Privacy Policy
We are pleased that you are visiting our website. The protection and security of your personal information when using our website is very important to us. We would therefore like to inform you at this point which of your personal data we collect when you visit our website and for what purposes it is used.
This data protection declaration applies to the website of the Wilmina GmbH, which can be reached under the domain wilmina.com as well as the various subdomains (“our website”).
Who is responsible and how do I contact you?
Responsible
for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)
Wilmina GmbH
Kantstraße 79
10627 Berlin
+49 30 2018050
welcome@wilmina.com
Data protection officer
DataSolution LUD GmbH
Isarstr. 13
14974 Ludwigsfelde
Berit Schubert
b.schubert@ds-lud.de
What is this about?
This data protection declaration meets the legal requirements for transparency in the processing of personal data. This is all information that relates to an identified or identifiable natural person. This includes, for example, information such as your name, your age, your address, your telephone number, your date of birth, your e-mail address, your IP address or user behavior when visiting a website. Information with which we cannot (or only with disproportionate effort) relate to you personally, e.g. through anonymization, are not personal data. The processing of personal data (e.g. the collection, querying, use, storage or transmission) always requires a legal basis and a defined purpose.
Stored personal data are deleted as soon as the purpose of the Processing has been achieved and there are no legitimate reasons for further retention of the data. We will inform you about the specific storage periods and criteria for storage in the individual processing operations. Regardless of this, we store your personal data in individual cases to assert, exercise or defend legal claims and if there are statutory retention requirements.
Who gets my data?
We only pass on your personal data that we process on our website to third parties if this is necessary for the fulfillment of the purposes and in individual cases is covered by the legal basis (e.g. consent or protection of legitimate interests). In addition, we pass on personal data to third parties in individual cases if this serves to assert, exercise or defend legal claims. Possible recipients can then e.g. Law enforcement authorities, lawyers, auditors, courts, etc.
Insofar as we use service providers for the operation of our website who, as part of order processing on our behalf, provide personal data in accordance with. Process Art. 28 GDPR, these recipients of your personal data can be. You can find more detailed information on the use of processors and web services in the overview of the individual processing operations.
Online booking via the website
On our website there is the possibility to book rooms and arrangements. If you as a user take advantage of this option, the data entered in the input mask will be transmitted to us and stored. These data are: title, first name, last name, e-mail address, telephone, address, number of fellow travelers, wishes, date, time.
If you make an online booking from our website, this is done through the online reservation system SynXis of Design Hotels AG. All booking data entered by you will be transmitted in encrypted form. Design Hotels AG takes all organisational and technical measures to protect your data.
The data will be used exclusively for the processing of the booking and for communication.
Legal basis for data processing
The legal basis for the processing of the data is the conclusion of an accommodation contract with the user.
Purpose of data processing
The processing of the personal data from the input mask serves us solely to process the booking request and to process the payment transactions.
Duration of storage
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of a contractual relationship, we will delete the data received as soon as national, commercial, statutory or contractual retention regulations have been met.
Online booking via other websites
You have the option of booking rooms and arrangements through hotel reservation portals (third-party providers). If you take advantage of this option, the data entered in the input mask will be transmitted to us and stored to the extent permitted by the respective hotel reservation portal in accordance with its own data protection regulations. Data can be: first name, last name, e-mail address, telephone, address, number of fellow travelers, estimated time of arrival, wishes, payment data (credit card).
The data provided is transferred to our hotel software via a so-called channel manager of the SynXis platform of Design Hotels AG. All received booking data is transmitted in encrypted form.
The data will be used exclusively for the processing of the booking and for communication.
Legal basis for data processing
The legal basis for the processing of the data is the conclusion of an accommodation contract with the user.
Purpose of data processing
The processing of the personal data from the input mask serves us solely to process the booking request and to process the payment transactions.
Duration of storage
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of a contractual relationship, we will delete the data received as soon as national, commercial, statutory or contractual retention regulations have been met.
The hotel has no influence on the storage periods at the respective hotel reservation portal.
Your stay at the hotel
During their stay at our hotel, we collect and process information about guests in our hotel software. Data of the following groups of persons may be stored:
- Guests, business partners, companies
- Interested parties and potential interested parties (e.g. in the case of inquiries about offers)
The stored data may include:
- First and last name
- Date of birth
- Contact details (telephone, e-mail address)
- Address
- Nationality
- Company
- Identity card and passport data
- Data relating to the services
- Billing
- Data about payment processing (e.g. credit card data)
- Video recordings for the collection of evidence in the event of vandalism, burglary, robbery or other criminal offences
If you have made the booking in a hotel portal, with a tour operator or in a travel agency, your data will be forwarded to us by these providers for the fulfilment of the concluded contract.
Purposes and legal basis of data processing
We use the personal data provided by you exclusively for the fulfilment of the agreed contractual services, i.e. the administration, care and hospitality of guests within the framework of the accommodation contract.
We store your data in our hotel software as well as in reservation, billing and payment applications. In addition to your personal information, this may include billing information about food and beverages, in-room phone calls, and/or other hotel-specific services.
Due to the registration regulations (§ 29 et seq. of the Federal Registration Act), we are obliged for hotels to have their guests fill out a registration form on site or online. In addition to the first and last name and address, this also contains information about the date of birth, nationality and the accompanying family members. We also have to ask for an ID number from foreign guests. All other information is voluntary.
If services are used, as a rule, only such data is collected that is required for the provision of the services. If further data is collected, it is voluntary information. The processing of personal data is carried out exclusively for the fulfilment of the requested services and for the protection of our own legitimate business interests in accordance with Art. 6 para. 1 lit. f GDPR.
Data is used for the following purposes:
- Registration on arrival and departure incl. filling out the registration form
- The handing over of the room card for yourself and fellow travelers
- Implementation of desired services
- Handling of payment modalities
- Storage of preferences for future hotel stays
Contact details of our guests can be used for advertising purposes at a later date. The use of the e-mail address requires your consent.
Data will only be processed for purposes other than those mentioned if this processing is carried out in accordance with Art. 6 para. 4 GDPR and are compatible with the original purposes of the contractual relationship. We will inform you about such processing of your data before such further processing.
Recipients to whom the data may be disclosed:
- Public bodies that receive data on the basis of legal regulations (e.g. law enforcement authorities, public authorities)
- Internal departments that are involved in the execution and fulfillment of the respective business processes (e.g. administration, accounting, sales & marketing, IT organization)
- Affiliated hotels (master data in the PMS)
- External contractors in accordance with Art. 28 GDPR (service companies)
- Other external bodies (e.g. credit institutions)
Deletion of data
The legislator has enacted a wide range of retention obligations and periods. After expiry of these periods, the corresponding data and data records are routinely deleted when they are no longer required for the fulfillment of the contract. For example, the commercial or financial data of a completed financial year will be deleted after a further ten years in accordance with the legal regulations, unless longer retention periods are prescribed or necessary for legitimate reasons. Reservation documents can be destroyed after 6 years, the registration form after one year at the end of the quarter. If data is not affected by this, it will be deleted without being requested to do so if the stated purposes cease to apply.
Video recordings are stored for 72 hours.
Use of company contacts for support, advice and advertising
For the support, advice and advertising of corporate customers, we collect and use the contact person, telephone number and postal address in addition to the business partner or potential business partner. We receive the information from various sources, either through an inquiry (e-mail or telephone), but also through events, trade fairs, business cards received by our sales representatives, etc.
Legal basis for data processing
The legal basis for the processing of the data is also our legitimate interest in data processing. If the purpose of the contact is to conclude a contract, the additional legal basis for the processing is the business initiation or contractual relationship .
Purpose of data processing
We use this contact data exclusively for our own purposes and for the needs-based design of our own sales activities.
Duration of storage
In principle, there is no deletion period. However, if our sales department has not had any contact with the company contact within 3 years, the sales department will decide whether the contact person of the company contact will be deleted.
If the contact is a pre-contractual relationship (offer, booking or reservation request), the transmitted data will also be stored in our hotel software and used to execute the contract. If there is no contractual relationship, we will delete the data after one year at the end of the year.
Possibility of objection
As a company contact, you have the option to object to the processing of your data at any time. For this purpose, we have set up the e-mail address welcome@wilmina.com. In this case, all personal data of the contact person that has been stored for the business partner will be deleted.
Contact by e-mail
You have the possibility to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.
Legal basis for data processing
The legal basis for the processing of the data is, first of all, our legitimate interest in data processing in the context of contacting the inquirer. If the purpose of the contact is to conclude a contract, the additional legal basis for the processing is within the framework of a pre-contractual relationship or contractual relationship.
Purpose of data processing
The processing of the personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.
Duration of storage
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
If the contact is a pre-contractual relationship (offer or reservation request), the transmitted data will also be stored in our hotel software and used to execute the contract. If there is no contractual relationship, we will delete the data after one year at the end of the year.
Possibility of objection
You have the option to object to the processing of your data at any time. We have set up the e-mail address welcome@wilmina.com for this purpose. We would like to point out that in the event of an objection, the conversation cannot be continued or we will not receive any offers, etc. can create. In this case, all personal data stored in the course of contacting us will be deleted.
Newsletterservice
On our website there is the possibility to register for our newsletter service in different ways. If you, as a user, take advantage of this opportunity to register on the website, the data entered in the input mask will be transmitted to us and stored. These data are: first name, last name, e-mail address.
If we otherwise receive an e-mail address where the recipient clearly informs us that he would like to receive our newsletter, we will collect his data via the input mask on our website.
Legal basis for data processing
The legal basis for the processing of the data is the consent of the recipient. This is ensured by a double opt-in procedure.
Purpose of data processing
The processing of personal data serves us solely for the purpose of sending individual newsletters.
Duration of storage
The data will be deleted as soon as the newsletter service is unsubscribed.
Possibility of objection
As a recipient of newsletters, you have the option to object to the processing of your data at any time. With each newsletter, the recipient can unsubscribe from the newsletter service. In addition, we have set up the e-mail address welcome@wilmina.com . Please let us know your e-mail address here.
Applications in our company
You have the opportunity to apply for a job advertisement or send us an unsolicited application, preferably by e-mail or on paper. From our website you can access our job advertisements on Hotel Career. If you take advantage of this option, we will store general information about you in an administration program. These data are:
- Salutation
- First name, last name
- Address
- Date of birth
- E-mail address
- Telephone
- Application date
- Advertised as
- For which department advertised
- As advertised (by email, via HotelCareer, by post)
In addition, we may forward your application internally to the responsible department head. A further transfer of the data to third parties does not take place in this context. The data will be used exclusively for the processing of the application and for communication.
Legal basis for data processing
The legal basis for the processing of the data is also the processing for a pre-contractual relationship or contractual relationship.
Purpose of data processing
The processing of personal data serves us solely to process the application.
Duration of storage
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. If you are not hired in our company, we will delete all data and documents relating to your application after 6 months at the latest. If, due to your qualifications, we wish to keep your documents for a longer period of time, we will obtain your permission to do so.
Possibility of objection
As an applicant, you have the option to object to the processing of your personal data at any time. To do this, please contact the e-mail address team@wilmina.com. We would like to point out that in the event of an objection, the application cannot be completed or the conversation cannot be continued.
Security
We implement technical and organizational security measures in accordance with Art. 32 GDPR in order to protect your data managed by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security measures are continuously improved in line with technological developments. Access to it is only possible for a few authorised persons and persons obliged to provide special data protection who are involved in the technical, administrative or editorial support of data.
For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses SSL or TLS encryption. This means that data that you transmit via this website cannot be read by third parties. You can recognize an encrypted connection by the “https://” address line of your browser and the lock symbol in the browser line.
Protection of minors
This service is mainly aimed at adults. We do not currently market any special areas for children. As a result, we do not knowingly collect age information, nor do we knowingly collect personal information from children under the age of 16. However, we advise all visitors to our website under the age of 16 not to disclose or provide any personal data via our service. In the event that we discover that a child under the age of 16 has provided us with personal information, we will delete the child’s personal information from our files to the extent technically feasible.
What rights do I have?
Under the conditions of the statutory provisions of the General Data Protection Regulation (GDPR), you as a data subject have the following rights:
- Information in accordance with Art. 15 GDPR about the data stored about you in the form of meaningful information on the details of the processing and a copy of your data;
- Correction in accordance with Art. 16 GDPR of inaccurate or incomplete data stored by us;
- Deletion in accordance with Art. 17 GDPR of the data stored by us, insofar as the processing is not necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
- Restriction of the processing in accordance with Art. 18 GDPR, insofar as the correctness of the data is disputed, the processing is unlawful, we no longer need the data and you refuse to delete it, because you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR.
- Data portability in accordance with Art. 20 GDPR, insofar as you have provided us with personal data within the framework of consent pursuant to Art. 6 sec. 1 lit. a GDPR or on the basis of a contract pursuant to Art. 6 sec. 1 lit.b GDPR and these were processed by us by means of automated procedures. You receive your data in a structured, common and machine-readable format or we transmit the data directly to another responsible person, as far as this is technically feasible.
- In accordance with Art. 21 GDPR, you object to the processing of your personal data, insofar as they are carried out on the basis of Art. 6 sec. 1 lit. e, f GDPR and there are reasons for doing so, which arise from your particular situation or if the objection is directed against direct marketing. The right to object does not exist if overriding, overriding reasons for processing are proven or if the processing is carried out for the assertion, exercise or defence of legal claims. Insofar as there is no right to object in individual processing operations, this is indicated therein.
- Revocation in accordance with Art. 7 sec. 3 GDPR of your given consent with effect for the future.
- Complaint under Art. 77 GDPR to a supervisory authority if you believe that the processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, your workplace or our company headquarters.
How will my data be processed in detail?
In the following we will inform you about the individual processing operations, the scope and purpose of the data processing, the legal basis, the obligation to provide your data and the respective storage period. An automated decision in individual cases, including profiling, does not take place.
Provision of the website
Type and scope of processing
When you visit and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:
- IP address of the requesting computer
- Date and time of access
- Name and URL the retrieved file
- website from which access is made (referrer URL)
- browser used and, if applicable, the operating system of your computer, as well as the name of your access provider
Our website is not hosted by us, but by a service provider who for the purpose of the aforementioned data on our behalf in accordance with. Art. 28 GDPR processed.
Purpose and legal basis
The processing is carried out to safeguard our overriding legitimate interest in displaying our website and ensuring security and stability on the basis of the Art. 6 para. Lit. f GDPR. The collection of data and storage in log files is essential for the operation of the website. There is no right to object to the processing due to the exception according to Art. 21 Paragraph 1 GDPR. Insofar as the further storage of the log files is required by law, the processing takes place on the basis of Art. 6 Para. 1 lit. c GDPR. There is no legal or contractual obligation to provide the data, but it is technically not possible to call up our website without providing the data.
Storage duration
The aforementioned data are used for the duration of the display of the website [and for technical reasons beyond that for a maximum of [7 days]].
Presences on social media platforms
We maintain so-called fan pages or accounts or channels on the networks mentioned below in order to provide you with information and offers within social networks and to offer you further ways to contact us and to find out about our offers. In the following, we inform you about what data we or the respective social network process from you in connection with the access and use of our fan pages/accounts.
Data we process from you
If you wish to contact us via Messenger or Direct Message via the respective social network, we will normally process your username, through which you contact us and store any other data you provide if this is necessary to process/respond to your request.
The legal basis is Art. 6(1) sentence 1 f) GDPR (processing is necessary to safeguard the legitimate interests of the controller).
(Static) Usage data we receive from the social networks
We receive automatically provided statistics about our accounts through Insights functionalities. The statistics include the total number of page views, likes, page activity and post interactions, reach, video views/views, and the proportion of men/women among our fans/followers.
The statistics contain only aggregated data which cannot be related to individuals. They are not identifiable to us.
What data you process social networks
In order to view the content of our fan pages or accounts, you do not have to be a member of the respective social network and no user account is required for the respective social network.
Please note, however, that when the respective social network is accessed, the social networks also collect and store data from website visitors without a user account (e..B. technical data in order to be able to view the website to you) and use cookies and similar technologies, which we have no influence on. Details can be found in the privacy policy of the respective social network (see the corresponding links above)
If you wish to interact with the content on our fan pages/accounts, e.B.g. comment, share or like our postings/posts and/or contact us via Messenger functions, prior registration with the respective social network and the provision of personal data is required.
We have no influence on the data processing by the social networks in the context of your use. To our knowledge, your data will be stored and processed in particular in connection with the provision of the services of the respective social network, furthermore for the analysis of the usage behaviour (using cookies, pixel/web beacons and similar technologies) on the basis of which advertising based on your interests is played out both within and outside the respective social network. It cannot be excluded that your data will be stored by the social networks outside the EU/EEA and will be passed on to third parties.
Information on, among other things, the exact scope and purposes of the processing of your personal data, the storage period/deletion as well as guidelines on the use of cookies and similar technologies in the context of the registration and use of social networks can be found in the social protection policy/cookie policy. There you will also find information about your rights and possibilities of objection.
Instagram page
When you visit our Instagram page, Instagram (Meta) collects, among other things, your IP address and other information that is available on your PC in the form of cookies. This information is used to provide us, as the operator of the Instagram pages, with statistical information about the use of the Instagram page. Instagram provides further information on this under the following link (Note: by clicking on the following link, you will be taken to the website of the social network Facebook, also part of the Meta Group. However, the information provided via the link applies equally to the social network Instagram): https://facebook.com/help/pages/insights.
By means of the transmitted statistical information, it is not possible for us to draw conclusions about individual users. We only use these in order to be able to respond to the interests of our users and to continuously improve our online presence and to ensure the quality of it.
We collect your data via our fan page only in order to realize a possible provision for communication and interaction with us. This survey usually includes: Your name, message content, comment content, and the profile information you provide “publicly.”
The processing of your personal data for our above-mentioned purposes takes place on the basis of our legitimate business and communicative interest in offering an information and communication channel in accordance with Art. 6 para. 1 f) GDPR. If you as a user have given your consent to data processing to the respective provider of the social network, the legal basis of the processing extends to Art. 6 para. 1 a), Art. 7 GDPR.
Due to the fact that the actual data processing is carried out by the provider of the social network, our access options are limited to your data. Only the provider of the social network is authorized to have full access to your data. Due to this, only the provider can directly take and implement appropriate measures to fulfill your user rights (request for information, deletion request, objection, etc.). The assertion of corresponding rights is therefore most effectively asserted directly against the respective provider.
Together with Instagram, we are responsible for the personal content of the fan page. Data subject rights can be asserted with Meta Platforms Ireland Ltd. as well as with us.
The primary responsibility for the processing of Insights data under the GDPR lies with Instagram and Instagram fulfils all obligations under the GDPR with regard to the processing of Insights data, Meta Platforms Ireland Ltd. makes the essence of the Page Insights supplement available to the data subjects.
We do not make any decisions regarding the processing of Insights data and the storage period of cookies on user devices.
Further information can be found directly on Instagram (supplementary agreement with Facebook): https://www.facebook.com/legal/terms/page_controller_addendum.
Further information on the exact scope and purposes of the processing of your personal data, the storage period/deletion as well as guidelines for the use of cookies and similar technologies in the context of registration and use can be found in Instagram’s privacy policy/cookie policy (Note: by clicking on the following link you will be taken to the website of the social network Facebook):
https://help.instagram.com/519522125107875/?helpref=uf_share
This information can also be viewed in the help section of the Instagram website via the following link:
https://help.instagram.com/581066165581870
LinkedIn page
LinkedIn is a social network of LinkedIn Inc. based in Sunnyvale, California, USA, which enables the creation of private and professional profiles of natural persons and company profiles. Users can maintain their existing contacts within the social network and make new ones. Companies and other organizations can create profiles where photos and other company information are uploaded to present themselves as employers and hire employees. Other LinkedIn users have access to this information and can write their own articles and share this content with others. The focus of the network is on the professional exchange on specialist topics with people who have the same professional interests.
When using or visiting the network, LinkedIn automatically collects data from users or visitors during use or visit, such as user name, job title and IP address. This is done with the help of various tracking technologies. LinkedIn provides benefits based on the data collected in this way, among other things, information, offers and recommendations.
We collect your data via our company profile only in order to realize a possible provision for communication and interaction with us. This survey usually includes: Your name, message content, comment content, and the profile information you provide “publicly.”
The processing of your personal data for our above-mentioned purposes takes place on the basis of our legitimate business and communicative interest in offering an information and communication channel in accordance with Art. 6 para. 1 f GDPR. If you as a user have given your consent to data processing to the respective provider of the social network, the legal basis for the processing extends to Art. 6 para. 1 a, Art. 7 GDPR.
Due to the fact that the actual data processing is carried out by the provider of the social network, our access options are limited to your data. Only the provider of the social network is authorized to have full access to your data. Due to this, only the provider can directly take and implement appropriate measures to fulfill your user rights (request for information, deletion request, objection, etc.). The assertion of corresponding rights is therefore most effectively asserted directly against the respective provider.
Together with LinkedIn, we are responsible for the personal content of our company profile. Data subject rights can be asserted at LinkedIn Inc. as well as with us.
We do not make any decisions regarding the data collected on the LinkedIn site using tracking technologies.
For more information about LinkedIn, visit: https://about.linkedin.com.
Further information on data protection at LinkedIn can be found at: https://www.linkedin.com/legal/privacy-policy.
Further information on the storage period/deletion as well as guidelines for the use of cookies and similar technologies in the context of registration and use on LinkedIn can be found at: https://linkedin.com/legal/cookie-policy?trk=homepage-basic_footer-cookie-policy.
Do we use cookies?
Cookies are small text files that are sent by us to the browser of your device during your visit to our website and stored there. As an alternative to the use of cookies, information can also be stored in the local storage of your browser. Some functions of our website cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies, on the other hand, enable us to carry out various analyses, so that we are able, for example, to recognize the browser you are using when you visit our website again and to transmit various information to us (non-essential cookies). With the help of cookies, we can, among other things, make our website more user-friendly and effective for you, for example by tracking your use of our website and changing your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly via your browser. Cookies do not cause any damage to your device. They can’t run programs and they can’t contain viruses.
We provide information about the respective services for which we use cookies in the individual processing operations. Detailed information on the cookies used can be found in the cookie settings or in the Consent Manager of this website.
Google Analytics
Type and scope of processing
Our website uses Google Analytics 4, a web analytics service provided by Google LLC. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
Google Analytics uses cookies that enable us to analyse your use of our website. The information collected by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there.
We use the User ID function. With the help of the user ID, we can assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and analyse user behaviour across devices.
We also use Google Signals. This allows Google Analytics to collect additional information about users who have activated personalised ads (interests and demographic data) and ads can be delivered to these users in cross-device remarketing campaigns.
In Google Analytics 4, the anonymisation of IP addresses is activated by default. Due to IP anonymisation, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
During your visit to the website, your user behaviour is recorded in the form of “events”. Events can be
- Page views
- First visit to the website
- Start of the session
- Your “click path”, interaction with the website
- Scrolls (whenever a user scrolls to the end of the page (90%))
- Clicks on external links
- Internal search queries
- Interaction with videos
- file downloads
- Ads viewed / clicked on
- language setting
Also recorded:
- Your approximate location (region)
- Your IP address (in abbreviated form)
- Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
- Your internet provider
- the referrer URL (via which website/advertising medium you came to this website)
Purposes of the processing
Google will process the transmitted information on our behalf in order to analyse the use of the website by website visitors and to compile reports on website activity. The reports provided by Google Analytics are used to analyse the performance of the website.
Recipients
Recipients of the data are/may be
- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as order processor pursuant to Art. 28 GDPR)
- Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
- Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
It cannot be ruled out that US authorities may access the data stored by Google.
Third country transfer
Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.
Storage period
The data sent by us and linked to cookies is automatically deleted after 14 months. Data whose retention period has expired is automatically deleted once a month.
Legal basis and cancellation
We process your data with the help of Google Analytics 4 on the basis of your consent in accordance with Art. 6 Para. 1 lit a GDPR in conjunction with. § 25 TTDSG. Your consent. You give your consent by setting the use of cookies (cookie banner / Consent Manager), with which you can also declare your revocation at any time with effect for the future in accordance with Art. 7 para. 3 GDPR.
You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may restrict the functionality of this and other websites. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by (I) not giving your consent to the setting of the cookie or (II) downloading and installing the browser add-on to deactivate Google Analytics HERE.
Further information can be found in the terms of use and in Google’s privacy policy.
Google Tag Manager
Type and scope of processing
We use the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. Google Tag Manager is used to manage website tags from a single interface and allows us to control the exact integration of services on our website.
This allows us to flexibly integrate additional services to evaluate users’ access to our website.
Purpose and legal basis
The use of Google Tag Manager is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR.
Storage time
The actual storage time of the processed data is not influenced by us, but is determined by Google Ireland Limited. For more information, see the privacy policy for Google Tag Manager: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.