Privacy Policy

BR10 Grunewald Betriebs GmbH, c/o Schlosshotel Berlin, Brahmsstraße 10, 14193 Berlin (hereinafter referred to as "Schlosshotel", "we") hereby informs you about the processing of personal data carried out by it.

You can reach our data protection officer by e-mail at: datenschutzbeauftragter@schlosshotelberlin.com.

In the following, we have compiled the most important information on typical data processing separately for you according to data subject groups. For certain data processing operations that only affect specific groups, the information requirements are fulfilled separately.

Where the term "data" is used in the text, this refers in each case solely to personal data within the meaning of the GDPR.

1. visitors to the website

2. visitors to social media profiles of Schlosshotel

3. hotel guests

4. subscribers to newsletters

5. communication partners

6. rights of the data subjects and further information

When using the website, certain information is sent to the server of our website by the browser used on the end device for technical reasons. This data is stored and processed on our server.

(i) We process the data mentioned below for the purpose of providing the website content accessed, ensuring the security of the IT infrastructure used, troubleshooting, enabling and simplifying searches on the website and managing cookies. There are no plans to change this purpose.

(ii) The data processed is HTTP data: HTTP Data is log data that is technically generated when the Website is accessed via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access. HTTP(S) data also accrue on servers of service providers (e.g. when retrieving third-party content).

(iii) The legal basis for the processing is our legitimate interest in the technical operation of an Internet presence pursuant to Art. 6 (1) lit. f DS-GVO.

(iv) The data is automatically provided by your browser.

(v) Recipients of the personal data are IT service providers, which we use under an orderprocessing agreement.

1. 1. 1. (vi) IP addresses are anonymized at the end of the session. Pseudonymous usage data is deleted after 14 days at the latest.

(vii) It is not possible to use the website without disclosing personal data - such as the IP address. Communication via the website without disclosing data is technically not possible.

We use cookies on the website. Cookies are small text files that can be stored on the respective end device when visiting the website via the browser. When the website is called up again with the same end device, we can read and process the information stored in cookies. In doing so, we use processing and storage functions of the browser of the end device and collect information from the memory of the browser of the end device.

In the structure of this privacy policy, we distinguish between technically necessary cookies (so-called essential cookies), analysis cookies and advertising cookies. Cookies that are technically necessary for the function of the website (essential cookies) cannot be deactivated via the cookie management function of this website. However, cookies can be generally disabled in the respective browser at any time. Different browsers offer different ways to configure the cookie settings in the browser. However, we would like to point out that some functions of the website may not work or no longer work properly if the cookies are generally disabled in the respective browser.

1. 1. 1. Session-Cookies

We use so-called session cookies to enable individual settings on the website. These allow us to store individual settings and certain decisions or actions of visitors for the duration of the visit.

(i) The purposes of the data processing are to enable individual settings and the technical presentation of content and images on the website.

(ii) The data processed are HTTP data. This is protocol data that is technically generated via the Hypertext Transfer Protocol (Secure) (HTTP(S)). This includes IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access. HTTP(S) data also accrue on servers of service providers (e.g. when retrieving third-party content).

(iii) The legal basis for the processing is our legitimate interest in providing the individual sessions (Art. 6 para. 1 lit. f DS-GVO and § 25 para. 2 No. 2 TTDSG).

(iv) The data is automatically provided by your browser.

(v) Recipients of the personal data are IT service providers, which we use under an order processing agreement.

(vi) The cookie is deleted at the end of the session.

b) Google Tag Manager

The Google Tag Manager enables us to manage cookies and control their playout. This enables us, for example, to implement the consent of the visitor, a revocation of consent or an opt-out.

(i) The purpose of the data processing is to control the playing of cookies on our website, as well as to ensure the security of the application. There are no plans to change the purposes.

(ii) The data processed is HTTP data. This is protocol data that is technically generated via the Hypertext Transfer Protocol (Secure) (HTTP(S)). This includes IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access. HTTP(S) data also accrue on servers of service providers (e.g. when retrieving third-party content). Your IP address is automatically anonymized during processing.

(iii) For the provision of services, in particular for the provision, maintenance and care of IT systems, we use service providers under an order processing agreement Recipient of the data in the context of order processing is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. We have instructed Google to use a European server location for data processing. However, Google can also access the servers in Germany from so-called third countries such as the USA in the event of malfunctions and failures in order to carry out maintenance work. Google Ireland has concluded the EU standard contractual clauses (2021/914; Module 3) with Google LLC in the USA to protect your data. You can request a copy of the main contractual contents of the EU standard contractual clauses at any time.

(iii) IP addresses are anonymized after 24 hours at the latest. Pseudonymized usage data is deleted after 12 months in each case.

(iv) The provision of data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation to provide the data. In the event that the data is not provided, we will not be able to use the Google Tag Manager.

We use so-called consent cookies to store the respective consents, possible revocations of consents and objections to the use of cookies of visitors to our website.

(i) The purpose of the data processing is to store visitors' decisions regarding cookies (consent, revocation, opt-out).

(ii) The processed data are:

 HTTP data:

This is protocol data that is technically generated when the website is accessed via the Hypertext Transfer Protocol (Secure) (HTTP(S)). This includes IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access. HTTP(S) data also accrue on servers of service providers (e.g. when retrieving third-party content).

 Decisions on cookies: decision on individual cookies or groups of cookies, time of decision and last visit.

(iii) The legal basis for the processing is our legitimate interest in the simple and reliable control of cookies according to the decision of the visitor (Art. 6 para. 1 lit. f DS-GVO and Section 25 para. 2 No. 2 TTDSG).

(i) The data is actively provided by you (decision on cookies) or automatically by your browser (log data, time stamp).

(ii) Recipients of the data are IT service providers, which we use within the framework of an order processing agreement.

(iii) The data is deleted after one year.

(iv) It is not possible to use the website without disclosing personal data. Communication via the website is not technically possible without disclosing data.

We use IT security cookies from Cloudflare on our website to protect our websites and also our website visitors from IT security attacks, such as so-called automated bot attacks.

(i) The purpose of the data processing is to increase the IT security of the website and the visitors of our website and to prevent IT security attacks.

(ii) The processed data are the IT security test results and the HTTP log data.

(iii) The legal basis for the processing is our legitimate interest in protecting our website and our website visitors from IT security attacks (e.g. bot attacks) (Art. 6 (1) lit. f DS-GVO and Section 25 (2) TTDSG).

(iv) The data is automatically provided by your browser.

(v) Recipients of the personal data are IT service providers that we use as processors under an order processing agreement. We use Cloudflare, Inc, 101 Townsend St, San Francisco, CA 94107, USA as our order processor. We have entered into the EU Standard Contractual Clauses ((2021/914; Module 2) with Cloudflare Inc. to protect your data. You may request a copy of the essential terms of the EU Standard Contractual Clauses at any time.

(vi) Cookies expire 30 minutes after the website visitor has been inactive.

(vii) It is not possible to use the Website without providing personal data. Communication via the website without disclosing data is technically not possible.

In the structure of this data protection notice, we distinguish between technically required cookies (so-called essential cookies), analysis cookies and advertising cookies. Depending on their function and purpose, the use of certain cookies may require the consent of the person using them. Your consent is given by means of a so-called "cookie banner": When you visit our website, we display our cookie banner. In our cookie banner, by clicking the "Accept" button, you can declare your consent to the use of all cookies that require consent on this website. Without such consent, the cookies requiring consent will not be activated. By clicking the "Customize" button, you can make individual settings or you can also completely reject the use of cookies that require consent under "Reject". Your decision is stored in a cookie. You can use the "Privacy Badge" in the lower left corner of the page to make an individual selection of cookies and adjust them individually at a later point in time. We save your cookie settings in the form of a cookie on your end device to determine whether you have already made cookie settings when you visit the website again.

1. 1. 1. Google Analytics

If the corresponding consent has been given, we use the web analysis tool Google Analytics on our website. With the help of Google Analytics, we can examine the usage behavior on our website in pseudonymized form.

Visitors can deactivate data processing by Google Analytics at any time via the "Privacy Badge" in the lower left corner of the page or install a browser plug-in from Google that prevents data collection by Google Analytics: http://tools.google.com/dlpage/gaoptout?hl=de. Alternatively, Google Analytics cookies can be deactivated for the browser currently used by the respective visitor by deactivating the storage of cookies in the browser settings.

(i) The purposes of data processing are the analysis of user behavior as well as the measurement of reach on our website and of placed advertisements for the optimization of our web offer. A change of the purposes is not planned.

(ii) The data processed are:

 Google Analytics HTTP Data:

This is log data that is technically generated when using the Google Analytics web analysis tool used on the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access.

 Google Analytics Endpoint Data:

Data generated by the Google Analytics web analytics tool and assigned to your terminal device: This includes a unique ID for (re)recognizing returning users (so-called "client ID"), as well as certain technical parameters for controlling data collection for web analytics.

 Google Analytics Measurement Data:

Device-related raw data (so-called "dimensions" and "measurement values") that are collected and analyzed when our website is used: This includes, above all, information about the sources through which users access our website, information about the location, browser and end device used, information about the use of the website (in particular page views, frequency of calls and length of stay on called pages), as well as information about the fulfillment of certain goals (e.g. transactions in the online store or downloads and registrations). The data is in each case assigned to the client ID assigned to your end device. As a result, this creates device-related usage profiles in which all device-related raw data is combined into one client ID. The data we collect using Google Analytics does not enable us to identify you directly on a personal level (i.e., by your civil name). We also do not combine the device-related raw data and the resulting device-related usage profiles with data that directly identifies you personally without your consent.

 Google Analytics Report Data:

Data included in aggregated segment- and device-related reports generated based on analysis of raw device-related data.

(i) The legal basis for the processing is consent (Art. 6 para. 1 lit. a) DS-GVO, § 25 para. 1 TTDSG).

(ii) The data is automatically provided by your browser.

(iii) The recipient of the data is Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) in the context of order processing. Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as a service provider. Google Ireland has concluded the EU standard contractual clauses (2021/914; Module 3) with Google LLC in the USA for the protection of your data. You may request a copy of the essential contractual content of the EU standard contractual clauses at any time.

(iv) The data will be deleted after 6 months.

(v) The provision of data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation to provide the data. In the event that the data is not provided, we will not be able to analyze usage behavior using Google Analytics.

In the structure of this privacy policy, we distinguish between technically necessary cookies (so-called essential cookies), analysis cookies and advertising cookies. Depending on their function and purpose, the use of certain cookies may require the consent of the user. The granting of your consent takes place by means of a so-called "cookie banner": When you call up our website, we display our cookie banner. In our cookie banner, you can declare your consent to the use of all cookies requiring consent on this website by pressing the "Accept" button. Without such consent, the cookies requiring consent will not be activated. By pressing the "Customize" button, you can make individual settings or you can also completely reject the use of cookies requiring consent under "Reject". Your decision will be stored in a cookie. Using the "Privacy Badge" in the lower left corner of the page, you can make an individual selection of cookies and customize them at a later time. We store your cookie settings in the form of a cookie on your terminal device in order to determine whether you have already made cookie settings when you return to the website.

1. 1. 1. Google Ads (Conversion)

If the corresponding consent has been given, we use Google Ads (Conversion) tracking on our website. Google Ads (Conversion) enables us to monitor the success of ads placed via Google.

Visitors can deactivate data processing by Google Ads (Conversion) at any time via the "Privacy Badge" in the lower left corner of the page or install a browser plug-in from Google that prevents data collection by Google Ads (Conversion): http://tools.google.com/dlpage/gaoptout?hl=de. Alternatively, you can disable Google Ads (Conversion) for the browser you are currently using by deactivating the storage of cookies in the browser settings.

(i) The purpose of data processing is to track the reach of ads placed via Google (AdWords). When you click on our ad placed via Google, Google stores a cookie for conversion tracking on your terminal device. If you then visit our website linked in the ad and the cookie has not yet expired, we can recognize that you clicked on the ad and were redirected to our website. We can only recognize clicks on our own ads, not any clicks on ads of other customers of Google. Google uses the cookies, among other things, to bill us for the costs of the ads. We receive the evaluations and other information only in aggregated anonymous form and can not assign the information to any natural person. A change of purpose is not planned.

(ii) The data processed are:

 Google Ads log data:

This is data that is technically generated when using the Google AdWords tool used on the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your Internet browser, operating system used, the page accessed, the previously visited page (referrer URL), date and time of access.

 Usage data:

Usage data is clicks on ads, time spent on the website and information about web pages visited.

 Conversion Event:

The conversion event summarizes the results of the conversion.

(iii) The legal basis for the processing of personal data via our website by Google Ads (conversion) is consent (Art. 6 para. 1 lit. a) DS-GVO, § 25 para. 1 TTDSG).

(iv) The data is provided automatically by your browser.

(v) The recipient of the data is Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) in the context of order processing. Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as a service provider. Google has concluded the EU standard contractual clauses (2021/914; Module 3) to protect your data. You can request a copy of the main contractual contents of the EU standard contractual clauses at any time.

(vi) The cookies lose their validity after 30 days, do not contain any personal data apart from the cookie ID and are not used to identify you personally.

(vii) The provision of the data is not required by law or contract or necessary for the conclusion of a contract. There is no obligation for you to provide the data. In the event that you do not provide the data, we will not be able to perform Google Ads tracking.

Meta Pixels

If the corresponding consent has been given, we use the so-called "meta pixel". Cookies from Meta Platforms Ireland Limited, Harbour, D2, 4 Grand Canal Quay, Square, Dublin, Ireland ("Meta") are used for this purpose. The "Meta-Pixel" enables Meta, among other things, to collect information about your activities on our website. By including the "Meta Pixel", we enable Meta to collect personally identifiable information.

However, we do not receive any information with which you can be personally identified. The collection and processing of this data takes place after your consent exclusively in the area of responsibility of Meta. Meta provides us with the evaluations or further information created on the basis of the collected data only in aggregated, anonymized form. We cannot assign the information provided to us to any natural person.

We have no knowledge of the details of the processing of personal data in Meta's area of responsibility. Information about the processing of personal data by Meta can be found in Meta's data policy: https://de-de.Meta.com/about/privacy/.

1. 1. 1. 1. You can disable data processing by Meta Pixel on our website at any time via the "Privacy Badge" in the lower left corner of the page. Alternatively, you can disable Meta Pixel for the browser you are currently using by disabling the storage of cookies in the browser settings. You can also use WebChoices: Digital Advertising Alliance's Consumer Choice Tool for Web US (aboutads.info) to disable the setting of meta cookies.
         2. The data controller is Meta Platforms Ireland Limited, Harbour, D2, 4 Grand Canal Quay, Square, Dublin, Ireland.
         3. (i) The purpose of the meta pixel is to enable Meta to collect and process your usage data on our website. Meta alone determines the purposes of processing by Meta (www.facebook.com/privacy/policy).
         4. (ii) According to Meta, the processed data are:
         5. § Meta Pixel log data:
         6. This is data that is generated for technical reasons when using the meta pixel used on the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes IP address, type and version of your Internet browser, operating system used, the page accessed, the page previously visited (referrer URL), date and time of access.
         7. § Meta-pixel terminal data:
         8. Data that is assigned to your end device by the meta pixel: This includes a unique ID for the (re)identification of returning users.
         9. § Meta Pixel Event Data:
         10. This is data that Meta collects through the meta pixel, assigning it to the unique visitor ID of the respective visitor contained in the meta pixel end device data: This includes actions that take place on the website ( so-called "Events"). This includes, for example, conversions, link clicks and page views. This also includes information associated with the actions recorded in each case (so-called "parameters"). This includes, for example, providing contact information or downloading documents.
         11. § Meta Pixel Analysis data:
         12. Data that Meta generates based on the information collected by the meta pixel and assigned to your unique user ID contained in the meta pixel end device data: This includes information about the effectiveness of meta advertisements and assignments of users on audiences for meta ads. Meta may generate additional data based on the information collected for its own purposes or for the purposes of third parties. We have no knowledge of the details of the data generated by Meta.
         13. The legal basis for enabling Meta to collect personal data via our website is your consent (Art. 6 Para. 1 lit. a) GDPR, Section 25 Para. 1 TTDSG). We do not process personal data in our area of ​​responsibility. We have no knowledge of the details of the processing of the data in Meta's area of ​​responsibility, in particular of the legal basis used by Meta for the processing.
         14. Meta pixel analysis data is generated independently by Meta. We do not know whether Meta uses other data sources.
         15. The recipient of the data collected via our website is Meta Platforms Ireland Limited as the controller for the collection and processing of personal data. Meta Platforms Ireland Limited in turn uses Meta Platforms Inc. in the USA (1 Hacker Way, Menlos Park, CA 94025, USA) as a service provider. As an independent controller, Meta Platforms Ireland Limited is responsible for ensuring appropriate data protection guarantees for data transfer.
         16. We do not collect or store this data ourselves. The collection and processing of this data is the responsibility of Meta. We have no knowledge of the storage period.
         17. The provision of data is not required by law or contract or required for the conclusion of a contract. There is no obligation for you to provide the data. If the data is not provided, Meta cannot offer the Meta pixel function.
         18. We do not engage in automated decision-making within our area of ​​responsibility. We have no knowledge of the details of the processing of the data in Meta's area of ​​responsibility, in particular of any automated decision-making.

Google Maps (Activated when clicking the website) 

When you click on Google Maps to retrieve the map, you agree that we allow Google to collect data for its own purposes. We do this by embedding map content stored by Google on our website. In this integration, content from Google Maps is displayed in parts of a browser window. However, the map content is only actually retrieved from the Google server by clicking on it separately. The map content is integrated in the so-called "extended data protection mode". Google provides this mode and thus ensures that no data is transmitted to Google before clicking on the map and that no cookies are stored on your device.

As soon as you click the button to retrieve the map content, the map content is loaded from Google Maps. Technically, the same happens as if you were to go to the Google Maps website via a link: Google receives all the information that your browser automatically transmits (including your IP address). Google also sets its own cookies on your end device. This also takes place if you do not have a Google user account. If you are logged in to Google, your data will be directly assigned to your corresponding account. If you do not wish the data to be assigned to your Google user account, you must log out of Google before clicking on the corresponding map content.

The collection and processing of this data is the sole responsibility of Google.

The collection and processing of this data takes place exclusively within the area of responsibility of Google Ireland Limited (Google Building, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland). Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as a service provider. We have no knowledge of further details of the processing of personal data in Google's area of responsibility or of possible data processing in the USA. We have no influence on Google's data processing. 

For information on the processing of personal data by Google, please refer to Google's privacy policy: https://policies.google.com/privacy.Erhebung and processing of this data takes place exclusively within Google's area of responsibility.

Schlosshotel has profiles on social media. The social media platforms are operated by service providers who process the data for the provision of such pages.

(i) The purpose of data processing on our social media profiles is to offer interesting content and to interact with visitors on social media platforms. Depending on the social media service, the usage data can also be analyzed in order to improve our social media presence.

(ii) The processed data is content and usage data on such social media profiles.

(iii) Information and data displayed or shared on Schlosshotel's social media profiles may be accessible to the respective operator of the social media platform, its users or commissioned service providers.

(iv) Further details on data processing are presented below:

Instagram and Facebook:

We and Meta Platforms Ireland Limited, 4 Grad Canal Square, Dublin 2, Ireland (hereinafter "Meta") as the provider of Instagram are jointly responsible for the processing of personal data via the Schlosshotel's Instagram and Facebook profile. The Joint Controllership Agreement is available at: https://www.meta.com/legal/terms/page_controller_addendum. According to the agreement, Meta is responsible for informing the data subjects about the processing. Instagram's privacy policy is available at: https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect Data subjects may assert their rights against any of the controllers, Schlosshotel and/or Meta. For more information about the data Meta shares with Schlosshotel, see https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect. The legal basis for the processing of the data by the Schlosshotel is our legitimate interest in analyzing the usage data to improve the Instagram and Facebook profile of the Schlosshotel (Art. 6 Para. 1 lit. f) GDPR).

YouTube:

We operate a channel on the YouTube platform. The collection and processing of this data is the sole responsibility of Google (for EU/EEA Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland and Google Ireland Limited uses Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) as a service provider). We are not aware of any further details of the processing of personal data in the area of ​​data control by Google or possible data processing in the USA. Schlosshotel has no influence on data processing by Google. Information about the processing of personal data by Google can be found in Google's data protection regulations: https://policies.google.com/privacy

1. 1. 1. 1. We process your data for the purpose of concluding a contract and carrying out the contractual relationship as well as fulfilling legal requirements. If the hotel's booking service is commissioned to book tickets and other services, the purpose of processing is to make the desired booking. If video surveillance takes place in the publicly accessible areas of the hotel, the purpose of the video surveillance is to protect house rights, to uncover and prosecute criminal offenses and to enforce civil claims.
         2. The data processed are:

- Name and contact details, e-mail address

- Account details and payment details

- Data on the period and length of stay

- Room type

- Number of guests

- Special requests when booking

- Video recordings (only in the case of video surveillance in publicly accessible areas of the hotel; you will find separate information in the hotel if video surveillance is in place)

1. 1. 1. 3.  The legal basis for processing your data is Article 6(1)(b) GDPR for contracts with natural persons (preparation and execution of the contract), and Article 6(1)(f) GDPR for contracts with legal entities -GVO (legitimate interest, namely communication with contract-relevant contact persons) as well as always Art. 6 Para. 1 lit. c DS-GVO (legal obligations, in particular reporting obligations as well as tax and commercial law regulations). The legal basis for video surveillance is Art. 6 (1) lit. f GDPR (legitimate interest, namely observance of domiciliary rights, detection and prosecution of criminal offenses, enforcement of civil claims).
         4. The data (apart from data relating to video surveillance) is provided by yourself when you make your booking yourself. If bookings are made via booking portals or booking hotlines provided by third parties, they transmit the contract-relevant data such as contact and billing data, booking period and room category to us as the hotel operator for the purpose of contract initiation and implementation. The camera recording by the video surveillance systems takes place automatically.
         5.  Recipients of data can be franchisors of the respective hotel brand group as well as banks and payment service providers for processing payments. When booking additional services via the booking service, the data is transmitted to the relevant service provider. Authorities and offices can be recipients within the scope of their tasks, insofar as we are obliged or entitled to transmit data. If a criminal offense is suspected or during investigations, data from the video surveillance can be transmitted to the police and public prosecutor's office. We also use service providers to provide services by way of order processing, in particular for the provision, maintenance and care of IT systems.
         6. All data relevant to the contract and booking will be stored for a period of ten calendar years after the end of the contract in accordance with the retention periods under tax and commercial law. Recordings from video surveillance systems are regularly deleted after three days at the latest.
         7.  Hotel guests are legally and contractually obliged to provide data. Without providing data, the contractual relationship cannot be established and carried out.

If you register for our newsletter, you will receive information about our offers from us. We also check the reach and success of the newsletter through anonymous or pseudonymised analyses.

(i) If you order our newsletter, we process your data for the purpose of sending the newsletter and measuring the reach of the newsletter. There are no plans to change the purpose.

(ii) The data processed are:

§ Name, email address, title/gender

§ Log data:

This is data that is generated for technical reasons when the newsletter is opened via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes the IP address, type and version of your Internet browser, the operating system used, the accessed Page, the previously visited page (referrer URL), date and time of retrieval.

§ Special interests or newsletter categories

§ Newsletter open rates

§ Clicks within the newsletter

§ File Downloads

(iii) The legal basis for the processing of your data is your consent (Art. 6 Para. 1 lit. a) GDPR).

(iv) You enter your contact details yourself when ordering the newsletter; the other data for analysis are automatically made available by your browser.

(v) We also use service providers within the scope of order processing for the provision of services, in particular for the provision, maintenance and care of IT systems. In particular, we use the TravelClick, Inc., 75 New Hampshire Ave, Portsmouth, NH 03801, USA service to send the newsletter. We have concluded the EU Standard Contractual Clauses (2021/914; Module 2) with TravelClick, Inc. to protect your data. You can request a copy of the essential contractual content of the EU standard contractual clauses at any time.

(vi) Data for newsletters will be deleted when you unsubscribe from the newsletter.

(vii) Providing data is required to receive newsletters. We cannot send the newsletter without providing data. A withdrawal of consent is possible at any time. Please use the unsubscribe function in the newsletter

1. 1. 1. 1. We do not use automated individual decision-making processes.
         2. There are no plans to change the above purposes.
         3. You have the right to request information about all personal data that we process from the data subject at any time.
         4. If the personal data is incorrect or incomplete, there is a right to correction and supplementation.
         5. Deletion of the personal data can be requested at any time, unless we are legally obliged or entitled to further process the data.
         6. If the legal requirements are met, a restriction of the processing of the personal data can be requested.
         7. You have the right to object to the processing if the data is processed for the purpose of direct advertising or profiling.
         8. If the processing is based on a balance of interests, the processing can be objected to by stating reasons that arise from the particular situation of the data subject.
         9. If the data is processed on the basis of consent or as part of a contract, there is a right to transfer the data provided by , provided that this does not affect the rights and freedoms of other people.
         10. If we process the data on the basis of a declaration of consent, you have the right to revoke this consent with effect for the future at any time. The processing carried out before a revocation remains unaffected by the revocation.
         11. You also have the right at any time to lodge a complaint with a data protection supervisory authority if the data subject believes that data processing has violated applicable law.