Data protection

Data protection at the Kurgesellschaft Bad Gottleuba-Berggiesshübel mbH/Visitor Mine “Marie Louise Stolln”

in accordance with the EU General Data Protection Regulation (GDPR)

Protecting your data is our top priority. In our data protection declaration we would therefore like to disclose to you how we process your data. We would also like to provide you with information about what rights you have regarding the protection of your data.

Please also pass this information on to any people whose data you are currently and will provide us with.

1. Who is responsible for data processing and who can you contact?

1.1. Responsible body

Kurgesellschaft Bad Gottleuba-Berggiesshübel mbH

Talstrasse 2A

01816 Mountain casting hill

Represented by Managing Director Britt Reuter-Bracklow

2. Why do we process your data and on what legal basis?

2.1. Conclusion, execution or termination of a contract

The object of the Kurgesellschaft Bad Gottleuba-Berggieshübel mbH is the operation of the “Marie Louise Stolln” visitor mine, the operation of the tourist information in Bad Gottleuba and Berggiesshübel, the organization of events and the marketing of the double health resort

These include, among others:

• First name Last Name
• Billing and delivery address
• E-mail address
• Billing and payment data
• Date of birth or age
• Telephone number

The legal basis for this is Art. 6 Paragraph 1 Letter b) GDPR, which means you provide us with the data on the basis of the contractual relationship between you and us. In order to process your email address, we are also obliged to send an electronic order confirmation due to a requirement in the German Civil Code (BGB) (Art. 6 Paragraph 1 Letter c) GDPR). We store the data collected for contract processing until the statutory or possible contractual warranty and guarantee rights expire. After this period has expired, we will retain the information relating to the contractual relationship required by commercial and tax law for the periods specified by law. For this period (usually ten years from the conclusion of the contract), the data will be processed again solely in the event of an inspection by the tax authorities.

As part of our business relationship, you must provide the personal data that is necessary for the establishment and implementation of a business relationship and the fulfillment of the associated contractual obligations or which we are legally obliged to collect. Without this data, we will usually have to refuse to conclude the contract or carry out the order or will no longer be able to carry out an existing contract and may have to terminate it.

The following data processing is also required to process the contract:

Information about your postal address For the purpose of processing the contract, we pass it on to a postal or logistics company commissioned by us.

If necessary for the execution of the contract (e.g. for arranging accommodation, outpatient spa treatments, wellness arrangements), other companies also receive your data to which we transmit personal data for the purpose of fulfilling the contract, executing the order or carrying out the business relationship with you (e.g. hotels, guesthouses, private landlords). of holiday apartments/houses/rooms, physiotherapy, tourism service providers, transport companies for transfer services).

For the In case of late payment If the other legal requirements are met, we will transmit the necessary data to a company commissioned to assert the claim. The legal basis for this is both Article 6 paragraph 1 letter b) and Article 6 paragraph 1 letter f) GDPR. The assertion of a contractual claim is to be viewed as a legitimate interest within the meaning of the second provision mentioned.

2.2. Data processing to protect vital interests

In order to protect the vital interests of our guests (Art. 6 Para. 1d GDPR), we also collect personal data in the course of contract processing, in particular with regard to intolerances, allergies, physical limitations, mobility restrictions, other special needs, etc. This data will be used after the end of the contract blocked. you will be through this however not permanently deleted. The data will be deleted unless there are statutory or contractual retention periods or other legal obligations or rights for further storage. The deletion will therefore regularly take place no later than after approx. 3 years.

We do not pass this data on to third parties. We ask for your understanding that due to the blocking, you must always provide this data up to date when a new contract is concluded.

2.3. Data entry from third parties

If you − in accordance with the explanations listed below – If you transmit data from other people (e.g. fellow travelers) to us, you declare with your respective consent that the other people (fellow travelers) are aware of this data protection declaration and also agree to the data processing listed in each case.

2.4. Accessing our website/application

When you access our website/application, the browser used on your device automatically sends information to the server of our website/application and temporarily stores it in a so-called log file. We have no influence on this. Following informations are recorded without your intervention and stored until automated deletion:

• the IP address of the requesting internet-enabled device,
• the date and time of access,
• the name and URL of the retrieved file,
• the website/application from which access was made (referrer URL),
• the browser you use and, if applicable, the operating system of your internet-capable computer as well as the name of your access provider.

The legal basis for the Processing of the IP address is Art. 6 paragraph 1 letter f) GDPR. Our legitimate interest follows from the purposes of data collection listed below. At this point we would like to point out that we cannot and do not draw any direct conclusions about your identity from the data collected.

The IP address of your device and the other data listed above are used by us following purposes used:

• Ensuring a smooth connection setup,
• Ensuring comfortable use of our website/application,
• Evaluation of system security and stability.

The data is for one Period stored for a maximum of 1 year and then automatically deleted. We also use so-called cookies, tracking tools, targeting procedures and social media plug-ins for our website/application. Exactly what these procedures are and how your data will be used for them is explained in section 2.6. explained in more detail.

If you have the so-called in your browser or in the operating system or other settings of your device Geolocation If you have agreed, we use this function to be able to offer you individual services based on your current location (e.g. the location of the nearest branch). We process your location data processed in this way exclusively for this function. If you stop using it, the data will be deleted.

2.5. Data processing for advertising purposes

We do not use or share your data for advertising purposes not for the purpose of advertising to third parties further.

2.6. Online presence and website optimization

2.6.1. Contact and inquiry forms on our website

You have the option of contacting us using various contact or inquiry forms.
The following data, among others, is collected:

• Name first Name
• E-mail address
• Address
• Salutation
• Telephone number
• Age of the children (e.g. when taking part in events in the visitor mine

At this point, your electronic contact data will be processed solely on the basis of your consent (Art. 6 Paragraph 1 Letter a) GDPR).

This data collection is used to communicate with you, i.e. primarily to answer your request. This response will be done via email or telephone.

To defend against legal claims, we store this data and your email address in accordance with Article 17 paragraph 3 letter e) (GDPR) for 3 years from the end of the calendar year in which your request was made. This also applies after any revocation by you. We store emails sent (response to your request) for 10 years in accordance with commercial law regulations. These will then also be deleted.

RIGHT OF WITHDRAWAL:

You can revoke your declared consent at any time with future effect. All you need to do is send a short note via email to datenschutz@badgottleuba-berggiesshuebel.de or a written message to the address under 1.1. mentioned postal address. You can also refer to the information under 1.2. contact details mentioned above.

2.6.2. Cookies – general information

We use so-called cookies on our website. If these cookies are personal data, they are used on the basis of Article 6 Paragraph 1 Letter f) (GDPR). Our interest in optimizing our website is to be viewed as legitimate within the meaning of the aforementioned regulation. Cookies are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not cause any damage to your device and do not contain viruses, Trojans or other malware. The cookie stores information that arises in connection with the specific end device used. However, this does not mean that we receive direct knowledge of your identity. On the one hand, the use of cookies serves to make the use of our offer more pleasant for you. So we put so-called Session cookies to recognize that you have already visited individual pages on our website or that you have already logged into your customer account. These are automatically deleted after you leave our site or close the browser. In addition, we also use this for the purpose of user-friendliness temporary cookies which are stored on your device for a specific period of time. If you visit our site again to use our services, it will automatically be recognized that you have already been with us and what entries and settings you have made so that you do not have to enter them again.

On the other hand, we use cookies to enable the use of our website to be recorded statistically and for the purpose of optimizing our offer for you and to display information specifically tailored to you. These cookies enable us to automatically recognize that you have already been with us when you visit our site again. These cookies are automatically deleted after a defined period of time. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or that a message always appears before a new cookie is created. However, completely deactivating cookies may mean that you cannot use all functions of our website. The storage period of cookies depends on their purpose and is not the same for everyone.

For more detailed information on how to manage cookies, please visit the website “Your Online Choices” (http://www.youronlinechoices.com/de/).

2.6.3. Google Analytics

For the purpose of needs-based design and ongoing optimization of our pages, we use Google Analytics, a web analysis service from Google Inc. (“Google”), based on Article 6 Paragraph 1 Letter f) (GDPR). In this context will be pseudonymized usage profiles created and uses cookies. The information generated by the cookie about your use of this website such as

• Browser type/version,
• operating system used,
• Referrer URL (the previously visited page),
• Host name of the accessing computer (IP address),
• time of server request,

are transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website and internet use for the purposes of market research and the needs-based design of these websites. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of you. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymized so that a Assignment not possible (so-called IP masking).

You can prevent the installation of cookies by setting the browser software accordingly impede; However, we would like to point out that in this case not all functions of this website may be able to be used to their full extent. You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by using this browser add-on: https://tools.google.com/dlpage/gaoptout?hl=de download and install. As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent data collection by Google Analytics by clicking on this link click. An opt-out cookie will be set to prevent future collection of your data when you visit this website. The opt-out cookie only applies in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you will have to set the opt-out cookie again. Further information on data protection in connection with Google Analytics can be found on the Google Analytics website (https://policies.google.com/privacy/update?hl=de).

2.6.4. Google AdWords

As an AdWords customer, we also use Google Conversion Tracking, an analysis service provided by Google Inc. Google Adwords sets a cookie on your computer (“conversion cookie”) if you came to our website via a Google ad. These cookies expire after 30 days and are not used for personal identification. If you visit certain of our pages and the cookie has not yet expired, we and Google can recognize that someone clicked on the ad and was redirected to our site. Every AdWords customer receives a different cookie. Cookies cannot therefore be tracked via the websites of AdWords customers. This information collected is used to create conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, you will not receive any information that can be used to personally identify users. If you do not want to take part in the tracking process, you can also refuse the necessary setting of a cookie - for example by using a browser setting that generally deactivates the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the domain “googleadservices.com”.

2.6.5. Google Maps

This site uses the Google Maps map service via an API. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
In order to use the functions of Google Maps, it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. The use of Google Maps is in the interest of an attractive presentation of our online offerings and to make it easy to find the places we indicate on the website. This represents a legitimate interest within the meaning of Article 6 Paragraph 1 Letter f GDPR.
You can find more information about how we handle user data in Google's privacy policy: https://www.google.de/intl/de/policies/privacy/.

3. Recipients outside the EU

Data will only be transferred to countries outside the EU or the EEA (so-called third countries) - with the exception of the data listed in the following point - if this is necessary to fulfill the contract and is required by law, you have given us your consent or as part of a contractual agreement Order data processing secured by us.

The processing described results in data transmission to the servers of the providers commissioned by us Tracking or targeting technologies. These servers are located in the USA. The data transmission takes place according to the principles of the so-called Privacy Shield as well as on the basis of so-called Standard contractual clauses the EU Commission.

4. Your rights

4.1. overview

In addition to the right to revoke your consent given to us, you are entitled to the following additional rights if the relevant legal requirements are met:

• Right to Information about your personal data stored by us in accordance with Art. 15 GDPR; In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data, if it was not collected directly from you,
• Right to rectification incorrect or correct data in accordance with Art. 16 GDPR,
• Right to deletion Your data stored by us in accordance with Art. 17 GDPR, provided that no statutory or contractual retention periods or other legal obligations or rights for further storage must be adhered to,
• Right to Limitation the processing of your data in accordance with Art. 18 GDPR, if you dispute the accuracy of the data, the processing is unlawful but you refuse its deletion; the person responsible no longer needs the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR,
• Right to Data portability Art. 20 GDPR, i.e. the right to have selected data stored about you transferred to us in a common, machine-readable format, or to request that it be transmitted to another person responsible
• Right to complain at a supervisory authority. As a rule, you can contact the supervisory authority at your usual place of residence or work or at our company headquarters.

4.2. Right to object

Under the conditions of Article 21 Paragraph 1 (GDPR), data processing can be objected to for reasons arising from the particular situation of the data subject.

The above general right of objection applies to all processing purposes described in this data protection information, which are processed on the basis of Article 6 paragraph 1 letter f) (GDPR). In contrast to the special right of objection aimed at data processing for advertising purposes (see point 2.7.3.), we are only obliged to implement such a general objection under the GDPR if you give us reasons of overriding importance for this (e.g. a possible danger for life or health). It is also possible to contact the supervisory authority responsible for Kurgesellschaft mbH, the Saxon data protection officer. Address: Bernhard-von-Lindenau-Platz 1, 01067 Dresden PO Box; 12 09 05, 01008 Dresden, email: saechsdsb@slt.sachsen.de.

5. Data protection for applications

If you apply, we collect different types of information, which you send to us electronically (e.g. via email) or in writing (e.g. by post). This includes in particular your personal data with contact information as well as a description of your training, work experience and skills. You also have the option of providing us with documents (including in electronically stored form) such as certificates or cover letters.

By submitting your application, you certify that the information you have provided is true. We would like to point out that any false information or deliberate omission may constitute grounds for cancellation or subsequent termination.

Personal data is only collected, stored, processed and used for purposes related to your interest in current or future employment with us and the processing of your application. It will not be passed on to third parties. If your application is successful, the data provided can be used for administrative matters relating to employment.

Your application will only be processed and acknowledged by the relevant contact persons at our company. All employees entrusted with this are obliged to maintain the confidentiality of your data. The processing of this data takes place exclusively in Germany.

If we are unable to offer you employment, we will retain the data you provide for up to six months for the purpose of answering questions relating to your application and/or a rejection.

You have the right at any time to request more detailed information about the data stored about you (with regard to a previously submitted application), to view this data and to request that incorrect data about you be corrected or that the stored data be deleted in whole or in part.

All you need to do is send a short note via email datenschutz@badgottleuba-berggiesshuebel.de or a written message to the address under 1.1. mentioned postal address. You can also refer to the information under 1.2. contact details mentioned above.

6. Data Security

All data transmitted by you personally, including your payment details, is transmitted using the commonly used and secure standard SSL (Secure Socket Layer). SSL is a secure and proven standard that is also used, for example, in online banking. You can recognize a secure SSL connection by, among other things, the appended "s" to the "http" (i.e. https://...) in the address bar of your browser or by the lock symbol in the lower part of your browser.

We also use appropriate technical and organizational security measures to protect your personal data stored by us against manipulation, partial or complete loss and against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

7. Currentness and changes to this data protection declaration

This data protection declaration is currently valid and is dated May 2018.

Due to the further development of our website and offers or due to changed legal or official requirements, it may become necessary to change this data protection declaration. The current data protection declaration can be viewed at any time on the website

https://badgottleuba-berggiesshuebel.de/datenschutzklarung.html

https://marie-louise-stolln.de/datenschutzerklärung.html

can be accessed and printed out by you.