Privacy & Cookie Policy · Hochwertige Ferien-Apartments in Top-Lage

Consent

This site uses third party services that need your consent.

Skip to content

Would you like to get in touch?

We are always here for you. Contact us – we will get back to you as soon as possible.

Contact us

Privacy Notice according to Art. 13 GDPR

We take the protection of your personal data very seriously. With this declaration, we inform you about how we process your data. We strictly adhere to the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

Privacy Overview

This privacy policy serves to comply with the information obligations under Art. 13 GDPR. The following explanations are intended to provide an overview of the various processing of personal data on this website.

Personal data is understood to mean all information relating to an identified or identifiable person.

The data protection terms used in this declaration are based on the definitions of the GDPR (General Data Protection Regulation – Regulation (EU) 2016/679).

Data Controller

The controller responsible for data processing is Michelle Chiva UG.

Legal representative: Michelle Chiva
Address: St. Heinricher Str. 107, 82402 Seeshaupt
Phone/WhatsApp: +49 (0)155-63237000
Email: [email protected]

General Information on Data Processing

Legal Basis for Processing Personal Data

In accordance with Art. 13 GDPR, we inform you of the legal bases for our data processing. Unless the legal basis is specifically mentioned in the privacy notice, the following applies:

The legal basis for obtaining consent is Art. 6 para. 1 lit. a in conjunction with Art. 7 GDPR. The legal basis for processing to fulfill our services and carry out contractual measures, as well as responding to inquiries, is Art. 6 para. 1 lit. b GDPR. The legal basis for processing to fulfill our legal obligations is Art. 6 para. 1 lit. c GDPR. If the processing of your data is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the aforementioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing. In the event that vital interests of the data subject or another natural person require processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

Data Deletion and Storage Duration

We adhere to the principles of data avoidance and data minimization. We store your personal data only as long as necessary to achieve the purposes mentioned here or as provided for by the retention periods prescribed by law. After the respective purpose ceases to exist or after the expiry of these retention periods, the corresponding data is routinely blocked or deleted in accordance with legal provisions.

Notice on Data Transfer to Third Countries

On our website, we have also integrated tools from companies based in third countries (specifically including the USA). If these tools are active, your personal data may be transmitted to the servers of the respective companies. The level of data protection in third countries generally does not correspond to EU data protection law. This creates the risk that your data may have to be disclosed to security authorities of these states and may be processed by authorities of these states for control and surveillance purposes, possibly without legal remedy options on your part. We have no influence on these processing activities.

Rights of Data Subjects

You have the right at any time to receive information free of charge about the origin, recipients and purpose of your stored personal data. You also have the right to request correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. You also have the right, under certain circumstances, to request restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

For this and for further questions on the subject of data protection, you can contact us at any time. You can find the contact options in the imprint.

As a data subject within the meaning of the GDPR, you have the option of asserting various rights. The data subject rights arising from the GDPR are the right to information (Article 15), the right to rectification (Article 16), the right to erasure (Article 17), the right to restriction of processing (Article 18), the right to object (Article 21), the right to complain to a supervisory authority, and the right to data portability (Article 20).

Right of Revocation

Some data processing can only take place with your express consent. You have the option at any time to revoke your given consent. However, this does not affect the lawfulness of data processing up to the revocation.

Right to Object

If the processing is based on Art. 6 para. 1 lit. e or f GDPR, you as a data subject can object at any time to the processing of personal data concerning you for reasons arising from your particular situation. This right also applies to profiling based on these provisions. Unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or processing serves the assertion, exercise or defense of legal claims, we will no longer process the corresponding data after an objection.

If the processing of personal data serves direct marketing purposes, you also have the right to object at any time. The same applies to profiling that is connected with direct marketing. Here too, we will no longer process personal data as soon as you raise an objection.

Right to Complain to a Supervisory Authority

If you believe that the processing of personal data concerning you violates the GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the member state of your residence, workplace, or the place of the alleged violation, without prejudice to any other administrative or judicial remedy.

Right to Data Portability

If your data is processed automatically based on consent or fulfillment of a contract, you have the right to receive this data in a structured, common and machine-readable format. You also have the right to demand the transfer and provision of the data to another controller, insofar as this is technically feasible.

Right to Information, Correction and Deletion

You have the right to receive information about your processed personal data regarding the purpose of data processing, the categories, the recipients and the duration of storage. Furthermore, you have the right to know whether there is a right to correction, deletion or restriction of the personal data concerning you. If you have questions on this topic or on other topics relating to personal data, you can of course contact us via the contact options given in the imprint.

Right to Restriction of Processing

You can assert the restriction of the processing of your personal data at any time. To do this, you must meet one of the following requirements:

  • You contest the accuracy of the personal data. For the duration of the verification of accuracy, you have the right to request restriction of processing.

  • If processing is unlawful, you can request restriction of the use of the data as an alternative to deletion.

  • Should we no longer need your personal data for the purposes of processing, but you need the data for asserting, exercising or defending legal claims, you can request restriction of processing as an alternative to deletion.

  • If you object to processing pursuant to Art. 21 para. 1 GDPR, a balancing of your and our interests is carried out. Until this balancing has taken place, you have the right to request restriction of processing.

Restriction of processing has the consequence that personal data may only be processed, apart from storage, with your consent or for asserting, exercising or defending legal claims or for protecting the rights of another natural or legal person or for reasons of important public interest of the Union or a member state.

Provision of the Website - Web Hosting

When you visit our website, we automatically collect and store information in so-called server log files. Your browser automatically transmits this information to our server or to the server of our hosting company.

These are:

  • IP address of the website visitor's device

  • Device used

  • Hostname of the accessing computer

  • Visitor's operating system

  • Browser type and version

  • Name of the retrieved file

  • Time of server request

  • Amount of data

  • Information whether the data retrieval was successful

We do not combine this data with other data sources.

The legal basis for processing this data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the technically error-free display and optimization of this website.

Instead of operating this website on our own server, we can also have it operated on the server of an external service provider (hosting company). The personal data collected on this website is then stored on the servers of the hosting company. In addition to the data mentioned above, this may include contact inquiries, contact data, names, website access data, meta and communication data, contract data and other data generated via a website.

The legal basis for processing data through the involvement of a hosting company is our interest in secure, fast and efficient provision of our website (Art. 6 para. 1 lit. f GDPR). Another legal basis may be for the purpose of contract fulfillment towards our future and existing customers (Art. 6 para. 1 lit. b GDPR). In the event that we have commissioned a hosting company, there is a contract for order processing with this service provider.

Use of Cookies

Our website uses "cookies". Cookies are information that a web server (server that provides web content) stores on your device in order to identify this device. They are either stored temporarily for the duration of a session (session cookies) and deleted after the end of your visit to a website, or permanently (permanent cookies) on your device until you delete them yourself or automatic deletion occurs through your web browser.

Cookies can also be stored on your device by third-party companies when you enter our site (third-party requests). This enables us as operators and you as visitors to this website to use certain services from third parties that are installed on this website. Examples include cookies for processing payment services or cookies for displaying videos.

Cookies have diverse applications. They can improve the functionality of a website, control shopping cart functions, increase the security and comfort of website use, and allow analysis of visitor flows and behavior. Depending on the individual functions, cookies must be classified under data protection law. If they are necessary for the operation of the website and intended to provide certain functions (shopping cart function) or serve to optimize the website (e.g., cookies for measuring web audience), their use is based on Art. 6 para. 1 lit. f GDPR. As website operators, we have a legitimate interest in storing cookies for the technically error-free and optimized provision of our services. In all other cases, we ask for your revocable consent to store cookies (Art. 6 para. 1 lit. a GDPR).

Insofar as cookies from third-party companies or for analysis purposes are used, we inform you separately about this in the context of this privacy notice. Your required consent is requested and can be revoked at any time.

Use of External Services

External services are in use on our website. External services are services from third-party providers that are used on our website. This can occur for various reasons, for example, for embedding videos or for website security. When using these services, personal data is also transmitted to the respective providers. If we have no legitimate interest in using these services, we obtain your revocable consent as a visitor to our website before use (Art. 6 para. 1 lit. a GDPR).

Analytics

Processing the personal data of our website visitors enables us to analyze the browsing behavior of our website visitors. Through evaluation of the data obtained, we are able to compile information about the use of individual components of our website. This helps us continuously improve our website and its user-friendliness. Using the analytics tools employed, user profiles could be created for delivering targeted or interest-based advertising messages, our website visitors could be recognized on their next visit to our website, their click/scroll behavior and downloads could be measured, heat maps could be created, page views could be detected, visit duration or bounce rates could be measured, and the origin of website visitors (city, country, from which page the visitor comes) could be recognized. With the help of analytics tools, our market research and marketing activities can be improved.

The processing of data is based on the legal basis of consent (Art. 6 para. 1 lit. a GDPR). As a website visitor, you have consented to the processing of your personal data with your voluntary, express and prior consent. Without separate consent, personal data will not be processed by us in the manner described above, provided that there is no other legal basis within the meaning of Art. 6 para. 1 GDPR on which we base the processing. We proceed in the same way if you withdraw your consent. The lawfulness of processing carried out until withdrawal remains unaffected.

Google Analytics

We use the Google Analytics service on our website. The service provider is Google Ireland Limited, with its registered office at Gordon House, Barrow Street Dublin 4, Ireland.

Use of the service may result in data transfer to a third country (USA).

Further information can be found in the manufacturer's privacy information at the following URL: https://policies.google.com/privacy

Consent Management

To be able to comply with data protection requirements, we use a consent management tool on our website. With this tool, we obtain required consents for setting cookies or using external services. The consents are stored accordingly.

The processing is necessary for compliance with a legal obligation to which the controller (website operator) is subject. The legal basis for processing is therefore Art. 6 para. 1 lit. c GDPR.

Content Delivery Network (CDN)

We use a Content Delivery Network (CDN) to optimize the performance and availability of our website. For this purpose, your IP address and information about when you visited our website are processed by this service provider who provides this network. You can find all further information about data processing by this service provider in their privacy notices.

We base this processing on a legitimate interest (Art. 6 para. 1 lit. f GDPR).

Our legitimate interest in using a Content Delivery Network is to be able to display our website as quickly, securely and reliably as possible.

CloudFlare

We use the CloudFlare service on our website. The service provider is Cloudflare Ltd., with its registered office at 2nd Floor 25 Lavington Street London SE1 0NZ, United Kingdom.

Use of the service may result in data transfer to a third country (USA).

Further information can be found in the manufacturer's privacy information at the following URL: https://www.cloudflare.com/de-de/privacypolicy/

Hosting

Hosting is the provision of web space and the accommodation of websites. For our website to be displayed, it must be hosted by a web host. This naturally involves the transmission and storage of personal data on the host's servers. In particular, IP addresses, meta and communication data of users and data about website access are processed. When a website visitor calls up the page, a connection to the web host's servers is established. The IP address and other information of the website visitor must necessarily be processed. The use of a host may also be necessary for using other systems.

We base this processing on a legitimate interest (Art. 6 para. 1 lit. f GDPR).

Our legitimate interest is to be able to display our website and make it available on the internet.

Interface Software

Business processes run more cost-effectively, faster and with fewer errors when they are automated using software via interfaces. This allows them to be efficiently integrated into business processes via their own website or via social networks. We use interface software on our website to link different applications together and to securely transfer personal data from one application to another.

The processing of data is based on the legal basis of consent (Art. 6 para. 1 lit. a GDPR). As a website visitor, you have consented to the processing of your personal data with your voluntary, express and prior consent. Without separate consent, personal data will not be processed by us in the manner described above, provided that there is no other legal basis within the meaning of Art. 6 para. 1 GDPR on which we base the processing. We proceed in the same way if you withdraw your consent. The lawfulness of processing carried out until withdrawal remains unaffected.

Google APIs

We use the Google APIs service on our website. The service provider is Google Ireland Limited, with its registered office at Gordon House, Barrow Street Dublin 4, Ireland.

Use of the service may result in data transfer to a third country (USA).

Further information can be found in the manufacturer's privacy information at the following URL: https://policies.google.com/privacy

Google Tag Manager

We use the Google Tag Manager service on our website. The service provider is Google Ireland Limited, with its registered office at Gordon House, Barrow Street Dublin 4, Ireland.

Use of the service may result in data transfer to a third country (USA).

Further information can be found in the manufacturer's privacy information at the following URL: https://policies.google.com/privacy

Social Media

Our company uses publicly accessible profiles on social networks to get in touch with customers or potential customers and increase its own level of awareness. As soon as social media accounts are accessed, personal data of users is processed. Users are also recognized by the operators of social networks when they visit websites on which like buttons or advertising banners of the social media platforms are integrated, especially when they are logged into their social media accounts. The plugins process personal data of website users, establish a connection to social networks and transmit data to them. This transmission occurs as soon as the website is called up. Processed data includes names, addresses, email addresses, phone numbers, access times, device information, IP addresses. The goal is usually to process users' data for market research and advertising purposes. From social media accounts and websites that users visit, usage behavior and interests can be derived and user profiles can be created. These in turn serve to play interest-based advertising via cookies on their devices, on their social media accounts and on the websites they visit. If users are logged into their social media accounts, they can also be identified independently of their devices.

Data processing usually takes place under joint responsibility between us and the operators of the social media networks. Please note that as providers of social media accounts, we cannot trace all processing operations of the respective operators of the portals regarding your personal data.

The processing of data is based on the legal basis of consent (Art. 6 para. 1 lit. a GDPR). The data subject has permitted the processing of their personal data with their voluntary, express and prior consent. Without separate consent, personal data will not be processed by us in the manner described above, provided that there is no other justification within the meaning of Art. 6 para. 1 GDPR on which we base the processing. We proceed in the same way if data subjects withdraw their consent. The lawfulness of processing carried out until withdrawal remains unaffected.

Email and Contact via Telephone

In accordance with legal requirements, we have provided a telephone number and email address on our website. Data transmitted by telephone or email is automatically stored by us in order to process corresponding inquiries or to contact the person concerned. Data that we obtain in this way is not passed on to third parties without consent.

Email traffic and contact via telephone serve pre-contractual or contractual purposes, and the processing of personal data carried out in this context is therefore based on the legal basis of Art. 6 para. 1 lit. b GDPR.

Use of Presence Detectors

Presence detectors are installed in our suites that do not create video or audio recordings. These devices serve exclusively for security and protection of our property as well as prevention of disturbances. They capture the following non-personal data:

  • Presence: Detection of whether persons are in the suite

  • Environmental data: Measurement of temperature, humidity and noise development

  • Smoke detection: Detection of cigarette smoke

If irregularities are detected (e.g., excessive noise, strong increase in humidity), an alarm is triggered that may prompt us to check. This data is not stored or analyzed to monitor individual behaviors.

Registration Form and Legal Obligations

As an accommodation business, we are legally obligated to collect the data prescribed in § 30 of the Federal Registration Act (BMG). This includes:

  • Name and first name of the guest

  • Date of birth

  • Nationality

  • Address

  • Travel document (type, number)

  • Arrival and departure date

  • Number of accompanying persons and their birth dates

This data is recorded on a registration form and used by us exclusively to fulfill our legal registration obligations. We are obligated to keep the registration form for one year after the guest's departure and then destroy it.