According to DSGVO
Data protection
Data protection
Privacy policy Neumühle Resort & SPA
We welcome you to our website and appreciate your interest in our company. We take the protection of your personal data very seriously. We process your data in accordance with the applicable legal provisions for the protection of personal data, in particular the EU General Data Protection Regulation (GDPR) and the country-specific implementation laws applicable to us. This privacy policy provides you with comprehensive information about the processing of your personal data by Neumühle Hotel- und Gaststättenbetriebs GmbH and the rights to which you are entitled.
Personal data is information that makes it possible to identify a natural person. This includes, in particular, name, date of birth, address, telephone number, e-mail address, but also your IP address.
Data is anonymous if no personal reference to the user can be established.
You can change your data protection settings for this website at any time with effect for the
future via our consent banner and in this way also revoke your consent
.
You can also call up our content banner at any time via the Borlabs symbol in the bottom left-hand corner of our website at
.
Responsible body and data protection
Address: Neumühle Hotel- und Gaststättenbetriebs GmbH
Neumühle 54, 97797 Wartmannsroth
Contact information: www.neumuehle-resort.de
Phone: 0049 (0) 9732 8030
Fax: 0049 (0) 9732 803-79
info@neumuehle-resort.de
Contact data protection:
info@neumuehle-resort.de
Your rights as a data subject
First of all, we would like to inform you here about your rights as a data subject. These rights are standardized in Art. 15 – 22 GDPR. This includes:
– The right of access (Art. 15 GDPR),
– The right to erasure (Art. 17 GDPR),
– The right to rectification (Art. 16 GDPR),
– The right to data portability (Art. 20 GDPR),
– The right to restriction of processing (Art. 18 GDPR),
– The right to object to data processing (Art. 21 GDPR).
To assert these rights, please contact: info@neumuehle-resort.de. The same applies if you have any questions about data processing in our company. You also have the right to lodge a complaint with a data protection supervisory authority.
Rights of objection
Please note the following in connection with rights of objection:
If we process your personal data for the purpose of direct marketing, you have the right to object to this data processing at any time without giving reasons. This also applies to profiling insofar as it is associated with direct advertising.
If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection is free of charge and can be made informally, if possible to: info@neumuehle-resort.de.
In the event that we process your data to protect legitimate interests, you can object to this processing at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions.
We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims.
Purposes and legal bases of data processing
When processing your personal data, we comply with the provisions of the GDPR and all other applicable data protection regulations. The legal basis for data processing arises in particular from Art. 6 GDPR.
We use your data to initiate business, to fulfill contractual and legal obligations, to implement the contractual relationship, to offer products and services and to strengthen the customer relationship, which may also include analyses for marketing purposes and direct advertising in connection with the operation of our hotel.
Your consent also constitutes a data protection permission regulation. We will inform you about the purposes of data processing and your right of withdrawal. If the consent also relates to the processing of special categories of personal data, we will expressly point this out to you in the consent.
Processing of special categories of personal data within the meaning of Art. 9 (1) GDPR only takes place if this is required by law and there is no reason to assume that your legitimate interest in the exclusion of processing prevails.
Disclosure to third parties
We will only pass on your data to third parties within the framework of the statutory provisions or with the appropriate consent. Otherwise, your data will not be passed on to third parties unless we are obliged to do so due to mandatory legal provisions (disclosure to external bodies such as supervisory authorities or law enforcement agencies).
Recipients of the data / categories of recipients
Within our company, we ensure that only those persons receive your data who need it to fulfill contractual and legal obligations.
In many cases, service providers support our specialist departments in performing their tasks. The necessary data protection contracts have been concluded with all service providers. Our service providers support us in the following areas: Accounts receivable, IT services, booking services, mailing services, customer satisfaction service providers.
Transfer to a third country / intention to transfer to a third country
Data will only be transferred to third countries (outside the European Union or the
European Economic Area) if this is necessary for the performance of the
contractual obligation, is required by law or is based on your
consent (Art. 49 para. 1 sentence 1 lit. a GDPR). In this case, you will be informed separately
of this and of the associated risks when
obtains your consent.
We would also like to point out that your data may be processed outside the
European Union. Insofar as service providers are certified under the US-EU data
privacy framework, data processing is based on the existing
adequacy decision. Otherwise, compliance with the European level of data protection for
data transfer and processing in third countries is ensured by corresponding contractual
regulations and guarantees. Data processing
or storage in third countries may also take place on the basis of your consent
(Art. 49 para. 1 sentence 1 lit. a GDPR), in which case you will be informed separately when obtaining
your consent and the possibility of revocation.
Storage duration of the data
We store your data for as long as it is required for the respective processing purpose. Please note that numerous retention periods require that data (must) continue to be stored. This applies in particular to retention obligations under commercial or tax law (e.g. German Commercial Code, German Fiscal Code, etc.). If there are no further retention obligations, the data will be routinely deleted once the purpose has been achieved.
In addition, we may retain data if you have given us your permission to do so or if legal disputes arise and we use evidence within the framework of statutory limitation periods, which can be up to thirty years; the regular limitation period is three years.
Secure transfer of your data
We use appropriate technical and organizational security measures to protect the data stored by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. The security levels are continuously reviewed in cooperation with security experts and adapted to new security standards.
The exchange of data to and from our website is encrypted. We offer HTTPS as the transmission protocol for our website, using the latest encryption protocols.
Obligation to provide the data
Various personal data are necessary for the establishment, execution and termination of the contractual relationship and the fulfillment of the associated contractual and legal obligations. The same applies to the use of our website and the various functions it provides.
We have summarized the details for you in the point above. In certain cases, data must also be collected or made available due to legal provisions. Please note that it is not possible to process your request or execute the underlying contractual relationship without providing this data.
Categories, sources and origin of the data
Which data we process is determined by the respective context: this depends on whether, for example, you place an order online or enter an inquiry in our contact form, whether you send us an application or submit a complaint.
Please note that we may also provide information for special processing situations separately in a suitable place, e.g. when uploading application documents or in the event of a contact request.
We collect and process the following data as part of a contact request:
– Surname, first name
– Contact details
– Questions
We collect and process the following data for newsletters:
– E-mail address
Contact form / contact by e-mail (Art. 6 para. 1 lit. a, b GDPR)
There is a contact form on our website that can be used to contact us electronically. If you write to us via the contact form, we will process the data you provide in the contact form to contact you and answer your questions and requests.
The principle of data minimization and data avoidance is observed in that you only have to provide the data that we absolutely need to contact you. These are your name, your e-mail address and the message field itself. In addition, your IP address is processed for technical reasons and for legal protection. All other data are voluntary fields and can be provided optionally (e.g. to answer your questions more individually).
If you contact us by e-mail, we will process the personal data provided in the e-mail solely for the purpose of processing your request. If you do not use the forms provided to contact us, no further data will be collected.
Newsletter (Art. 6 para. 1 lit. a GDPR)
You can subscribe to a free newsletter on our website. The e-mail address provided when registering for the newsletter will be used to send the newsletter.
The principle of data minimization and data avoidance is observed here, as only the e-mail address is requested. For technical reasons and for legal protection, your IP address is also processed when you subscribe to the newsletter
You can of course unsubscribe at any time using the unsubscribe option provided in the newsletter and thus revoke your consent. It is also possible to unsubscribe from the newsletter at any time directly via our website.
In addition, you can voluntarily give us your consent to participate in customer satisfaction surveys by e-mail during your visit.
Advertising purposes for existing customers (Art. 6 para. 1 lit. f EU GDPR)
Neumühle Hotel- und Gaststättenbetriebs GmbH is interested in maintaining the customer relationship with you and sending you information and offers about our products / services such as offers for wellness treatments or hotel bookings. We therefore process your data in order to send you relevant information and offers by e-mail and post.
If you do not wish this, you can object to the use of your personal data for the purpose of direct advertising at any time; this also applies to profiling insofar as it is associated with direct advertising. If you object, we will no longer process your data for this purpose.
The objection can be made free of charge and without giving reasons and should be sent to 0049 (0) 9732 8030, by e-mail to info@neumuehle-resort.de or by post to Neumühle Hotel- und Gaststättenbetriebs GmbH, Neumühle 54, 97797 Wartmannsroth.
Regular guest club (guest club, Art. 6 para. 1 sentence 1 lit. a GDPR)
This website uses KunLeiSys guest club software (regular guest area). The provider is GASTROpoint GmbH, Pommernstraße 17, 83395 Freilassing, Germany. KunLeiSys Guest Club Software is a service used to organize and manage the Guest Club, offers, loyalty points, event emails and newsletter distribution. You can register for the Guest Club on our website. We only use the data entered for this purpose (first name, surname, e-mail address) for the purpose of using the respective offer or service. The mandatory information requested during registration must be provided in full. Otherwise we will reject the registration. The data entered during registration is processed on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw your consent at any time free of charge. You can do this via the unsubscribe link in the email or by unsubscribing in the Guest Club.
The data you provide us with for the purpose of the Guest Club will be stored by us until you deregister and will be deleted from our servers as well as from the servers of GASTROpoint GmbH after you deregister and delete your Guest Club account. In the event of important changes, such as to the scope of the offer or technically necessary changes, we will use the e-mail address provided/stored during registration or in your profile to inform you in this way. Statutory retention periods remain unaffected. We have concluded a contract with GASTROpoint GmbH for commissioned data processing and fully implement the strict requirements of the data protection authorities when using KunLeiSys Guest Club software.
Automated decisions in individual cases
We use an AI-based chat bot on our website that makes automatic
case-by-case decisions.
RE:GUEST Hotelchatbot
We use the hotel chatbot RE:GUEST of ReGuest AG (Kuperionstr. 34,
39012 Merano, Italy) on our website. In addition to the traffic and connection data (e.g. IP
address), the input data (messages, comments, booking data) and
contact data (name, email address) are processed. The purpose of the processing is the smooth
booking of stays. The communication is subject to decision-making
by means of artificial intelligence. [hier die zugrundeliegende Logik einfügen]
The data is stored for X days and then deleted.
The legal basis for this is your express consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
You can revoke your consent at any time with effect for the future. To do so, simply go to our consent banner at
and select the relevant consent
. Please note that the change in the consent banner settings must be made individually for each
end device.
Cookies (Art. 6 para. 1 lit. f EU-GDPR
Cookies (Art. 6 para. 1 sentence 1 lit. a, f GDPR, § 25 para. 1, 2 TDDDG)
Our website uses so-called cookies. They serve to make our website
more user-friendly, effective and secure. Cookies are small text files that
are stored on your end device and saved (locally) by your browser. Cookies contain
only pseudonymous, usually even anonymous data. Some cookies remain for the duration
of a browser session (so-called session cookies), others are stored for a longer period
(so-called persistent cookies, e.g. consent settings). The latter are
automatically deleted after the specified time (usually 6 months). In addition to
‘s own cookies, cookies controlled by third-party providers are also used.
These use the information contained in the cookies, e.g. to show you content
or to record the pages you have visited.
Based on our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR), we set
technically necessary cookies, which are absolutely necessary for the operation of the website and
to ensure its functionality. Furthermore, we use cookies without your
consent if their sole purpose is the storage of or
access to information stored in the terminal device for the transmission of messages
or if they are absolutely necessary in order to provide the service
expressly requested by you, § 25 para. 2 TDDDG.
We use the following technically necessary cookies:
Name | Function | Storage duration |
Borlabs Cookie | Saves the visitor preferences selected in the Borlabs Cookie dialog. | 60 days |
Wordfence | Wordfence is a WordPress plugin for website security. | 30 days |
You can also find an up-to-date list of the cookies and connections we use at
in our consent banner.
Subject to your consent, other cookies are used that enable us
or third parties, for example, to analyze how our services are used.
This allows us to tailor content to user needs. Cookies also enable us
to measure the effectiveness of a particular ad and
to place it, for example, according to the thematic interests of users
. The legal basis for this is your express consent (Art. 6 para. 1
p. 1 lit. a GDPR, Section 25 para. 1 TDDDG).
You can revoke your consent at any time with effect for the future. To do so, simply go to our consent banner at
and select the relevant consent
. Please note that the change in the consent banner settings must be made individually for each
end device.
If you have accounts with the third-party providers we use and are logged in to
, your data may be linked to the respective account. You
can avoid such a combination by not giving or revoking your consent to the cookies relating to
or by logging out of the
respective third-party providers in advance.
Most browsers accept cookies automatically. You can also deactivate, restrict or delete cookies on your
end device manually via your browser settings or with the help of software
. If you deactivate the setting of cookies, the full
use of our website is not possible or only possible to a limited extent.
Please also note our information in the section of the respective service that uses cookies
.
User profiles / web tracking procedures
1. google tag manager (GTM):
This website uses the Google Tag Manager of Google Ireland Limited (Gordon
House, Barrow Street, Dublin 4, Ireland). This service allows website tags to be managed via a
interface. The Tag Manager is used to control various scripts
, which may trigger further data processing. The Google Tag
Manager triggers other tags, which in turn may collect data. However, the Google
Tag Manager does not access this data. If a
deactivation has been made at domain or cookie level, it remains in place for all tracking tags, insofar as these are implemented with
the Google Tag Manager.
The legal basis for the use of the Google Tag Manager is your express
consent, Art. 6 para. 1 sentence 1 lit. a GDPR and – insofar as
access to information in the end device takes place through the Tag Manager § 25 para. 1 TDDDG. Details on the
data can be found in the respective sections on the
tools controlled via the Tag Manager. These can be processed upstream by the Tag Manager using a tag and
then transferred to other tools (e.g. Analytics, Ads).
When using the Google Tag Manager, connection data (e.g. your IP
address) is collected and may be processed outside the European Union and the European
Economic Area, where there is no adequate level of data protection.
Google is certified under the EU-US data privacy framework, which guarantees an adequate level of data protection
. Insofar as the processing does not fall under the scope of protection
of the framework, we transfer the data to the USA on the basis of your express
consent in accordance with Art. 49 para. 1 sentence 1 lit. a GDPR. In the case of Google
, there is a risk that your data may be processed by US authorities for control and
monitoring purposes without you possibly being entitled to
legal remedies. The assertion of
data subject rights may also be restricted. However, we take the possible and
necessary measures under data protection law in accordance with Art. 44 et seq. GDPR to establish the
level of data protection in the third country.
You can withdraw your consent at any time with effect for the future. To do so, simply go to
and select the relevant consent banner
. Please note that the change in the consent banner settings must be made individually for each
end device.
More information about Google Tag Manager can be found at the following link:
https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.
2. google analytics
This website uses Google Analytics, a web analytics service provided by Google Ireland
Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), on the basis of your consent (Art. 6 para. 1 sentence 1 lit. a GDPR,
and Section 25 para. 1 TDDDG). Google Analytics
uses so-called “cookies”. These are text files that are stored on your end device
and enable your use of the website to be analyzed. The information stored in this way on
is usually transferred to a Google server in
the USA and stored there. If IP anonymization is activated, your IP
address will be shortened before data transmission and within the European Union or
contracting states of the European Economic Area. An unabridged transmission of the
full IP address to Google only takes place in exceptional cases.
On behalf of the operator of this website, Google will use this information to evaluate your
use of the website, to compile reports on website activity for
and to provide other services relating to website activity and internet usage
to the website operator. The IP address transmitted by your browser as part of
by Google Analytics will not be merged with other
data from Google.
Sessions and campaigns are terminated after a certain period of time.
By default, sessions are terminated after 30 minutes without activity and campaigns after
six months. Users’ personal data is deleted or anonymized after 14 months
.
Google processes and stores your data in the USA. Google is certified under the EU-US data
privacy-framework, which guarantees an adequate level of data protection
. Insofar as the processing does not fall under the scope of protection of the framework,
we transfer the data to the USA on the basis of your express consent, in accordance with
Art. 49 para. 1. sentence 1 lit. a GDPR. In the case of Google, there is a risk that your data
may be processed by US authorities for control and monitoring purposes without
you having any legal recourse. The
assertion of data subject rights may also be restricted. However, we take the
measures possible and necessary under data protection law in accordance with Art. 44 et seq. GDPR,
to establish the level of data protection in the third country.
You can find more information on terms of use and data protection at
https://www.google.com/analytics/terms/de.html and https://policies.google.com/?hl=de
You can prevent the storage of cookies by selecting the appropriate settings on your browser
software; however, please note that if you do this you may not be able to use the full functionality of this
website. You can also prevent
from collecting the data generated by the cookie and related to your use of the
website (including your IP address) to Google and the processing of this
data by Google by downloading and installing the
browser plug-in available at the following link:
http://tools.google.com/dlpage/gaoptout?hl=de.
You can revoke your consent at any time with effect for the future. To do so, simply go to
, open our consent banner and deselect the corresponding consent.
Please note that the change in the consent banner settings must be made individually for each
end device.
This website uses the IP anonymization function of Google Analytics. Furthermore,
has entered into a contract data processing agreement with Google. You also have the option at
to deactivate Google Analytics using a browser add-on.
You can find more information on this at
https://support.google.com/analytics/answer/6004245 (general information on Google Analytics and data protection).
3. matomo (formerly Piwik)
This website uses the open source web analysis service Matomo (formerly known as Piwik). Matomo makes it possible to analyze the flow of visitors to this website. Matomo helps to understand how a visitor came to this website (e.g. via the so-called referrer), which pages are accessed how often and for how long or which browser was used to view them. This data helps us to improve the offering on this website. We can thus recognize which offers are the most interesting, where navigation can be improved or whether technical requirements need to be created so that this website can be displayed without errors.
IP addresses are automatically anonymized before the analysis data is saved. Matomo has also been configured so that only the anonymized IP address is used to process the data. Matomo also respects the “do-not-track” setting of your browser.
The legal basis for the use of Matomo is your consent, Art. 6 para. 1 sentence 1 lit. a
DS-GVO.
You can revoke your consent at any time with effect for the future. To do so, simply go to
, click on our consent banner via the fingerprint button at the bottom left and
select the corresponding consent. Please note that the change in the
consent banner settings must be made individually for each end device.
The data is stored for 180 days.
This website uses Matomo with the extension “AnonymizeIP”. This means that IP
addresses are further processed in abbreviated form, which means that
cannot be directly linked to individuals. The IP address transmitted by your browser via Matomo is
not merged with other data collected by us. Matomo is also used without
cookies.
The Matomo program is an open source project. Information from the third-party provider on
data protection can be found at https://matomo.org/privacy-policy/
4. myFonts Counter
On this website we use MyFonts Counter, a web analysis service of MyFonts Inc, 500 Unicorn Park Drive, Woburn, MA 01801, USA. Due to the license terms, page view tracking is carried out by counting the number of visits to the website for statistical purposes and transmitting them to MyFonts. MyFonts only collects anonymized data. The data may be passed on by activating JavaScript code in your browser. To prevent the execution of Java Script code from MyFonts altogether, you can install a Java Script blocker (e.g. www.noscript.net).
We use MyFonts on the basis of your express
consent, Art. 6 para. 1 sentence 1 lit. a GDPR.
MyFonts processes and stores your data in the USA. MyFonts is certified under the EU-US-
data-privacy-framework, which guarantees an adequate level of data protection
. Insofar as the processing does not fall under the scope of protection of the framework
, we transfer the data to the USA on the basis of your express consent,
in accordance with Art. 49 para. 1. sentence 1 lit. a GDPR. In the case of Google, there is a risk that your
data may be processed by US authorities for control and monitoring purposes,
without you possibly being entitled to any legal remedies. The assertion of data subject rights may also be restricted. However, we take the
measures possible and necessary under data protection law in accordance with Art. 44 et seq. GDPR,
to establish the level of data protection in the third country.
You can revoke your consent at any time with effect for the future. To do so, simply go to
, click on our consent banner and select the appropriate consent.
Please note that the change in the consent banner settings must be made individually for each
end device.
Further information on MyFonts Counter can be found in MyFonts’ privacy policy at http://www.myfonts.com/info/terms-and-conditions/#Privacy.
5 Google Ad Manager
This website uses the Ad Manager service from Google (Google Ireland Limited, Gordon
House, Barrow Street, Dublin 4, Ireland). This creates cookies on your end device, which
information about your activities (including: IP address, browser, time of the request
and other log files, which ads were clicked on, which websites you visited
). The information stored in the cookie may be recorded, collected and analyzed by Google
Inc. or third parties. In addition,
Google Ad Manager may also use so-called (re)marketing tags
(invisible graphics, also known as “web beacons”) to collect information. By using
, for example, visitor traffic on the website can be recorded and evaluated.
merging of the data is not excluded if you are logged in with a Google account
or have allowed Google to use advertising.
We use the Ad Manager to display advertisements that are relevant to you, to prevent
from displaying the same advertisements several times and to improve reports on
campaign performance. Cookies can also be used to record so-called
conversions that are related to ad questions. This is the case, for example, if
a user sees an Ad Manager ad and later visits the advertiser’s website
with the same browser and makes a purchase there.
The legal basis for the processing is the consent you have given in accordance with Art. 6
para. 1 lit. a GDPR, § 25 para. 1 TDDDG.
Google processes and stores your data in the USA. Google is certified under the EU-US-data-
privacy-framework, which guarantees an adequate level of data protection
. Insofar as the processing does not fall under the scope of protection of the framework,
we transfer the data to the USA on the basis of your express consent, in accordance with
Art. 49 para. 1. sentence 1 lit. a GDPR. In the case of Google, there is a risk that your data
may be processed by US authorities for control and monitoring purposes without
you having any legal recourse. The
assertion of data subject rights may also be restricted. However, we take the
measures possible and necessary under data protection law in accordance with Art. 44 et seq. GDPR,
to establish the level of data protection in the third country.
Google uses the information obtained in this way to carry out an evaluation of your
usage behavior with regard to the Google Ad Manager ads.
Google may also transfer this information to third parties if
is required to do so by law or if third parties process this data on behalf of Google
.
If you are registered with a Google service, Google can assign the visit to your
account. To prevent this, you must first log out of your
account with Google.
You can use the plug-ins provided by Google at the following link to prevent the
storage of data: https://www.google.com/settings/ads/plugin install.
You can revoke your consent at any time with effect for the future. To do this, simply go to
and click on our consent banner and deselect the corresponding consent.
Please note that the change in the consent banner settings must be made individually for each
end device.
Further information on the use of data by Google, setting and
objection options, can be found in Google’s privacy policy
(https://policies.google.com/technologies/ads) and in the settings for the display
of advertisements by Google(https://adssettings.google.com/authenticated).
6. google ads with conversion tracking
To draw attention to our offers, we place ads in the Google search network
and advertising banners in the Google display network (banners on websites of
third parties) and use the remarketing of Google Ads. We can combine ads with
search terms or use individual ads to advertise products and
services that you have viewed on our site. With Ads-
remarketing lists, we can optimize search and display campaigns if you have already visited our
site.
For this interest-based advertising, Google analyzes your user behavior with cookies,
which are set when you click on ads or visit our websites. We and
Google then receive information that you have clicked on an advertisement and
have been forwarded to us. Based on these evaluations, we can recognize which of the
advertising measures used are particularly effective and can optimize them through
.
The statistics that Google provides us with include the number of users who have clicked on a
of our ads and show which of our websites you were redirected to
. We can also target you more specifically if you have already been to our
website. We can also track which search terms
were clicked on particularly often and which ads lead to the purchase of a subscription, for example.
Due to the marketing tools used, your browser automatically establishes a direct
connection with the Google server. We have no influence on the scope and
the further use of the data collected by Google through the use of this tool
and therefore inform you according to our state of knowledge: Through the
integration of Ads Advertising, Google receives the information that you have called up the corresponding
part of our website or clicked on an advertisement from us. If
you are registered with a Google service, Google can assign the visit to your
account. Even if you are not registered with Google or have not logged in,
there is a possibility that the provider will find out and store your IP address.
The legal basis is the consent you have given in accordance with Art. 6 para. 1 lit. a GDPR
and § 25 para. 1 TDDDG.
You can revoke your consent at any time with effect for the future. To do so, simply go to
, open our consent banner and deselect the corresponding consent.
Please note that the change in the consent banner settings must be made individually for each
end device.
Google processes and stores your data in the USA. Google is certified under the EU-US-data-
privacy-framework, which guarantees an adequate level of data protection
. Insofar as the processing does not fall under the scope of protection of the framework,
we transfer the data to the USA on the basis of your express consent, in accordance with
Art. 49 para. 1. sentence 1 lit. a GDPR. In the case of Google, there is a risk that your data
may be processed by US authorities for control and monitoring purposes without
you having any legal recourse. The
assertion of data subject rights may also be restricted. However, we take the
possible and necessary measures under data protection law in accordance with Art. 44 et seq. GDPR,
to establish the level of data protection in the third country.
You can prevent this technology by preventing the use of cookies via the
settings of your browser, deselecting individual types of ads in the ad settings of Google
, deactivating interest-based ads on Google
or deactivating cookies from advertising providers with the help of the respective deactivation help
of the Network Advertising Initiative. We and Google will then only receive the
statistical information on how many users have visited a page and when. This can only be prevented by
corresponding browser extensions.
You can find more information on this at https://support.google.com/google-
ads/answer/7521212?hl=en.
7. google reCAPTCHA
On our website, we use the reCAPTCHA service provided by Google
Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The tool serves
to differentiate whether entries on our website are made by a human or
abusively by automated, machine processing. This involves loading
image files and other matching and security mechanisms from Google servers
. This gives Google knowledge of your activities on the page on which
reCAPTCHA is integrated. The service includes the transmission of the IP address and, if applicable,
other data required by Google for the reCAPTCHA service to Google and takes place
in accordance with your express consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR. The use of
serves to prevent misuse and spam.
Google processes and stores your data in the USA. Google is certified under the EU-US-data-
privacy-framework, which guarantees an adequate level of data protection
. Insofar as the processing does not fall under the scope of protection of the framework,
we transfer the data to the USA on the basis of your express consent, in accordance with
Art. 49 para. 1. sentence 1 lit. a GDPR. In the case of Google, there is a risk that your data
may be processed by US authorities for control and monitoring purposes without
you having any legal recourse. The
assertion of data subject rights may also be restricted. However, we take the
measures possible and necessary under data protection law in accordance with Art. 44 et seq. GDPR,
to establish the level of data protection in the third country.
As part of the data processing of Google reCAPTCHA, fonts from
Google are used, which – like the reCAPTCHA content – are loaded from external Google servers
. Connection and traffic data (e.g. IP address) are transmitted to the
external servers. The processing takes place exclusively for the purpose of
displaying Google reCAPTCHA in the form described here.
The data will be deleted after 6 months or 24 months.
You can revoke your consent to the service and the associated data transfer to
the USA at any time with effect for the future. Please note that the
revocation must be made individually for each end device.
On pages with form or input fields that are protected by reCAPTCHA,
you have the option of giving your consent by activating the checkbox and revoking it by deselecting
.
Further information on Google’s privacy policy can be found at:
https://www.google.com/intl/mn-de/policies/privacy/.
8. google maps
On this website, we use Google Maps, a map service provided by Google
LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). This enables
to show you interactive maps directly on the website and allows you to use the map function conveniently at
. The processing and transmission of your
data (IP address, connection data) to Google is based on your express
consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
You can give your consent directly for the integrated maps. If you have consented to
, information about your use of our website (such as your
IP address) will be transmitted to and stored by Google on servers in the United States. This takes place
regardless of whether Google provides a user account through which you are logged in or
whether no user account exists. If you are logged in to Google, your data will be assigned directly to
your account. If you do not wish
to be associated with your Google profile, you must log out before activating the button. Google stores your
data (even for users who are not logged in) as usage profiles and analyzes them. Such an
evaluation is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a DS-
GDPR and enables the display of personalized advertising, market research and/or
needs-based design of the website.
Google processes and stores your data in the USA. Google is certified under the EU-US-data-
privacy-framework, which guarantees an adequate level of data protection
. Insofar as the processing does not fall under the scope of protection of the framework,
we transfer the data to the USA on the basis of your express consent, in accordance with
Art. 49 para. 1. sentence 1 lit. a GDPR. In the case of Google, there is a risk that your data
may be processed by US authorities for control and monitoring purposes without
you having any legal recourse. The
assertion of data subject rights may also be restricted. However, we take the
measures possible and necessary under data protection law in accordance with Art. 44 et seq. GDPR,
to establish the level of data protection in the third country.
You can withdraw your consent at any time with effect for the future. To do so, simply go to
, open our consent banner and deselect the corresponding consent.
Please note that the change in the consent banner settings must be made individually for each
end device.
If you do not agree to the future transmission of your data to Google in the context of the use of
Google Maps, you also have the option of completely deactivating the web service of
Google Maps by switching off the JavaScript application in your
browser. Google Maps and thus also the map display on this website
can then not be used.
You can find more information on the collection and use of data by Google in Google’s data protection information at
at https://www.google.com/privacypolicy.html. There
you also have the option of changing your settings in the data protection center, so
that you can manage and protect your data processed by Google.
9. youtube
We have integrated YouTube videos from the provider Google Ireland Limited (Gordon House, Barrow
Street, Dublin 4, Ireland) into our online offering, which are stored on
http://www.YouTube.com and can be played directly from our website
. These are all integrated in “extended data protection mode”, i.e. no
data about you as a user is transferred to YouTube if you do not play the videos
. Only when you play the videos will the data mentioned below be transmitted.
We have no influence on this data transmission. By embedding the video in
extended data protection mode, no cookies requiring consent are set, which
record user behaviour in order to personalize video playback. However,
the extended data protection mode only refers to the recording of user behavior, not to the
ad provision, as well as the reloading of further third-party content,
font transfer and possible links to your user account on YouTube.
When you start the video, this triggers further data processing operations. We have no influence on this
. The legal basis is your consent, Art. 6 para. 1 sentence 1 lit. a GDPR.
Google processes and stores your data in the USA. Google is certified under the EU-US-data-
privacy-framework, which guarantees an adequate level of data protection
. Insofar as the processing does not fall under the scope of protection of the framework,
we transfer the data to the USA on the basis of your express consent, in accordance with
Art. 49 para. 1 sentence 1 lit. a GDPR. In the case of Google, there is a risk that your data
may be processed by US authorities for control and monitoring purposes without
you having any legal remedies. The
assertion of data subject rights may also be restricted. However, we take the
measures possible and necessary under data protection law in accordance with Art. 44 et seq. GDPR,
to establish the level of data protection in the third country.
By visiting the website, YouTube receives the information that you have accessed the subpage of our website corresponding to
. Data is transmitted to
regardless of whether YouTube provides a user account through which you are logged in or
whether no user account exists. If you are logged in to Google, your data will be directly
assigned to your account. If you do not wish
to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your
data as usage profiles and uses them for the purposes of advertising, market research and/or
needs-based design of its website. Such an evaluation is carried out in particular
(even for users who are not logged in) to provide needs-based advertising and to inform
other users of the social network about your activities on our website
. You have the right to object to the creation of these user profiles,
whereby you must contact YouTube to exercise this right.
Your consent data processed in connection with YouTube will be deleted after 18-24 months.
These processing operations are based on your consent in accordance with Art. 6 para. 1 sentence 1
lit. a GDPR. By giving your consent via the consent banner, all YouTube videos embedded on
our website will be made visible to you and the content will be loaded when you visit
.
You can revoke your consent at any time with effect for the future. To do so, simply go to
, open our consent banner and deselect the corresponding consent.
Please note that the change in the consent banner settings must be made individually for each
end device.
Unless you have given your consent to the use of embedded YouTube content
, the content on our pages is blocked or provided with an overlay
. We use this so-called two-click solution to protect your data. All
YouTube content is deactivated by default and is only loaded and displayed by the YouTube servers after you click on the
“Activate content” button. With
this click, you consent, for example, to your IP address, referrer information
and browser data being transmitted to YouTube and to cookies being set in your browser
.
You have the option of giving your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR
for the retrieval of individual videos. The setting is stored for 30 days. You can also revoke your
consent at any time with effect for the future by reloading
the website.
For more information on the purpose and scope of data collection and its processing
by YouTube, please visit: https://www.google.de/intl/de/policies/privacy.
10. vimeo
We use plugins from the video portal Vimeo. The provider is Vimeo Inc, 555 West 18th
Street, New York, New York 10011, USA.
When you visit one of our pages equipped with a Vimeo plugin, a
connection to the Vimeo servers is established. This tells the Vimeo server
which of our pages you have visited. Vimeo also obtains your IP address. This applies
even if you are not logged in to Vimeo or do not have a Vimeo
account. The information collected by Vimeo is transmitted to the Vimeo server in the USA
.
The legal basis for this data processing is your consent, Art. 6 para. 1 sentence 1 lit. a DS-
GDPR.
Vimeo processes and stores your data in the USA. Vimeo is certified under the EU-US data
privacy-framework, which guarantees an adequate level of data protection
. Insofar as the processing does not fall under the scope of protection of the framework,
we transfer the data to the USA on the basis of your express consent, in accordance with
Art. 49 para. 1. sentence 1 lit. a GDPR. In the case of Vimeo, there is a risk that your data
may be processed by US authorities for control and monitoring purposes, without
that you may be entitled to legal remedies. The
assertion of data subject rights may also be restricted. However, we take the
measures possible and necessary under data protection law in accordance with Art. 44 et seq. GDPR,
to establish the level of data protection in the third country.
You can withdraw your consent at any time with effect for the future. To do so, simply go to
, open our consent banner and deselect the corresponding consent.
Please note that the change in the consent banner settings must be made individually for each
end device.
If you are logged into your Vimeo account, you enable Vimeo to assign your
surfing behavior directly to your personal profile. You can prevent this at
by logging out of your Vimeo account.
You can find further information on the handling of user data in Vimeo’s privacy policy
at: https://vimeo.com/privacy.
11. google fonts
External fonts, Google Fonts, are used on this website. Google Fonts is
a service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). The
integration of these web fonts takes place via a server call, usually a server of
Google in the USA. This transmits to the server which of our Internet pages
you have visited. The IP address of the browser of the visitor’s end device
of these Internet pages is also stored by Google.
Google processes and stores your data in the USA. Google is certified under the EU-US-data-
privacy-framework, which guarantees an adequate level of data protection
. Insofar as the processing does not fall under the scope of protection of the framework,
we transfer the data to the USA on the basis of your express consent, in accordance with
Art. 49 para. 1. sentence 1 lit. a GDPR. In the case of Google, there is a risk that your data
may be processed by US authorities for control and monitoring purposes without
you having any legal recourse. The
assertion of data subject rights may also be restricted. However, we take the
measures possible and necessary under data protection law in accordance with Art. 44 et seq. GDPR,
to establish the level of data protection in the third country.
The use of Google Fonts takes place with your express consent, Art. 6 para. 1
p.1 lit. a GDPR.
You can revoke your consent at any time with effect for the future. To do this, simply go to
and click on our consent banner and deselect the corresponding consent.
Please note that the change in the consent banner settings must be made individually for each
end device.
You can find more information in Google’s privacy policy, which you can access here
:
www.google.com/fonts#AboutPlace:about
www.google.com/policies/privacy/
12 Borlabs Consent control
This website uses Borlabs Cookie (Borlabs, Rübenkamp 32,
22305 Hamburg, Germany) for consent control, which sets a technically necessary cookie (borlabs-cookie),
to store your cookie consents. The storage of the borlabs cookie is
absolutely necessary to save your consent and data protection settings,
§ 25 para. 2 TDDDG. The legal basis for the personal
data (UID) contained in the cookies is our legitimate interest in effective consent management, Art. 6
para. 1 sentence 1 lit. f GDPR.
Borlabs cookie does not process any
personal data other than the data contained in the cookie (e.g. UID) and the
regular traffic and connection data (IP address, etc.). The borlabs cookie is stored for 90 days if you have given your consent,
otherwise for 45 days.
The borlabs cookie stores the consent you gave when you entered the
website. If you wish to revoke this consent, simply delete the cookie.
the cookie in your browser. If you then re-enter/reload the website,
will ask you for your cookie consent again.
13th Wordfence
The Wordfence security software is integrated on this website. The provider is Defiant
Inc, 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter referred to as Wordfence).
Wordfence serves to protect our website from malicious cyber attacks and other
unwanted access. For this purpose, our website establishes a permanent connection
to the Wordfence servers so that Wordfence can compare its databases with the accesses made to our
website and block them if necessary.
Wordfence is used on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR.
The website operator has a legitimate interest in protecting
its website as effectively as possible against cyber attacks.
When Wordfence is used, data is transferred to the USA. Compliance with the European
level of data protection for data transfer and processing in third countries is ensured by
corresponding contractual regulations and guarantees.
If you give us your consent, we will transfer the data to the USA on the basis of this
express consent, in accordance with Art. 49 para. 1. p. 1 lit. a GDPR. In the case
of Wordfence, there is a risk that your data may be processed by US authorities for control and
monitoring purposes without you possibly being entitled to
legal remedies. The assertion of
data subject rights may also be restricted. However, we take the possible and
necessary measures under data protection law in accordance with Art. 44 et seq. GDPR to establish the
level of data protection in the third country.
You can find the details under the following link: https://www.wordfence.com/help/general-data-
protection-regulation/ .
14. meta pixels and meta custom audiences
This website uses the “meta pixel” of the social network
Facebook, which is operated by Meta Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or if
you are based in the EU, Meta Platforms Ireland Limited, Block J, Serpentine Avenue,
Dublin 4, Ireland, to measure conversions.
This allows the effectiveness of Facebook ads to be evaluated for statistical and
market research purposes and future advertising measures to be optimized
. The Meta pixel also enables us to analyze the impact of our ads
, including your reactions to them. The data is stored
and processed by Meta so that a connection to the respective user profile is possible and Meta can use the
data for its own advertising purposes in accordance with the Data Usage Policy
.
You can enable Meta and its partners to place advertisements on and outside
from Facebook. A cookie may be stored on your computer
for these purposes. In any case, the pixel will be loaded by the Meta servers and your traffic and connection data (e.g. IP address) will be transmitted to
. We use the meta
pixel to display the advertisements placed by us only to those users who have also visited our website
or who have certain characteristics that we transmit to meta
. With the help of the Meta pixel, Meta is able to determine our website visitors as a
target group for the display of advertisements.
Meta’s “Custom Audiences” marketing tool helps to reduce wastage in
marketing. A “tracking pixel” from Meta (“Meta
Pixel”) is installed on our website, which is retrieved from Meta’s servers at
each time our website is accessed and registers the access there. This allows website visitors to be specifically included in
a custom audience. The marketing tool is a targeting option,
which uses the meta pixel to match visitors to our website with people on Facebook.
We can target visitor groups with Facebook ads.
By integrating the meta pixel and using Meta Custom Audiences
, we pursue the purpose of reducing wastage in marketing and placing ads optimized for
website visitors. The purpose of processing the data at
using “Meta Custom Audiences” is to compile statistics to form
user categories in order to enable interest-based targeting of advertising material or
advertising measures on the Internet. This enables us to continuously improve our website
.
The use of meta pixels and custom audiences is based on your
express consent (Art. 6 para. 1 sentence 1 lit. a GDPR, Section 25 para. 1 TDDDG).
You can revoke your consent at any time with effect for the future. To do so, simply go to
, open our consent banner and deselect the corresponding consent.
Please note that the change in the consent banner settings must be made individually for each
end device.
If you have consented to data processing, your data will be stored for 2 years for the aforementioned
purposes. The data will then be deleted.
According to Meta, the pixel displays browser information, websites visited,
and the hashed Facebook ID of the website user. It cannot be ruled out
that Meta also transmits the information to a server in a third country, e.g. the USA,
.
Meta processes and stores your data in the USA. Meta is certified under the EU-US data
privacy-framework, which ensures an adequate level of data protection
. Insofar as the processing does not fall under the scope of protection of the framework,
we transfer the data to the USA on the basis of your express consent, in accordance with
Art. 49 para. 1. sentence 1 lit. a GDPR. In the case of Meta, there is a risk that your data may be processed by
US authorities for control and monitoring purposes without
you possibly having any legal remedies. The
assertion of data subject rights may also be restricted. However, we take the
possible and necessary measures under data protection law in accordance with Art. 44 et seq. GDPR,
to establish the level of data protection in the third country.
The processing of data by Meta takes place within the framework of the Facebook-
Data Usage Policy: https://www.facebook.com/policy. Specific information
about the Meta pixel and how it works can be found here:
https://www.facebook.com/business/help/651294705016616.
15. instagram content
We have integrated content from the social network Instagram on our website,
which is operated by Meta Inc. (1 Hacker Way, Menlo Park, CA 94025, USA).
The
legal basis for the processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR and Section 25 para. 1 TDDDG.
When you access our pages, you will be shown the option to activate Instagram content at
. Only after you have given your consent and only then will a connection be established between
your browser and the Instagram servers. The content is then transmitted from
Instagram directly to your browser, which integrates it into the website.
Data is transmitted to Instagram, in particular your IP address and the
information about which page you are currently visiting. In this way, you provide Instagram
with information about your surfing behavior. If you have an Instagram account, this data
can be linked to it. If you do not want Instagram to link the data to your existing Instagram account despite having given your consent
, you must log out of Instagram before visiting our website
.
For the purpose and scope of data collection and the further processing and use of the data
by Instagram as well as your rights in this regard and setting options for protecting your privacy
, please refer to Instagram’s data protection information.
Meta processes and stores your data in the USA. Meta is certified under the EU-US-data-
privacy-framework, which guarantees an adequate level of data protection
. Insofar as the processing does not fall under the scope of protection of the framework,
we transfer the data to the USA on the basis of your express consent, in accordance with
Art. 49 para. 1. sentence 1 lit. a GDPR. In the case of Meta, there is a risk that your data may be processed by
US authorities for control and monitoring purposes without
you possibly having any legal remedies. The
assertion of data subject rights may also be restricted. However, we take the
measures possible and necessary under data protection law in accordance with Art. 44 et seq. GDPR,
to establish the level of data protection in the third country.
You can withdraw your consent at any time with effect for the future. To do so, simply go to
, open our consent banner and deselect the corresponding consent.
Please note that the change in the consent banner settings must be made individually for each
end device.
Further information on data processing by Instagram can be found at
https://help.instagram.com/519522125107875
16. information on data protection in social media
We maintain various social media presences in order to communicate with the customers, interested parties and users registered at
and to inform them about our
offers.
Below you will find the most important information on
data protection law in relation to our presences.
Name and address of the controller
In addition to Neumühle
Hotel- und Gaststätten Betriebsgesellschaft mbH, the controller responsible for the company’s websites within the meaning of the EU General Data Protection Regulation
(GDPR) and other data protection regulations is
- Facebook (Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour,
Dublin 2, Ireland) - Instagram (Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal
Harbour, Dublin 2, Ireland) - YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)
- LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
Purpose and legal basis
We maintain the fan pages ourselves in order to communicate with visitors to these pages
and to inform them about our offers in this way.
We would like to point out that you use these platforms and their functions at your own
responsibility. This applies in particular to the use of the interactive functions
(e.g. commenting, sharing, rating).
We also collect data for statistical purposes in order to further develop the content and optimize
and to make our offer more attractive. The
data required for this (e.g. total number of page views, page activity and data provided by visitors to
, interactions, time spent on videos) is processed by the social
networks and made available to us. We have no influence on the generation and presentation of
.
In addition, your personal data is processed by the social media providers, but
also by Neumühle Hotel- und Gaststätten Betriebsgesellschaft mbH, for
market research and advertising purposes. For example, it is possible that usage profiles are created
based on your
usage behavior and the resulting interests. This allows, among other things, advertisements to be placed within and outside the
platforms that correspond to your interests. As a rule,
cookies are stored on your computer for this purpose. Irrespective of this, data that is not collected directly on your end devices may also be stored in your
user profiles. The
Storage and analysis also takes place across devices; this applies in particular, but not
exclusively, if you are registered as a member and logged in to the respective platforms
.
In addition, we collect and process user data (names of users) in block lists,
which are excluded from further use
of our platform presences due to violations of our usage guidelines.
As the provider of this information service, we do not collect and process any other
data from your use of our service.
The platforms sometimes process and store your data in a third country (USA). A
corresponding data protection agreement has been concluded where necessary
The service providers are obliged by corresponding contractual provisions
and/or by means of certification via the US-EU Data Privacy Framework to comply with the
data protection standards of the EU and to guarantee the European level of data protection at
. Data processing or storage in third countries may also take place on
the basis of your consent (Art. 49 para. 1 sentence 1 lit. a GDPR), in this case
you will be informed separately about this and about possible associated risks.
Possible risks are that your data may be processed by US authorities for control and
monitoring purposes without you possibly being entitled to
legal remedies. The assertion of
data subject rights may also be restricted.
The processing of users’ personal data is based on our
legitimate interests in effective user information and communication with
users in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. If you are asked by the respective providers
for consent to data processing (i.e. you give your consent e.g.
by ticking a checkbox or confirming a button),
the legal basis for processing is Art. 6 para. 1 sentence 1 lit. a GDPR, § 25 para. 1 TDDDG.
Objection option
If you are a member of a social network and do not want the network to collect data about you via
and link it to your stored membership data at
, you must
log out of the respective network before visiting our website,
- delete the cookies present on the device and
- Close and restart your browser.
However, after re-registering, you will again be recognizable to the network as a specific
user.
For a detailed description of the respective processing and the
opt-out options, please refer to the following linked information
of the providers.
Also in the case of requests for information and the assertion of user rights, we point out
that these can be asserted most effectively with the providers. Only
providers have access to the user’s data and can directly request the relevant information.
take measures and provide information. If you still need help, you can contact us at
.
- Facebook (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour,
Dublin 2, Ireland) –
Privacy Policy: https://www.facebook.com/about/privacy/ Opt-
out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.co
m - Instagram (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal
Harbour, Dublin 2, Ireland) -Privacy Policy / Opt-
out: http://instagram.com/about/legal/privacy/. - LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) –
Privacy Policy: https://de.linkedin.com/legal/privacy-policy, Opt-
out: https: //www.linkedin.com/psettings/advertising-data - YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland –
Privacy Policy / Opt-out: https://policies.google.com/privacy?hl=de&gl=de
Online offers for children
Persons under the age of 16 may not transmit any personal data to us or submit a declaration of consent without the consent of their legal guardian. We would like to encourage parents and legal guardians to actively participate in the online activities and interests of their children.
Links to other providers
Our website also contains – clearly recognizable – links to the websites of other companies. Where links to websites of other providers are available, we have no influence on their content. Therefore, no guarantee or liability can be assumed for this content. The respective provider or operator of the pages is always responsible for the content of these pages.
The linked pages were checked for possible legal violations and recognizable infringements at the time of linking. Illegal contents were not recognizable at the time of linking. However, permanent monitoring of the content of the linked pages is not reasonable without concrete evidence of an infringement. If we become aware of any legal infringements, such links will be removed immediately.