Book ...
and arrive and stay

Privacy policy

In the following, we would like to inform you about data protection on our website and about the type, scope and purpose of the personal data we collect, use and process. Data protection has a high priority for us.

Personal data are all data with which you could be personally identified, e.g. name, IP address, telephone number, etc. Some of this data is processed automatically when you visit the website (e.g. IP address, browser type, operating system, etc.), or if you give us your consent to process it, or if you provide us with your data voluntarily, e.g. by entering your data in a form on our website.

We would also like to inform you about your rights under the EU-GDPR.

You have the right to receive information free of charge at any time about the origin, recipient and purpose of your personal data processed by us, as well as the right to correct or delete this data.

You also have the right to request the restriction of the processing of your personal data under certain circumstances. If you have given us your consent to process your data, you can withdraw this consent at any time with effect for the future. You also have the right to file a complaint with the competent data protection supervisory authority.

 

The party responsible for data protection/processing is

Engelwirt GmbH
Reichenauplatz 16
92334 Berching
Germany

Phone +49 (0) 8462.2003387
mail@engelwirt.com

Managing Director: Stephanie Zink

 

Processing of your data in the context of the services we provide

If you are our guest, customer or business partner, or in the event that you are interested in our services, the type, scope and purpose of the processing of your personal data is based on the contractual or pre-contractual relationships existing between us. We process personal data that we request from you or that you provide to us in order to answer your inquiry, prepare an offer for you or process your order. Data subjects are interested parties, guests, customers, business and contractual partners. The processing purpose is the processing of contractual services, communication, as well as answering requests and office and organizational procedures.

Unless otherwise stated in the further information in this privacy policy, the processing of your data and its disclosure to third parties is limited to the data that is necessary and expedient to answer your inquiries and/or to fulfill the contract, to protect our rights and to fulfill legal obligations.

Concerned data are

  • Inventory data (e.g. names, addresses)
  • Payment data (e.g. bank details, invoices)
  • Contact data (e.g. e-mail address, telephone number, postal address)
  • Contract data (e.g. subject matter of the contract, duration of the contract)

The legal basis for data processing is Art. 6 I 1 lit. b GDPR, the fulfillment of the contract or the fulfillment of pre-contractual inquiries.

Unless a specific storage period is specified in this privacy policy, we store your personal data until the purpose for data processing no longer applies. We delete your personal data when we no longer need it, i.e. after termination of the contractual relationship between us, or after our legitimate interest in the further processing of the data has ceased to exist, or if you request us to delete it. Mandatory statutory provisions - in particular statutory retention periods - remain unaffected. It may also be necessary to process your personal data until the expiry of these periods in order to assert, exercise or defend legal claims arising from contractual relationships or to protect the rights of another natural or legal person. We will then only delete the personal data required for this purpose after these periods have expired. However, we will restrict the processing of this data to these purposes until these periods have expired.

 

Accessing the website - processing of personal data and type and purpose of use

When you access our website, you transmit data to our web server via your Internet browser (for technical reasons). The following data is processed in the server log files during an ongoing connection for communication between your internet browser and our web server:

  • the page from which the file was requested - referrer URL
  • the name of the file
  • the date and time of the request
  • a description of the type of web browser used / browser version and operating system
  • IP address of the requesting computer
  • Access status (file transferred, file not found, etc.)
  • Amount of data transferred

This data is stored temporarily for technical reasons (accessing the website). It is not possible for us to draw conclusions about individual persons from this data. The IP addresses are deleted or anonymized after 7 days at the latest.

The data is evaluated exclusively for internal purposes and does not allow us to draw any conclusions about your person. A comparison with other databases does not take place.

The aforementioned data is processed for the following purposes:

  • Ensuring a proper and error-free connection to the website,
  • Ensuring convenient use of the website,
  • Evaluation of system security and stability

The legal basis for data processing is Art. 6 I S 1 lit. f GDPR. The legitimate interest follows from the data collection purposes listed above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person. You can visit the website without providing any personal data.

 

Cookies - Constent Tool

We use cookies on our website. Cookies are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your end device and do not contain any viruses, Trojans or other malware.

Information is stored in the cookie that results in each case in connection with the specific end device used. However, this does not mean that we obtain direct knowledge of your identity. Cookies do not contain any personal data and therefore cannot be directly assigned to a user.

The use of cookies serves to make the use of our website more pleasant for you. For example, we use technically necessary session cookies to store your consent or refusal to data analysis. These cookies are automatically deleted after you close your browser or after one day. The legal basis is Art. 6 I S 1 lit c GDPR in conjunction with § 25 TTDSG.

Cookies may also be used by third-party services with your consent. The legal basis is then Art 6 I S 1 lit a GDPR - your consent. These cookies are automatically deleted after a defined period of time. A detailed overview of the cookies or other technologies and service providers we use, their purposes and storage duration, the legal basis for cookie use and further information can be found in our Consent Manager.

You can use the Consent Manager to accept or reject individual or all cookies separately when you visit our website for the first time and at any time thereafter by placing a tick / a cross next to the respective cookie or removing it and saving the settings. These settings are saved on your computer or mobile device in local storage. They must therefore be made and saved again if the device's local storage is deleted or another device or browser is used. Please note that you may have to manually delete cookies that have already been set if you withdraw your consent.

Most browsers accept cookies automatically. However, you can also configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. Each browser manages the cookie settings differently. How you can deactivate cookies or change settings is described in the help menus of your browser.

 

Google Tag Manager - Google Analytics

This website uses Google Tag Manager. This service allows website tags to be managed via an interface. The Google Tool Manager only implements tags. This means that no cookies are used and no personal data is collected. The Google Tool Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it will remain in place for all tracking tags if they are implemented with the Google Tag Manager.

We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics may use so-called "cookies" with your consent (Art 6 I S 1 lit a GDPR). Cookies are small text files that are stored on your computer and that enable an analysis of the use of the website through pseudonymized user profiles. The information generated by the cookie about your use of this website, such as browser type/version, operating system used, referrer URL, host name of the accessing computer (IP address) and time of the server request are transmitted to a Google server and processed there. Google may also use other technologies such as tracking pixels to analyze the use of the website.

On behalf of the operator of this website, Google will use this information to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage, such as market research and needs-based website design. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. The IP addresses are anonymized so that an assignment is not possible (IP masking).

A possible data transfer of your IP address to Google servers in the USA is based on the adequacy decision of the EU Commission (EU-U.S. Data Privacy Framework). Based on EU adequacy decisions, personal data can flow unhindered and securely from the European Economic Area to the third country in question without any further conditions or authorizations being required. This means that data can be transferred to the third country in the same way as within the EU.

You can find more information on data protection at Google at https://policies.google.com/privacy?hl=de  or at https://support.google.com/analytics/answer/6004245?hl=de

 

Inquiries by e-mail or telephone

If you contact us via email or telephone, we will store and process your request, including all personal data (e.g. name, request), for the purpose of processing your request. The data will not be passed on without your consent. There is no legal or contractual obligation to provide your data, but it is not possible to process your request without providing your data.

This data is processed on the basis of Art. 6 I S 1 lit. b GDPR if your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 I S 1 lit. a GDPR) and / or on our legitimate interest (Art. 6 I S 1 lit. f GDPR), as we have a legitimate interest in the effective processing of the inquiries addressed to us.

The data sent to us via contact requests (e-mails) will be stored by us until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

 

Data processing when using our contact form

If you send us a message via our contact form, you can also use a pseudonym instead of your real name. Entering an e-mail address is necessary to enable us to contact you by e-mail. There is no legal or contractual obligation to provide your data, but it is not possible to process your request without providing your data.

The data you enter in the contact form will only be used by us to respond to your inquiry via the contact form. We do not pass on the data you enter in the contact form to third parties or use this data for any other purpose than to respond to your inquiry. The data processing is carried out either for the purpose of fulfilling a contract to which the data subject is a party or for the implementation of pre-contractual measures (Art. 6 I S 1 lit. b GDPR), or in accordance with Art. 6 I S 1 lit. a GDPR on the basis of your voluntarily given consent and / or on our legitimate interests (Art. 6 I S 1 lit. f GDPR), as we have a legitimate interest in the effective processing of the inquiries addressed to us.

Your data will be deleted after final processing of your request, provided that the deletion does not conflict with any statutory retention requirements.

 

Online booking - DIRS21

We use the online booking option of the external partner DIRS21 (TourOnline AG, Borsigstraße 26, 73249 Wernau, Email: info@dirs21.de, Tel +49 (0) 7153 9250 0, www.dirs21.de) on our website. Cookies are set for integration with your consent in order to enable the online booking option here. Please note the relevant information and data protection regulations for the DIRS21 online booking tool. As part of the online booking tool, TourOnline AG processes the data as the controller. The information and provisions on data protection can be found in TourOnline AG's privacy policy, which you can access at any time from the online booking tool or at https://www.dirs21.de/disclaimer/.

 

Gurado GmbH - Voucher Ticket System

We work with the gurado voucher ticket system from Gurado GmbH, Wittbräucker Str. 32, 44287 Dortmund (Gurando GmbH) for the sale, administration and redemption of vouchers and tickets. When you purchase a voucher in our voucher store, it is created using the Gurado GmbH software. For this purpose, we transmit the data you entered in the input mask when ordering the voucher (salutation, title, surname, first name, date of birth, address, e-mail address, telephone number) to Gurado GmbH.

By clicking on the voucher button, your e-mail address is transmitted to the service provider. You can find Gurando's privacy policy at https://cdn-int.gurado.de/ueber-uns/datenschutzerklaerung/

 

Email advertising and your right to object

If we have received your e-mail address in the context of a booking or service and you have not objected, we reserve the right to regularly send you our offers for similar services on the basis of § 7 III UWG. The legal basis arises from our legitimate interest in advertising to our customers and the processing of the data is permitted under Art. 6 I S1 lit. f GDPR in the context of a balancing of interests.

You can object to the use of your e-mail address at any time by sending us a message or via the corresponding link in the advertising e-mail. After the legal basis for data processing for advertising e-mails no longer applies, your e-mail address will be deleted, unless statutory retention obligations (e.g. from tax or commercial law retention obligations) prevent this.

We would also like to point out that you can object to the future processing of your personal data in accordance with the legal requirements pursuant to Art. 21 GDPR at any time. In particular, you may object to processing for direct marketing purposes.

 

Postal advertising and your right to object

We reserve the right to use your first and last name as well as your postal address, which you have provided to us in the context of bookings, for our own advertising purposes, e.g. to send you interesting offers by post. This serves to safeguard our legitimate interests, which predominate in the context of a balancing of interests, in a promotional approach to our customers in accordance with Art. 6 I S 1 lit. f GDPR.

 

You can object to the storage and use of your data for these purposes at any time by sending us a message. The objection can be made in particular against processing for direct marketing purposes. After the legal basis for data processing for postal advertising ceases to apply, your address data will be deleted, provided that there are no statutory retention obligations to the contrary.

 

Data protection when sending application documents

If you send us your application documents, we will only use them to decide on your application and will not pass your data on to third parties. We would like to point out that we do not currently offer encryption of your data when sending application documents by e-mail. However, you can send your attachments to us by e-mail in encrypted form, e.g. using the 7ZIP program (http://www.7-zip.de/), and inform us of your password separately, e.g. by telephone. You will receive an e-mail message from us to your e-mail address when we receive your application. You can also send us your application by post at any time.

Application data is stored and managed separately from other data records.

If we conclude an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with the applicant, the application documents will be automatically deleted no later than 6 months after notification of the rejection decision, provided that deletion does not conflict with any other legitimate interests of the controller or the applicant has expressly consented to longer storage and retention of their application, e.g. for possible subsequent contact in the event of vacancies. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

Data processing for the purpose of contacting you and processing your application data is carried out in accordance with Art. 6 I S 1 lit. a,b GDPR on the basis of your voluntarily given consent, as well as for the implementation of pre-contractual measures.

 

Google Maps

This website integrates Google Maps, a map service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), with your consent (Art. 6 I S 1 lit. a GDPR) to display an interactive map and to create directions.

By using Google Maps, information about your use of this website (including your IP address) may be transmitted to a Google server and stored there. Google may transfer the information obtained through Maps to third parties where required to do so by law, or where such third parties process the information on Google's behalf.

When calling up Google Maps, your browser can also load additional fonts (Google WebFonts) in order to display texts and fonts correctly.

The Google privacy policy & additional terms of use for Google Maps can be found at https://policies.google.com/privacy?hl=de

You can also change the loading of Google plugins in your privacy settings at https://myaccount.google.com/intro

 

Online presence in social networks

We have presences in social networks for advertising purposes.

We would like to point out that you use the social services and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. sharing, rating).

If you visit our online presences in social media, personal data will be collected and processed by the respective provider for advertising and market research purposes. As a rule, user profiles are also created. This is particularly the case if you are a member of the respective platform and are logged in to it. The user profiles can be used by the providers to show you interest-based advertising. To prevent social media operators from collecting information about you during your visit to our websites, you should log out of the respective social media before visiting our websites and delete any existing social media cookies from your browser.

 

Social network links

No social plugins from Facebook or other social networks are integrated on these websites. Therefore, no program code of a social network is active on our pages. The icons for Facebook etc. on our website are merely linked images.

 

Data protection notice - Facebook/Instagram (META)

Facebook Ireland (Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland - hereinafter referred to as Facebook) and the page administrator (we) are jointly responsible for the processing of personal data for the purposes described in the Terms of Use for Covered Products on the page administrator's Facebook account that are collected in connection with a visit or interaction with a page (including its content).

Covered Products are all Facebook Products, Facebook Pages and Page Insights. Facebook products include Facebook itself (including the Facebook mobile app and the browser in the app), Messenger, Instagram (including apps such as Direct and Boomerang), Portal-branded devices, Bonfire, Facebook Mentions, Facebook Shops, Spark AR Studio, Audience Network, NPE Team apps and any other features, apps, technologies, software products, products or services offered by Facebook, Inc. or Facebook Ireland Limited. In addition, Facebook Business Tools are also Facebook products.

The scope of joint processing and the Controller Addendum covers the collection of the personal data specified in the Terms of Use for Covered Products and its transmission to Facebook. The subsequent processing of data by Facebook is not part of joint processing. Likewise, it is not part of the joint processing if personal data is processed exclusively by us - in this case, we are the sole controller of the data processing.

The information required under Article 13 (1) (a) and (b) GDPR can be found in Facebook's data policy at https://www.facebook.com/about/privacy. Further information on joint processing can be found in the respective terms of use of the products.

For the use of certain Facebook products (so-called "Facebook Business Tools") and the associated data processing, the additional agreement between us and Facebook as joint controllers pursuant to Art. 26 GDPR applies, which you can view at https://www.facebook.com/legal/controller_addendum.

This Site Administrator and Facebook have entered into this Joint Controller Addendum to define the respective responsibilities for fulfilling the obligations under the GDPR with regard to joint processing (as set out in the Terms of Use for Covered Products).

Furthermore, we have agreed that between the parties, Facebook is responsible for enabling the rights of data subjects under Articles 15-20 of the GDPR with respect to the personal data stored by Facebook after joint processing.

A possible data transfer of personal data to the USA is based on the adequacy decision of the EU Commission (EU-U.S. Data Privacy Framework). Based on adequacy decisions, personal data can flow unhindered and securely from the European Economic Area to the third country in question without the need for further conditions or authorizations. This means that data can be transferred to the third country in the same way as within the EU.

 

Data processing conditions at Facebook

We expressly draw your attention to the fact that the use of certain Facebook products may involve the transfer of personal information to Facebook. Depending on the circumstances, Facebook Ireland Limited may also transfer EU data to Facebook Inc. in the USA for storage and further processing. By using Facebook products, the user agrees to Facebook's data processing conditions. These can be found at https://www.facebook.com/legal/terms/dataprocessing/update .

The Facebook EU Data Transfer Addendum can be found at https://www.facebook.com/legal/EU_data_transfer_addendum  

Facebook's data policy can be found at https://www.facebook.com/about/privacy / - Instagram's data policy can be found at https://privacycenter.instagram.com/policy/

Information on cookies and other storage technologies on Facebook can be found at https://www.facebook.com/policies/cookies/

You can view Facebook's data security conditions at https://www.facebook.com/legal/terms/data_security_terms

You can find Facebook's terms of use for commercial use at https://www.facebook.com/legal/commercial_terms/update

You can contact Facebook's data protection officer at https://www.facebook.com/help/contact/540977946302970

 

Further information to Page Insights data

Facebook continues to provide us with so-called Page Insights for the Facebook page. Insights data is summarized data that provides us with information on how users interact with the Facebook page. The legal basis for data processing is Art. 6 I S 1 lit. f GDPR, the protection of our legitimate interests in an optimized presentation of the website and effective communication with users.

Data processing is carried out on the basis of an agreement between the joint controllers in accordance with Art. 26 GDPR, which you can view at https://www.facebook.com/legal/terms/page_controller_addendum .

Further information on Page Insights data on Facebook can be found at https://www.facebook.com/legal/terms/information_about_page_insights_data and at https://de-de.facebook.com/help/instagram/155833707900388

 

Data processing when contacting us via Facebook products

We collect personal data when you contact us, e.g. via the contact form or Messenger. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 I S 1 lit. f GDPR. Your data will be deleted after final processing of your request, provided that there are no legal retention obligations to the contrary.

 

Your rights

Facebook and we have agreed that Facebook is primarily responsible for providing you with information about the joint processing and enabling you to exercise your rights under the GDPR. Under the GDPR, you have the right to access, rectification, portability and erasure of your data, as well as the right to object to and restrict the processing of your data. You can find out more about these rights in your Facebook settings. For more information on your rights, see also "Data subject rights" in this privacy policy.

Facebook and we have agreed that the Irish Data Protection Commission is the authority responsible for overseeing the processing under joint responsibility. You have the right to lodge a complaint with the Irish Data Protection Commission (see www.dataprotection.ie) or with your local supervisory authority.

 

Right to object for advertising

You can object to the processing of your data for advertising purposes on Facebook at any time by changing your settings for advertisements in your Facebook user account at https://www.facebook.com/settings?tab=ads .

 

Legal basis for the operation of the Facebook page / Instagram

We operate the Facebook page / Instagram page for advertising purposes for our goods and services. The processing of personal data takes place on the basis of Art. 6 I S 1 lit f GDPR.

 

Data security - SSL encryption

We use the SSL (Secure Socket Layer) method on our website for encryption and to protect the transmission of confidential content. If SSL encryption is activated, the data you transmit to us cannot be read by third parties. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the status bar of your browser - the address bar of your browser displays "https://" if SSL encryption is activated.

 

Processing/disclosure of data

Your personal data will not be transferred to third parties for purposes other than those listed above or below.

We only pass on your personal data to third parties if:

  • you have given your express consent to this in accordance with Art. 6 I S 1 lit. a GDPR,
  • this is permitted by law and is necessary for the fulfillment of contractual relationships or for the implementation of pre-contractual measures with you in accordance with Art. 6 I S 1 lit. b GDPR
  • in the event that there is a legal obligation for us to pass on data in accordance with Art. 6 I S 1 lit. c GDPR,
  • processing is necessary for the purposes of the legitimate interests pursued by us or by a third party pursuant to Article 6 I S 1 lit f GDPR, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

 

Rights of data subjects

You have the rights:

  • in accordance with Art. 15 GDPR, to request information about your personal data processed by us;
  • in accordance with Art. 16 GDPR, to request the rectification of inaccurate or completion of your personal data stored by us without undue delay
  • in accordance with Art. 17 GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims
  • to demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR
  • in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller
  • in accordance with Art. 7 III GDPR, to revoke your consent once given to us at any time. As a result, we may no longer continue the data processing based on this consent in the future;
  • in accordance with Art. 77 GDPR, to lodge a complaint with a supervisory authority if you believe that the processing of personal data concerning you is in breach of the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office. You can find a list of data protection officers in Germany and their contact details at the following link: www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

 

Rights to object for the collection of data in special cases and for direct advertising (Art. 21 GDPR)

If we process your personal data in accordance with Art. 6 I S 1 lit. f GDPR in order to safeguard our legitimate interests, which predominate in the context of a balancing of interests, you have the right to object to the processing of your personal data with effect for the future in accordance with Art. 21 GDPR. If the processing is carried out for direct marketing purposes, you can exercise this right at any time. This also applies to profiling insofar as it is associated with such direct marketing. If the processing is carried out for other purposes, you only have the right to object if there are grounds relating to your particular situation.

If you wish to exercise your right to object, just send us an e-mail.

After exercising your right to object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defense of legal claims.

If you object to the processing of your personal data for direct marketing purposes, the personal data will no longer be processed for these purposes.

No automated decision-making or profiling takes place on our websites.

 

Changes to this privacy policy

Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration in compliance with the applicable data protection regulations. You can access and print out the current data protection declaration at any time on our website under data protection.

Date: February 2024