Data Privacy Statement
Welcome to our homepage and thank you for your interest in our company. The Hotel DEUTSCHE EICHE is a company of the Josef Sattler GmbH. Privacy and discretion is of utmost priority to us in our interactions with our customers and partners. We value the trust you place in us and feel obligated to handle your data in a careful manner and to protect it from any misuse.
In order to ensure that you feel safe about visiting our website, we take the protection of your personal data and its careful management very seriously. In this effort, we act according to legal requirements regarding the protection of personal data and data security. We would hereby like to provide you with information regarding data security and to inform you on when we save data, which data it is and how we use it – naturally in full accordance with the prevailing German legal framework. Data protection at the Josef Sattler GmbH follows the EU’s General Data Protection Regulation and is based on the current Federal Data Protection Law (Bundesdatenschutzgesetz, BDSG). Regarding the use of the internet, we have aligned our data protection efforts with the Telemedia Law (Telemediengesetz, TMG) of the Federal Republic of Germany.
Collection and Processing of personal Data
You can visit our web pages without letting us know who you are. Our web servers only save general pieces of information, such as the type of web browser, the operation system, the domain names of your internet service provider, the website from which you visit us, the pages that you visit on our website, as well as the date and the length of your visit. These are all pieces of information based on which it cannot be inferred, who the website visitor is. We analyze this data exclusively for statistical purposes and only on an anonymous basis.
Data Protection at Piwik
If you do not agree with the storage and evaluation of your data, you can veto this activity through an opt-out cookie in your browser, which prevents Piwik from gathering data on your session. Please note that when you delete cookies, this will also erase the opt-out cookie, meaning that you will have to reactivate it. You can find further information regarding the handling of user data in the “Data privacy statement of Matomo (Piwik)”.
Use and Transfer of collected Data
Personal data you provide is used exclusively for agreed-upon purposes, so normally for the fulfillment of the contract made with you or to reply to your inquiries.
If you use services, only data will be collected, which is necessary to carry out the services in question. In case we ask you for further data, the provision of information to us is entirely voluntary on your part. The processing of personal data takes place exclusively to deliver service that has been demanded and to protect justified own business interests.
Is personal Data forwarded to Third Parties?
The processing and use of your data for advisory services, advertisement and market research is contingent on your explicit permission. Your data is not sold or lent out or made available to third parties in any way. The transfer of personal data to state institutions and authorities takes place only within the framework of obligatory national legal regulations.
On some of our pages so-called cookies are applied. A cookie is a small text file, which is saved onto your hard drive from a website. Cookies do not damage your computer and do not contain viruses. The cookies on our web pages do not collect personal data. We use the information contained within cookies to ease your use of our website and to adapt it to your needs. You can, of course, also visit our website without the use of any cookies. If you do not wish to have cookies saved on your computer, you may deactivate the respective option in the settings of your browser. You can delete saved cookies in the system settings of your browser at any time. However, when you do not accept cookies, you may experience reduced functionality on our web pages.
Use of Google Maps
Data Protection and the Application of Partner Portals
The Josef Sattler GmbH applies technical and organizational safety measures according to § 9 BDSG to protect your data managed by us against involuntary or intentional manipulation, loss, destruction or unauthorized access. Our safety measures are being continually improved in line with technological progress. The Josef Sattler GmbH stores information relevant to data protection only using safe systems in Germany. Access to the data is open only to a few individuals with prior authorization, who are also obliged to uphold data protection rules and who are involved in the technical, administrative or editorial management of data.
Protection of Minors
Children or youth of non-legal age are not allowed to transfer personal data to our website without the approval of their parent or guardian. The Josef Sattler GmbH will never knowingly collect, use or transfer to third parties personal data of children or youth of non-legal age.
User Declaration of Consent
User Declaration of Consent
By using our websites and their content, you declare your consent to the storage, processing and use of the data you provide us with voluntarily, in line with the concepts described in this data privacy statement.
Public procedural log of the Josef Sattler GmbH
Name of the responsible body:
Josef Sattler GmbH
Manager responsible for data processing:
Wilhelm Kluß (Data Protection Commissioner)
Address of the responsible body:
Reichenbachstraße 13 - 80469 Munich
Phone: +49 89 – 23 11 66 0
Fax: +49 89 – 23 11 66 98
Intended Purpose of Data Collection, Processing and Use
The management of a hotel and restaurant, as well as all other businesses associated with them are the purpose of the collection, processing and use.
Secondary purposes are accompanying or support functions in the handling of human resources, intermediaries, suppliers and service providers.
At the hotel, CCTV cameras are installed exclusively to gather evidence against vandalism, burglary, robbery or other criminal acts. Attention is drawn to the use of video cameras via the use of warning notices. Digitalized records of reservation discussions are only made with the explicit approval of interlocutors, for documentation and training purposes or to store evidence. The collection, processing and use of data is carried out for the aforementioned purposes.
Description of Affected Persons and the related Data/Data Categories
Personal data is collected, processed and used with respect to the following groups of individuals:
- Guest data (especially address details, reservation details, guest wishes, invoicing data)
- Customer data (especially address details, contract details, invoicing details, service details)
- Data on prospective customers (especially lodging and room inquiries, address details)
- Employee data, applicant data, pension holders (especially employee and wage data)
- Business partners, external service providers (especially address and service details and invoicing data)
- Suppliers (especially data on addresses, invoicing, service provision, functions)
- Non-assignable group of individuals: video recordings, as long as these are necessary for the aforementioned purposes.
Categories of Recipients, to whom Data may be disclosed
Hotels, guesthouses and other accommodation providers are allowed to collect personal data of their guests and to store it in an automated process, to the extent that this is necessary within the framework of the lodging contract. These would normally constitute invoicing data on meals and drinks, telephone calls made from a hotel room and/or other hotel-specific services. Hotels and accommodation providers are obliged according to registration regulations to ask for the address details, date of birth, ID number and the citizenship of their guests and individuals accompanying them.
Data may also be disclosed to the following recipients:
- Public authorities, which receive data based on their legal obligations (e.g. social insurance agencies)
- Internal departments involved in carrying out the respective business processes (e.g. human resources and management, accounting, marketing, sales, IT and the central reservation desk (customer service center)
- External contractors (service providers) according to § 11 BDSG
- Further external bodies (e.g. financial institutions), as well as partner companies, within the limits of the services demanded by the customer
Regular Deadlines for the Deletion of Data
The legislature has introduced various obligations and deadlines related to data storage. As these deadlines pass, the relevant data and data banks are routinely deleted when they are no longer necessary for contract fulfillment (guest contracts, rental agreements and service contracts). The commercial and financially relevant data of a completed business year are deleted after ten years, in accordance with legal requirements, unless longer storage deadlines are imposed or are necessary on a justified basis. In certain areas of human resource management shorter deletion deadlines are set. This is especially the case for rejected applications and written employee warnings. If data is not affected in this way, it will be deleted automatically, as long as the purposes mentioned above are no longer relevant.
Registration forms are stored by accommodation providers in line with the prevailing registration regulation for the legally-defined minimum length, after which they are disposed of with special precaution and in a manner aligned with data protection principles.
Planned Transfer of Data to third Countries
Data transfer to third countries may occur only in exceptional cases explicitly defined by the Federal Law on Data Protection (BDSG), such as in relation to contract completion or necessary communication. A transfer of data to third countries, especially to countries where the level of data protection is deemed to be low or to those outside of the European Union, does not take place and is not planned.
Safeguarding the Processing of Data
The Josef Sattler GmbH employs technical and organizational security measures according to § 9 BDSG to protect the data being managed against unintentional or planned manipulation, loss, destruction or unauthorized access. The introduced safety measures are continually updated as the technology develops. This also means that the Josef Sattler GmbH stores personal data only by using safe systems in Germany. Access to the data is open only to a few individuals with prior authorization, who are responsible for the technical, administrative or editorial management of the data.
Name and Address of the Data Security Commissioner
Josef Sattler GmbH
Mr. Wilhelm Kluß
Data Security Commissioner
Phone: +49 89 23 11 66 60
Public procedural log date: May 24 2018
Person responsible for the contents of the public procedural log:
Data Security Commissioner of the Josef Sattler GmbH