
- you have objected to the processing of your data pursuant to Article 21 (1), but it has not yet been determined whether our legitimate grounds override yours.
If you have exercised your rights with respect to rectification or erasure of personal data or restriction of processing, we shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom your personal data has been disclosed, unless this proves impossible or involves disproportionate expense and effort. You have the right to demand information from us about these recipients.
In accordance with Article 20 of the GDPR, you have the right to receive your personal data, which you have provided to us, in a structured, standard and machine-readable format.
In addition, you have the right to transmit this data to another Controller without hindrance from us, where the processing is based on your consent or is for the fulfilment of a contract, and the processing is carried out by automated means. In exercising this right, you also have the right to have the personal data transmitted directly from us to another Controller, where technically feasible. This process should not, however, adversely affect the rights and freedoms of others.
In accordance with Article 7 (3) of the GDPR, you have the right to withdraw your consent at any time. As a result, we shall no longer be allowed to process data based on this consent going forward.
Without prejudice to any other administrative or judicial remedy, you have the right under Article 77 of the GDPR to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes on the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
If your personal data are processed based on legitimate interests pursuant to Article 6 (1) point (f) of the GDPR, you have the right to raise objection against the processing of your personal data in accordance with Article 21 of the GDPR on grounds relating to your particular situation; this also applies to profiling based on these provisions. After your objection, we shall no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the processing is for purposes of asserting, exercising or defending legal claims. Where personal data is processed for direct marketing purposes, you will have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling, as long as it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.
If you wish to object to the use of your personal data or if you wish to withdraw your consent, please send an email to email@example.com.
You have the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
(1) is necessary for the conclusion or performance of a contract between you and the data Controller,
(2) is based on the legal provisions of the EU or a Member State to which the Controller is subject and which also lays down suitable measures for safeguarding your rights and freedoms, as well as your legitimate interests, or
(3) is based on your explicit consent.
However, these decisions may not be based on special categories of personal data referred to in Article 9 (1) of the GDPR, unless point (a) or (g) of Article 9 (2) applies and suitable measures to safeguard the data subject's rights and freedoms and legitimate interests are in place. In the cases referred to in points (1) and (3), the data Controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the Controller, to express your point of view and to contest the decision. We do not use automatic decision-making or profiling.
In the course of your visit to the website, we use the most common SSL (Secure Socket Layer) or TLS method in connection with the highest level of encryption supported by your browser. In most cases, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
We also use technical and organisational measures to protect your data against accidental or intentional manipulation, full or partial loss, destruction or unauthorised third-party access. Our security measures are revised on a continual basis and brought into line with the latest technology standards.