Data protection notice

DATA PROTECTION NOTICE

Thank you for visiting our website hotel-esperanto.de and your interest in our company. The protection of your personal data, e.g. date of birth, name, telephone number, address etc., is very important to us. The purpose of this privacy policy is to inform you about the processing of your personal data that we collect when you visit our website. Our data protection practice is in accordance with the legal regulations of the EU Data Protection Regulation (GDPR) and the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG). The following data protection information serves to fulfil the information obligations arising from the GDPR. These can be found, for example, in Art. 13 and Art. 14 et seq. GDPR. 

CONTROLLER

"Controller" within the meaning of Art. 4(7) GDPR is the person who, alone or jointly with others, decides on the purposes and means of processing personal data. Regarding our website, the controller is: 

Kongress- und Kulturzentrum Fulda GmbH & Co. KG
Esperantoplatz 1, 36037 Fulda, Deutschland
E-mail: info@hotel-esperanto.de
Phone: +49 (661) 2 42 91-0
Fax: +49 (661) 2 42 91-151

CONTACT DETAILS OF THE DATA PROTECTION OFFICER

We have appointed a data protection officer pursuant to Art. 37 GDPR. You can reach our data protection officer at the following contact details:

Kongress- und Kulturzentrum Fulda GmbH & Co. KG
- To the Data Protection Officer -
Esperantoplatz 1, 36037 Fulda, Deutschland
E-mail: datenschutz@hotel-esperanto.de

PROVISION OF THE WEBSITE AND CREATION OF LOG FILES

Whenever our website is called up, our system automatically records data and information of the respective calling device (e.g. computer, mobile phone, tablet, etc.).

WHAT PERSONAL DATA ARE COLLECTED AND TO WHAT EXTENT ARE THEY PROCESSED?

(1) Information about the browser type and version used;
(2) The operating system of the accessing device;
(3) Host name of the accessing computer;
(4) The IP address of the accessing device;
(5) Date and time of access;
(6) Websites and resources (images, files, other page content) accessed on our website;
(7) Websites from which the user's system reached our website (referrer tracking);
(8) Notification whether the access was successful;
(9) Amount of data transmitted.

These data are stored in the log files of our system. This data are not stored together with the personal data of a specific user, so that individual visitors to the site are not identified.

LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

Art. 6(1)(f) GDPR (legitimate interest). Our legitimate interest is to ensure that the purpose described below is achieved.

PURPOSE OF THE DATA PROCESSING

Temporary (automated) storage of data are necessary for the course of a website visit to enable provision of the website. Personal data are also stored and processed in order to maintain the compatibility of our website for as many visitors as possible and to combat misuse and troubleshooting. For this purpose it is necessary to log the technical data of the accessing computer in order to be able to react as soon as possible to display errors, attacks on our IT systems and/or errors in the functionality of our website. The data also serves us to optimise the website and to ensure the general security of our information technology systems.

STORAGE DURATION

The above mentioned technical data will be deleted as soon as it is no longer needed to ensure the compatibility of the website for all visitors, but no later than three (3) months after the date of access to our website.

OBJECTION AND DELETION OPTION

You may object to the processing at any time in accordance with Art. 21 GDPR and request the deletion of data in accordance with Art. 17 GDPR. Which rights you are entitled to and how to assert them can be found at the bottom of this data protection notice.

DISTINCTIVE FEATURES OF THE WEB SITE

Our site offers you various features, during the use of which personal data are collected, processed and stored by us. In the following we point out what happens with this data:

CONTACT FORM(S):

WHAT PERSONAL DATA ARE COLLECTED AND TO WHAT EXTENT ARE THEY PROCESSED?

The data you entered in our contact forms, which you entered in the input mask of the contact form.

LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

Art. 6(1)(a) GDPR (consent by means of a clear confirmatory act or conduct)

PURPOSE OF THE DATA PROCESSING

We will only use the data recorded via our contact form(s) for processing the specific contact enquiry received via said contact form(s). Please note that in order to fulfil your contact request, we may also be able to send you e-mails to the address provided. The purpose of this is to enable you to receive confirmation from us that your request has been correctly forwarded to us. However, the sending of this confirmation e-mail is not binding on us and serves only to inform you.

STORAGE DURATION

After processing your request, the collected data will be deleted immediately, unless there is a legal retention period.

REVOCATION AND DELETION OPTION

The revocation and deletion options are based on the general regulations on the right of revocation and deletion under data protection law described below in this data protection information.

NECESSITY OF THE PROVISION OF PERSONAL DATA

The use of the contact forms is on a voluntary basis and is neither contractually nor legally stipulated. You are not obliged to contact us via the contact form, but you can also use the other contact options provided on our website. Provided that you want to use our contact form, you must fill in the fields marked as mandatory. If you do not fill in the mandatory details of the contact form, you will either not be able to send the request or we will unfortunately not be able to process your request.

NEWSLETTER SUBSCRIPTION FORM:

WHAT PERSONAL DATA ARE COLLECTED AND TO WHAT EXTENT ARE THEY PROCESSED?

By subscribing to the newsletter on our website, we receive the e-mail address you entered in the subscription field and, if applicable, further contact data, provided that you submit these to us via the newsletter subscription form.

LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

Art. 6(1)(a) GDPR (consent by means of a clear confirmatory act or conduct)

PURPOSE OF THE DATA PROCESSING

The data entered in the subscription form of our newsletter will be used by us exclusively for sending our newsletter, in which we inform you about all our services and news. After subscribing, we will send you a confirmation e-mail containing a link that you must click on to complete the subscription to our newsletter (double opt-in).

STORAGE DURATION

Our newsletter can be cancelled at any time by clicking on the unsubscribe link, which is also included in every newsletter. Your data will be deleted by us immediately after you unsubscribe, unless there is a legal obligation to keep records. Likewise, your data will be deleted by us immediately in the event of an incomplete registration. We reserve the right to delete without giving reasons and without prior or subsequent notice.

REVOCATION AND DELETION OPTION

The revocation and deletion options are based on the general regulations on the right of revocation and deletion under data protection law described below in this data protection information.

NECESSITY OF THE PROVISION OF PERSONAL DATA

If you would like to use our newsletter, you must fill in the fields marked as mandatory and confirm your e-mail address by clicking on the double opt-in link. The details for the newsletter subscription are neither necessary to enter into a contract with us nor legally binding. They are used exclusively for sending our newsletter. If you do not fill in the mandatory fields, we are unfortunately unable to provide you with our newsletter service.

BOOKING FORM:

SCOPE OF THE PROCESSING OF PERSONAL DATA

The data you enter in our booking form.

LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

Art. 6(1)(b) GDPR (implementation of (pre)contractual measures)

PURPOSE OF THE DATA PROCESSING

We will only use the data recorded via our booking form to process booking requests received via the booking form.

STORAGE DURATION

Your booking will be deleted by us immediately upon expiration of 12 months after the date was set, unless there is a legal obligation to keep records. We reserve the right to delete without giving reasons and without prior or subsequent notice.

OBJECTION AND DELETION OPTION

You may object to the processing at any time in accordance with Art. 21 GDPR and request the deletion of data in accordance with Art. 17 GDPR. Which rights you are entitled to and how to assert them can be found at the bottom of this data protection notice.

NECESSITY OF THE PROVISION OF PERSONAL DATA

Although the use of our booking form is neither contractually nor legally required, it is necessary if you wish to book a date with us online. You must provide certain mandatory information for online bookings. If you do not fully provide the mandatory information, your booking cannot be accepted or processed.

INTEGRATION OF EXTERNAL WEB SERVICES AND PROCESSING OF DATA OUTSIDE THE EU

On our website we use active content from external providers, so-called web services. By accessing our website, these external providers may receive personal information about your visit to our website. This may involve processing of data outside the EU. You can prevent this by installing an adequate browser plugin or by deactivating the execution of scripts in your browser. This may result in functional restrictions on websites that you visit. We use the following external web services:

GOOGLE APIS

A web service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter "Google APIS") is loaded on our website. We use this information to ensure the full functionality of our website. In this context your browser may transmit personal data to Google APIS. The legal basis for data processing is Art. 6(1)(f) GDPR. The legitimate interest lies in an error-free functioning of the website. The data will be deleted as soon as the purpose for which they were collected has been fulfilled. Further information on the handling of the transferred data can be found in the Google APIS data protection information:
https://policies.google.com/privacy

You can prevent the collection and processing of your data by Google APIS by deactivating the execution of script code in your browser or by installing a script blocker in your browser.

BLUEITS

A web service of the company BLUEITS GmbH, Auf den Hochäckern 5, 92224 Amberg, Germany (hereinafter "BLUEITS") is loaded on our website. We use this information to ensure the full functionality of our website. In this context your browser may transmit personal data to BLUEITS. The legal basis for data processing is Art. 6(1)(f) GDPR. The legitimate interest lies in an error-free functioning of the website. The data will be deleted as soon as the purpose for which they were collected has been fulfilled. Further information on the handling of the transferred data can be found in the BLUEITS privacy policy:
https://www.blueits.com/

You can prevent the collection and processing of your data by BLUEITS by deactivating the execution of script code in your browser or by installing a script blocker in your browser.

HOLIDAYCHECK

A web service of the company HolidayCheck AG, Bahnweg 8, 8598 Bottighofen, Switzerland (hereinafter "HolidayCheck") is loaded on our website. We use this information to ensure the full functionality of our website. In this context your browser may transmit personal data to HolidayCheck. The legal basis for data processing is Art. 6(1)(f) GDPR. The legitimate interest lies in an error-free functioning of the website. The EU Commission has established that an adequate level of data protection exists in Switzerland, so that the export of data to Switzerland can be permitted. The data will be deleted as soon as the purpose for which they were collected has been fulfilled. Further information on handling the transferred data can be found in the HolidayCheck data protection information:
https://www.holidaycheck.de/datenschutz

You can prevent the collection and processing of your data by HolidayCheck by deactivating the execution of script code in your browser or by installing a script blocker in your browser. More information on the European

Union adequacy decision can be found at:
https://ec.europa.eu/info/law/law-topic/data-protection_en

DB-APP.DE

A web service of the company DB Vertrieb GmbH, Stephensonstraße 1, 60326 Frankfurt am Main, Germany (hereinafter "db-app.de") is loaded on our website. We use this information to ensure the full functionality of our website. In this context your browser may transmit personal data to db-app.de. The legal basis for data processing is Art. 6(1)(f) GDPR. The legitimate interest lies in an error-free functioning of the website. The data will be deleted as soon as the purpose for which they were collected has been fulfilled. Further information on the handling of the transferred data can be found in the db-app.de privacy policy:
https://www.bahn.com/en/view/home/info/privacy.shtml

You can prevent the collection and processing of your data by db-app.de by deactivating the execution of script code in your browser or by installing a script blocker in your browser.

INFORMATION REGARDING THE USE OF COOKIES

SCOPE OF THE PROCESSING OF PERSONAL DATA

On various pages we integrate and use cookies to enable certain functions of our website and to integrate external web services. The so-called "cookies" are small text files which your browser can store on your access device. These text files contain a characteristic character string that uniquely identifies the browser when you return to our website. The process of saving a cookie file is also known as "setting a cookie". Cookies can be set both by the website itself and by external web services.

LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

Art. 6(1)(f) GDPR (legitimate interest) or Art. 6(1)(a) or Art. 9(1)(a) GDPR (consent). As a rule, in the case of cookies that are collected on the basis of a legitimate interest, our legitimate interest is to ensure the functionality of our website and the services integrated into it (technically necessary cookies). Moreover, it is possible that the cookies increase user-friendliness and enable a more individual approach. Here we have considered your interests and ours. Using cookie technology, we can only identify, analyse and track individual website visitors if the website visitor has consented to the use of the cookie in accordance with Art. 6(1)(a) GDPR.

PURPOSE OF THE DATA PROCESSING

Cookies are set by our website or external web services to maintain the full functionality of our website, to improve user-friendliness or to pursue the purpose stated with your consent. Cookie technology also enables us to recognise individual visitors by using pseudonyms, e.g. an individual or random ID, so that we can offer more personalised services. Details are given in the table below.

STORAGE DURATION

The below listed cookies are stored in your browser until they are deleted or, in the case of a session cookie, until the session has expired. Details are given in the table below:

COOKIE DESCRIPTION

Cookie name - __cfduid
Server - .db-app.de
Provider - CloudFlare (Cloudflare, Inc., 101 Townsend St, 94107 San Francisco)
Purpose - This cookie is used to confirm that the visitor is from a known computer. This allows safety barriers to be overcome and loading times to be accelerated.
Legal basis - Legitimate interest
Storage period - approx. 30 days
Type - Security

Cookie name - fe_typo_user
Server - www.hotel-esperanto.de
Provider - Website administrator
Purpose - Cookie required by the Typo3 web content system. The cookie is saved during the session. It is required to save certain website settings during the website visit (session).
Legal basis - Technically necessary
Storage duration - Session
Type - Session

Cookie name - mobile_detected
Server - .holidaycheck.com
Provider - HolidayCheck
Purpose - This cookie enables us to save individual preferences you have selected and keep them for your current and future visits to the site.
Legal basis - Consent
Storage duration - Session
Type - Configuration

Cookie name - hcweb_www
Server - www.holidaycheck.de
Provider - HolidayCheck
Purpose - The cookie used assigns an ID to the site visitor and collects statistical data about his/her visits to the site. This serves the purpose of individualizing the advertising that is displayed to the user.
Legal basis - Consent
Storage duration - Session
Type - Marketing

Cookie name - internal_traffic
Server - .holidaycheck.com
Provider - HolidayCheck
Purpose - This cookie enables us to save individual preferences you have selected and keep them for your current and future visits to the site.
Legal basis - Consent
Storage period - approx. 19 years
Type - Configuration

Cookie name - hcweb_branch
Server - .holidaycheck.com
Provider - HolidayCheck
Purpose - This cookie enables us to save individual preferences you have selected and keep them for your current and future visits to the site.
Legal basis - Consent
Storage period - approx. 14 days
Type - Configuration

Cookie name - __cflb
Server - vat.db-app.de
Provider - BLUEITS
Purpose - The cookie used assigns an ID to the site visitor and collects statistical data about his/her visits to the site. This serves the purpose of individualizing the advertising that is displayed to the user.
Legal basis - Consent
Storage period - approx. 30 minutes
Type - Marketing

OBJECTION AND REMOVAL OPTION

You can set your browser accordingly to prevent the setting of cookies in general. You can then decide on a case by case basis whether to accept cookies or accept cookies in general. Cookies can be used for various purposes, e.g. to recognise that your access device is already connected with our website (permanent cookies) or to save last viewed offers (session cookies). If you have expressly given us permission to process your personal data, you can revoke this consent at any time. Please note that the lawfulness of the processing carried out on the basis of the consent until revocation is not affected.

DATA SECURITY AND DATA PROTECTION, 
COMMUNICATION BY E-MAIL

Your personal data are protected by technical and organisational measures during collection, storage, and processing so that it is not accessible to third parties. When communicating by e-mail without encryption, we cannot guarantee complete data security on the transmission path to our IT systems, therefore we recommend encrypted communication or by post in case of information with high secrecy requirements.

AUTOMATIC E-MAIL ARCHIVING:

SCOPE OF THE PERSONAL DATA PROCESSING

We explicitly point out that our mail system has an automated archiving procedure. All incoming and outgoing e-mails are thus digitally archived in a tamper-proof manner.

LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

Art. 6(1)(c) GDPR (legal obligation). The legal obligation is to comply with tax and commercial law requirements (e.g. §§ 146, 147 AO ["Abgabenordnung": General Fiscal Law], §§ 238, 257 HGB ["Handelsgesetzbuch": Commercial Code]).

PURPOSE OF THE DATA PROCESSING

The purpose of archiving is to comply with tax law (e.g. §§ 146, 147 AO - obligation to store e-mails of tax law relevance) and commercial law requirements (e.g. §§ 238, 257 HGB - obligation to archive business correspondence).

STORAGE DURATION

Our e-mail communication is stored until the expiry of tax and commercial law retention obligations. The storage period can be up to 10 years.

OBJECTION AND DELETION OPTION

You may object to the processing at any time in accordance with Art. 21 GDPR and request the deletion of data in accordance with Art. 17 GDPR. Which rights you are entitled to and how to assert them can be found at the bottom of this data protection notice.

HANDLING OF APPLICATION DOCUMENTS

We want to point out that we only consider application documents in PDF file form. Zipped files (WinZip, WinRAR, 7Zip, etc.) are filtered out by our security systems and are not delivered. We ignore applications in Word and other file formats and delete them unread. Please bear in mind that application documents sent by e-mail without encryption may be opened by third parties before they reach our IT systems. We assume that we may answer unencrypted application e-mails likewise without encryption. If you do not wish this, please indicate so in your application e-mail.

RIGHT TO INFORMATION AND CORRECTION REQUESTS - RIGHT TO DELETION & RESTRICTION OF PROCESSING - REVOCATION OF CONSENT - RIGHT TO OBJECT

RIGHT TO INFORMATION

You have the right to request confirmation as to whether we are processing personal data about you. To the extent that this is the case, you have a right to be informed of the information specified in Art. 15(1) GDPR, provided that the rights and freedoms of other persons are not affected (cf. Art. 15(4) GDPR). We are also happy to provide you with a copy of the data.

RIGHT TO CORRECTION

In compliance with Art. 16 GDPR, you have the right to have any incorrectly stored personal data (such as address, name, etc.) corrected at any time. You can also at any time request that the data stored with us be completed. A corresponding adaptation will be made without delay.

RIGHT TO DELETION

In compliance with Art. 17(1) GDPR, you have the right to request the deletion of personal data collected about you if:

- the data are no longer needed;

- as a result of the revocation of your consent, the legal basis for the processing has ceased to exist without substitution;

- you have objected to the processing and there are no legal grounds for processing;

- your data are being processed unlawfully;

- a legal obligation so requires or an elicitation pursuant to Art. 8(1) GDPR has taken place.

In compliance with Art. 17(3) GDPR, this right does not exist if:

- processing is necessary for the exercise of the right to freedom of expression and information;

- your data have been collected on the basis of a legal obligation;

- the processing is necessary for reasons of public interest;

- the data are necessary for the assertion, exercise or defence of legal claims.

RIGHT TO RESTRICTION OF PROCESSING

In compliance with Art. 18(1) GDPR, you have the right in individual cases to request that the processing

of your personal data be restricted.

This is the case if:

- the accuracy of the personal data are contested by you;

- the processing is unlawful and you oppose the erasure;

- the data are no longer needed for the purposes of the processing, but the collected data are required by the data subject for the establishment, exercise or defence of legal claims;

- an objection has been submitted against the processing in accordance with Art. 21(1) GDPR and it is still unclear as to which interests prevail.

RIGHT TO WITHDRAWAL

If you have given us your explicit consent to process your personal data (Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR), you can withdraw this consent at any time. Please note that the legal grounds for the processing carried out on the basis of the consent until withdrawal are not affected by this.

RIGHT TO OBJECT

In compliance with Art. 21 GDPR, you have the right to object at any time to the processing of personal data concerning you which has been collected on the basis of Art. 6(1)(f) (within the scope of a legitimate interest). You only have this right if there are special circumstances that speak against storage and processing.

HOW DO I EXERCISE MY RIGHTS?

You can exercise your rights at any time by using the contact details below:

Kongress- und Kulturzentrum Fulda GmbH & Co. KG
Esperantoplatz 1, 36037 Fulda, Deutschland
E-mail: info@hotel-esperanto.de
Phone: +49 (661) 2 42 91-0
Fax: +49 (661) 2 42 91-151

RIGHT TO DATA PORTABILITY

In accordance with Art. 20 GDPR, you have a right to the portability of personal data concerning you. We provide the data in a structured, common and machine-readable format. The data can be sent either to yourself or to a person responsible designated by you.

We will provide you with the following data on request in accordance with Art. 20(1) GDPR:

- data collected on the basis of express consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR;

- data which we have received from you pursuant to Art. 6(1)(b) GDPR within the framework of existing contracts;

- data which have been processed within the framework of an automated procedure.

We will transfer the personal data directly to a responsible person of your choice as far as this is technically feasible. Please note that we are not permitted to transfer data that infringes on the freedoms and rights of other persons in accordance with Art. 20(4) GDPR.

RIGHT OF APPEAL TO THE SUPERVISORY AUTHORITY PURSUANT TO ART. 77(1) GDPR

If you suspect that your data are being processed illegally on our site, you can of course seek legal clarification at any time. In addition, every other legal option is at your disposal. Irrespective of this, Art. 77(1) GDPR provides you with the option of contacting a supervisory authority. The right of appeal under Art. 77 GDPR is available to you in the EU member state of your place of residence, your place of work and/or the place of the alleged infringement, i.e. you can choose the supervisory authority to which you turn from the above-mentioned places. The supervisory authority to which the complaint has been submitted will then inform you of the status and the results of your submission, including the possibility of a legal remedy pursuant to Art. 78 GDPR.

Update: 3 July 2020