Privacy policy

Scope of application

The protection of personal data is important to us. Therefore, the processing of personal data is carried out in accordance with the applicable European and national legislation.

This privacy policy informs users about the nature, scope and purpose of the collection and use of personal data by the responsible provider

Engel Obertal
Wellness & Pleasure Resort
Rechtmurgstraße 28
72270 Baiersbronn

Phone: +49 (7449) 850
Fax: +49 (7449) 85200

himmlisch@engel-obertal.de

on this website (hereinafter referred to as "provider"). The legal basis for data protection can be found in the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG).

You can of course revoke your declaration(s) of consent at any time with effect for the future. To do so, please contact the controller below.

We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

Access data/ server log files
The provider (or its web space provider) collects data about every access to the website (so-called server log files) for statistical evaluations for the purpose of operation, security and optimization of the website. The access data includes:

Name of the website accessed
Date and time of the server request
Browser type and browser version
Operating system used
IP address and the requesting provider.
Referrer URL (Internet address of the previously visited page)
Name of the retrieved file and amount of data transferred
Message as to whether the retrieval was successful

The provider reserves the right to check the log data retrospectively if there is a justified suspicion of unlawful use based on concrete evidence.

This data is not merged with other data sources.

The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.

Complete protection of your data against access by third parties cannot be guaranteed for data transmission on the Internet (e.g. e-mail communication) due to possible security gaps.

Handling of personal data
When using the website, confidential, personal data is collected that can enable personal identification. This includes, for example, your name, telephone number, address and all data that you transmit to us during registration, payment processing, execution of a contract and when creating your customer account.

SSL encryption
To protect the security of your personal data during transmission, we use SSL encryption (Secure Socket Layer).

Cookies
Cookies are small text files that make it possible to store specific, device-related information on the user's access device. On the one hand, they serve the user-friendliness of websites and thus the users (e.g. storage of login data). On the other hand, they are used to collect statistical data on website usage and to analyze it in order to improve the website. A basic distinction is made between two different types of cookies, so-called session cookies, which are deleted as soon as you close your browser, and cookies that are stored on your device until you delete them. Users can influence the use of cookies. Most browsers have an option with which the storage of cookies can be restricted or completely prevented. However, we would like to point out that our website and service will only function to a limited extent if you prevent the use of cookies.

Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g. shopping cart function) are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services.

You can manage many online ad cookies from companies via the US site aboutads.info/choices or the EU site youronlinechoices.com/uk/your-ad-choices.

Google Tag Manager
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that enables us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google's parent company in the United States.

The Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

Vioma Booking
Our website uses the vioma BOOKING booking technology provided by vioma GmbH, Industriestraße 27, 77656 Offenburg ("vioma"). We have concluded an order processing agreement with vioma.

If you make an online booking or a booking request via our website, we need your e-mail address, your travel dates, the product booked and your title and first and last name for processing. In individual cases, we may also ask for your telephone number so that we can contact you quickly, particularly in the event of unforeseen circumstances affecting your booking.

To calculate the valid travel price, the dates of stay, the selected product, the number of persons traveling and whether the persons are adults or children are required. If you are traveling with children, the age of the children will also be requested for the correct travel price calculation. We also ask for the desired means of payment for the trip. If prepayment is used for your travel parameters, you will be forwarded to a payment service provider for the secure processing of the prepayment after selecting the desired payment method. Further information in the form is provided on a voluntary basis.

The processing of your data for the online booking and the online booking request is based on Art. 6 para. 1 lit. b GDPR and serves the fulfillment of a contract or the implementation of pre-contractual measures.

The data you transmit to us will remain with us until the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

Google Analytics
Google Analytics cookies are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising in a targeted manner.

This website uses Google Analytics, a web analytics service provided by Google Inc ("Google"). Google Analytics uses so-called "cookies", text files which are stored on the user's computer and which enable the use of the website to be analyzed. The information generated by the cookie about the use of this website by the user is usually transmitted to a Google server in the USA and stored there.

However, if IP anonymization is activated on this website, the IP address of Google users within member states of the European Union or in other signatory states to the Agreement on the European Economic Area will be shortened beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. IP anonymization is active on this website. On behalf of the operator of this website, Google will use this information to evaluate the use of the website by users, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Users may refuse the use of cookies by selecting the appropriate settings on their browser, however please note that if you do this you may not be able to use the full functionality of this website. Users can also prevent Google from collecting the data generated by the cookie and relating to their use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

As an alternative to the browser add-on or within browsers on mobile devices, please click this Link, to prevent Google Analytics from collecting data on this website in the future. An opt-out cookie will be stored on your device. If you delete your cookies, you must click this link again.

Use of web fonts
This site uses so-called Google Fonts, which are provided by Google, for the uniform display of fonts. Google Fonts are installed locally. There is no connection to Google servers.

You can find more information about Google Fonts at https://developers.google.com/fonts/faq und in der Privacy policy of Google: https://policies.google.com/privacy?hl=de.

Use of Java Script
We use active Java Script content from external providers on this website. By accessing our website, these external providers may receive personal information about your visit to our website. In this case, data may be processed outside the EU. You can prevent this by installing a JavaScript blocker such as the browser plug-in 'NoScript' (www.noscript.net) or deactivating JavaScript in your browser. However, we would like to point out that our website and service will only function to a limited extent if you disable the use of JavaScript.

Integration of third-party services and content
It may happen that third-party content, such as videos from YouTube, maps from Google Maps, RSS feeds or graphics from other websites are integrated into this website. This always presupposes that the providers of this content (hereinafter referred to as "third-party providers") are aware of the user's IP address. This is because without the IP address, they would not be able to send the content to the respective user's browser. The IP address is therefore required to display this content. We endeavor to only use content whose respective providers only use the IP address to deliver the content. However, we have no influence on whether the third-party providers store the IP address, e.g. for statistical purposes. Insofar as we are aware of this, we will inform users accordingly.

Facebook
(1) Social plugins of the social network Facebook (Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA) are used on these pages. This plugin allows you to bookmark these pages and share them with other participants in the social network. You can recognize this plugin by the Facebook logo or the typical "Like" button. You can find an overview of Facebook plugins at http://developers.facebook.com/docs/plugins/.

(2) We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to Facebook. We give you the opportunity to communicate directly with Facebook via the button. Only if you click on the marked field and thereby activate it will Facebook receive the information that you have accessed the corresponding website of our online offer.

Data is passed on regardless of whether you have a Facebook account and are logged in there.

a) If you click on the Facebook "Like" button while you are logged into your Facebook account, the content of these pages can also be linked to your Facebook profile. In this case, Facebook can also assign the visit to these pages to your user account. If you click the activated button and, for example, link the page, Facebook also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, especially before activating the button, as this will help you avoid being assigned to your profile.

b) If you are not a member of Facebook or have logged out of Facebook before visiting this page, it is still possible for Facebook to find out and store your IP address. If you do not want Facebook to be able to assign your visit to our pages to your Facebook user account, you must log out of Facebook before visiting our website or not activate the plugin, regardless of whether you have a Facebook account and are logged in there.

The following data is transmitted to Facebook:

• Browser-related data such as IP address, browser type, operating system, time and date of the request, website visited.
• User ID (for registered Facebook account)

According to Facebook in Germany, IP addresses are anonymized immediately after collection. By activating the plugin, your personal data is therefore transmitted to Facebook and stored in the USA. Since Facebook collects data in particular via cookies, we recommend that you delete all cookies via your browser's security settings before clicking on the grayed-out box.

(3) We have no influence on the data collected and data processing procedures, nor are we aware of the full extent of data collection, the purposes of processing or the storage periods. We also have no information on the deletion of the data collected by Facebook.

(4) Facebook stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website. We offer you the opportunity to interact with the social networks and other users via the plugins so that we can improve our offering and make it more interesting for you as a user.

Links to external websites
This website contains links to external sites. We are responsible for our own content. We have no influence on the contents of external links and are therefore not responsible for them, in particular we do not adopt their contents as our own. If you are directed to an external site, the data protection declaration provided there applies. If you notice any illegal activities or content on this site, please let us know. In this case, we will check the content and respond accordingly.

Contact us
When contacting the provider (e.g. via contact form or e-mail), the user's details are stored for the purpose of processing the inquiry and in the event that follow-up questions arise. This data will not be passed on without your consent.

The processing of your data that you transmit when contacting us is based on your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw your consent at any time. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

As long as no request for data deletion is made, the consent to storage is revoked or the purpose for data storage no longer applies, the data transmitted when contacting us will remain with us. Statutory retention periods remain unaffected.

Newsletter
We use the newsletter to inform you about us and our offers. If you would like to receive the newsletter, we require a valid e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided or that the owner agrees to receive the newsletter. No further data is collected. This data is only used for sending the newsletter and is not passed on to third parties. When you register for the newsletter, we save your IP address and the date of registration. This storage serves solely as proof in the event that a third party misuses an email address and registers to receive the newsletter without the knowledge of the authorized person. You can revoke your consent to the storage of the data, the email address and its use for sending the newsletter at any time. The revocation can be made via a link in the newsletters themselves, in your profile area or by sending a message to the contact options listed above.

Data protection officer required by law
Wir haben für unser Unternehmen einen externen Datenschutzbeauftragten bestellt.

Herr Dieter Grohmann
AKWISO Datenschutz & Audit
Beethovenstraße 23
87435 Kempten
Deutschland
Tel.: 0831 / 512 470 30
E-Mail: dg@akwiso.de
Website: www.akwiso.de

Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

Right to information,
Right to rectification
Right to restriction of processing,
Right to erasure
Right to information
Right to data portability.
Right to object to processing
Right to withdraw consent under data protection law
Right not to be subject to an automated decision
Right to lodge a complaint with a supervisory authority

1. right to information
(1) You can request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you can request information free of charge from the controller at any time about the personal data stored about you and about the following information:
(a) the purposes for which the personal data are processed;
b) the categories of personal data being processed
c) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed
d) the envisaged period for which the personal data concerning you will be stored, or, if specific information on this is not possible, the criteria used to determine that period
e) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing
f) the existence of a right to lodge a complaint with a supervisory authority
g) all available information about the origin of the data if the personal data is not collected from the data subject
h) the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
(2) You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

2. right to rectification
You have the right to obtain from the controller without undue delay the rectification and/or completion of inaccurate or incomplete personal data concerning you.

3. right to restriction of processing
(1) Under the following conditions, you have the right to obtain from the controller restriction of processing of personal data concerning you without undue delay
a) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
b) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead

c) the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; or
d) if you have objected to the processing pursuant to Art. 21 para. 1 GDPR and it is not yet certain whether the legitimate reasons of the controller outweigh your reasons.

(2) If the processing of personal data concerning you has been restricted, this data - apart from its storage - may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

4. right to erasure
(1) You have the right to obtain from the controller the erasure of personal data concerning you without undue delay where one of the following grounds applies:
a) The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
b) You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.
c) You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
d) The personal data concerning you has been processed unlawfully.
e) The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
f) The personal data concerning you have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

(2) Hat der Verantwortliche die Sie betreffenden personenbezogenen Daten öffentlich gemacht und ist er gem. Art. 17 Abs. 1 DSGVO zu deren Löschung verpflichtet, so trifft er unter Berücksichtigung der verfügbaren Technologie und der Implementierungskosten angemessene Maßnahmen, auch technischer Art, um für die Datenverarbeitung Verantwortliche, die die personenbezogenen Daten verarbeiten, darüber zu informieren, dass Sie als betroffene Person von ihnen die Löschung aller Links zu diesen personenbezogenen Daten oder von Kopien oder Replikationen dieser personenbezogenen Daten verlangt haben.

(2) Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

(3) The right to erasure does not apply if the processing is necessary
a) for exercising the right of freedom of expression and information;
b) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
c) for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;(2) Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 17 (1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

(3) The right to erasure does not apply if the processing is necessary
a) for exercising the right of freedom of expression and information;
b) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
c) for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
e) for the establishment, exercise or defense of legal claims.

5) Right to information
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification/erasure/restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right vis-à-vis the controller to be informed about these recipients.

6. right to data portability
(1) You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where
a) the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
b) the processing is carried out by automated means.

(2) In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons may not be impaired by this.

(3) The right to data portability shall not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

(4) To assert the right to data portability, the data subject may contact the controller at any time.

7. right to object
(1) You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.

(2) The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

(3) If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

(4) In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

(5) To exercise the right to object, the data subject may contact the controller directly.

8. right to revoke the declaration of consent under data protection law
You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. You can contact the controller for this purpose.

9. automated decision in individual cases including profiling
(1) You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
a) is necessary for the conclusion or performance of a contract between you and the controller
b) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
c) is made with your express consent.

(2) However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and

appropriate measures have been taken to protect the rights and freedoms and your legitimate interests

(3) In the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

(4) If the data subject wishes to assert rights relating to automated decisions, they can contact the controller at any time.

10. right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

Changes to the privacy policy
We reserve the right to change our privacy practices and this policy to reflect changes in relevant laws or regulations or to better meet your needs. Possible changes to our data protection practices will be announced here accordingly. Please note the current version date of the privacy policy.