(translated by DeepL.com machine translation)
1. Data protection at a glance
The following notes provide a simple overview of what happens to your personal information when you visit this website. Personal information is any information that personally identifies you. For detailed information on the subject of data protection, please refer to our data protection declaration listed below this text.
Data capture on this website
Who is responsible for data collection on this website?
The data processing on this website is carried out by the website operator. You can find his contact details in the imprint of this website.
How do we collect your data?
On the one hand, your data is collected by you communicating it to us. For example, this may involve data that you enter in a contact form.
Other data is automatically collected by our IT systems when you visit the website. These are mainly technical data (e.g. Internet browser, operating system or time of the page call). This data is collected automatically as soon as you enter this website.
What do we use your data for?
Some of the data is collected to ensure that the website is error-free. Other data may be used to analyze your user behavior.
What rights do you have regarding your data?
You have the right at any time and free of charge to receive information about the origin, recipient and purpose of your stored personal data. You also have the right to request the rectification or cancellation of these data. You can contact us at any time at the address given in the imprint for this and other questions on the subject of data protection. Furthermore, you have the right to appeal to the competent supervisory authority.
You also have the right, under certain circumstances, to request that your personal data be restricted. Details on this can be found in the data protection declaration under “Right to limitation of processing”.
Analysis tools and third-party tools
When you visit this website, your surfing behaviour can be statistically evaluated. This is done primarily with cookies and so-called analysis programs. The analysis of your surfing behaviour is usually anonymous; the surfing behaviour cannot be traced back to you.
You may object to this analysis or prevent it by not using certain tools. For detailed information about these tools and your opt-out choices, please see the following privacy statement.
2. General notes and mandatory information
The operators of this homepage take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.
When you use this website, various personal data is collected. Personal data is data with which you can be personally identified. This data protection declaration explains which data we collect and for what purpose we use it. It also explains how and for what purpose this is done.
We would like to point out that data transmission over the Internet (e.g. communication by e-mail) can be subject to security vulnerabilities. A complete protection of the data against access by third parties is not possible.
Note on the responsible party (GDPR related)
Responsible for data processing on this website is:
c/o Art Hotel Connection
The responsible body is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).
Designation of a data protection officer as mandated by law
We are not legally obliged to appoint a data protection officer.
Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke your consent at any time. For this purpose, an informal notification by e-mail to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right of complaint to the competent supervisory authority
In the event of infringements of the GDPR, the persons concerned have the right to appeal to a supervisory authority, in particular in the EU Member State of their habitual residence, workplace or place of presumed infringement. The right of appeal shall be without prejudice to other administrative or judicial remedies.
Right to data transferability
You have the right to have data which we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible person, this will only be done as far as it is technically feasible.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Information about, deletion and correction
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, their origin and recipient and the purpose of data processing and, if applicable, a right to correction or deletion of this data. You can contact us at any time at the address given in the imprint for this and other questions on the subject of personal data.
Right to limitation of processing
You have the right to request the restriction of the processing of your personal data. You can contact us at any time at the address given in the imprint. The right to limit the processing exists in the following cases:
- If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the examination, you have the right to demand the restriction of the processing of your personal data.
- If the processing of your personal data has taken place unlawfully, you can demand the restriction of data processing instead of deletion.
- If we no longer need your personal data, but you need it for the exercise, defence or assertion of legal claims, you have the right to demand the restriction of the processing of your personal data instead of deletion.
- If you have raised an objection in accordance with Art. 21 para. 1 GDPR, you must weigh your interests against ours. As long as it is not yet clear whose interests predominate, you have the right to demand that the processing of your personal data be restricted.
If you have restricted the processing of your personal data, such data may not be processed - apart from its storage - without your consent or for the purpose of asserting, exercising or defending legal rights or protecting the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.
Objection to advertising e-mails
We hereby object to the use of contact data published within the scope of the imprint obligation to send unsolicited advertising and information material. The operators of these pages expressly reserve the right to take legal action against unsolicited mailing or e-mailing of spam and other similar advertising materials.
3. Data collection on this website
Some of the Internet pages use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, more effective and safer. Cookies are small text files which are stored on your computer by your browser.
Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognize your browser on your next visit.
You can set your browser so that you are informed when cookies are set and only allow cookies in individual cases, accept cookies for specific cases or generally exclude them and activate automatic deletion of cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be restricted.
Cookies which are necessary for the execution of the electronic communication process or for the provision of certain functions requested by you (e.g. shopping basket function) are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a justified interest in the storage of cookies for the technically error-free and optimised provision of his services. If a corresponding consent has been requested (e.g. a consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
Insofar as other cookies (e.g. cookies for analysing your surfing behaviour) are stored, these are dealt with separately in this data protection declaration.
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Visited Website
- Time at the time of access
- Amount of data sent in bytes
- Source/reference from which you came to the page
- Browser used
- Operating system used
- IP address used
- This data will not be merged with other data sources.
These data are collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a justified interest in the technically error-free presentation and optimisation of his website - for this purpose the server log files must be recorded.
Our server is configured to automatically delete these log files after 7 days.
If you submit enquiries to us via the contact form, your details from the enquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We do not pass on this data without your consent.
This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR) if this has been requested.
The data entered by you in the contact form will remain with us until you request deletion, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular retention periods - remain unaffected.
Inquiry by e-mail, telephone or fax
If you contact us by e-mail, telephone or fax, your request including all personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.
This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases the processing is based on your consent (Art. 6 para. 1 lit. a GDPR) and / or on our legitimate interests (Art. 6 para. 1 lit. f GDPR), since we have a legitimate interest in the effective processing of the inquiries addressed to us.
The data sent to us by you via contact requests will remain with us until you request deletion, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - shall remain unaffected.
4. Social media
Social media plugins with “Shariff”
Social media plug-ins are used on this website (e.g. Facebook, Twitter, Google+, Instagram, Pinterest, XING, LinkedIn, Tumblr).
You can usually recognize the plugins by the respective social media logos. To ensure the privacy of this website, we use these plugins only in conjunction with the so-called “Shariff” solution. This application prevents the plugins integrated on this website from transferring data to the respective provider the first time the user enters the site.
Only when you activate the respective plugin by clicking on the corresponding button will a direct connection to the provider’s server be established (consent). As soon as you activate the plugin, the respective provider receives the information that you have visited this website with your IP address. If you are simultaneously logged into your respective social media account (e.g. Facebook), the respective provider can assign the visit to this website to your user account.
Activating the plugin constitutes consent within the meaning of Art. 6 para. 1 lit. a GDPR. You can revoke this consent at any time with effect for the future.
Facebook plugins (Like & Share button)
On this website plugins of the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated. You can recognize the Facebook plugins by the Facebook logo or the “Like” button on this website. You can find an overview of the Facebook plugins here: https://developers.facebook.com/docs/plugins/.
If you do not want Facebook to be able to assign the visit to this website to your Facebook user account, please log out of your Facebook user account.
The Facebook plugins are used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a justified interest in the widest possible visibility in the social media.
5. Analysis tools and advertising
Matomo (formerly Piwik)
This website uses the open source web analysis service Matomo. Matomo uses so-called “cookies”. These are text files which are stored on your computer and which allow an analysis of the use of the website by them. For this purpose, the information generated by the cookie about the use of this website is stored on our server. The IP address is anonymized before storage.
Matomo cookies remain on your device until you delete them.
The storage of Matomo cookies and the use of this analysis tool are based on Art. 6 para. 1 lit. f GDPR. The website operator has a justified interest in the anonymous analysis of user behaviour in order to optimise both his website and his advertising. If a corresponding consent has been requested (e.g. a consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
If you do not agree with the storage and use of your data, you can deactivate the storage and use here. In this case, an opt-out cookie will be stored in your browser to prevent Matomo from storing usage data. If you delete your cookies, the Matomo Opt-Out cookie will also be deleted. The opt-out must be reactivated when you visit this website again.
If you wish to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data will not be collected or will only be collected on a voluntary basis. We use these data exclusively for the dispatch of the requested information and do not pass these on to third parties.
The processing of the data entered in the newsletter registration form takes place exclusively on the basis of your consent (Art. 6 Para. 1 lit. a GDPR). You can revoke your consent to the storage of data, e-mail address and their use to send the newsletter at any time, for example via the “Unsubscribe” link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
The data you provide to us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored by us for other purposes remain unaffected by this.
After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.
On our website, users are given the opportunity to subscribe to our company newsletter. Which personal data is transferred to the person responsible for processing when ordering the newsletter results from the input mask used for this purpose.
In principle, the person concerned can only receive the newsletter if (1) the person concerned has a valid e-mail address and (2) the person concerned registers to receive the newsletter. For legal reasons, a confirmation e-mail in the double opt-in procedure will be sent to the e-mail address entered for the first time by a person concerned for the purpose of sending the newsletter. This confirmation e-mail is used to check whether the owner of the e-mail address as the person concerned has authorised receipt of the newsletter.
When registering for the newsletter, we also store the IP address assigned by the Internet Service Provider (ISP) to the computer system used by the person concerned at the time of registration as well as the date and time of registration. The collection of this data is necessary in order to be able to trace the (possible) misuse of the e-mail address of a data subject at a later date and therefore serves to legally safeguard the data controller.
The personal data collected as part of a newsletter registration will only be used to send our newsletter. Furthermore, subscribers to the newsletter could be informed by e-mail if this is necessary for the operation of the newsletter service or registration in this respect, as might be the case in the event of changes to the newsletter offer or changes to the technical conditions. CleverElements does not pass on personal data collected as part of the newsletter service to third parties. The subscription of the newsletter can be cancelled by the person concerned at any time. The consent to the storage of personal data (Art. 6 para. 1 lit. a DSGVO), which the person concerned has given us for the newsletter dispatch, can be revoked at any time. For the purpose of revoking your consent, you will find a corresponding link in every newsletter. It is also possible at any time to unsubscribe from the newsletter dispatch directly on the website of the data controller or to inform the data controller of this in any other way.
The newsletters contain so-called tracking pixels. A tracking pixel is a thumbnail image embedded in emails sent in HTML format to enable log file recording and analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns to be carried out. The embedded pixel-code tells us if and when an email was opened by an individual and which links in the email were accessed by that individual.
Such personal data collected via the tracking pixels contained in the newsletters are stored and evaluated by the data controller in order to optimise the newsletter dispatch and to adapt the content of future newsletters even better to the interests of the person concerned. This personal data will not be passed on to third parties. Affected persons are entitled at any time to revoke the relevant separate declaration of consent submitted via the double opt-in procedure. After revocation, this personal data will be deleted by the data controller. Unsubscribing from the newsletter will automatically be interpreted as revocation.
For detailed information on the functions of CleverElements, see the following link: https://cleverelements.com/product.
Contract for order processing
We have concluded an agreement with CleverElements in which we oblige CleverElements to protect the data of our customers and not to pass it on to third parties.
7. Plugins and Tools
YouTube with expanded data protection
This website includes videos from YouTube. The website is operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in advanced privacy mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they view the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. YouTube connects to the Google DoubleClick network whether or not you’re watching a video.
As soon as you start a YouTube video on this website, a connection will be established to the YouTube servers. This will tell the YouTube server which of our pages you have visited. If you are logged in to your YouTube account, you can allow YouTube to directly associate your surfing behavior with your personal profile. You can prevent this by logging out of your YouTube account.
In addition, YouTube may store various cookies on your device after you start a video. YouTube can use these cookies to obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve usability and prevent fraud. The cookies remain on your device until you delete them.
If necessary, after the start of a YouTube video, further data processing operations may be triggered over which we have no control.
YouTube is used in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested (e.g. a consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
This website uses plugins of the video portal Vimeo. The provider is Vimeo Inc. 555 West 18th Street, New York, New York 10011, USA.
When you visit one of our pages equipped with a Vimeo plug-in, a connection is established to the Vimeo servers. The Vimeo server will be informed which of our pages you have visited. Vimeo also obtains your IP address. This also applies if you are not logged in to Vimeo or do not have an account with Vimeo. The information collected by Vimeo is transmitted to the Vimeo server in the USA.
If you are logged in to your Vimeo account, you enable Vimeo to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Vimeo account.
The use of Vimeo is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested (e.g. a consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
Google Web Fonts
This page uses so-called web fonts provided by Google for the uniform display of fonts. The Google Fonts are installed locally. A connection to Google servers does not take place.
[ERROR - SOME TRANSLATION MISSING]
8. Zahlungsanbieter und Reseller
PayPal (for donations)
For the handling of donations we use the offer of Paypal. The provider of this payment processing service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”).
Donors are forwarded to the Paypal website, where they enter the necessary personal data directly into an input form provided by Paypal. Further data protection information can be found in PayPal’s data protection declaration: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
We use technical and organisational security measures to ensure that our users’ personal data is protected against loss, incorrect changes or unauthorised access by third parties. In particular, we endeavour to prevent any automatic reading out of our website and its data stock by third parties.
We have concluded a contract for order data processing with the European operator of our server (server location EU).
Security software I.
The IP address of visitors, user ID of logged in users, and username of login attempts are conditionally logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 14 days.
Backups of security log details are retained for 9 days.
The data is stored on the basis of Art. 6 Para. 1 letter f DSGVO (legitimate interest) and does not affect normal web visitors.
Visiting the login page sets also a temporary cookie that aids compatibility with some alternate login methods. This cookie contains no personal data and expires after 1 hour.
Security software II.
The Site uses security software (Web Application Firewall) to prevent unauthorized access to user accounts. For this purpose, IP addresses are stored temporarily or permanently if it was attempted to access the user or administration accounts of this Internet site several times by entering incorrect access data.
The data is stored on the basis of Art. 6 Para. 1 letter f DSGVO (legitimate interest) and does not affect normal web visitors.
Children and adolescents
Persons under the age of 18 should not transmit any personal data to our site without the consent of their parents or legal guardians.
No personal data of children and young people is requested, collected or passed on to third parties.
Due to the further development of our web pages and offers about them or due to changed legal or official specifications it may become necessary to change this data protection declaration. You can view and print out the current data protection declaration on our website at any time.
- July, 2019 -
Source: e-recht24.de (translated by DeepL.com machine translation)