Hotel Tobbaccon GmbH & Co. KG, Albert-Einstein-Allee 7, 64625 Bensheim

(Controller pursuant EU General Data Protection Regulation [EU GDPR])

We appreciate your interest in our company and our services and want you to feel safe when visiting our website, including with regard to the protection of your personal data.

We take the protection of personal data very seriously. Therefore, compliance with the provisions of the EU General Data Protection Regulation (EU GDPR) and other relevant data protection laws is a matter of course for us. We want you to know when we process which data and how we use it. We have taken technical and organizational measures to ensure that the data protection regulations are observed by both us and external service providers.

What personal data do we collect and for what purpose?

Below we show you the different purposes for which we collect which data on this website:

1. Protocol data

When you visit our website, our web servers automatically store the data that your browser transmits to enable you to visit the website and to inform you about our range of services and our company. These are:

• Your IP address
• The page you accessed and the date and time of your visit
• Access status/HTTP status code
• The amount of data transferred,
• Your browser, the language and version of the browser software as well as your operating system and its interface

We evaluate this technical data pseudonymously and only for statistical purposes in order to optimize our website and make our online offerings even more attractive. This pseudonymized data is stored separately from personal information on secure systems for up to 14 months and does not allow any conclusions to be drawn about an individual person.

The collected log data is also used to detect technical errors or problems during data transmission and is used by our firewall to defend against attacks on our website and infrastructure.

The legal basis for data processing is point f of Art. 6 (1) EU GDPR. The legitimate interest pursued consists in security as well as facilitating and improving the use of the website and thus the better presentation of our offer.

2. Data processing in the context of your room booking

If you book a room with us using our form, we will collect your personal data to create your booking.

We use this data to make your booking and may contact you to better process your booking.

We collect the following data:

• Time of booking
• Arrival and departure date
• Type and number of rooms you have booked
• Number of people per room
• Offer booked
• Private or business booking
• Billing address
• Email and phone number
• Payment information, if applicable

You can provide the following additional data voluntarily:

• Promo Code
• Names of guests
• Other wishes
• Which thank you gift you would like to receive
• fax number

The legal basis for data processing is point b of Art. 6 (1) EU GDPR.

The data will be transmitted to and processed by the following third party for the purpose of booking processing: Viato GmbH, Industriestr. 51, D-79194 Gundelfingen . We require Viato to comply with data protection regulations as part of the order processing.

3. Data processing when using our general contact form

If you contact us via the contact form on our website, we will process the following information in order to respond to your request accordingly:

• Date and time of your request
• Your name
• Your email address
• Your request text

We cannot process your request without this data.

The legal basis for data processing is part f of Art. 6 (1) EU GDPR, insofar as your request is processed to explain our services and our company. If your request is made in preparation for the conclusion of a contract, the legal basis is point b of Art. 6 (1) EU GDPR.

The data will be deleted as soon as it is no longer required to process your request.

4. Data processing in the course of an application

In order to decide on your application, we may also process data about you from third parties, in particular from social media, internet research and, with your consent, from former employers. This includes personal data and other data that is relevant to the decision on a specific position, unless this is already apparent from the application.

The legal basis for data processing is Section 26 BDSG 2018.

5. Data processing through the use of cookies

Our website uses cookies. These are text files that are stored on your computer to track visitor preferences and optimize our website accordingly.

We use transient cookies . These are automatically deleted when you close the browser. These include session cookies in particular. They store a so-called session ID, which can be used to assign various requests from your browser to the shared session. This allows your computer to be recognized when you return to the website. The session cookies are deleted when you close the browser.

We also use persistent cookies . These contain the following information: Visitor ID and preferred language. The persistent cookies are automatically deleted after 14 months at the latest.

To prevent cookies from being stored, you must select “Do not accept cookies” in your browser settings. If cookies are not accepted by your browser, the functionality of the website may be restricted in some cases.

The information stored with the cookies is stored separately from any other data provided to us. In particular, the data in the cookies is not linked to your other personal data.

The legal basis for data processing is point f of Art. 6 (1) EU GDPR. The legitimate interest pursued is to facilitate and improve the use of the site and thus to better present our offer.

6. We have integrated content from the following third-party providers on this website:

• Maps from Google Maps

When you visit the website, the third-party provider receives the information that you have accessed the corresponding subpage of our website. In addition, the data specified in point „1. Protocol data“ is transmitted. This occurs regardless of whether this third-party provider provides a user account through which you are logged in or whether no user account exists. If you are logged in with the plug-in provider, this data is assigned directly to your account. If you do not want the plug-in provider to assign your profile to your profile, you must log out before activating the button.

The plug-in provider saves this data as user profiles and uses it for the purposes of advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; to exercise this right you must contact the respective plug-in provider.

Further information on the purpose and scope of data collection and processing by the plug-in provider can be found in the privacy policies of these providers provided below. There you will also find further information on your rights in this regard and setting options for protecting your privacy.

Addresses of the respective providers and URL with their data protection information:

• Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA
  http://www.google.de ( https://www.google.de/intl/de/policies/privacy/ )

What generally applies to all cases of data processing?

Data will not be transferred to third parties unless otherwise stated in the above paragraphs.

Please note that we can only delete your data after the expiry of a statutory retention obligation, if such an obligation exists. This also applies to any retention obligation arising from a contract with you.

How do we secure your data?

We have introduced technical and organizational security measures to protect the data we process against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security measures are continuously improved in line with technological developments.

We require our employees and any third parties processing data to maintain confidentiality.

Your rights

In accordance with the EU GDPR, you have the right to request information from us at any time as to whether we have stored personal data about you. In addition, you have the following rights with regard to this stored data:

• the right to information about stored data (Art. 15 EU GDPR),
• the right to rectification of inaccurate data (Article 16 EU GDPR),
• the right to erasure of data (Art. 17 EU GDPR),
• the right to restrict the processing of data (Art. 18 EU GDPR),
• the right to object to unreasonable data processing (Art. 21 EU GDPR) and
• the right to data portability (Art. 20 EU GDPR).

If you have given your consent to the use of data, you can revoke this consent at any time with effect for the future.

Please send all requests for information, inquiries or objections to data processing by email to ds-beauftragter@streit-online.de or to the postal address stated in the legal notice.

You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the EU GDPR (Article 77 EU GDPR).

Children and young persons

Persons under the age of 18 may not send us any personal data without the consent of their parents or guardians. We do not request any personal data from children and young people, do not collect it, and do not pass it on to third parties.

Further information

Contact details of our data protection officer: ds-beauftragter@streit-online.de

Information according to point e of Art. 13 (2) EU GDPR: The provision of personal data is neither legally nor contractually required. The provision is only necessary for the conclusion of a contract if it would otherwise not be possible to process your request. You are not obliged to provide the personal data.Please refer to the section „What personal data do we collect and for what purpose?“ for the possible consequences of not providing the data for the respective data processing operation.

Changes to our privacy policy

We reserve the right to change our data protection measures if this becomes necessary due to technical developments or due to changes in legislation or case law. In such cases, we will also adapt our privacy policy accordingly. Please therefore always refer to the latest version of our privacy policy.