privacy policy

We are very pleased about your interest in our company. Data protection has a particularly high priority for us. The use of our website is generally possible without providing personal data. However, if a data subject wishes to use special services of our company through our website, the processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.

Definitions

This privacy policy is based on the terminology used by the European legislator when adopting the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easily readable and understandable for the public, as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.

In this privacy policy, we use, among other things, the following terms:

Personal Data
Personal data are all information that relates to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more specific characteristics that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Data Subject
Data subject is any identified or identifiable natural person whose personal data are processed by the controller.

Processing
Processing is any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.

Restriction of Processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

Profiling
Profiling is any form of automated processing of personal data which consists of using personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures that ensure that the personal data are not attributed to an identified or identifiable natural person.

Controller or Controller for Processing
Controller or controller for processing is the natural or legal person, public authority, agency, or other body that alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for its nomination may be provided for by Union law or the law of the Member States.

Processor
Processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.

Recipient
Recipient is a natural or legal person, public authority, agency, or other body to whom personal data are disclosed, whether a third party or not. However, authorities that may receive personal data in the course of a particular investigation under Union law or the law of the Member States are not considered recipients.

Third Party
Third party is a natural or legal person, public authority, agency, or body other than the data subject, the controller, the processor, and the persons who, under the direct authority of the controller or the processor, are authorized to process personal data.

Consent
Consent is any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, by which they signify agreement to the processing of personal data relating to them.

General Information and Mandatory Information

The controller within the meaning of the General Data Protection Regulation, other applicable data protection laws in the Member States of the European Union, and other provisions with data protection character is:

Johann Haag
Kapellenweg 1
89195 Staig – Altheim

Phone: 07346 2756
Email: angelika@ferienwohnungen-haag.de

Data Protection Officer:

According to Article 37 GDPR in conjunction with §38 BDSG, we are not obliged to appoint a data protection officer. However, for questions regarding data protection and the assertion of your rights mentioned below, you can contact us at any time using the contact details provided above.

Storage Duration

Unless a more specific storage duration is stated in this privacy policy, your personal data will remain with us until the purpose for data processing ceases to exist. If you submit a justified request for deletion or revoke your consent to data processing, your data will be deleted, provided we have no other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods); in the latter case, deletion will take place after these reasons no longer exist.

Rights of the Data Subject

According to Article 15 GDPR, you have the right to obtain, free of charge, information about whether personal data concerning you are being processed, and if so, what personal data are being processed. In this context, you can generally request a copy of the data, unless there is a legal exception. In this regard, information about the specific circumstances and the expected duration of processing can also be requested. Based on the knowledge of the processing of your own data, the following additional rights of data subjects may apply:

Data Collection on This Website

Cookies

To manage the cookies and similar technologies (tracking pixels, web beacons, etc.) used and the associated consents, we use the consent tool “Real Cookie Banner.” Details on how “Real Cookie Banner” works can be found at https://devowl.io/de/rcb/datenverarbeitung/.

The legal bases for the processing of personal data in this context are Article 6(1)(c) GDPR and Article 6(1)(f) GDPR. Our legitimate interest is the management of the cookies and similar technologies and the related consents.

The provision of personal data is neither a contractual requirement nor necessary for the conclusion of a contract. You are not obliged to provide personal data. If you do not provide the personal data, we cannot manage your consents.

SSL or TLS Encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Access Data/Server Log Files

When using the websites of the web offering, data are processed by the users. Since this may occur potentially by any user without an explicit prompt, these possible processing operations are presented below in context. When you wish to view our website, we collect the following data that is technically necessary for us to display our website and to ensure the stability and security (the legal basis is Article 6(1)(1)(f) GDPR):

The stored data may allow identification/The access data is anonymized immediately after collection, so that no conclusion can be drawn about you as a person.

External Hosting

This website is hosted by an external service provider (host). The personal data collected on this website is stored on the servers of the host. This may include, in particular, IP addresses, contact inquiries, meta and communication data, contract data, contact data, names, and website accesses. The host is used to fulfill contracts with our customers and to provide our online services securely. The legal basis for the processing of your data is Article 6(1)(b) GDPR and Article 6(1)(f) GDPR. We have concluded a contract with our hoster for processing on our behalf. This ensures that the host processes your personal data only according to our instructions.

Contact Possibilities

If you wish to contact us via email or the contact form on our website, the personal data you provide will be stored by us in order to process your request. We have to inform you that, even if you use the contact form or send us an email, your data will not be encrypted when transmitted over the Internet. This means that third parties can theoretically read your email. If you want to avoid this, please use another way to contact us. The legal basis for the processing of your personal data is Article 6(1)(b) GDPR, provided you are contacting us for a contractual purpose; otherwise, it is Article 6(1)(f) GDPR for the legitimate interest in answering your request.

Conclusion

We are very pleased about your interest in our services and would be happy to assist you with any questions or requests. Your personal data is in safe hands with us, and we will process it in compliance with data protection regulations.