The use of the website of the Riverside Hotel is usually possible without providing any personal data. As far as on our sides personal data (for example name, address or E-Mail addresses) are raised, this takes place, as far as possible, always on freiwilliger basis. If the processing of personal data is required and there is no legal basis for such processing, we generally seek the consent of the data subject.
Name and address of the controller
The person responsible within the meaning of the General Data Protection Regulation, other data protection laws in the Member States of the European Union and other provisions with a data protection character is:
The Front Gastro & Hotel Betriebs GmbH & Co. KG (hereinafter Riverside Hotel)
Data protection officer: Toralf Hauswald
Tel .: 030 284900
Collection of general data and information
Die Internetseite des Riverside Hotels erfasst mit jedem Aufruf der Internetseite durch eine betroffene Person oder ein automatisiertes System eine Reihe von allgemeinen Daten und Informationen. Diese allgemeinen Daten und Informationen werden in den Logfiles des Servers gespeichert. Erfasst werden können die (1) verwendeten Browsertypen und Versionen, (2) das vom zugreifenden System verwendete Betriebssystem, (3) die Internetseite, von welcher ein zugreifendes System auf unsere Internetseite gelangt (sogenannte Referrer), (4) die Unterwebseiten, welche über ein zugreifendes System auf unserer Internetseite angesteuert werden, (5) das Datum und die Uhrzeit eines Zugriffs auf die Internetseite, (6) eine Internet-Protokoll-Adresse (IP-Adresse), (7) der Internet-Service-Provider des zugreifenden Systems und (8) sonstige ähnliche Daten und Informationen, die der Gefahrenabwehr im Falle von Angriffen auf unsere informationstechnologischen Systeme dienen.
When using this general information and information, the Riverside Hotel does not draw any conclusions about the person concerned. Rather, this information is required to (1) properly deliver the contents of our website, (2) to optimize the content of our website and to promote it, (3) to ensure the continued functioning of our information technology systems and the technology of our website, and ( 4) to provide law enforcement authorities with the necessary information for prosecution in case of a cyberattack. This anonymously collected data and information is therefore statistically and further evaluated by the Riverside Hotel with the aim of increasing data protection and data security in our company. to ultimately ensure an optimal level of protection of the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by an affected person.
Registration on our website
The data subject has the possibility of registering on the website of the controller, providing personal data. The personal data to be sent to the controller is derived from the respective input mask used for the registration. The personal data entered by the data subject shall be collected and stored solely for internal use by the controller and for his own purposes. The controller may arrange for the transfer to one or more processors, such as the operator of the booking engine, who also uses the personal data solely for internal use,
By registering on the website of the controller, the IP address assigned by the Internet service provider (ISP) of the data subject, the date and time of registration are also stored. The storage of this data takes place against the background that only so the misuse of our services can be prevented, and this data if necessary to clarify committed offenses. In this respect, the storage of this data is required to secure the controller. A disclosure of this data to third parties is not, as long as there is no legal obligation to disclose or the disclosure of law enforcement serves.
By registering the data subject voluntarily providing personal data, the data controller serves to provide the data subject with content or services that, due to the nature of the case, can only be offered to registered users. Registered persons are free to modify the personal data given at registration at any time or to delete it completely from the database of the data controller.
The controller shall, at any time upon request, provide information to each data subject as to which personal data about the data subject is stored. In addition, the data controller corrects or deletes personal data at the request or reference of the data subject, insofar as this does not conflict with any statutory retention requirements. A data protection officer named by name in this data protection statement and the whole of the employees of the controller are available to the data subject in this context as a contact person.
Subscription to our newsletter
If you are interested in our newsletter, we need a valid e-mail address from you, as well as information that allows us to verify that you, as the owner of the e-mail address provided, agree to receive the newsletter (Double-Opt -In). Your data will only be used to send the newsletter and will not be transmitted to third parties.
You can unsubscribe from the newsletter at any time. The revocation can be done via a link at the end of each newsletter.
Contact via the website
The website of the Riverside Hotel contains, by law, information that allows us to contact our company quickly and communicate with us directly, which also includes a general address of the so-called electronic mail (e-mail address). If an affected person contacts the controller by e-mail or through a contact form, the personal data transmitted by the data subject will be automatically saved. Such personal information provided on a voluntary basis by a data subject to the controller is stored for the purposes of processing or contacting the data subject.
Routine deletion and blocking of personal data
The controller shall process and store personal data of the data subject only for the period necessary to achieve the purpose of the storage or, if so required by law, regulation or other legislation of the European Data Protection Supervisor subject to was provided.
If the storage purpose is omitted or if a storage period prescribed by the European directives and regulations or any other relevant legislature expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
Rights of the data subject
a) Right to confirmation
Each data subject has the right to ask the controller for confirmation of the processing of personal data concerning him or her. If an affected person wishes to exercise this right of confirmation, they can contact our data protection officer or another employee of the controller at any time.
b) Right to information
Any person concerned by the processing of personal data shall have the right at any time to obtain from the controller any information free of charge concerning the personal data stored about him and a copy of that information. Furthermore, the data subject has access to the following information:
the processing purposes
the categories of personal data being processed
the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular to recipients in third countries or to international organizations
if possible, the planned duration for which the personal data will be stored or, if that is not possible, the criteria for determining that duration
the existence of a right to rectification or erasure of the personal data concerning them, or to the limitation of the processing by the controller or a right to object to such processing
the existence of a right of appeal to a supervisory authority
if the personal data are not collected from the data subject: All available information about the origin of the data
the existence of automated decision-making including profiling in accordance with Article 22 (1) and (4) of the GDPR and - at least in these cases - meaningful information on the logic involved, and the scope and intended impact of such processing on the data subject
Furthermore, the data subject has a right of access as to whether personal data has been transmitted to a third country or to an international organization. If this is the case, then the data subject has the right to obtain information about the appropriate guarantees in connection with the transfer.
If an affected person wishes to exercise this right to information, they can contact our data protection officer or another employee of the controller at any time.
c) Right to rectification
Any person affected by the processing of personal data has the right to demand the immediate correction of incorrect personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing.
If an affected person wishes to exercise this right of rectification, they can contact our data protection officer or another member of the data controller at any time.
d) Right to cancellation (right to be forgotten)
Any person affected by the processing of personal data shall have the right to require the controller to delete the personal data concerning him or her without delay, provided that one of the following reasons is satisfied and processing is not required:
The personal data has been collected for such purposes or otherwise processed for which they are no longer necessary.
The person concerned revokes the consent on which the processing was based on Article 6 (1) (a) of the GDPR or Article 9 (2) (a) of the GDPR and lacks any other legal basis for the processing.
According to Art. 21 (1) of the GDPR, the data subject objects to the processing and there are no legitimate reasons for the processing or the data subject objects to the proceedings pursuant to Art. 21 (2) GDPR Processing.
The personal data was processed unlawfully.
The deletion of personal data is necessary to fulfill a legal obligation under Union or national law, to which the controller is subject.
The personal data were collected in relation to information society services offered in accordance with Art. 8 para. 1 DS-GVO.
If any of the above reasons apply and an affected person wishes to arrange for the deletion of personal information stored at the Riverside Hotel, they may, at any time, contact our data protection officer or other data controller. The data protection officer of the Riverside Hotel or another employee will arrange for the extinguishing request to be fulfilled immediately.
If the personal data has been disclosed by the Riverside Hotel and if our company is responsible for deleting personal data as the person responsible pursuant to Art. 17 para. 1 DS-GVO, the Riverside Hotel will take appropriate measures, including technical ones, taking into account the available technology and the implementation costs To inform other data controllers processing the published personal data that the data subject requires the data controller to delete all links to such personal data or to copy or replicate such personal data has, as far as the processing is not necessary.The data protection officer of the Riverside Hotel or another employee will arrange the necessary in individual cases.
e) Right to restriction of processing
Any person affected by the processing of personal data shall have the right to require the controller to restrict the processing if any of the following conditions apply:
The accuracy of the personal data is contested by the data subject for a period of time that enables the person responsible to verify the accuracy of the personal data.
The processing is unlawful, the data subject refuses to delete the personal data and instead requests the restriction of the use of personal data.
The controller no longer needs the personal data for processing purposes, but the data subject needs them to assert, exercise or defend legal claims.
The person concerned has objection to the processing acc. Art. 21 para. 1 DS-GVO and it is not yet clear whether the legitimate reasons of the person responsible outweigh those of the person concerned.
If any of the above conditions are met and a data subject wishes to request the restriction of personal information stored at the Riverside Hotel, they may, at any time, contact our data protection officer or other data controller. The privacy officer of the Riverside Hotel or another employee will cause the processing to be restricted.
f) Data transferability
Any person affected by the processing of personal data shall have the right to receive in a structured, common and machine-readable format personal data relating to him / her provided to a controller by the data subject. It also has the right to transfer this data to another person responsible without hindrance by the controller to whom the personal data was provided, provided that the processing is based on the consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 para 2 (a) of the GDPR or on a contract pursuant to Article 6 (1) (b) of the GDPR and processing by means of automated processes, unless the processing is necessary for the performance of a task;
Furthermore, in exercising their right to data portability under Article 20 (1) of the GDPR, the data subject has the right to obtain the personal data to be transferred directly from one controller to another, where technically feasible and if so this does not affect the rights and freedoms of others.
In order to assert the right to data portability, the data subject may at any time contact the data protection officer appointed by the Riverside Hotels or another employee.
g) Right to object
Any person concerned by the processing of personal data shall have the right, at any time and for reasons arising out of their particular situation, to prevent the processing of personal data relating to them pursuant to Article 6 (1) (e) or (f) of the GDPR, Objection. This also applies to profiling based on these provisions.
In the event of an objection, the Riverside Hotel no longer processes the personal data unless we can establish compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject or the processing is for assertion, exercise or defense of legal claims.
If the Riverside Hotel processes personal data in order to operate direct mail, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to the profiling, as far as it is associated with such direct mail. If the data subject objects to the Riverside Hotel for direct marketing purposes, the Riverside Hotel will no longer process the personal data for these purposes.
In addition, the data subject has the right, for reasons arising from his / her particular situation, against the processing of personal data relating to him or her, for scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) of the RMS. GMOs are invited to submit an objection unless such processing is necessary to fulfill a task of public interest.
To exercise the right of opposition, the data subject may contact the Privacy Officer of the Riverside Hotel or another employee directly. The data subject is also free, in the context of the use of information society services, notwithstanding Directive 2002/58 / EC, to exercise his right of opposition by means of automated procedures using technical specifications.
h) Automated decisions on a case-by-case basis, including profiling
Any person concerned with the processing of personal data shall have the right not to be subject to a decision based solely on automated processing, including profiling, which has a legal effect or similarly appreciably affects it, unless Decision (1) does (2) is permitted by Union or Member State legislation to which the controller is subject, and that such legislation shall provide for appropriate measures to safeguard the rights and freedoms, as well as the legitimate interests of the data subject or (3) with the express consent of the data subject.
If the decision (1) is required for the conclusion or performance of a contract between the data subject and the controller or (2) it is with the express consent of the data subject, the Riverside Hotel shall take reasonable steps to protect the rights and freedoms and the authorized persons Interests of the data subject, including at least the right to obtain the intervention of a person by the controller, to express his / her own position and to contest the decision.
If the data subject wishes to claim automated decision-making rights, they may contact our data protection officer or other data controller at any time.
i) Right to revoke a data protection consent
Any person affected by the processing of personal data has the right to withdraw consent to the processing of personal data at any time.
If the data subject wishes to assert their right to withdraw consent, they may contact our data protection officer or another member of the data controller at any time.
Data protection in applications and in the application process
The controller collects and processes the personal data of applicants for the purpose of processing the application process. The processing can also be done electronically. This is particularly the case if an applicant submits corresponding application documents to the controller by electronic means, for example by e-mail or via a web form available on the website. If the controller concludes a contract of employment with an applicant, the data transmitted will be stored for the purposes of the employment relationship in accordance with the law. If no employment contract is concluded with the applicant by the controller, For example, the application documents will be automatically deleted two months after the announcement of the rejection decision, unless deletion precludes other legitimate interests of the controller. Other legitimate interest in this sense, for example, a burden of proof in a procedure under the General Equal Treatment Act (AGG).
Third party content
Within our website third-party content, such as videos on YouTube and maps from Google Maps are included. For the use of such content, the transmission of your IP address to the respective third-party provider is technically required. Without an IP address, the third party providers would not be able to send the content embedded in the website to your browser. We have no influence. Whether and to what extent a third-party provider stores the IP address, eg for statistical purposes, or otherwise uses it.
The controller has integrated plugins from the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. The Facebook plugins can be recognized by the Facebook logo or the "Like-Button" ("Like") on our site. An overview of the Facebook plugins can be found here:
If you do not want Facebook to associate your visit to our pages with your Facebook user account, please log out of your Facebook user account.
The controller uses features of the web analytics service Google Analytics. Provider is the Google Inc. 1600 Amphitheater Parkway Mountain View, CA 94043, USA. Google Analytics uses so-called "cookies". These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
However, if IP anonymisation is activated on this website, your IP address will be truncated by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address provided by Google Analytics within the framework of Google Analytics will not be merged with other data provided by Google.
You can prevent the storage of cookies by a corresponding setting of your browser software; however, we point out that in this case you may not be able to use all the functions of this website in full. In addition, you may prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading the browser plug-in available under the following link and install:
The operating company of the Google Analytics component is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
The processing features of Google +1. Provider is the Google Inc. 1600 Amphitheater Parkway Mountain View, CA 94043, USA.
Collect and share information: Use the Google +1 button to post information worldwide. The Google + 1 button will allow you and other users to receive personalized content from Google and our partners. Google stores both the information that you have + 1'd for a content and information about the page that you viewed when you clicked +1. Your + 1's can appear as clues along with your profile name and photo in Google services, such as in search results or in your Google profile, or elsewhere on websites and ads on the web. Google records information about your +1 activities to improve Google services for you and others. To use the Google + 1 button, you need a globally visible, public Google profile that must contain at least the name chosen for the profile. This name will be used in all Google services. In some cases, this name may also replace a different name you used when sharing content through your Google Account. The identity of your Google Profile may be displayed to users who know your email address or have other identifying information from you.
Use of Information Collected: In addition to the purposes outlined above, the information you provide will be used in accordance with applicable Google privacy policies. Google may publish summarized statistics about users' + 1 activity or share it with users and partners, such as publishers, advertisers, or affiliate websites.
The operating company of Google+ is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
The controller has integrated Google AdWords on this website. Google AdWords is an internet advertising service that allows advertisers to run ads both on Google's search engine and on the Google Network. Google AdWords allows an advertiser to pre-define keywords that will display an ad on Google's search engine results only when the search engine retrieves a keyword-related search result. In the Google Network, the ads are distributed to topic-relevant web pages using an automated algorithm and according to previously defined keywords.
The operating company of Google AdWords Services is Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA.
The controller has On our pages functions of the service Instagram are involved. These features are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, United States.
If you are logged in to your Instagram account, you can link the contents of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate the visit of our pages with your user account. We point out that we as the provider of the pages do not receive any knowledge of the content of the transmitted data and their use by Instagram.
The operating company of Instagram's services is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.
The controller uses plugins from the Google-powered YouTube page. Site operator is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
If you visit any of our YouTube plug-in-enabled sites, you will be connected to the servers of YouTube. It tells the YouTube server which of our pages you've visited.
If you are logged in to your YouTube account, YouTube will allow you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
The use of YouTube is in the interest of an attractive presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.
Using Google Maps
This site uses the mapping service Google Maps via an API. Provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
To use the features of Google Maps, it is necessary to save your IP address. This information is usually transmitted to and stored by Google on servers in the United States. The provider of this page has no influence on this data transfer.
The use of Google Maps is for the sake of an appealing presentation of our online offers and an easy findability of the places we specify on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.
Legal basis of processing
Art. 6 I lit. A DS-GMO serves our company as the legal basis for processing operations in which we obtain consent for a particular processing purpose. If the processing of personal data is necessary to fulfill a contract of which the data subject is a party, as is the case, for example, in processing operations necessary for the supply of goods or the provision of any other service or consideration, processing shall be based on Art. 6 I lit. b DS-GMO. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in the case of inquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c DS-GMO. In rare cases, the processing of personal data may be required to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our premises were injured and his or her name, age, health insurance or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d DS GMOs are based. Ultimately, processing operations could be based on Art. 6 I lit. f DS GMOs are based. Processing operations that are not covered by any of the above legal bases are based on this legal basis if processing is necessary to safeguard the legitimate interests of our company or a third party, unless the interests, fundamental rights and fundamental freedoms of the person concerned prevail. Such processing operations are particularly permitted because they have been specifically mentioned by the European legislator. In that regard, it considered that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47, second sentence, DS-BER). if processing is necessary to safeguard the legitimate interests of our company or a third party, provided the interests, fundamental rights and fundamental freedoms of the person concerned do not prevail. Such processing operations are particularly permitted because they have been specifically mentioned by the European legislator. In that regard, it considered that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47, second sentence, DS-BER). if processing is necessary to safeguard the legitimate interests of our company or a third party, provided the interests, fundamental rights and fundamental freedoms of the person concerned do not prevail. Such processing operations are particularly permitted because they have been specifically mentioned by the European legislator. In that regard, it considered that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47, second sentence, DS-BER).
Protection of minors
Duration for which the personal data is stored
The criterion for the duration of the storage of personal data is the respective statutory retention period. After the deadline, the corresponding data will be routinely deleted, if they are no longer required to fulfill the contract or to initiate a contract.
Legal or contractual provisions for the provision of personal data; Necessity for the conclusion of the contract; Obligation of the data subject to provide the personal data; possible consequences of non-provision
We clarify that the provision of personal data is partly required by law (eg tax regulations) or can also result from contractual provisions (eg information about the contracting party). Sometimes it may be necessary for a contract to be concluded that an affected person provides us with personal data that must subsequently be processed by us. For example, the data subject is required to provide us with personal information when our company concludes a contract with her. Failure to provide the personal data would mean that the contract with the person concerned could not be closed. Before the data subject has been provided by the data subject, the data subject must contact our data protection officer.
Online Dispute Resolution
The European Commission provides a platform for online dispute resolution, which can be found at http://ec.europa.eu/consumers/odr/ . For initial questions about a possible dispute resolution, please contact us at office@ neuer-fritz.com
(Regulation (EU) No 524/2013 on the online settlement of consumer disputes