Privacy statement

1. Introduction

With the following information, we want to provide you, as the "data subject," an overview of how we process your personal data and your rights under data protection laws. Using our website is generally possible without providing personal data. However, if you wish to access specific services offered by our company through our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain your consent.
The processing of personal data, such as your name, address, or email address, always occurs in accordance with the General Data Protection Regulation (GDPR) and in compliance with the specific data protection regulations applicable to Hotel Weserschlößchen. Through this privacy policy, we aim to inform you about the extent and purpose of the personal data we collect, use, and process.

2. Data Controller

The data controller within the meaning of the GDPR is:

Hotel Weserschlößchen
Mühlenstraße 20
D-31582 Nienburg/Weser
Phone: +49 (0) 5021 - 62081
E-Mail: info@weserschloesschen.de
Representative of the data controller: Sascha Stuwe

3. Data Protection Officer

You can reach the data protection officer as follows:
epc GmbH
Leon Kolsch
Kräher Weg 54
31582 Nienburg
Phone: +49 (0) 5021 - 889988
E-Mail datenschutz@epcgmbh.de
Sie können sich jederzeit bei allen Fragen und Anregungen zum Datenschutz direkt an unseren Datenschutzbeauftragten wenden.

4. Legal Basis for Processing

Article 6(1)(a) GDPR (in conjunction with § 25(1) TTDSG) serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose.
If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, when processing operations are necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Article 6(1)(b) GDPR. The same applies to such processing operations that are necessary for carrying out pre-contractual measures, such as in the case of inquiries about our products or services.
If our company is subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Article 6(1)(c) GDPR.
In rare cases, the processing of personal data may be necessary to protect the vital interests of you or another natural person. This would be the case, for example, if a visitor to our business premises were injured and his or her name, age, health insurance data, or other vital information would have to be passed on to a doctor, hospital, or other third parties. Then the processing would be based on Article 6(1)(d) GDPR.
Ultimately, processing operations could be based on Article 6(1)(f) GDPR. This legal basis is used for processing operations that are not covered by any of the aforementioned legal bases if processing is necessary to safeguard a legitimate interest of our company or a third party, provided that your interests, fundamental rights, and freedoms do not outweigh the legitimate interest. We are allowed to carry out such processing operations particularly because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if you are a customer of our company (Recital 47, Sentence 2 GDPR).

5. Data Transfer to Third Parties

Your personal data will not be disclosed to third parties for purposes other than those listed below.
We will only disclose your personal data to third parties if:
1. You have given us express consent in accordance with Article 6(1)(a) GDPR,
2. Disclosure is permitted under Article 6(1)(f) GDPR and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
3. We have a legal obligation to disclose data under Article 6(1)(c) GDPR, or
It is legally permissible and necessary under Article 6(1)(b) GDPR for the performance of a contract with you.

To protect your data and, if necessary, enable data transfer to third countries (outside the EU/EEA), we have entered into agreements for data processing based on the standard contractual clauses of the European Commission. If the standard contractual clauses are not sufficient to ensure an adequate level of security, your consent pursuant to Article 49(1)(a) GDPR may serve as the legal basis for the transfer to third countries. This may not apply if data is transferred to third countries for which the European Commission has issued an adequacy decision pursuant to Article 45 GDPR.

6. Technology

6.1 SSL/TLS Encryption

To ensure the security of data processing and protect the transmission of confidential content, such as orders, login information, or contact inquiries that you send to us as the operator, this page uses SSL/TLS encryption. An encrypted connection is indicated by the change of the protocol from "http://" to "https://" in the address bar of your browser and by the lock symbol in your browser bar.
We use this technology to protect your transmitted data.

6.2 Data Collection during Website Visits

When you use our website for informational purposes only, without registering or otherwise providing information to us, we only collect the data that your browser transmits to our server (so-called "server log files"). Our website automatically collects and stores general data and information each time you access a page. This data can include:

1. The type and version of the browser used
2. The operating system used by the accessing system
3. The website from which an accessing system accesses our website (referrer)
4. The hostname of the accessing computer
5. The date and time of access to the website
6. An Internet Protocol (IP) address
We do not draw any conclusions about you as a person when using this general data and information. Instead, this information is needed to:
1. To deliver the contents of our website correctly,
2. To optimize the contents of our website and the advertising for it,
3. To ensure the permanent functionality of our IT systems and the technology of our website, and
4. To provide law enforcement authorities with the necessary information for prosecution in the event of a cyber attack.

Therefore, this collected data and information are analyzed both statistically and with the aim of increasing data protection and data security in our company to ultimately ensure an optimal level of protection for the personal data we process. The data from the server log files are stored separately from all personal data provided by the data subject.
The legal basis for data processing is Article 6(1)(f) of the General Data Protection Regulation (GDPR). Our legitimate interest arises from the purposes of data collection listed above.

6.3 Hosting by All-Inkl

We host our website with ALL-INKL.COM - Neue Medien Münnich, Inh. René Münnich, Hauptstraße 68, 02742 Friedersdorf (hereinafter referred to as All-Inkl).
When you visit our website, your personal data (e.g., IP addresses in log files) are processed on All-Inkl's servers.
The use of All-Inkl is based on Article 6(1)(f) of the GDPR. We have a legitimate interest in a reliable presentation and provision as well as the security of our website.
We have concluded a data processing agreement (DPA) pursuant to Article 28 of the GDPR with All-Inkl. This is a data protectionally required contract that ensures All-Inkl processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
For more information on All-Inkl's privacy policy, please visit: https://all-inkl.com/datenschutzinformationen/

7. Cookies

7.1 General about Cookies

Our websites use so-called "cookies." Cookies are small data packets that do not cause any damage to your end device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted after your visit. Permanent cookies remain stored on your end device until you delete them yourself or until automatic deletion by your web browser.
Cookies can be set by us (first-party cookies) or by third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain third-party services within websites (e.g., cookies for payment processing).
Cookies serve various functions. Numerous cookies are technically necessary because certain website functions would not work without them (e.g., shopping cart function or display of videos). Other cookies may be used to analyze user behavior or for advertising purposes.
Cookies that are necessary for the electronic communication process, for the provision of certain functions you desire (e.g., shopping cart function), or for website optimization (e.g., cookies for measuring web audiences) are stored on the basis of Article 6(1)(f) of the GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and similar tracking technologies has been requested, the processing is based exclusively on this consent (Article 6(1)(a) of the GDPR and § 25(1) TTDSG); the consent can be revoked at any time.
You can configure your browser to inform you about the setting of cookies and allow cookies only on a case-by-case basis, accept cookies for specific cases, or generally exclude them, as well as activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.

8. Contents of our Website

8.1 Contact / Contact Form

In the context of contacting us (e.g., via contact form or email), personal data is collected. The data collected when using a contact form can be seen from the respective contact form. This data is stored and used exclusively for the purpose of responding to your inquiry or for contacting you and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Article 6(1)(f) of the GDPR. If your contact aims at concluding a contract, an additional legal basis for the processing is Article 6(1)(b) of the GDPR. Your data will be deleted after final processing of your inquiry; this is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no legal retention obligations.

8.2 Customer Alliance Review Widget

This page uses a widget from Customer Alliance to display reviews and an average rating of reviews submitted to our property on various review portals. The provider is:
CA Customer Alliance GmbH
Ullsteinstraße 130, Turm B
12109 Berlin
Deutschland
https://www.customer-alliance.com/de/
For the use of the Customer Alliance widget's functions, it is necessary to store your IP address. This information is usually transferred to a Customer Alliance server in Germany and stored there. The provider of this page has no insight or influence on this data transmission.
The use of the Customer Alliance widget serves the interest of presenting the reviews of our hotel submitted to Customer Alliance and the possibility of displaying all collected reviews at Customer Alliance for our property. This represents a legitimate interest within the meaning of Article 6(1)(f) of the GDPR.
For more information on data protection at Customer Alliance, please refer to Customer Alliance's privacy policy: https://www.customer-alliance.com/en/privacy-policy/

8.3 Online Booking Tool DIRS21 by TourOnline AG

Our online presence uses the DIRS21 online booking tool (hereinafter "OBT") of TourOnline AG, Borsigstraße 26, 73249 Wernau, Germany (http://www.dirs21.de, hereinafter "TOAG") to enable online bookings of accommodation services and other travel services, as well as to process inquiries. Within the scope of the OBT, TOAG processes the data as the data controller. The information and provisions on data protection can be found in TOAG's data protection declaration for the OBT, which can be accessed at any time from the OBT or at http://www.dirs21.de/datenschutz.

9. Our Activities on Social Networks

In order to communicate with you in social networks and inform you about our services, we have our own pages on these platforms. When you visit one of our social media pages, we are jointly responsible with the provider of the respective social media platform for the processing activities triggered as per Article 26 of the GDPR.
We are not the original provider of these pages but use them only within the framework of the possibilities offered to us by the respective providers.
Therefore, we want to point out that your data may also be processed outside the European Union or the European Economic Area. The use of social media may therefore involve data protection risks for you, as the protection of your rights, such as the right to information, deletion, objection, etc., may be more difficult, and the processing in social networks often takes place for advertising purposes or for the analysis of user behavior by the providers, without us being able to influence this. If usage profiles are created by the provider, cookies are often used or the usage behavior is assigned to your own member profile created by you on the social networks.
The described processing of personal data is carried out in accordance with Article 6(1)(f) of the GDPR based on our legitimate interest and the legitimate interest of the respective provider to communicate with you in a contemporary way or to inform you about our services. If you as a user are requested by the respective provider to give your consent to data processing, the legal basis refers to Article 6(1)(a) of the GDPR in conjunction with Article 7 of the GDPR.
As we do not have access to the data stocks of the providers, we would like to point out that you can assert your rights (e.g., to information, correction, deletion, etc.) best with the respective provider. For more information on the processing of your data in social networks, please refer to the following information on the respective social network provider used by us:

9.1 Facebook

Joint controller for data processing in Europe:
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland
Data Policy:
https://www.facebook.com/about/privacy

10. Plugins and Other Services

10.1 Google WebFonts

This site uses so-called Google Fonts for the uniform display of fonts, which are provided by Google. The Google Fonts are locally installed. There is no connection to Google servers. For more information about Google Fonts, please visit:
For more information about Google Fonts, please visit:
https://developers.google.com/fonts/faq and the Google Privacy Policy:
https://policies.google.com/privacy?hl=de.

11. Contact by Email, Phone, or Fax

If you contact us by email, phone, or fax, your inquiry, including all resulting personal data (name, inquiry), will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.
The processing of this data is based on Article 6(1)(b) of the GDPR, provided that your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Article 6(1)(f) of the GDPR) or on your consent (Article 6(1)(a) of the GDPR) if this has been requested; the consent can be revoked at any time.
The data sent to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

12. Your Rights as a Data Subject

12.1 Right to Confirmation

You have the right to request confirmation from us as to whether personal data concerning you is being processed.

12.2 Right to Information - Article 15 GDPR

You have the right to obtain from us at any time free information about the personal data stored about you and a copy of this data in accordance with the statutory provisions.

12.3 Right to Rectification - Article 16 GDPR

You have the right to request the correction of incorrect personal data concerning you. Furthermore, you have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.

12.4 Right to Erasure - Article 17 GDPR

You have the right to request that the personal data concerning you be deleted immediately if one of the reasons provided for by law applies and if the processing is not necessary.

12.5 Right to Restriction of Processing - Article 18 GDPR

You have the right to request us to restrict the processing of your personal data if one of the legal conditions is met.

12.6 Right to Data Portability - Article 20 GDPR

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us, to whom the personal data has been provided, as long as the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Furthermore, in exercising your right to data portability pursuant to Article 20(1) of the GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.

12.7 Right to Object - Article 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, which is based on Article 6(1)(e) (data processing in the public interest) or (f) (data processing on the basis of a balancing of interests) of the GDPR.
This also applies to profiling based on these provisions within the meaning of Article 4(4) of the GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
In individual cases, we process personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to our processing for direct marketing purposes, we will no longer process your personal data for these purposes.
In addition, you have the right, on grounds relating to your particular situation, to object to the processing of personal data concerning you carried out by us for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) of the GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
You are free to exercise your right to object to us in the context of the use of Information Society services, notwithstanding Directive 2002/58/EC, using automated procedures involving technical specifications.

12.8 Revocation of Data Protection Consent

You have the right to revoke your consent for the processing of personal data at any time with effect for the future.

12.9 Complaint to a Supervisory Authority

You have the right to lodge a complaint with a supervisory authority responsible for data protection regarding our processing of personal data.

13. Routine Storage, Deletion, and Blocking of Personal Data

We process and store your personal data only for the period necessary to achieve the purpose of storage or as provided for by the legal regulations to which our company is subject.
If the purpose of storage no longer applies or if a prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

14. Duration of Storage of Personal Data

The criterion for the duration of storage of personal data is the respective statutory retention period. After the expiry of this period, the relevant data will be routinely deleted unless it is no longer necessary for contract fulfillment or contract initiation.

15. Up-to-dateness and Amendment of the Privacy Policy

This privacy policy is currently valid and has the status: July 2023.
Due to the further development of our website and offerings or changes in legal or official requirements, it may become necessary to amend this privacy policy. The current privacy policy can be accessed and printed by you at any time on our website at "https://weserschloesschen.de/datenschutz/".
This privacy policy was created with the support of the data protection software: audatis MANAGER.

In the heart of lower saxony

Surrounded by water