Data protection is very important for the Schlosshotel Kassel-Wilhelmshöhe Betriebs GmbH. A use of our internet pages is basically possible without any indication of personal data.
However, personal data processing may be required if special services are accessed through our website.
We generally seek the consent of the data subject if there is no legal basis for such processing.
We have implemented numerous technical and organizational measures to ensure the most complete protection of personal data. Nevertheless, Internet-based data transmissions can have security gaps so that absolute protection can not be guaranteed. For this reason, every person concerned is free to submit personal data to us by alternative means, for example by telephone.
Name and address of the controller
The person responsible within the meaning of the General Data Protection Regulation, other data protection laws in the Member States of the European Union and other provisions with a data protection character is:
Schlosshotel Bad Wilhelmshöhe
represented by Schlosshotel Kassel-Wilhelmshöhe Betriebs GmbH
Wilhelmshoeher Allee 288
Telephone: +49 (0) 561/30880
Fax: +49 (0) 561/3088-428
Contact details of the data protection officer
Contact person for the data protection is our external data protection officer.
For all questions on this topic, please contact:
List + Lohr Privacy and Information Security GmbH
Tel .: 0511-499999-600
E-Mail: team@ datenschutz-hannover.de
By using cookies, we can provide users of this website with more user-friendly services that would not be possible without cookies.
The data subject can prevent the setting of cookies through our website at any time by means of a corresponding setting of the Internet browser used and thus permanently contradict the setting of cookies. Furthermore, already set cookies can be deleted at any time via an internet browser or other software programs. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.
Our website uses SSL encryption. This encryption is used, for example, for inquiries you make to us through our website. Please make sure that the SSL encryption is activated by appropriate activities on your side. The use of encryption is easy to recognize: the ad in your browser address bar shows "https: //". SSL encrypted data is not readable by third parties.
Collection of general data and information
Our web pages capture a set of general data and information with each call made by an affected person or an automated system. This general data and information is stored in the log files of the server. The (a) browser types and versions used, (b) the operating system used by the accessing system, (c) the website from which an accessing system accesses our website (so-called referrers), (d) the sub-web pages which are accessed via (e) the date and time of access to the website, (f) an Internet Protocol address (IP address), (g) the Internet service provider of the accessing system and (h) other similar data and information used in the event of attacks on our IT systems.
When using this general data and information, we draw no conclusions about the person concerned. Rather, this information is required to (1) correctly deliver the contents of our website, (2) to optimize the content of our website and to promote it, (3) to ensure the continued functioning of our IT systems and the technology of our website, and (4) to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyberattack. This anonymously collected data and information is therefore statistically evaluated by us on the one hand and further with the aim of increasing the privacy and data security in our company in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by an affected person.
For the provision of paid services, we request additional data, such as: Payment details. To protect the security of your data during transmission, we use state-of-the-art encryption techniques (such as SSL) over HTTPS.
Contact via website
Due to legal regulations, our website contains information that allows us to quickly get in contact with our company as well as to communicate directly with us, which also includes a general address of the so-called electronic mail (e-mail address). If an affected person contacts the data controller by e-mail or through a contact form, the personal data provided by the data subject will be automatically saved. Such personal information provided on a voluntary basis by a data subject to the controller is stored for the purposes of processing or contacting the data subject. There is no disclosure of this personal data to third parties.
When you sign up to receive our newsletter, the data you provide will be used exclusively for this purpose. Subscribers may also be notified by email about circumstances relevant to the service or registration (such as changes to the newsletter offer or technical conditions).
For an effective registration we need a valid e-mail address. In order to verify that an application is actually made by the owner of an e-mail address, we use the "Double-opt-in" procedure. For this purpose we record the order of the newsletter, the dispatch of a confirmation email and the receipt of the requested answer. Further data is not collected. The data will be used exclusively for newsletter delivery and will not be passed on to third parties.
The consent to the storage of your personal data and their use for the newsletter can be revoked at any time. Each newsletter contains a link to this.
Deletion and blocking of personal data
The controller processes and stores the personal data of the data subject only for the period necessary to achieve the purpose of the storage or as provided for by law or regulation.
If the purpose of the storage is omitted or if a prescribed storage period expires, the personal data will be blocked or deleted in accordance with the statutory provisions.
Data protection in applications and in the application process
The controller collects and processes the personal data of candidates for the completion of the application process. The processing can also be done electronically. This is particularly the case if an applicant submits corresponding application documents by electronic means to the controller. If the controller concludes a contract of employment with an applicant, the data transmitted will be stored for the purposes of the employment relationship in accordance with the law. If no employment contract is concluded with the candidate by the controller, the application documents shall be deleted three months after the announcement of the rejection decision, unless deletion precludes other legitimate interests of the controller. Other legitimate interest in this sense, for example, a burden of proof in a procedure under the General Equal Treatment Act (AGG).
If you do not agree with the storage and evaluation of this data from your visit, then you can object to the storage and use below at any time by mouse click. In this case, a so-called opt-out cookie is stored in your browser, with the result that Piwik does not collect any session data. Attention: If you delete your cookies, this will result in the opt-out cookie being deleted as well and possibly re-activated by you.
Here you can decide whether a unique web analytics cookie may be stored in your browser in order to allow the operator of the website to collect and analyze various statistical data. If you wish to opt-out, click the following link to place the Piwik opt-out cookie in your browser.
<iframe src = "http://www.hotel-schweizerhof-kassel.de/index.php?module=CoreAdminHome&action=optOut&language=en" height = "220" width = "100%" frameborder = "0" marginwidth = " 0 "marginheight =" 0 "scrolling =" no "> </ iframe>
Embedded YouTube videos
On some of our websites, we embed YouTube videos. The operator of the corresponding plugins is the YouTube by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you visit a page with the YouTube plug-in, it will connect to YouTube's servers. It tells YouTube which pages you visit. If you are logged in to your YouTube account, YouTube may personally associate your browsing behavior with you. This can be prevented by logging out of your YouTube account beforehand.
Our website links social networking services facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. When visiting our website, no data will be transmitted to Facebook, as no Facebook plugins are included.
However, clicking on a Facebook link or Facebook button will take you to Facebook, where data will be collected through Facebook. We have no control over the amount of data Facebook collects. The data usage guidelines are available at the following link: http://www.facebook.com/about/privacy. The complete Facebook data policy can be found here: https://de-de.facebook.com/full_data_use_policy. In its judgment of 5 June 2018, the European Court of Justice (ECJ) ruled that the operator of a Facebook page is jointly responsible for the processing of personal data with Facebook. Thus, there is a joint responsibility under Article 26 GDPR between Facebook and our company - you will find information about this in the PageControllerAddendum.
If you are a member of Facebook and do not want Facebook to collect information about you and associate it with your membership data stored on Facebook, you must log out of Facebook before clicking on a Facebook link or a Facebook button.
Use of Google AdWords
Our website uses Google Conversion Tracking. If you have reached our website via an advertisement sent by Google, Google Adwords will set a cookie on your computer. The conversion tracking cookie is set when a user clicks on a Google-served ad. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages on our website and the cookie has not expired, we and Google may recognize that the user clicked on the ad and was redirected to this page. Each Google AdWords customer receives a different cookie. Cookies can not be tracked through the websites of advertisers. The information gathered using the conversion cookie is used to generate conversion statistics for AdWords advertisers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive any information that personally identifies users.
If you do not want to participate in the tracking, you can refuse the required setting of a cookie - for example, via a browser setting that generally deactivates the automatic setting of cookies or set your browser to block cookies from the domain "googleleadservices.com".
Please note that you can not delete the opt-out cookies as long as you do not want to record measurement data. If you have deleted all your cookies in the browser, you must set the respective opt-out cookie again.
Using Google Remarketing
This website uses Google Inc.'s remarketing feature. It's designed to present interest-based ads to web site visitors within the Google Network. A so-called "cookie" is stored in the browser of the website visitor, which makes it possible to recognize the visitor when he visits web pages belonging to the advertising network of Google. On these pages, visitors may be presented with ads related to content that the visitor previously viewed on web pages using Google's remarketing feature.
Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) as the legal basis for the processing of personal data.
In the processing of personal data necessary for the performance of a contract of which the data subject is a party, Art. 6 para. 1 lit. b DSGVO as legal basis. This also applies to processing operations required to carry out pre-contractual measures.
Insofar as the processing of personal data is required to fulfill a legal obligation that our company is subject to, Art. 6 para. 1 lit. c DSGVO as legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d DSGVO as legal basis.
If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interest, fundamental rights and fundamental freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f DSGVO as legal basis for processing.
Persons under the age of 18 should not submit any personal data to us without the consent of their parents or guardians.
Rights of the data subject
Right to confirmation
Each data subject has the right, as granted by the European Di- rective and Regulatory Authority, to require the controller to confirm whether personal data relating to him / her is being processed. If an affected person wishes to make use of this confirmation right, they can contact our data protection officer at any time.
Right to information
Any person affected by the processing of personal data shall have the right granted by the European legislature and the legislature at any time to obtain from the controller information free of charge concerning the personal data stored about him and a copy of that information. In addition, the European legislator and regulator has provided the data subject with the following information:
o the processing purposes;
o the categories of personal data being processed;
o the recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed, in particular to recipients in third countries or to international organizations;
o if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining that duration;
o the existence of a right to rectification or erasure of the personal data concerning them or of a restriction of processing by the controller or a right to object to such processing;
o the existence of a right of appeal to a supervisory authority;o if the personal data are not collected from the data subject: all available information on the source of the data;
o the existence of automated decision-making, including profiling, in accordance with Article 22 (1) and (4) of the DSBER Regulation and - at least in these cases - meaningful information about the logic involved and the scope and intended impact of such processing on the data subject.
Furthermore, the data subject has a right of access as to whether personal data has been transmitted to a third country or to an international organization. If this is the case, then the data subject has the right to obtain information about the appropriate guarantees in connection with the transfer.
If an affected person wishes to exercise this right to information, they can contact our data protection officer at any time.
Right to rectification
Any person affected by the processing of personal data has the right granted by the European directive and regulatory authority to demand the immediate correction of incorrect personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing.
If an affected person wishes to exercise this right to rectification, they can contact our data protection officer at any time.
Right to cancellation (right to be forgotten)
Any person affected by the processing of personal data shall have the right granted by the European Directives and Regulators to require the controller to immediately delete the personal data concerning him, provided that one of the following reasons is satisfied and the processing is not required:
o The personal data has been collected or otherwise processed for such purposes, for which they are no longer necessary.
o The data subject revokes the consent on which the processing was based in accordance with Article 6 (1) (a) of the GDPR or Article 9 (2) (a) of the GDPR and lacks any other legal basis for the processing.
o The data subject submits an objection to the processing pursuant to Art. 21 para. 1 DS-GVO, and there are no legitimate reasons for the processing, or the data subject appeals in accordance with Art. 21 para. 2 DS-GVO the processing.
o The personal data was processed unlawfully.
o The deletion of personal data is required to fulfill a legal obligation under Union or national law to which the controller is subject.
o The personal data were collected in relation to information society services offered pursuant to Art. 8 para. 1 DS-GVO.
If one of the above reasons is correct and an affected person wishes to arrange the deletion of personal data stored by us, they may at any time contact our data protection officer. Our data protection officer will arrange that the deletion request be fulfilled immediately.
If the personal data have been made public by us and if our company is responsible for deleting personal data as the person responsible pursuant to Art. 17 para. 1 DS-GVO, we take appropriate measures, others for data processing, taking into account the available technology and the implementation costs To inform those who process the published personal data that the data subject has requested the deletion of all links to such personal data or copies or replications of such personal data from these other data controllers, unless the processing is necessary is. Our data protection officer will arrange the necessary in individual cases.
Right to restriction of processing
Any person affected by the processing of personal data has the right granted by the European directive and regulatory authority to require the controller to restrict the processing if one of the following conditions applies:
o The accuracy of the personal data is contested by the data subject for a period of time that enables the person responsible to check the accuracy of the personal data.
o The processing is unlawful, the data subject refuses to delete the personal data and instead requests the restriction of the use of the personal data.
o The data controller no longer needs the personal data for the purposes of processing, but the data subject requires them to assert, exercise or defend their rights.
o The person concerned has objected to the processing acc. Art. 21 para. 1 DS-GVO and it is not yet clear whether the legitimate reasons of the person responsible outweigh those of the person concerned.
If one of the above conditions is met and a data subject wishes to request the restriction of personal data stored by us, they may at any time contact our data protection officer or another employee of the controller. Our data protection officer will initiate the restriction of processing.
Right to data portability
Any person affected by the processing of personal data shall have the right granted by the European Di- rective and Regulatory Authority to receive the personal data concerning him / her provided to a controller by the data subject in a structured, common and machine-readable format. It also has the right to transfer this data to another person responsible without hindrance by the controller to whom the personal data were provided, provided that the processing is based on the consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 para 2 (a) of the GDPR or on a contract pursuant to Article 6 (1) (b) of the GDPR and processing by automated means, unless the processing is necessary for the performance of a task of public interest or in the exercise of official authority, which has been assigned to the controller.
Furthermore, in exercising their right to data portability under Article 20 (1) of the GDPR, the data subject has the right to obtain that the personal data is transmitted directly from one controller to another, where technically feasible and if so this does not affect the rights and freedoms of others.
In order to assert the right to data portability, the data subject may at any time turn to the data protection officer appointed by us.
Right to objection
Any person concerned by the processing of personal data shall have the right conferred by the European directive and regulatory authority at any time, for reasons arising from its particular situation, against the processing of personal data relating to it pursuant to Article 6 (1) (e) or f DS-GVO takes an objection.
In the event of an objection, we will no longer process personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh the interests, rights and freedoms of the data subject, or the processing is for the purpose of asserting, exercising or defending legal claims ,
If we process personal data in order to operate direct mail, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. If the data subject objects to processing for direct marketing purposes, we will no longer process the personal data for these purposes.
In order to exercise the right to object, the data subject may contact our data protection officer or another employee directly. The data subject is also free, in the context of the use of information society services, notwithstanding Directive 2002/58 / EC, to exercise his right of opposition by means of automated procedures using technical specifications.
Right to revoke a data protection consentAny person affected by the processing of personal data has the right, granted by the European directive and regulatory authority, to revoke consent to the processing of personal data at any time.If the data subject wishes to assert their right to withdraw consent, they can contact our data protection officer at any time.