Thank you for visiting our website www.carathotels.com and for your interest in our company.

The protection of your personal data, such as date of birth, name, telephone number, address, etc., is important to us.

The purpose of this privacy policy is to inform you about the processing of your personal data that we collect from you when you visit the site. Our data protection practice is in line with the legal regulations of the EU’s General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). The following data protection declaration serves to fulfil the information obligations resulting from the GDPR. These can be found, for example, in Art. 13 and Art. 14 ff. GDPR.

Responsible

The controller within the meaning of Art. 4 No. 7 GDPR is the person who alone or jointly with others determines the purposes and means of the processing of personal data.

With regard to our website, the responsible entity is:

AHM Hotel Management AG
Bahnhofstr. 5
3900 Brig
Schweiz
E-Mail: info@ahm-ag.ch
Tel.: +41 (0)27 921 1190
Fax: +41 (0)27 921 1199

Contact details of the data protection officer

We have appointed a data protection officer in accordance with Article 37 of the GDPR. You can reach our data protection officer using the contact details below:

Rene Schaufelberger
Fraunhoferstraße 9
85221 Dachau
Germany
Email: datenschutzbeauftragter@ituso.de
Website: https://ituso.de/

Provision of the website and creation of log files

Each time you visit our website, our system automatically collects data and information from the device (e.g. computer, mobile phone, tablet, etc.).

What personal data is collected and to what extent is it processed?

(1) Information about the browser type and version used;
(2) The operating system of the retrieval device;
(3) Host name of the accessing computer;
(4) The IP address of the retrieval device;
(5) Date and time of access;
(6) Websites and resources (images, files, other page content) accessed on our website;
(7) Websites from which the user’s system accessed our website (referrer tracking);
(8) Message whether the retrieval was successful;
(9) Amount of data transmitted

This data is stored in the log files of our system. This data is not stored together with personal data of a specific user, so that individual site visitors are not identified.

Legal basis for the processing of personal data

Art. 6 para. 1 lit. f GDPR (legitimate interest). Our legitimate interest is to ensure the achievement of the purpose described below.

Purpose of the data processing

The temporary (automated) storage of data is necessary for the course of a website visit in order to enable delivery of the website. The storage and processing of personal data is also carried out to maintain the compatibility of our website for as many visitors as possible and to combat abuse and eliminate malfunctions. For this purpose, it is necessary to log the technical data of the accessing computer in order to be able to react as early as possible to display errors, attacks on our IT systems and/or errors in the functionality of our website. In addition, we use the data to optimise the website and to generally ensure the security of our information technology systems.

Duration of storage

The deletion of the aforementioned technical data takes place as soon as they are no longer required to ensure the compatibility of the website for all visitors, but no later than 3 months after accessing our website.

Possibility of objection and deletion

You can object to the processing at any time in accordance with Article 21 of the GDPR and request deletion of data pursuant to Article 17 of the GDPR. You can find out what rights you have and how to exercise them at the bottom of this privacy statement.

Special functions of the website

Our site offers you various functions, during the use of which personal data is collected, processed and stored by us. Below we explain what happens with this data:

Application form

• What personal data is collected and to what extent is it processed?

  The data you enter in the form fields of the application form and upload, if applicable, will be processed in full to fulfil the purpose stated below.

• Legal basis for the processing of personal data

  The legal basis for the collection and processing of applicant data is Art. 6 para. 1 lit. b (contract initiation), Art. 88 para. 1 GDPR in conjunction with. § 26 BDSG. Insofar as special categories of personal data are collected which are necessary for the fulfilment of legal obligations arising from labour law, social security law and social protection pursuant to Art. 9 para. 2 b GDPR in conjunction with. § 26 para. 3 BDSG are required, the processing is carried out on this legal basis. Insofar as special categories of personal data are to be processed in addition, we will require consent in accordance with Art. 9 Para.. 2 lit. a GDPR.

• Purpose of the data processing

  The purpose of the data processing is to check and process the application documents uploaded by you via the form.

• Duration of storage

  The data will be deleted as soon as the application has been processed and there is no longer a legitimate interest in storing the application data. Your application documents will therefore be deleted after 6 months at the latest if no employment relationship is established.

• Possibility of objection and deletion

  You can find out what rights you have and how to exercise them at the bottom of this privacy statement.

• Necessity of providing personal data

  The information provided in the application form is neither contractually nor legally required, but is necessary for sending and processing the application. If you do not fill in the required fields or do not fill them in completely, the application you have requested cannot be sent or processed.

Contact form(s)

• What personal data is collected and to what extent is it processed?

  We will process the data you have entered in the input mask of our contact forms to fulfil the purpose stated below.

• Legal basis for the processing of personal data

  Art. 6 para. 1 lit. a GDPR (consent by unambiguous affirmative action or conduct)

• Purpose of the data processing

  We will only use the data recorded via our contact form or contact forms for processing the specific contact enquiry received through the contact form.

• Duration of storage

  After processing your request, the collected data will be deleted immediately, unless there are legal retention periods.

• Possibility of revocation and deletion

  The revocation and deletion options are based on the general regulations on the right of revocation and deletion under data protection law described below in this data protection declaration.

• Necessity of providing personal data

  The use of the contact forms is on a voluntary basis and is neither contractually nor legally required. You are not obliged to contact us via the contact form, but can also use the other contact options provided on our site. If you would like to use our contact form, you must fill in the fields marked as mandatory. If you do not fill in the necessary details of the contact form with content, you will either not be able to send the enquiry or we will unfortunately not be able to process your enquiry.

Statistical analysis of visits to this website – Webtracker

We collect, process and store the following data when this website or individual files on the website are accessed: IP address, website from which the file was retrieved, name of the file, date and time of the retrieval, amount of data transferred and report on the success of the retrieval (so-called web log). We use this access data exclusively in a non-personalised form for the continuous improvement of our website and for statistical purposes. We also use the following web trackers to evaluate visits to this website:

• Adform

We use the service Adform of the company Adform A/S, Silkegade 3B, ST. & 1st, 1113 Copenhagen, Denmark. Personal data is transmitted exclusively to servers in the European Union.

The legal basis for the processing of personal data is your consent in accordance with. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR that you have made on our website.

This service is an analysis tool that allows us to monitor the surfing behaviour on our site.

You can revoke your consent at any time. You can find more information about withdrawing your consent either with the consent itself or at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider’s privacy policy at https://site.adform.com/privacy-center/overview/.

• Adsrvr

We use on our site the service Adsrvr of the company The Trade Desk, Inc. , Global Privacy Office 42 N. Chestnut St., 93001 Ventura, United States, Email: privacy@thetradedesk.com, Website: https://www.thetradedesk.com/us. Personal data is also transferred to the USA. With regard to the transfer of personal data to the USA, there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 DSGVO (hereinafter: DPF – https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection under the GDPR applies to the transfer.

The legal basis for the processing of personal data is your consent in accordance with. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR that you have made on our website.

An advertising network is accessed via the service. The service thus serves us to display advertising of any kind. As part of the delivery of the advertising, the advertising range is also determined in order to be able to calculate remuneration.

You can access the certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000TNT1AAO.

You can revoke your consent at any time. You can find more information about withdrawing your consent either with the consent itself or at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider’s privacy policy at https://www.thetradedesk.com/us/website-privacy-policy.

The provider also offers an opt-out option at https://www.adsrvr.org/.

• Custom Audiences

We use the Custom Audiences service of the company Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, 2 Dublin, Ireland, e-mail: impressum-support@support.facebook.com, website: http://facebook.com/. Personal data is also transferred to the USA. With regard to the transfer of personal data to the USA, there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 DSGVO (hereinafter: DPF – https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection under the GDPR applies to the transfer.

The legal basis for the processing of personal data is your consent in accordance with. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR that you have made on our website.

Facebook Custom Audience is an advertising tool from Facebook that can be used to target advertising campaigns to page visitors.

You can access the parent company’s certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnywAAC.

You can revoke your consent at any time. You can find more information about withdrawing your consent either with the consent itself or at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider’s privacy policy at https://www.facebook.com/about/privacy.

The provider also offers an opt-out option at https://www.facebook.com/about/privacy.

• Facebook Connect

We use the Facebook Connect service of the company Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, 2 Dublin, Ireland, e-mail: impressum-support@support.facebook.com, website: http://www.facebook.com/ on our site. Personal data is also transferred to the USA. With regard to the transfer of personal data to the USA, there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 DSGVO (hereinafter: DPF – https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection under the GDPR applies to the transfer.

The legal basis for the processing of personal data is your consent in accordance with. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR that you have made on our website.

Via Facebook Connect, users can use their Facebook profile to simplify logging in to other web services.

You can access the certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnywAAC.

You can revoke your consent at any time. You can find more information about withdrawing your consent either with the consent itself or at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider’s privacy policy at https://www.facebook.com/about/privacy.

The provider also offers an opt-out option at https://www.facebook.com/about/privacy.

• Google

We use the Google service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, e-mail: support-deutschland@google.com, website: http://www.google.com/ on our site. Personal data is also transferred to the USA. With regard to the transfer of personal data to the USA, there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 DSGVO (hereinafter: DPF – https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection under the GDPR applies to the transfer.

The legal basis for the processing of personal data is your consent in accordance with. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR that you have made on our website.

We use Google in order to be able to load further services from Google on the website. The service is used to provide other Google services, such as the data processing required to provide streams and fonts and relevant Google search content. It is technically required in order to be able to exchange the site visitor’s information already available to Google between the Google services and to be able to provide the site visitor with individual content adapted to his or her Google account.

For processing itself, the service or we collect the following data: Background data stored in the Google user account or at other Google services about the page visitor, background data for the provision of Google services such as streaming data or advertising data, data about the page user’s use of Google search, information about the terminal device used, the IP address and the user’s browser and further data from Google services for the provision of Google services related to our website.

If the service is activated on our website, our website establishes a connection to the servers of Google Ireland Limited and transfers the required data. As part of the order processing, personal data may also be transmitted to the servers of the company Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. When using the Google service on our website, Google may transmit and process information from other Google services in order to provide background services for the display and data processing of the services provided by Google. For this purpose, data may also be transferred to the Google services Google Apis, Doubleclick, Google Cloud, and Google Ads and Google Fonts in accordance with the Google privacy policy. You can access the certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active.

You can revoke your consent at any time. You can find more information about withdrawing your consent either with the consent itself or at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider’s privacy policy at https://policies.google.com/privacy.

The provider also offers an opt-out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de.

• Google Ads

We use the Google Ads service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, e-mail: support-deutschland@google.com, website: http://www.google.com/ on our site. Personal data is also transferred to the USA. With regard to the transfer of personal data to the USA, there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 DSGVO (hereinafter: DPF – https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection under the GDPR applies to the transfer.

The legal basis for the processing of personal data is your consent in accordance with. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR that you have made on our website.

Google Ads is an advertising system that allows us to place ads on external websites on the internet to inform our customers about our services. Google Ads displays advertising tailored to our clientele on external websites according to parameters set by us, which leads to our website. If the site visitor clicks on the Google Ads advertisement, he or she will be directed to our website. In order to be able to measure the Google Ads advertisements in terms of their success and remuneration, Google Ads carries out a measurement of the success of the advertising measure when our website is called up. our website processes the data provided by Google Ads in order to be able to analyse and improve our advertising measures and to calculate any remuneration that may be due.

For processing itself, the service or we collect the following data: Data on advertising interests of page visitors, interactions of page visitors with advertisements related to our website, data on the call-up of our website by page visitors who have previously clicked on Google Ads advertisements and reached our website, data on the terminal device used, the IP address and the browser of the user and further data from Google services for the provision and refinement of Google advertisements related to our website.

If the service is activated on our website, our website establishes a connection to the servers of Google Ireland Limited and transfers the required data. As part of the order processing, personal data may also be transmitted to the servers of the company Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. When Google Ads are used on our website, Google may transmit and process information from other Google services in order to provide background services for the improvement and individualisation of Google advertising. For this purpose, data may also be processed by other Google services such as Google Apis, Google Cloud, Google Ads, Google Analytics, Google Tag Manager, Google Marketing Platform and Google Fonts in accordance with the Google privacy policy under Google’s own responsibility under data protection law. You can access the certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active.

You can revoke your consent at any time. You can find more information about withdrawing your consent either with the consent itself or at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider’s privacy policy at https://policies.google.com/privacy.

The provider also offers an opt-out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de.

• Google Analytics

We use the Google Analytics service of Google Ireland Ltd., Gordon House, Barrow Street, 4 Dublin, Ireland, e-mail: support-deutschland@google.com, website: http://www.google.com/ on our website. Personal data is also transferred to the USA. With regard to the transfer of personal data to the USA, there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 DSGVO (hereinafter: DPF – https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection under the GDPR applies to the transfer.

The legal basis for the processing of personal data is your consent in accordance with. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR that you have made on our website.

Google Analytics is a web tracker that analyses the behaviour of page visitors and their interactions with our website and provides us with evaluations and forecasts about the content and products of our website and their popularity (so-called tracking). We have integrated Google Analytics so that the service can compile an analysis of the site users’ surfing behaviour. For this purpose, Google collects the page interactions of page visitors with our website and, if applicable, existing information resulting from the reading of cookies or other storage technologies and processes it statistically for us. Google Analytics uses data processing technologies that enable the tracking of individual site visitors and their interaction with other Google services, such as the Google Ads advertising network. Data from other Google services is also used to fill data gaps using machine learning technologies, modelled statistics and forecasting functions and to create comprehensive statistics on the content of our website. If Google Analytics is activated on our website, the data determined by Google Analytics will be transmitted to servers of Google Ireland Limited. As part of the order processing, personal data may also be transmitted to the servers of the parent company Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States We carry out the analysis through Google Analytics in order to constantly optimise our internet offer and make it more available. This is a so-called reach measurement.

For processing itself, the service or we collect the following data: Data on the interactions of page visitors with the content of the website, data on the handling of the services presented on our website, data from external Google services, insofar as they interact with our website, such as advertising data or data on behaviour in relation to advertising, data on the rough geographical origin, the browser used, operating system as well as further information on the end device used.

Google Analytics will retain data relevant to the provision of web tracking for as long as is necessary to fulfil the booked web service. The data collection and storage is anonymised. Insofar as individual interactions of site visitors make it possible to subsequently establish a personal reference to specific actions, we will delete the collected data when the purpose has been achieved. The data will be deleted at the latest when they are not subject to any statutory retention obligations. As a rule, we will delete this data after 12 months at the latest. You can access the certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active.

You can revoke your consent at any time. You can find more information about withdrawing your consent either with the consent itself or at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider’s privacy policy at https://policies.google.com/privacy.

The provider also offers an opt-out option at https://tools.google.com/dlpage/gaoptout?hl=de.

• Google Analytics (Google Signals)

We use the Google Analytics (Google Signals) service of the company Google Ireland Ltd., Gordon House, Barrow Street, 4 Dublin, Ireland, e-mail: support-deutschland@google.com, website: http://www.google.com/ on our site. Personal data is also transferred to the USA. With regard to the transfer of personal data to the USA, there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 DSGVO (hereinafter: DPF – https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection under the GDPR applies to the transfer.

The legal basis for the processing of personal data is your consent in accordance with. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR that you have made on our website.

Google Analytics is a web tracker that analyses the behaviour of page visitors and their interactions with our website and provides us with evaluations and forecasts about the content and products of our website and their popularity (so-called tracking). We have integrated Google Analytics so that the service can compile an analysis of the site users’ surfing behaviour. For this purpose, Google collects the page interactions of page visitors with our website and, if applicable, existing information resulting from the reading of cookies or other storage technologies and processes it statistically for us. Google Analytics uses data processing technologies that allow tracking of individual site visitors and their interaction across devices and sessions with other Google services such as the Google Ads advertising network. Data from other Google services is also used to fill data gaps using machine learning technologies, modelled statistics and forecasting functions and to create comprehensive statistics on the content of our website. If Google Analytics is activated on our website, the data determined by Google Analytics will be transmitted to servers of Google Ireland Limited. As part of the order processing, personal data may also be transmitted to the servers of the parent company Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States Personal data is also transferred to the USA. We carry out the analysis through Google Analytics in order to constantly optimise our internet offer and make it more available. This is a so-called reach measurement.

For processing itself, the service or we collect the following data: Data on the interactions of page visitors with the content of the website, data on the handling of the services presented on our website, data from external Google services, insofar as they interact with our website, such as advertising data or data on behaviour in relation to advertising, data on the rough geographical origin, the browser used, operating system as well as further information on the end device used, if applicable, across devices and independent of the session.

Google Analytics will retain data relevant to the provision of web tracking for as long as is necessary to fulfil the booked web service. The data collection and storage is anonymised. Insofar as individual interactions by site visitors make it possible to subsequently establish a personal reference to specific actions, we will delete the collected data when the purpose has been achieved. The data will be deleted at the latest when they are not subject to any statutory retention obligations. As a rule, we will delete this data after 12 months at the latest.

You can revoke your consent at any time. You can find more information about withdrawing your consent either with the consent itself or at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider’s privacy policy at https://policies.google.com/privacy.

The provider also offers an opt-out option at https://tools.google.com/dlpage/gaoptout?hl=de.

• Google Maps

We use the Google Maps service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, e-mail: support-deutschland@google.com, website: http://www.google.com/ on our site. Personal data is also transferred to the USA. With regard to the transfer of personal data to the USA, there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 DSGVO (hereinafter: DPF – https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection under the GDPR applies to the transfer.

The legal basis for the processing of personal data is your consent in accordance with. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR that you have made on our website.

On our behalf, Google will use the information obtained via Google Maps to show you the map. Using Google Maps, you can find us faster and more accurately than with a mere non-interactive map. Ebenfalls werden die entsprechenden Daten verwendet, um die Seitenbesucher, die unsere Google Maps-Karte anzeigen, ggf. unter Zuhilfenahme der Google-Werbe-ID zuzuordnen und mit physischen Besuchen und Aufrufen von weiteren bei Google gelisteten Kontaktinformationen zu verknüpfen. In this way, Google can make an estimate of the expected visitor flows.

For the processing itself, the service or we collect the following data: Data required for the visualisation and display of location data in the form of a map such as, in particular, IP address, information from Google background services such as Google Apis, search terms, IP address, coordinates, start location and destination when using the route planner, location data, Google advertising ID, Android advertising ID.

We have concluded a joint processing agreement with Google with regard to Google Maps. You can find the content at https://privacy.google.com/intl/de/businesses/mapscontrollerterms/. If the service is activated on our website, our website establishes a connection to the servers of Google Ireland Limited and transfers the required data. As part of the order processing, personal data may also be transmitted to the servers of the company Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. When using the Google service on our website, Google may transmit and process information from other Google services in order to provide background services for the display and data processing of the services provided by Google. For this purpose, data processing may also be carried out by the Google services Google Apis, Google Cloud and Google Fonts in accordance with the Google data protection declaration under the data protection responsibility of Google. You can access the certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active.

You can revoke your consent at any time. You can find more information about withdrawing your consent either with the consent itself or at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider’s privacy policy at https://policies.google.com/privacy.

The provider also offers an opt-out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de.

• Google Tag Manager

We use the Google Tag Manager service of Google Ireland Ltd., Gordon House, Barrow Street, 4 Dublin, Ireland, e-mail: support-deutschland@google.com, website: http://www.google.com/ on our website. Personal data is also transferred to the USA. With regard to the transfer of personal data to the USA, there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 DSGVO (hereinafter: DPF – https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection under the GDPR applies to the transfer.

The legal basis for the processing of personal data is your consent in accordance with. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR that you have made on our website.

Google Tag Manager offers a technical platform to execute and control other web tools and web tracking programmes in a bundled way by means of so-called “tags”. In this context, Google Tag Manager stores cookies on your computer and analyses your surfing behaviour (so-called “tracking”), insofar as web tracking tools are executed using Google Tag Manager. The data generated by the “tags” is aggregated, stored and processed by Google Tag Manager under a uniform user interface. All integrated “tags” are listed separately again in this data protection declaration. When using our website with activated integration of “tags” from Google Tag Manager, data, such as in particular your IP address and your user activities, are transmitted to servers of the Google company. The tracking tools used in Google Tag Manager ensure that the IP address is anonymised by Google Tag Manager before transmission by means of IP anonymisation of the source code. With Tag Manager, measured values from different service providers (Google and third-party providers) can be linked and evaluated on the basis of the so-called tag management. Google Tag Manager helps us compile reports on website activity and manage our website’s web tools.

For processing itself, the service or we collect the following data: Cookies, web tracking data, outgoing or incoming links, information arising from the integration and activation of JavaScript code on the website from Google Tag Manager and the web tools triggered by Google Tag Manager.

You can access the certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active.

You can revoke your consent at any time. You can find more information about withdrawing your consent either with the consent itself or at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider’s privacy policy at https://policies.google.com/privacy.

The provider also offers an opt-out option at https://policies.google.com/privacy.

• Gstatic

We use the Gstatic service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, e-mail: support-deutschland@google.com, website: http://www.google.com/ on our site. Personal data is also transferred to the USA. With regard to the transfer of personal data to the USA, there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 DSGVO (hereinafter: DPF – https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection under the GDPR applies to the transfer.

The legal basis for the processing of personal data is your consent in accordance with. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR that you have made on our website.

Gstatic is a background service used by Google to retrieve static content to reduce bandwidth usage and preload required catalogue files. In particular, the service loads background data on Google Fonts and Google Maps.

As part of the order processing, personal data may also be transmitted to the servers of the company Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. You can access the certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active.

You can revoke your consent at any time. You can find more information about withdrawing your consent either with the consent itself or at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider’s privacy policy at https://policies.google.com/privacy.

The provider also offers an opt-out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de.

• Sojern

We use the Sojern service of the company Sojern, Inc, 255 California Street Suite 1000, CA 94111 San Francisco, United States, e-mail: mktg@sojern.com, website: https://www.sojern.com/ on our site. The transfer shall also be made to a third country for which there is no Commission adequacy decision. Therefore, the usual level of protection for the GDPR cannot be guaranteed for the transfer, as it cannot be ruled out that in the third country, e.g. authorities can access the collected data.

The legal basis for the processing of personal data is your consent in accordance with. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR that you have made on our website.

The service is a marketing service provider that we need to place retargeting adverts.

You can revoke your consent at any time. You can find more information about withdrawing your consent either with the consent itself or at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider’s privacy policy at https://www.sojern.com/privacy/.

The provider also offers an opt-out option at https://www.sojern.com/privacy/.

• Xandr ehem. AppNexus

We use the service Xandr (formerly Xandr) on our website. AppNexus of the company Xandr Inc, 28 West 23rd Street, Fl 4, 10010 New York, United States, website: https://www.xandr.com/. The transfer shall also be made to a third country for which there is no Commission adequacy decision. Therefore, the usual level of protection for the GDPR cannot be guaranteed for the transfer, as it cannot be ruled out that in the third country, e.g. authorities can access the collected data.

The legal basis for the processing of personal data is your consent in accordance with. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR that you have made on our website.

This service is an analysis tool that allows us to monitor the surfing behaviour on our site.

You can revoke your consent at any time. You can find more information about withdrawing your consent either with the consent itself or at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider’s privacy policy at https://www.xandr.com/privacy/platform-privacy-policy/.

The provider also offers an opt-out option at https://www.xandr.com/privacy/platform-privacy-policy/#opt_out.

• Youtube

We use the Youtube service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, e-mail: support-deutschland@google.com, website: http://www.google.com/ on our site. Personal data is also transferred to the USA. With regard to the transfer of personal data to the USA, there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 DSGVO (hereinafter: DPF – https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection under the GDPR applies to the transfer.

The legal basis for the processing of personal data is your consent in accordance with. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR that you have made on our website.

Videos from the Youtube platform are integrated on our website via the Youtube service. Through the integration, we can show you videos directly on our website. In this way, visitors to our website can view information about our services without having to visit the YouTube platform.

For the processing itself, the service or we collect the following data: Data for displaying the stream, data on videos clicked on, playlists created, ratings and comments, information on the terminal device used, the IP address and the user’s browser and further data from Google services for providing the video in accordance with the Google data protection declaration.

If Youtube is activated on our website and a video is played, our website establishes a connection to the servers of Google Ireland Limited and transmits the data required to display the stream or video. As part of the order processing, personal data may also be transmitted to the servers of the company Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. Personal data is also transferred to the USA. With regard to the transfer of personal data to the USA, there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 DSGVO (hereinafter: DPF – https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The operator of the service is certified under the DPF, so that the usual level of protection under the GDPR applies to the transfer. When displaying Youtube videos on our website, Youtube may transmit and process information from other Google services in order to provide background services for the video, such as streaming data. For this purpose, data may also be transferred to the Google services Google Fonts, Google Apis, Google Video, Doubleclick. You can access the certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active.

You can revoke your consent at any time. You can find more information about withdrawing your consent either with the consent itself or at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider’s privacy policy at https://policies.google.com/privacy.

The provider also offers an opt-out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de.

Integration of external web services and processing of data outside the EU

On our website we use active content from external providers, so-called web services. When you visit our website, these external providers may receive personal information about your visit to our website. This may involve processing data outside the EU. You can prevent this by installing an appropriate browser plugin or deactivating the execution of scripts in your browser. This can lead to functional restrictions on websites that you visit.

We use the following external web services:

• CloudFlare

We use the CloudFlare service of the company Cloudflare, Inc., 101 Townsend St, 94107 San Francisco, United States, email: support@cloudflare.com, website: https://www.cloudflare.com/de-de/ on our site. Personal data is also transferred to the USA. With regard to the transfer of personal data to the USA, there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 DSGVO (hereinafter: DPF – https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection under the GDPR applies to the transfer.

The legal basis for the processing of personal data is provided in accordance with the German Data Protection Act. Art. 6 para. 1 lit. GDPR constitutes our legitimate interest. Our legitimate interest lies in achieving the purpose described below.

Cloudflare is a so-called content delivery network that provides security functions in addition to splitting the website across several servers. In addition, Cloudflare acts as a reverse proxy for our website.

You can access the certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000GnZKAA0.

With regard to the processing, you have the right to object as set out in Art. 21. You can find more information at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider’s privacy policy at https://www.cloudflare.com/privacypolicy/.

• Font Awesome

We use on our site the service Font Awesome of the company Fonticons Inc, 6 Porter Road, Apartment 3R, MA 02140 Cambridge, United States, e-mail: hello@fontawesome.com, website: https://fontawesome.com/. The transfer shall also be made to a third country for which there is no Commission adequacy decision. Therefore, the usual level of protection for the GDPR cannot be guaranteed for the transfer, as it cannot be ruled out that in the third country, e.g. authorities can access the collected data.

The legal basis for the processing of personal data is your consent in accordance with. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR that you have made on our website.

Through the Font Awesome service, fonts are reloaded on our site in order to show you the site in a visually better version.

You can revoke your consent at any time. You can find more information about withdrawing your consent either with the consent itself or at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider’s privacy policy at https://fontawesome.com/privacy.

• Google Cloud APIs

We use the Google Cloud APIs service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, email: support-deutschland@google.com, website: http://www.google.com/ on our site. Personal data is also transferred to the USA. With regard to the transfer of personal data to the USA, there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 DSGVO (hereinafter: DPF – https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection under the GDPR applies to the transfer.

The legal basis for the processing of personal data is your consent in accordance with. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR that you have made on our website.

Wir verwenden Google APIs um auf der Internetseite weitere Dienste von Google nachladen zu können. Google Apis is a collection of interfaces for communication between the various Google services used on your website. The service is used in particular to display the Google Fonts fonts and to provide the Google Maps map.

For the processing itself, the service or we collect the following data: IP address

If the service is activated on our website, our website establishes a connection to the servers of Google Ireland Limited and transfers the required data. As part of the order processing, personal data may also be transmitted to the servers of the company Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. When using the Google service on our website, Google may transmit and process information from other Google services in order to provide background services for the display and data processing of the services provided by Google. For this purpose, data may also be transferred to the Google services Google Cloud, Google Maps, Google Ads and Google Fonts in accordance with the Google privacy policy under the data protection responsibility of Google. You can access the certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active.

You can revoke your consent at any time. You can find more information about withdrawing your consent either with the consent itself or at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider’s privacy policy at https://policies.google.com/privacy.

The provider also offers an opt-out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de.

• Google Fonts

We use the Google Fonts service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, e-mail: support-deutschland@google.com, website: http://www.google.com/ on our website. Personal data is also transferred to the USA. With regard to the transfer of personal data to the USA, there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 DSGVO (hereinafter: DPF – https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection under the GDPR applies to the transfer.

The legal basis for the processing of personal data is your consent in accordance with. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR that you have made on our website.

We use the Google Fonts service to be able to integrate attractive fonts on our site in order to show you our website in a visually better version. The service may also be used on our website if other Google services are reloaded on our website that require Google Fonts fonts to run. This is the case, for example, if our website uses Google services that require Google Fonts to run.

For processing itself, the service or we collect the following data: Data on fonts, IP address of the page visitor, statistics on the use of fonts and other data from Google services related to our website.

If the service is activated on our website, our website establishes a connection to the servers of Google Ireland Limited and transfers the required data. As part of the order processing, personal data may also be transmitted to the servers of the company Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States. When using the Google service on our website, Google may transmit and process information from other Google services in order to provide background services for the display and data processing of the services provided by Google. For this purpose, data may also be transferred to the Google services Google Apis, Google Cloud and Google Ads in accordance with the Google privacy policy. You can access the certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active.

You can revoke your consent at any time. You can find more information about withdrawing your consent either with the consent itself or at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider’s privacy policy at https://policies.google.com/privacy.

The provider also offers an opt-out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de.

• Google reCaptcha

We use the Google reCaptcha service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland, e-mail: support-deutschland@google.com, website: http://www.google.com/ on our site. Personal data is also transferred to the USA. With regard to the transfer of personal data to the USA, there is an adequacy decision on the EU-US Data Privacy Framework of the EU Commission within the meaning of Art. 45 DSGVO (hereinafter: DPF – https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en ). The operator of the service is certified under the DPF, so that the usual level of protection under the GDPR applies to the transfer.

The legal basis for the processing of personal data is your consent in accordance with. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR that you have made on our website.

If Google reCaptcha is activated on our website, the data determined by Google reCaptcha will be transmitted to servers of the company Google Ireland Limited. As part of the order processing, personal data may also be transmitted to the servers of the parent company Google LLC, 1600 Amphitheatre Parkway, 94043 Mountain View, United States On the basis of specific characteristics and an analysis of the page behaviour, the service recognises whether the input made is an automated input by means of a programme (so-called bot) or a human being. The service has three different levels. Either the service automatically recognises that the entry is not automated by a bot or it lets the user select a captcha checkbox. A third possibility is to display small picture or language tasks / text tasks that have to be solved by the page visitor. Google reCaptcha is a capcha service that is used on our website for security reasons to exclude bots (robot programs) from being able to interact on our website. Google reCaptcha verifies on our behalf that only humans and not bots can use our website. In particular, this enables us to protect the special functions of our website (e.g. contact forms or other input options such as the login area) from unauthorised access.

For processing itself, the service or we collect the following data: User behaviour (e.g. mouse gestures or input behaviour), IP address, browser data, computer information.

If you wish to use the Google reCaptcha-protected input options on our website, you must allow the use of Google reCaptcha and, if necessary, solve the corresponding captchas. Unless you fill in the captcha or allow the use of Google reCaptcha, you will not be able to use the form protected by the captcha. Alternatively, you can always use our other contact options (e.g. post or e-mail). You can access the certification under the EU-US Data Privacy Framework at https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active.

You can revoke your consent at any time. You can find more information about withdrawing your consent either with the consent itself or at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider’s privacy policy at https://policies.google.com/privacy.

The provider also offers an opt-out option at https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de.

• Legal text snippet and modules

We use the legal text snippet service and modules of the company Website-Check GmbH, Beethovenstraße 24, 66111 Saarbrücken, Germany, e-mail: support@website-check.de, website: https://www.website-check.de/ on our site. Personal data is transmitted exclusively to servers in the European Union.

The legal basis for the processing is Art. 6 para. 1 lit. c GDPR. The use of the service helps us to meet our legal obligations.

With the help of the service, contents of our legal texts are reloaded on our website. The current legal texts are reloaded via the integration on our site. Via this integration, further technical modules with regard to the legal texts or legally required elements can also be reloaded if necessary.

You can find out what rights you have with regard to processing at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider’s privacy policy at https://www.website-check.de/datenschutzerklaerung/.

• Sentry

We use the Sentry service of Functional Software, Inc. on our site. dba Sentry, 45 Fremont Street, 8th Floor, , CA 94105 San Francisco, United States, e-mail: compliance@sentry.io, website: http://sentry.io/. The transfer shall also be made to a third country for which there is no Commission adequacy decision. Therefore, the usual level of protection for the GDPR cannot be guaranteed for the transfer, as it cannot be ruled out that in the third country, e.g. authorities can access the collected data.

The legal basis for the processing of personal data is your consent in accordance with. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR that you have made on our website.

The service collects stack traces and information from our site to identify and fix errors and crashes. This also generates data about the website visitors concerned.

You can revoke your consent at any time. You can find more information about withdrawing your consent either with the consent itself or at the end of this privacy policy.

For further information on the handling of transmitted data, please refer to the provider’s privacy policy at https://sentry.io/privacy/.

• Typography.com

We use the typography.com service of Hoefler & Co, 611 Broadway, Room 725, 10012-2608 New York, United States on our site. The transfer also takes place to a third country for which there is no Commission adequacy decision. Therefore, the usual level of protection for the GDPR cannot be guaranteed for the transfer, as it cannot be ruled out that in the third country, e.g. authorities can access the collected data.

The legal basis for the processing of personal data is your consent in accordance with. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR that you have made on our website.

The service is a plugin that we need to be able to show you all the content on our website. The service may also be used for tracking and/or advertising integration.

You can revoke your consent at any time. You can find more information about withdrawing your consent either with the consent itself or at the end of this privacy policy.

For more information on the handling of transmitted data, please refer to the provider’s privacy policy at https://www.typography.com/home/privacy.php.

• Social Plug-in – “Facebook by META

What personal data is collected and to what extent is it processed?

On our website, we have integrated a social plug-in of the social network “Facebook by META”, which is operated by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, 2 Dublin, Ireland, e-mail: impressum-support@support.facebook.com, website: http://www.facebook.com/ (“Facebook by META”). When you call up a page that contains such a plug-in, your browser automatically establishes a background connection to the servers of Facebook by META. The content of the plug-in is transmitted by Facebook by META directly to your browser and only integrated into our site. Through this integration, Facebook by META receives the information that your browser has loaded a specific page of our website. This also applies if you do not have a Facebook by META profile or are not currently logged into Facebook by META. This information (including your IP address) is transmitted from your browser directly to a Facebook by META server in Ireland and stored there. If you are logged in to Facebook by META, Facebook by META can directly assign your visit to our website to your Facebook by META profile. If you interact with the plug-ins, for example by clicking the “Like” button or posting a comment, this information is also transmitted directly to a Facebook by META server and stored there. The information will also be published on your Facebook by META profile and displayed to your Facebook by META contacts that you have enabled for this purpose.

Legal basis for the processing of personal data

Art. 6 para. 1 lit. a GDPR (insofar as you have registered with “Facebook by META”) and Art. 6 para. 1 lit. GDPR (if you have not registered with Facebook by META). As far as the processing is based on Art. 6 para. 1 p. 1 lit. DSGVO, the legitimate interest of the site operator is to enable user interaction with the content of the site operator on Facebook by META.

Purpose of the data processing

The primary purpose of the data collection is to offer you a possibility of social interaction linked to Facebook by META and thus to make our Internet presence interactive. The scope of data collection and the further processing and use of the data you leave behind by Facebook by META, as well as your rights in this regard and setting options for protecting your privacy, can be found in the privacy policy of Facebook by META: https://www.facebook.com/about/privacy

Duration of storage

Facebook by META will store data relevant to the provision of the Web Service for as long as it is necessary. If the data is subject to statutory retention obligations, it will be deleted after expiry of the retention obligation.

Possibility of objection and deletion

If you do not want the Facebook by META social plug-in to run, you can also prevent it from running by installing an appropriate addon or script blocker. If you do not want Facebook by META to assign the data collected via our website to your Facebook by META profile, you must log out of Facebook by META before visiting our website. The options for objection and removal are also based on the general regulations on the right of objection and deletion under data protection law described below in this data protection declaration.

Information on the use of cookies

• What personal data is collected and to what extent is it processed?

On various pages, we integrate and use cookies to enable certain features of our website and to integrate external web services. The so-called “cookies” are small text files that your browser can store on your access device. These text files contain a characteristic string that uniquely identifies the browser when you return to our website. The process of saving a cookie file is also called “setting a cookie”. Cookies can be set both by the website itself and by external web services. The cookies are set by our website or the external web services to maintain the full functionality of our website, to improve the user experience or to pursue the purpose stated with your consent. Cookie technology also allows us to recognize individual visitors by pseudonyms, such as a unique or random IDs, so that we can provide more customized services. Details are shown in the following table.

• Legal basis for the processing of personal data

Insofar as the cookies are used on the basis of consent pursuant to Art. 6 para. 1 lit. a DSGVO are processed, this consent shall also be deemed to be consent within the meaning of Section 25 (a) DSGVO. 1 TTDSG for setting the cookie on the user’s terminal device. As far as another legal basis according to the GDPR is mentioned (e.g. for the fulfillment of a contract or for the fulfillment of legal obligations), the storage or the setting takes place on the basis of an exception according to § 25 para. 2 TTDSG. This occurs “when the sole purpose of storing information in the end user’s terminal equipment or the sole purpose of accessing information already stored in the end user’s terminal equipment is to carry out the transmission of a message over a public telecommunications network” or “when the storage of information in the end user’s terminal equipment or the access to information already stored in the end user’s terminal equipment is strictly necessary to enable the provider of a telemedia service to provide a telemedia service expressly requested by the user.” Which legal basis is relevant can be seen from the cookie table listed later in this point.

• Purpose of the data processing

The cookies are set by our website or the external web services to maintain the full functionality of our website, to improve the user experience or to pursue the purpose stated with your consent. Cookie technology also allows us to recognize individual visitors by pseudonyms, such as a unique or random IDs, so that we can provide more customized services. Details are shown in the following table.

• Duration of storage

Our cookies are stored until deleted in your browser or, if it is a session cookie, until the session expires. Details are shown in the following table.

• Possibility of objection and elimination

You can set your browser according to your wishes so that the setting of cookies is generally prevented. You can then decide on a case-by-case basis whether to accept cookies or accept cookies in principle. Cookies can be used for various purposes, such as to recognize that your access device is already connected to our website (persistent cookies) or to store recently viewed offers (session cookies). If you have expressly given us permission to process your personal data, you can revoke this consent at any time. Please note that the lawfulness of the processing carried out on the basis of the consent until revocation is not affected by this.

Data security and data protection, communication by e-mail

Your personal data is protected by technical and organisational measures during collection, storage and processing in such a way that it is not accessible to third parties. In the case of unencrypted communication by e-mail, we cannot guarantee complete data security on the transmission path to our IT systems, so we recommend encrypted communication or the postal service for information requiring a high level of confidentiality.

Right to information and correction requests – Deletion & restriction of data – Revocation of consent – Right of objection

Right to information

You have the right to request confirmation as to whether we are processing personal data about you. If this is the case, you have a right to information about the data referred to in Art. 15 para. 1 GDPR, insofar as the rights and freedoms of other persons are not affected (cf. Art. 15 (4) GDPR). We will also be happy to provide you with a copy of the data.

Right of rectification

In accordance with Art. 16 DSGVO, you have the right to have any incorrect personal data (e.g. address, name, etc.) corrected at any time. You can also request a completion of the data stored with us at any time. A corresponding adjustment shall be made without delay.

Right to deletion

In accordance with Art. 17 para. para. 1 GDPR, you have the right to have us delete the personal data we have collected about you if

• the data is either no longer needed;
• due to the revocation of your consent, the legal basis of the processing has ceased to exist without replacement;
• you have objected to the processing and there are no legitimate grounds for the processing;
• your data is processed unlawfully;
• a legal obligation requires this or a collection according to Art. 8 para. 1 GDPR has taken place.

The right according to Art. 17 para. 3 GDPR does not exist if

• the processing is necessary for the exercise of the right to freedom of expression and information;
• Your data has been collected on the basis of a legal obligation;
• the processing is necessary for reasons of public interest;
• the data is necessary for the assertion, exercise or defence of legal claims.

Right to restrict processing

according to Art. 18 para. 1 GDPR, you have the right to request the restriction of the processing of your personal data in individual cases.

This is the case when

• the accuracy of the personal data is disputed by you;
• the processing is unlawful and you do not consent to erasure;
• the data is no longer needed for the purpose of processing, but the data collected serves the assertion, exercise or defence of legal claims;
• an objection to the processing pursuant to Art. 21 para. 1 of the GDPR has been lodged and it is still unclear which interests prevail.

Right of revocation

If you have given us express consent to process your personal data (Art. 6 para. 1 lit. a of GDPR or Art. 9 para. 2 lit. a of GDPR), you can revoke this consent at any time. Please note that the lawfulness of the processing carried out on the basis of the consent until revocation is not affected by this.

Right to object

In accordance with Article 21 of the GDPR the right to object at any time to the processing of personal data relating to you which has been collected on the basis of Article 6 para. 1 lit. f (in the context of a legitimate interest). The right is only available to you if there are special circumstances that speak against the storage and processing.

How do you exercise your rights?

You can exercise your rights at any time by contacting us using the contact details below:

AHM Hotel Management AG
Bahnhofstr. 5
3900 Brig
Schweiz
E-Mail: info@ahm-ag.ch
Tel.: +41 (0)27 921 1190
Fax: +41 (0)27 921 1199

Created by:

© DURY LEGAL Rechtsanwälte – www.dury.de

© Website-Check GmbH – www.website-check.de