General notice and mandatory information
Designation of the responsible body
The responsible body for data processing on this website is:
The responsible body decides alone or jointly with others on the purposes and means of the processing of personal data (e.g. names, contact details or similar).
Server log files
In server log files, the provider of the website (domainfactory GmbH, Oskar-Messter-Str. 33, 85737 Ismaning, Germany) automatically collects and stores information that your browser automatically transmits to us. These are:
- name of the accessed website
- file, date and time of the retrieval
- amount of data transferred
- message about successful retrieval
- browser type and browser version
- the user's operating system
- referrer URL (the previously visited page)
- your IP address
There is no merging of this data with other data sources. The data processing is based on Art. 6 (1) lit. b DSGVO, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content that you send to us as site operator, our website uses SSL or TLS encryption. This means that data you transmit via this website cannot be read by third parties. You can recognize an encrypted connection by the "https://" address line of your browser and the lock symbol in the browser line.
E-mail communication takes place via an open network that is accessible to anyone and crosses borders. It is not encrypted. It can therefore not be ruled out that data sent in this way can be viewed by third parties and thus the contact with us can be traced.
Data transmitted via inquiry form, including your contact data, will be stored in order to process your inquiry or to be available for follow-up questions. This data will not be passed on without your consent.
The processing of the data entered in the inquiry form is based exclusively on your consent (Art. 6 para. 1 lit. a DSGVO). A revocation of your already given consent is possible at any time. For the revocation, an informal communication by e-mail to info (at) spahotel-weimar.de is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
Data transmitted via the inquiry form will remain with us until you request us to delete it, revoke your consent to store it, or there is no longer any need to store the data. Mandatory legal provisions - in particular retention periods - remain unaffected.
To send our newsletter, we need an e-mail address from you. Additional data is not collected or is voluntary. The data is used exclusively for sending the newsletter.
The data provided during the newsletter registration will be processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a DSGVO). A revocation of your already given consent is possible at any time. For the revocation, an informal message by e-mail to marketing (at) spahotel-weimar.de is sufficient, or use the unsubscribe newsletter function. The legality of the data processing operations already carried out remains unaffected by the revocation.
Data entered to set up the subscription will be deleted in the event of unsubscription. If this data has been transmitted to us for other purposes and elsewhere, it will remain with us.
When you choose to make an online reservation on our website, you will be connected to a booking system provided by our partner Bookassist. The provider of the booking system is Automatic Netware Limited, acting as Bookassist, 1st Floor South Block, Rockfield Central, Dublin D16 R6V0, Ireland. All information is transmitted securely using SSL or TLS encryption and is protected against disclosure to third parties. Bookassist is certified according to PCI DSS (Payment Card Industry Data Security Standards). The use of the services of Bookassist is based on Art. 6 para. 1 lit. f DSGVO.
Use of PC CADDIE://online services
To enable you to register for tournaments online, we use the services of PC CADDIE. These services are provided by "PC CADDIE://online GmbH & Co. KG", Stubber Weg 39, 23847 Pölitz, Germany. If you call up an Internet page of our Internet presence, with an embedded tournament calendar, tournament registration, tournament start lists, tournament results, start time reservation or score cards, a connection is established to servers of PC CADDIE in order to display the corresponding element. For technical reasons, data from your browser is transferred to PC CADDIE. If you are logged in as a member to use further functions such as tournament registrations, start time reservations, etc., the data necessary for processing your tournament registration/reservation/etc. will be transmitted via a secure connection to PC CADDIE as technical service provider. A transfer of data to other third parties does not take place.
Further information on data processing and data protection by PC CADDIE can be found at https://www.pccaddie.net/clubs/0491627/app.php?cat=policy&lang=en
Integration of TrustYou
On this website, functions of the service TrustYou are integrated. The provider of these functions is TrustYou GmbH, Steinerstraße 15, 81369 Munich, Germany. TrustYou collects and analyzes guest reviews, questionnaires and social media posts. Your reviews are the ideal and most efficient way for us to improve our service.
The data processing is based on Art. 6 (1) lit. f DSGVO. Reviews that you voluntarily provide to TrustYou are received, stored and processed there.
Use of the Issuu platform
On our website, we use the services of the electronic publishing platform Issuu. The provider of the platform is Issuu Inc, 131 Lytton Ave, Palo Alto, CA 94301, USA. Issuu Inc. may set cookies and transfer browser data to Issuu Inc. in the USA.
Issuu is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO.
Information on the data protection provisions of Issuu Inc. can be viewed at the following link: https://issuu.com/legal/privacy
For integration and display of video content, our website uses plugins from YouTube. The provider of the video portal is YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.
When a page with an integrated YouTube plugin is called up, a connection to the YouTube servers is established. YouTube thereby learns which of our pages you have accessed. YouTube can assign your surfing behavior directly to your personal profile if you are logged into your YouTube account. By logging out beforehand, you have the option to prevent this.
YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.
If you make an online payment, the secure payment processing takes place via a paylink of the payment provider Concardis GmbH, Helfmann-Park 7, 65760 Eschborn, Germany.
The credit card data required for this purpose (card number, validity and verification number) are recorded and processed in encrypted form exclusively by the payment provider and not by the responsible party, are not forwarded and cannot be viewed by the hotel. Concardis GmbH is certified according to PCI DSS (Payment Card Industry Data Security Standards). The use of the payment provider is based on Art. 6 para. 1 lit. f DSGVO.
Revocation of your consent to data processing
Some data processing operations are only possible with your express consent. A revocation of your already given consent is possible at any time. For the revocation, an informal communication by e-mail to info (at) spahotel-weimar.de is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to third parties. The data will be provided in a machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done insofar as it is technically feasible.
Right to complain to the competent supervisory authority
As a data subject, you have the right to complain to the competent supervisory authority in the event of a data protection violation. The competent supervisory authority regarding data protection issues is the State Data Protection Commissioner of Thuringia.
The following link refers to its contact details: https://www.tlfdi.de (German)
We reserve the right to adapt this data protection statement so that it always complies with the current legal requirements or to implement changes to our services in the data protection statement, e.g. when introducing new services. The new data protection statement will then apply to your next visit.
Questions to the data protection officer
If you have any questions about data protection, please email us at info (at) spahotel-weimar.de or contact the person responsible for data protection in our organization directly. The contact details of our data protection officer can be found in our imprint.