Datenschutz | Goldenes Fass Meißen

Data protection at a glance

Introduction

This website is operated by: Hotel Goldenes Fass Meissen.

It is very important to us to handle the data of our website visitors confidentially and to protect it in the best possible way. For this reason, we make every effort to comply with the requirements of the GDPR.

Below we explain how we process your data on our website. We use the clearest and most transparent language possible so that you truly understand what happens to your data.

General information

Processing of personal data and other terms

Data protection applies to the processing of personal data. Personal data means any data that can be used to identify you personally. This includes, for example, the IP address of the device (PC, laptop, smartphone, etc.) you are currently using. Such data is processed when 'something happens with it'. For example, the IP address is transmitted from your browser to our provider and automatically stored there. This constitutes the processing (according to Article 4 No. 2 GDPR) of personal data (according to Article 4 No. 1 GDPR).

These and other legal definitions can be found in Article 4 of the GDPR.

Applicable regulations/laws – GDPR, BDSG and TDDDG

The scope of data protection is regulated by laws. In this case, these are the GDPR (General Data Protection Regulation) as a European regulation and the BDSG (Federal Data Protection Act) as a national law.

Furthermore, the TDDDG supplements the regulations of the GDPR insofar as it concerns the use of cookies.

Data collection on our website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator:

Hotel Goldenes Fass Meissen, Vorbrücker Str. 10, 01662 Meißen, Tel.: 49 3521 719200, Fax: 49 3521 7192019, E-Mail: post@goldenes-fass-meissen.de, Internet: https://www.goldenes-fass-meissen.de

This is how data is generally processed on this website.

As we have already established, some data (e.g., IP address) is collected automatically. This data is primarily required for the technical operation of the website. If we use or collect any other personal data beyond this, we will inform you accordingly or request your consent.

You knowingly share other personal data with us.

Detailed information can be found below.

Your rights

The GDPR grants you extensive rights. These include, for example, the right to free access to information about the origin, recipients, and purpose of your stored personal data. You can also request the correction, blocking, or deletion of this data, or lodge a complaint with the competent data protection supervisory authority. You can withdraw any consent you have given at any time.

You can find details about these rights and how to exercise them in the last section of this privacy policy.

Data protection – Our view

Data protection is more than just a bothersome obligation for us! Personal data is highly valuable, and handling it responsibly should be a matter of course in our digital world. Furthermore, as a website visitor, you should be able to decide for yourself what happens to your data, when, and by whom. Therefore, we are committed to complying with all legal regulations, collecting only the data necessary for our purposes, and, of course, treating it confidentially.

Sharing and deletion

The transfer and deletion of data are also important and sensitive topics. Therefore, we would like to briefly inform you in advance about our general approach to this.

Data will only be transferred if there is a legal basis for doing so and only if it is absolutely necessary. This may be the case, in particular, if a so-called data processor is involved and a data processing agreement pursuant to Article 28 GDPR has been concluded.

We will delete your data when the purpose and legal basis for processing no longer apply and no other legal obligations prevent its deletion. Article 17 of the GDPR also provides a good overview of this.

Please refer to this privacy policy for further information and contact the responsible party if you have any specific questions.

Hosting

This website is hosted externally. The personal data collected on this website is stored on the host's servers. This includes automatically collected and stored log files (see below for details), as well as any other data provided by website visitors.

External hosting is used for the purpose of ensuring a secure, fast and reliable provision of our website and, in this context, serves to fulfill our contractual obligations to our potential and existing customers.

The legal basis for the processing is Art. 6 para. 1 lit. a, b and f GDPR, as well as § 25 para. 1 TDDDG, insofar as consent includes the storage of cookies or access to information in the terminal equipment of the website visitor or user within the meaning of the TDDDG.

Our hosting provider only processes data necessary to fulfill its contractual obligations and acts as our data processor, meaning it is subject to our instructions. We have concluded a corresponding data processing agreement with our hosting provider.

We use the following hosting provider:

Amazon Web Services (AWS) Germany GmbH

Krausenstr. 38

10117 Berlin

Germany

The servers used by Amazon Web Services to store data are located in Frankfurt am Main, Germany, and are subject to national and European data protection laws. Amazon Web Services also processes your data in accordance with the relevant legal provisions. The Amazon Web Services privacy policy can be accessed via the following link: https://aws.amazon.com/de/privacy/

Cloud-Backups

We use cloud backup functions on our website to protect the data and content from data loss, corruption, or security incidents. This ensures that in the event of a server outage, a hacking attack, or other unforeseen events, the website can be quickly and completely restored.

We use the following cloud backup service:

AWS

Amazon Europe Core S.à rl, 38 avenue John F. Kennedy, L-1855 Luxembourg.

https://aws.amazon.com/de/compliance/data-privacy/.

Legal basis

The processing of personal data always requires a legal basis. The GDPR provides the following options in Article 6(1), first sentence:

The data subject has given consent to the processing of their personal data for one or more specific purposes;
The processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;
The processing is necessary for compliance with a legal obligation to which the controller is subject;
The processing is necessary to protect the vital interests of the data subject or of another natural person;
The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

In the following sections, we will tell you the specific legal basis for each processing activity.

This happens on our website

By visiting our website, we process your personal data.

To best protect this data against unauthorized access by third parties, we use SSL or TLS encryption. You can recognize this encrypted connection by the https:// or a padlock symbol displayed in your browser's address bar.

Below you will find information about what data is collected when you visit our website, for what purpose this is done and on what legal basis.

Data collection when visiting the website

When you access this website, information is automatically stored in so-called server log files. This information includes:

Browser type and browser version
Operating system used
Referrer URL
Hostname of the accessing computer
Time of server request
IP Address

This data is temporarily required to ensure that our website can be displayed to you continuously and without problems. Specifically, this data serves the following purposes:

Website system security
Website system stability
Troubleshooting on the website
Establishing a connection to the website
Website display

Data processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR and is based on our legitimate interest in processing this data, in particular the interest in the functionality of the website and its security.

This data is stored in pseudonymized form where possible and deleted after the respective purpose has been achieved.

If the server log files allow for the identification of the data subject, the data will be stored for a maximum period of 14 days. An exception applies if a security-related incident occurs. In this case, the server log files will be stored until the security-related incident has been resolved and fully investigated.

Furthermore, no merging with other data takes place.

Cookies

General

This website uses so-called cookies. These are data files, pieces of information that are stored in the browser of your device and relate to our website.

By setting cookies, the navigation of the website can be made easier for the visitor.

Our cookie consent tool provides all information about the cookies we use on our website (possibly after obtaining your consent).

Reject cookies

All cookies that are not technically necessary can be managed directly via our cookie consent tool.

You can prevent cookies from being set by adjusting your browser settings.

Here you will find the corresponding links to frequently used browsers:

Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen?redirectslug=Cookies löschen&redirectlocale=de
Google Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform=Desktop&hl=de
Microsoft Edge: https://support.microsoft.com/de-de/windows/löschen-und-verwalten-von-cookies-168dab11-0753-043d-7c16-ede5947fc64d
Safari: https://support.apple.com/de-de/guide/mdm/mdmf7d5714d4/web and https://support.apple.com/de-de/guide/safari/sfri11471/mac.

If you are using a different browser, it is recommended that you enter the name of your browser and 'delete and manage cookies' into a search engine and follow the official link for your browser.

Alternatively, you can also manage your cookie settings at www.aboutads.info/choices/ or www.youronlinechoices.com.

However, we must point out that completely blocking/deleting cookies may impair your use of the website.

Technically necessary cookies

We use technically necessary cookies on this website to ensure that our website functions correctly and in accordance with applicable laws. They help to make the website user-friendly. Some functions of our website cannot be displayed without the use of cookies.

The legal basis for this is, depending on the individual case, Article 6(1)(b), (c) and/or (f) GDPR.

Cookies that are not technically necessary

Furthermore, we also use cookies on our website that are not technically necessary. These cookies serve, among other things, to analyze the browsing behavior of website visitors or to offer website functions that are not technically essential.

The legal basis for this is your consent pursuant to Art. 6 para. 1 lit. a GDPR.

Cookies that are not technically necessary will only be set with your consent, which you can revoke at any time in the cookie consent tool.

Revocation of your consent

You can withdraw your consent to the storage of certain cookies, as granted in the cookie consent dialog, at any time with effect for the future. If you wish to change your selection in the cookie consent dialog, please click here. Clicking the link will reappear the cookie consent dialog, allowing you to change your selection. Alternatively, you can request that we delete your data or delete the vioma consent cookie yourself in your browser. From this point on, we will no longer process your data. Your consent/non-consent is logged based on a legal obligation pursuant to Section 76 of the German Federal Data Protection Act (BDSG) and Article 6 Paragraph 1 Sentence 1 Letter c of the GDPR. Mandatory statutory retention periods remain unaffected.

Data processing through user input

Own data collection

We offer the following (service) on our website: hotel booking, voucher purchase.

We collect the following data:

Name
Email Address
Address
Telephone number
Account details

The legal basis for this data processing is Article 6(1)(b) GDPR.

The data will be deleted as soon as the respective purpose ceases to apply and this is possible in accordance with legal requirements.

Contact

E-mail

When you contact us by email, we process your email address and any other data contained in the email. This data is stored on the mail server and, in some cases, on the respective end devices. Depending on the nature of your inquiry, the legal basis for this processing is generally Article 6(1)(f) GDPR or Article 6(1)(b) GDPR. The data is deleted as soon as the respective purpose for processing no longer applies and this is possible in accordance with legal requirements.

Telephone

When you contact us by telephone, call data may be stored pseudonymously on your device and by your telecommunications provider. Personal data collected during the call will be processed solely for the purpose of handling your inquiry. Depending on the nature of your request, the legal basis for this processing is generally Article 6(1)(f) or Article 6(1)(b) GDPR. The data will be deleted as soon as the respective purpose for processing no longer applies and this is permissible under applicable law.

Contact form

We offer a contact form. This is for contacting our company.

In this form, we typically process your first and last name, telephone number, email address, postal address, and the content of your message. The data is stored on our web server and forwarded internally to the relevant email addresses.

The legal basis for data processing is Article 6(1)(f) GDPR, as we have a legitimate interest in responding to your inquiry and providing a straightforward way to contact you. If the contact is aimed at concluding a contract, the additional legal basis for processing is Article 6(1)(b) GDPR.

We delete this data no later than 3 months after receipt, unless it is required for an existing contractual relationship.

The contact form on our website is based on our own development. No data is transferred to third parties.

Cookie-Consent-Tool

Usercentrics

To ensure that only cookies for which there is a legal basis are set on our website, we use the consent management tool from Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany.

This service is used to obtain the consent of the website visitor to the storage of certain cookies in their browser or the use of certain technologies and to document this in compliance with data protection regulations.

When this website is accessed, the consent given or withdrawn by the website visitor is stored as a Usercentrics cookie in the website visitor's browser. For this purpose, a connection to Usercentrics' servers is established.

The legal basis is Article 6(1)(c) GDPR. Usercentrics is used to obtain the legally required consent for the use of cookies.

If the Usercentrics consent management tool is integrated into the website via a third-party provider, data transfer (e.g., of the IP address) to the third-party provider is possible.

The collected data will be stored until the website visitor requests its deletion, Usercentrics deletes it itself, or the purpose for storing the data no longer applies. This does not affect mandatory statutory retention periods.

SSL or TLS encryption

This site uses SSL/TLS encryption for security reasons and to protect the transmission of confidential information, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the browser's address bar changes from "http://" to "https://" and by the lock symbol in your browser's address bar.

When SSL or TLS encryption is enabled, the data you send to us cannot be read by third parties.

Encrypted payment transactions on this website

If, after concluding a paid contract, you are obligated to provide us with your payment details (e.g., account number for direct debit), this data is required for payment processing.

Payments via common payment methods (Visa/MasterCard, direct debit) are processed exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the browser's address bar changes from "http://" to "https://" and by the padlock icon in your browser's address bar. With encrypted communication, your payment data that you transmit to us cannot be intercepted by third parties.

PayPal

We use PayPal on our website. PayPal is a payment service provider. This service is offered by PayPal (Europe) Sarl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg.

For payment processing purposes, the payment data of the website visitor is processed by the payment service provider as soon as a purchase is made via this website. The respective terms and conditions and data protection regulations of the payment service provider apply to the respective transaction.

The legal basis is Article 6(1)(b) GDPR. The data is processed for the purpose of fulfilling (pre-)contractual obligations.

Furthermore, we have a legitimate interest in processing this data within the meaning of Art. 6 para. 1 lit. f GDPR in order to ensure a fast and reliable payment process.

Data transfers to the USA are governed by the EU Commission's Standard Contractual Clauses (SCCs).

https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.

American Express

We use American Express on this website. American Express is a payment service provider. This service is offered by American Express Europe SA, Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany.

The legal basis is Article 6(1)(b) GDPR. The data is processed for the purpose of fulfilling (pre-)contractual obligations.

Furthermore, we have a legitimate interest in processing this data within the meaning of Art. 6 para. 1 lit. f GDPR in order to ensure a fast and reliable payment process.

American Express may transfer the data to its parent company in the USA. American Express has Binding Corporate Rules (BCR) in place for this purpose.

Further details:

https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html.

Mastercard

This website uses Mastercard. Mastercard is a payment service provider. This service is offered by Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium.

The legal basis is Article 6(1)(b) GDPR. The data is processed for the purpose of fulfilling (pre-)contractual obligations.

Furthermore, we have a legitimate interest in processing this data within the meaning of Art. 6 para. 1 lit. f GDPR in order to ensure a fast and reliable payment process.

Mastercard may transfer the data to its parent company in the USA. Mastercard has Binding Corporate Rules (BCR) in place for this purpose.

Further details:

https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf

https://www.mastercard.de/de-de/datenschutz.html.

VISA

We use VISA on this website. VISA is a payment service provider. This service is offered by Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom.

The legal basis is Article 6(1)(b) GDPR. The data is processed for the purpose of fulfilling (pre-)contractual obligations.

Furthermore, we have a legitimate interest in processing this data within the meaning of Art. 6 para. 1 lit. f GDPR in order to ensure a fast and reliable payment process.

Data transfers to the USA are governed by the EU Commission's Standard Contractual Clauses (SCCs).

Further details:

https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

Data collection on our website

vioma BOOKING - Online bookings and booking requests

Our website uses the booking technology vioma BOOKING, provided by vioma GmbH, Industriestraße 27, 77656 Offenburg (“vioma”). We have concluded a data processing agreement with vioma.

When you make an online booking or booking request via our website, we require your email address, travel dates, the booked product, and your title, first and last name for processing. In some cases, we will also request your telephone number so that we can contact you quickly, particularly regarding unforeseen circumstances that may affect your booking.

To calculate the applicable travel price, we require your travel dates, the selected product, the number of travelers, and whether they are adults or children. If you are traveling with children, we will also ask for their ages to ensure the correct price calculation. We will also ask for your preferred payment method. If prepayment is required for your trip, you will be redirected to a payment service provider for secure processing after selecting your preferred payment method. Any other information provided on the form is voluntary.

The processing of your data for online booking and online booking requests is based on Art. 6 para. 1 lit. b GDPR and serves the purpose of fulfilling a contract or carrying out pre-contractual measures.

The data you provide to us will remain with us until the purpose for data storage no longer applies (e.g., after your request has been processed). Mandatory legal provisions – in particular statutory retention periods – remain unaffected.

Conclusion of a data processing agreement

To ensure data processing in compliance with data protection regulations, we have concluded a data processing agreement with vioma.

vioma VOUCHER - Voucher purchase and voucher management

Our website uses the voucher software vioma VOUCHER, provided by vioma GmbH (“vioma”), Industriestraße 27, 77656 Offenburg, for the sale, redemption and management of online vouchers.

When you purchase an online voucher through our website, we require your email address to process your purchase, as well as the recipient's title, first and last name. We also ask for your preferred delivery method to ensure the voucher is delivered according to your wishes. If delivery is via email, we process the recipient's email address; if delivery by post is selected, the recipient's postal address is recorded for delivery by mail.

The voucher management system continues to record the remaining value of the voucher, the redemptions already made, and the current status (open, paid, redeemed, etc.).

The processing of your data for the online purchase of vouchers is based on Article 6(1)(b) GDPR and serves the purpose of fulfilling a contract or carrying out pre-contractual measures. The processing of your data in voucher management is based on Article 6(1)(c) GDPR and serves the purpose of fulfilling statutory retention obligations.

Conclusion of a data processing agreement

To ensure data processing in compliance with data protection regulations, we have concluded a data processing agreement with vioma.

vioma BAROMETER - Feedback surveys and quality seals

Our website uses the quality seal and survey software vioma BAROMETER, provided by vioma GmbH (“vioma”), Industriestraße 27, 77656 Offenburg, to display guest satisfaction on the website and to collect guest feedback.

We use vioma BAROMETER to survey and evaluate our guests' satisfaction. We also display the vioma BAROMETER quality seal on our website to give visitors an impression of the quality of our services. We present unedited, free-text comments from guests regarding the quality of our offerings to provide potential customers with the most authentic impression possible. You can access these free-text comments by clicking on the quality seal. Clicking the seal will redirect you to an external website where the free-text comments are displayed. No personal data is processed by vioma BAROMETER when you visit our website, click on the quality seal, or visit the website displaying the free-text comments.

We use vioma BAROMETER to process data from guests who participate in feedback surveys after using our services. To send you the invitation to the feedback survey, we transmit your email address, name, and details of your stay to vioma. If you do not wish to have your data transmitted, please inform us at check-in that you do not want to participate in the feedback survey. We will then not transmit your data to vioma, and you will not receive an invitation to the feedback survey.

The processing of data within the framework of feedback surveys is based on Article 6(1)(f) GDPR, as the website operator has a legitimate interest in improving the quality of its services. The publication of free-text comments regarding satisfaction with the visit is based on the respondent's consent pursuant to Article 6(1)(a) GDPR. This consent can be withdrawn at any time with effect for the future.

Conclusion of a data processing agreement

To ensure data processing in compliance with data protection regulations, we have concluded a data processing agreement with vioma.

Online booking system for spa treatments

For booking wellness and spa treatments, we use an online booking system accessible via a dedicated subdomain (spa.goldenes-fass-meissen.de). The booking system is technically provided by TAC Informationstechnologie GmbH, Schildbach 111, 8230 Hartberg, Austria, and operated by us as the data controller.

As part of the booking process, we process personal data such as:

First and Last Name,
Contact details (email address, telephone number if applicable),
Booking details (type of application, date, time),
If applicable, health-related information (e.g., in the case of special treatments),
as well as payment details (e.g. IBAN, credit card details or other payment information).

The processing is based on Article 6(1)(b) GDPR (for the performance of pre-contractual measures and for the fulfillment of the contract). Providing health-related information is voluntary and will only be processed with your explicit consent (Article 9(2)(a) GDPR).

External payment service providers may be involved in processing your payment. In this case, your payment data is transmitted in encrypted form directly to the respective payment service provider. This provider is independently responsible for processing your data. You can find further information on the respective payment page.

In this context, TAC Informationstechnologie GmbH acts as a data processor for us in accordance with Art. 28 GDPR.

Analytics tools and advertising

Use of external tracking services

This website uses the following external tracking services:

Google Ads, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, IE
Meta Pixel, Meta Platforms Ireland Ltd, Merrion Road, Dublin 4, D04 X2K5, IE
Google Analytics 4 Signals, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, IE

Google Analytics 4 (with Google Signals)

This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics allows website operators to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, time spent on the site, operating systems used, and the user's origin. This data is assigned to the respective user's device. No device ID is assigned.

Furthermore, we can use Google Analytics to record your mouse movements, scrolling, and clicks, among other things. Google Analytics also uses various modeling approaches to supplement the collected data and employs machine learning technologies for data analysis.

Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to and stored on a Google server in the USA.

The use of this service is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR. This consent can be revoked at any time.

Browser Plugin

You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de. More information about how Google Analytics handles user data can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Google-Signal

We use Google Signals. When you visit our website, Google Analytics collects, among other things, your location, search history, YouTube history, and demographic data (visitor data). This data can be used for personalized advertising with the help of Google Signals. If you have a Google account, the visitor data from Google Signals will be linked to your Google account and used for personalized advertising messages. The data is also used to create anonymized statistics on the user behavior of our users.

Google Analytics E-Commerce Measurement

This website uses the "E-commerce Measurement" feature of Google Analytics. E-commerce measurement allows the website operator to analyze the purchasing behavior of website visitors to improve their online marketing campaigns. Information such as orders placed, average order values, shipping costs, and the time from viewing a product to purchasing it are collected. This data can be aggregated by Google under a transaction ID that is assigned to the respective user or their device.

Order processing

We have concluded a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Data transfers to the USA are based on the EU Commission's standard contractual clauses.

Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

Google Ads mit Conversion-Tracking

We have integrated Google Ads on this website. The operating company of the Google Ads services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads allows us to display advertisements in the Google search engine or on third-party websites when users enter specific search terms into Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on user data available to Google (e.g., location data and interests) (audience targeting). As website operators, we can quantitatively evaluate this data by, for example, analyzing which search terms led to the display of our advertisements and how many advertisements resulted in clicks.

The purpose of Google Ads is to promote our website by displaying interest-based advertising on the websites of third-party companies and in the search engine results of the Google search engine.

If you access our website via a Google ad, Google will place a so-called conversion cookie on your computer. A conversion cookie expires after thirty days and is not used to identify you personally. Provided the cookie has not yet expired, it tracks whether certain subpages, such as the shopping cart of an online store, have been accessed on our website. The conversion cookie allows both us and Google to track whether a user who arrived at our website via an AdWords ad generated a sale, i.e., completed or abandoned a purchase.

The data and information collected through the use of the conversion cookie are used by Google to generate visitor statistics for our website. We, in turn, use these visitor statistics to determine the total number of users who were referred to us via Google Ads, thus enabling us to assess the success or failure of each ad campaign and to optimize our future advertising efforts. Neither our company nor other Google Ads advertisers receive any information from Google that could be used to identify you.

The conversion cookie stores personal information, such as the websites you visit. Therefore, each time you visit our website, personal data, including the IP address of your internet connection, is transmitted to Google in the United States. This personal data is stored by Google in the United States. Google may share this personal data, collected through this technical process, with third parties.

These processing operations are carried out exclusively with the express consent given in accordance with Art. 6 para. 1 lit. a) GDPR.

The parent company, Google LLC, is certified under the EU-US Data Privacy Framework as a US company. This constitutes an adequacy decision pursuant to Article 45 of the GDPR, meaning that the transfer of personal data may take place without further safeguards or additional measures.

You can view Google Ads' privacy policy and further information at: https://www.google.de/intl/de/policies/privacy/.

For more information about how Google uses your personal data, please see Google's "Privacy and Terms of Service" page at https://business.safety.google/privacy/

Google Ads Remarketing

This website uses Google Ads Remarketing. Google Ads Remarketing is a web analytics service. This service is provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads Remarketing uses cookies for the following purpose: Website visitors can be assigned to a specific target group and accordingly provided with personalized advertising.

The legal basis for processing is Article 6(1)(a) GDPR and Section 25(1) TDDDG. Consent can be withdrawn at any time.

Further details:

https://www.google.com/settings/ads/onweb/

https://policies.google.com/technologies/ads?hl=de.

Google Tag Manager

This website uses Google Tag Manager. Google Tag Manager is a web analytics service. This service is provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager does not store cookies or perform independent analysis. It merely manages the tools integrated through it. However, the website visitor's IP address is recorded and may be transferred to Google's parent company in the USA.

The legal basis for the processing is Article 6(1)(f) GDPR. We have a legitimate interest in easily integrating and managing various tools on our website.

Further details:

https://policies.google.com/privacy?hl=en.

Google Ads

We use Google Ads on this website. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

This service allows us to link advertisements in the Google search engine to specific keywords and to display targeted advertisements based on existing user data. Cookies are used for conversion tracking.

The legal basis for processing is Article 6(1)(a) GDPR and Section 25(1) TDDDG. Consent can be withdrawn at any time.

Data transfers to the USA are governed by the EU Commission's Standard Contractual Clauses (SCCs).

Further details:

https://privacy.google.com/businesses/controllerterms/mccs/.

Meta Pixel

This website uses Meta's visitor action pixel for conversion tracking. The provider of this service is Meta Platforms Ireland Ltd, Merrion Road, Dublin 4, D04 X2K5, Ireland. According to Meta, the collected data is also transferred to the USA and other third countries.

This allows the behavior of website visitors to be tracked after they have been redirected to the provider's website by clicking on a meta ad. This enables the effectiveness of meta ads to be evaluated for statistical and market research purposes and future advertising campaigns to be optimized.

The data collected is anonymous for us as the operators of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Meta, so a connection to the respective user profile on Facebook or Instagram is possible, and Meta can use the data for its own advertising purposes in accordance with the Meta Data Policy. This allows Meta to display advertisements on Facebook or Instagram pages and other advertising channels. We, as the website operators, have no influence over this use of the data.

The use of this service is based on your consent, Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.

To the extent that personal data is collected on our website using the tool described here and forwarded to Meta, we and Meta Platforms Ireland Ltd, Merrion Road, Dublin 4, D04 X2K5, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). This joint responsibility is limited exclusively to the collection of the data and its transfer to Meta. The processing carried out by Meta after the transfer is not part of the joint responsibility. Our joint obligations are set out in a joint controllership agreement. You can find the text of the agreement at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Meta tool and for the data protection-compliant implementation of the tool on our website. Meta is responsible for the data security of Meta products. You can assert your data subject rights (e.g., requests for access) regarding data processed by Facebook or Instagram directly with Meta. If you assert your data subject rights with us, we are obligated to forward them to Meta.

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

You can find further information on protecting your privacy in Meta's privacy policy: https://de-de.facebook.com/about/privacy/.

You can also deactivate the "Custom Audiences" remarketing feature in the ad settings at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged in to Facebook to do this.

If you do not have an account with Facebook or Instagram, you can deactivate interest-based advertising from Meta on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/4452.

vioma TAO

This website uses the functions of the web analytics service vioma TAO. The provider of vioma TAO is vioma GmbH (“vioma”), Industriestr. 27, 77656 Offenburg, Germany.

vioma TAO uses so-called "cookies." These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is transmitted to and stored on a vioma server in Germany.

Purpose of processing and type of data processed

The purpose of this component is to analyze visitor traffic on the operator's website. vioma TAO uses the collected data and information, among other things, to evaluate website usage, compile online reports that show website activity, and provide other services related to website usage.

As part of this technical process, vioma receives personal data, such as the IP address of the data subject, which vioma uses, among other things, to track the origin of visitors and clicks. The cookie stores personal information, such as the access time, the location from which access originated, and the frequency of the data subject's visits to the website. With each visit to the website, this personal data, including the IP address of the internet connection used by the data subject, is transmitted to vioma in Germany. This personal data is stored by vioma.

Disclosure to third parties

Vioma does not pass on this personal data collected via the technical process to third parties.

storage

The storage of vioma TAO cookies and the use of this analytics tool are based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If corresponding consent has been requested (e.g., consent to the storage of cookies), processing is based on Article 6(1)(f) GDPR; this consent can be revoked at any time.

Storage duration

We process data for as long as it is necessary for the respective purpose. Where statutory retention obligations exist – e.g., under commercial or tax law – the relevant personal data will be stored for the duration of the retention period. After the retention period expires, we will review whether further processing is necessary. If it is no longer necessary, the data will be deleted.

What rights do you have regarding your data?

Of course, you can request information about the data we have stored about you at any time and, if there is no longer a need for it, request that the data be deleted or its processing restricted.

Contradiction

You can prevent vioma TAO from setting cookies at any time by adjusting the settings of your internet browser. Such a browser setting would prevent vioma from placing a cookie on the data subject's information technology system. Furthermore, a cookie already set by vioma can be deleted at any time via the internet browser or other software programs.

You can find more information about how vioma handles user data in this privacy policy.

vioma NEWSLETTER

This website uses vioma NEWSLETTER for sending newsletters. The provider is vioma GmbH, Industriestraße 17, 77656 Offenburg ("vioma"). Vioma NEWSLETTER is a service that allows us to organize and analyze newsletter distribution.

If you wish to subscribe to the newsletter offered on this website, we require your email address and information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. No further data is collected, or only on a voluntary basis. We use this data exclusively for sending the requested information and do not share it with third parties.

Our newsletters, sent via vioma NEWSLETTER, allow us to analyze the behavior of newsletter recipients. This includes analyzing how many and which recipients opened the newsletter, and how often and by whom each link within the newsletter was clicked. Using conversion tracking, we can also analyze whether a predefined action (e.g., booking a stay on this website) was performed after clicking a link in the newsletter.

The processing of the data entered in the newsletter registration form and the evaluation of individual open and click rates are based solely on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of your data, your email address, and its use for sending the newsletter at any time, for example, via the "Unsubscribe" link in the newsletter. The lawfulness of the data processing operations already carried out remains unaffected by the revocation.

If you do not want your data analyzed by vioma NEWSLETTER, you must unsubscribe from the newsletter. We provide a corresponding link for this purpose in every newsletter message.

The data you provided for the purpose of subscribing to our newsletter will be stored by us or our newsletter service provider until you unsubscribe. After you unsubscribe, your data will be deleted from the newsletter distribution list. Data stored for other purposes remains unaffected.

After you unsubscribe from our newsletter mailing list, your email address will be stored on an opt-out list by us or our newsletter service provider to prevent future mailings. The data on the opt-out list will only be used for this purpose and will not be combined with other data.

This serves both your interest and our interest in complying with legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage on the opt-out list is not time-limited. If you wish to have all your data completely deleted, please contact post@goldenes-fass-meissen.de.

YouTube with enhanced privacy

This website embeds videos from YouTube. YouTube is operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in enhanced privacy mode. According to YouTube, this mode prevents YouTube from storing information about visitors to this website before they watch the video. However, enhanced privacy mode does not necessarily prevent data from being shared with YouTube partners. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video.

As soon as you start a YouTube video on this website, a connection to YouTube's servers is established. This informs the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, after a video starts playing, YouTube may store various cookies on your device or use similar recognition technologies (e.g., device fingerprinting). This allows YouTube to obtain information about visitors to this website. This information is used, among other things, to compile video statistics, improve user-friendliness, and prevent fraud.

Additional data processing operations may be triggered after a YouTube video starts, over which we have no control.

The use of YouTube is in our legitimate interest in presenting our online content in an appealing way. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR. If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR; this consent can be revoked at any time.

Further information about data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=de.

Facebook

We operate a Facebook fan page at https://www.facebook.com/. This social network is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Interaction with our company profile

When you visit our Facebook profile and interact with us through it, we process personal data. This includes both the publicly available data on the profile and the personal data contained in posts, comments, or direct messages to us. Interactions such as liking or sharing allow us to view the user profile and its publicly available information.

The legal basis for this processing is Article 6(1)(f) GDPR. It is in our legitimate interest to provide relevant and interesting content and to enable the use and functionality of our Facebook profile.

Insofar as a request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures, our processing is based on Art. 6 para. 1 lit. b GDPR.

Page Insights

As explained in the Meta privacy policy under "How do we use your information?", Meta also collects and uses information to provide analytics services, known as Page Insights, to page administrators. This also applies to our Facebook page.

Page insights are aggregated statistics that are generated based on specific interactions of visitors with pages and the content associated with them (e.g., viewing a page or video, subscribing to a page, liking or unliking a page, etc.) and logged by the meta servers.

Meta provides us with aggregated statistics and insights in connection with Page Insights, which tell us how people interact with our company page. We do not receive access to any personally identifiable information, but only to the aggregated Page Insights. Using Page Insights, we can view anonymous statistics such as our account's reach, page views, likes, etc. These also include analyses by age, gender, and location of users (as specified by them in their respective Facebook profiles). For the reach analysis, we can adjust settings and apply filters to select a time period, view a specific post, and define demographic groups. This data is anonymized. It is not possible for us to draw conclusions about specific individuals.

The processing of this data serves the purpose of analyzing our reach and tailoring our content and advertisements to user interests, so that visitors can derive maximum benefit. Based on the evaluation of this data, we can understand how our content, our profile, and our advertising are consumed. This allows us to create targeted content and place advertisements to better market our company and our services.

The processing is based on our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

The processing of personal data in the course of so-called Page Insights is carried out jointly with Facebook in accordance with Art. 26 para. 1 GDPR.

We have entered into a corresponding agreement with Facebook, which can be viewed here (https://www.facebook.com/legal/terms/page_controller_addendum).

Facebook's contact details are:

Online Contact: https://www.facebook.com/help/contact/1650115808681298

Postalisch: Meta Platforms Ireland Limited, ATTN: Privacy Operations, Merrion Road, Dublin 4, D04 X2K5, Irland.

For Facebook, you can contact the data protection officer via the following link:

https://www.facebook.com/help/contact/540977946302970.

More information about Page Insights:

https://de-de.facebook.com/legal/terms/page_cntroller_addendum

Processing of personal data and cookies by Meta

When you access a Facebook page, the IP address assigned to your device is transmitted to Facebook. According to Facebook, this IP address is anonymized (for "German" IP addresses). Facebook also stores information about its users' devices (e.g., as part of the "Login Notifications" feature); this may allow Facebook to associate IP addresses with individual users. If you are currently logged into Facebook, a cookie containing your Facebook ID is stored on your device. This allows Facebook to track that you visited this page and how you used it. Through Facebook buttons embedded in websites, Facebook can record your visits to these websites and associate them with your Facebook profile. This data can then be used to personalize content or advertising for you.

Information on how to manage or delete personal data can be found in Facebook's Privacy Center:

https://www.facebook.com/privacy/center/.

Further information on how Facebook handles data can be found here:

http://de-de.facebook.com/about/privacy.

Instagram

We operate an Instagram profile. This social media platform is offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Interaction with our company profile

When you visit our Instagram profile and interact with us through it, we process personal data. This includes both the publicly available data on the profile and the personal data contained in posts, comments, or direct messages to us. Interactions such as liking or sharing allow us to view the user profile and its publicly available information.

Insofar as a request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures, our processing is based on Art. 6 para. 1 lit. b GDPR.

Insights

As explained in the Meta Privacy Policy under "How do we use your information?" (https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect), Meta also collects and uses information to provide analytics services, known as Insights, to page administrators. This also applies to our Instagram profile.

Insights are aggregated statistics generated from specific visitor interactions with pages and their associated content, and logged by the meta servers. This includes, among other things, the following information:

How many people see and interact with our products, services, or content, such as posts, videos, Instagram pages, listings, shops, and advertisements (when advertising is shown on meta-products)?
How do people interact with our content, websites, apps and services?
Which group of people interacts with our content or which group of people uses our services?

Meta provides us with summarized reports and insights that tell us how well our content, features, products and services are performing.

We do not gain access to personal data, but only to the summarized reports.

To analyze reach, we can adjust settings and apply filters regarding the selection of a time period, the consideration of a specific post, and demographic groupings. This data is anonymized. It is not possible for us to draw conclusions about specific individuals.

The processing is based on our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR.

When processing personal data in the course of so-called Insights, the processing is carried out jointly with Meta in accordance with Art. 26 para. 1 GDPR.

We have reached a corresponding agreement with Meta, which can be viewed here (https://www.facebook.com/legal/terms/page_controller_addendum.).

Meta's contact details are:

Online Contact: https://www.facebook.com/help/contact/1650115808681298

Postalisch: Meta Platforms Ireland Limited, ATTN: Privacy Operations, Merrion Road, Dublin 4, D04 X2K5, Irland.

For Instagram, you can contact the data protection officer via the following link:

https://www.facebook.com/help/contact/540977946302970.

More information about the insights:

https://de-de.facebook.com/help/pages/insights.

Instagram's full privacy policy can be found here:

https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect

Processing of personal data and cookies by Meta

When you access an Instagram page, the IP address assigned to your device is transmitted to Meta. According to Meta, this IP address is anonymized (for "German" IP addresses). Meta also stores information about its users' devices (e.g., as part of the "Login Notification" feature); this may allow Meta to associate IP addresses with individual users. If you are currently logged into Instagram, a cookie containing your Instagram ID is stored on your device. This allows Meta to track that you visited this page and how you used it. Meta buttons embedded in websites allow Meta to record your visits to these websites and associate them with your Instagram profile. This data can then be used to personalize content or advertising for you.

More information:

https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect

Drittinhalte

Google Fonts

We have integrated Google Fonts locally on our server. This means that, despite using them, no data is transferred to Google.

OpenStreetMap

We use OpenStreetMap on this website. OpenStreetMap is a plugin that enables the integration of map data on this website. This service is provided by the OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom.

This is a collaborative project that aims to create and provide freely usable geographic data, such as road maps. As it is an open-source project, the data is contributed and updated by a community of cartographers from around the world. This data can be used for various purposes, from displaying maps on websites to using it in GIS applications, mobile apps, and more.

When using the maps, a connection is established to the servers of the OpenStreetMap Foundation. No cookies are involved that are used to track website visitors; only those cookies that are strictly necessary for the website's functionality are used.

The legal basis for the processing is Article 6(1)(f) GDPR. We have a legitimate interest in showing locations or providing geographical information.

More information:

https://wiki.osmfoundation.org/wiki/Privacy_Policy.

Mapbox

We use the Mapbox service on our website. This service is offered by Mapbox Inc., 740 15th St NW Ste 500 Washington, DC, 20005-1047, USA.

Mapbox provides a location data platform that enables maps and location services. Mapbox offers SDKs (Software Development Kits) and APIs (Application Programming Interfaces) that businesses and developers can use to integrate Mapbox mapping and navigation technologies into their licensed applications and websites.

Mapbox does not (and cannot) track end-user activity or create targeted profiles with the data. To ensure Mapbox's functionality, it uses cookies. Additionally, location data is collected and stored with an anonymized session ID for 24 hours.

These cookies are only set with your consent. You can withdraw your consent at any time.

The legal basis is Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as this consent includes access to information in the user's terminal equipment or the storage of cookies within the meaning of the TDDDG.

Data transfers to the USA are governed by the EU Commission's Standard Contractual Clauses (SCCs).

Further details:

https://www.mapbox.com/legal/privacy.

Your rights

Information, deletion and correction

Under applicable law, you have the right to request information, free of charge, about your stored personal data, its origin and recipients, and the purpose of data processing, as well as the right to rectification or erasure of this data. For this purpose, and for any further questions regarding personal data, you can contact us at any time at the address provided in the legal notice.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time at the address provided in the legal notice. The right to restrict processing exists in the following cases:

If you dispute the accuracy of your personal data stored with us, we generally need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data. If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of erasure. If we no longer need your personal data, but you require it for the establishment, exercise, or defense of legal claims, you have the right to request the restriction of the processing of your personal data instead of erasure. If you have objected to processing pursuant to Article 21(1) GDPR, a balancing of interests between your interests and ours must be carried out. As long as it is not yet clear whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data – apart from being stored – may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

Revocation of your consent to data processing

Many data processing operations are only possible with your explicit consent. You can revoke your consent at any time. The legality of data processing carried out before the revocation remains unaffected by the revocation.

Right to object to data processing in special cases and to direct marketing (Art. 21 GDPR)

If data processing is based on Article 6(1)(e) or (f) of the GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you; this also applies to profiling based on these provisions. The specific legal basis for processing can be found in this privacy notice. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the purpose of establishing, exercising or defending legal claims (objection pursuant to Art. 21 para. 1 GDPR).

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be processed for direct marketing purposes (objection pursuant to Article 21(2) GDPR).

Right to lodge a complaint with the competent supervisory authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work, or the place of the alleged infringement. This right to lodge a complaint is without prejudice to any other administrative or judicial remedy.

Right to data portability

You have the right to receive the data that we process automatically based on your consent or in fulfillment of a contract, either for yourself or for a third party, in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done if technically feasible.

What if the GDPR is abolished tomorrow, or other changes occur?

This privacy policy is currently valid as of June 24, 2025. From time to time, it is necessary to update the content of this privacy policy to reflect factual and legal changes. We therefore reserve the right to amend this privacy policy at any time. We will publish the amended version in the same location and recommend that you review the privacy policy regularly.