Responsible body within the meaning of data protection laws, in particular the EU Data Protection Ordinance (DSGVO):
Hotel Kurhaus Ochs Betriebs KG, Anton Ochs, Kanonenstraße 6 - 8, 61389 Schmitten/ Taunus
Phone: +49 (0) 6084 48-0, e-mail: reception@kurhaus-ochs.de, Web: https://www.kurhaus-ochs.de

Your rights as a party concerned

You can exercise the following rights at any time using the above contact details:

• Information about your data stored with us and their processing (Art. 15 DSGVO),
• Correction of incorrect personal data (Art. 16 DSGVO),
• Deletion of your data stored with us (Art. 17 DSGVO),
• Restriction of data processing if we are not yet allowed to delete your data due to legal obligations (Art. 18 DSGVO),
• Objection to the processing of your data by us (Art. 21 DSGVO) and
• Data transferability if you have consented to data processing or have concluded a contract with us (Art. 20 DSGVO).

If you have given us your consent, you can revoke it at any time with effect for the future.

You can contact your local supervisory authority at any time with a complaint. Your competent supervisory authority depends on your state of residence, your work or the alleged infringement. A list of supervisory authorities (for the non-public sector) with addresses can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/addresses_links-node.html.

Collection of general information when you visit our website

Nature and purpose of the processing:
If you access our website, i.e. if you do not register or otherwise submit information, information of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider, your IP address and the like.

In particular, they are processed for the following purposes:

• Ensuring a trouble-free connection to the website,
• Ensuring the smooth use of our website,
• Evaluation of system safety and stability as well as
• for other administrative purposes.

We do not use your data to draw conclusions about your person. Information of this kind is evaluated statistically by us if necessary, in order to optimize our Internet appearance and the technology behind it.

Legal basis:
Processing is carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of our legitimate interest in improving the stability and functionality of our website.

Recipient:
Recipients of the data may be technical service providers who act as contract processors for the operation and maintenance of our website.

Storage period:
The data is deleted as soon as it is no longer required for the purpose of collection. This is generally the case for the data used to provide the website when the respective session has ended.

Provision prescribed or required:
The provision of the aforementioned personal data is neither required by law nor by contract. Without the IP address, however, the service and functionality of our website cannot be guaranteed. In addition, individual services may not be available or restricted. For this reason an objection is excluded.

SSL encoding

To protect the security of your data during transmission, we use state-of-the-art encryption methods (SSL via HTTPS).

Contact form

Nature and purpose of processing:
The data you enter will be stored for the purpose of individual communication with you. For this purpose, it is necessary to provide a valid e-mail address and your name. This is used for the assignment of the request and the subsequent response to the same. The provision of further data is optional.

Legal basis:
The processing of the data entered in the contact form is based on a legitimate interest (Art. 6 para. 1 lit. f DSGVO). By providing the contact form, we would like to enable you to contact us in an uncomplicated manner. The information you provide will be stored for the purpose of processing the request and for possible follow-up questions. If you contact us to request a quote, the data entered in the contact form will be processed for the implementation of pre-contractual measures (Art. 6 para. 1 lit. b DSGVO).

Recipients:
Recipients of the data are, if applicable, order processors.

Storage period:
Data will be deleted no later than 6 months after processing the request. If a contractual relationship arises, we are subject to the statutory retention periods under the German Commercial Code (HGB) and delete your data after these periods have expired.

Provision mandatory or required:
The provision of your personal data is voluntary. However, we can only process your request if you provide us with your name, e-mail address and the reason for the request.

Contract processors used

The following organisations, companies or persons have been commissioned by the operator of this website to process data:
Profihost AG, Expo Plaza 1, 30539 Hanover, Germany

Information about your right to object according to Art. 21 DSGVO

Individual right of objection
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6(1)(f) DSGVO (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 DSGVO. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

Recipient of an objection
Hotel Kurhaus Ochs Betriebs KG, Anton Ochs, Kanonenstraße 6 - 8, 61389 Schmitten/ Taunus

Changes to our data protection regulations

We reserve the right to adapt this data protection declaration so that it always complies with current legal requirements or to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new data protection declaration will then apply for your next visit.

Questions about data protection

If you have any questions about data protection, please send us an e-mail.

The privacy policy was created with the help of activeMind AG, the experts for external data protection officers (Version #2020-09-30).

Data protection for applications and in the application process

The data controller collects and processes the personal data of applicants for the purpose of processing the application procedure. Processing may also be carried out electronically. This is particularly the case if an applicant submits the relevant application documents electronically, for example by e-mail or via a web form on the website, to the data controller. If the data controller concludes an employment contract with an applicant, the data transmitted shall be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude a contract of employment with the applicant, the application documents shall be automatically deleted two months after notification of the rejection decision, unless deletion conflicts with any other legitimate interests of the controller. Other legitimate interests in this sense include, for example, the duty to provide evidence in proceedings under the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz - AGG).

XING Share Button

We would like to inform you here about the processing of personal data about the function of the XING Share button.

The "XING Share Button" is used on this website. When you access this website, your browser is used to establish a short-term connection to XING SE servers ("XING"), with which the "XING Share Button" functions (in particular the calculation/display of the meter value) are performed. XING does not store any personal data about you when you access this website. In particular, XING does not store any IP addresses. There is also no evaluation of your usage behaviour via the use of cookies in connection with the "XING Share Button". The latest data protection information on the "XING Share Button" and additional information can be found on this website: https://www.xing.com/app/share?op=data_protection.

Route planner Deutsche Bahn

A route planner of Deutsche Bahn is embedded on various pages of our online presence. When the pages are called up, a connection to the Deutsche Bahn server is established and loads the route planner.

Further information on data protection at Deutsche Bahn can be found in the provider's data protection declaration at: https://www.bahn.de/p/view/home/datenschutz/schutz.shtml

Online booking tool DIRS21

Our online presence uses the online booking tool DIRS21 of TourOnline AG, Borsigstraße 26, 73249 Wernau, Germany (www.dirs21.de, hereinafter "TOAG") to enable online bookings of accommodation and other travel services on several pages.
When calling up the pages, a connection to the DIRS21 server is established and an input mask for searching and, if necessary, booking online is displayed on our pages. For this purpose, the browser you are using must establish a connection to the servers of TourOnline AG. In this way TourOnline AG becomes aware that our website has been accessed via your IP address. The use of DIRS21 is in the interest of a simple and quick booking process. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO.

To check availability for available rooms or package offers, it is not necessary for you to provide any personal information. If you wish to book an available room or a package, personal data is required for the booking, in particular name, address, telephone number and your email address. These data are stored in the DIRS21 system for each booking under a booking number and transmitted to us, the Ringhotel Kurhaus Ochs.

Within the framework of the online booking tool, TOAG processes the data as the person responsible. You will find the information and provisions on data protection in TOAG's data protection declaration on the online booking tool, which you can view at any time at www.dirs21.de/datenschutz

XING Presences

We maintain an online presence on Xing to communicate with active users of this social network or to provide information about us.

For a detailed description of the respective forms of processing and the existing opt-out options, please read the data protection declarations and information provided by the operators of the respective network. If you have requests for information or would like to assert rights of data subjects, we recommend that you contact the relevant network operators directly.

Xing

XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany
New Work SE (Responsible in the sense of the EU-DSGVO)
Dammtorstraße 30, 20354 Hamburg, Germany
Phone: +49 40 419 131-0, E-Mail: info@xing.com
Website: https://www.xing.de
Data protection declaration: https://privacy.xing.com/de/datenschutzerklaerung

Privacy policy for Instagram and Facebook presences

We would like to point out that you use our Instagram and Facebook profiles and their respective functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. liking and commenting).

You have options to restrict the processing of your data in the general settings of your Instagram or Facebook account and under the item "Privacy, data protection and security". In addition, you can restrict the access of Instagram / Facebook to contact and calendar data, photos, location data, etc. on mobile devices in the settings options there. However, this depends on the operating system used.

The following information applies to data processing in the context of using our Facebook and Instagram page linked at the top of the page.

Instagram and Facebook are a product of Meta Platforms Ireland Ltd. For ease of reading and understanding, the brand "Instagram" or "Facebook" will always be referred to below when Meta is meant as a co-responsible party. Hotel Kurhaus Ochs will be referred to as the "responsible party" in the following.

In addition to this information, please also note the privacy policies of Instagram and Facebook. In particular, information about the processing of data by Instagram / Facebook during interactions with the Instagram / Facebook page, information about the legal basis and purposes of the processing of personal data, as well as information about data deletion and storage duration on Instagram can be found on the page: https://help.instagram.com/519522125107875. Further information also on https://de-de.facebook.com/help/instagram/155833707900388

Instagram / Facebook complies with all obligations under the GDPR with regard to the processing of Insights data. The responsible parties do not make any decisions regarding the processing of Insights data and all other information resulting from Art. 13 DSGVO. These are only provided by Instagram / Facebook Insights.

The contact details of Instagram and Facebook:

Meta Platforms Ireland Ltd.
4 Grand Canal Square
Dublin 2
Ireland

Facebook / now: Meta

Meta Platforms Ireland Limited., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland
Parent company: Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA
Website: https://www.facebook.com
Data protection declaration: https://www.facebook.com/about/privacy
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active;
Objection possibility (Opt-Out), for logged in users: https://www.facebook.com/settings?tab=ads;
Additional information on data protection: Agreement on joint processing of personal data on Facebook pages: https://www.facebook.com/legal/terms/page_controller_addendum

Contact details of the data protection officer of Meta Platforms Ireland Ltd.:

https://www.facebook.com/help/contact/540977946302970

The data protection supervisory authority for Meta Platforms Ireland Ltd. is:

Data Protection Commission
21 Fitzwilliam Square South
Dublin 2, D02 RD28
Ireland
 
Phone +353 578 684 800
Phone +353 761 104 800

To assert data subject rights against Instagram or Facebook, users follow this link: https://help.instagram.com/contact/1845713985721890

Processing of personal data and the nature and purpose of their use

(a) Types of personal data

The Controllers process the following personal data of the Users during interactions of the User with the Instagram/Facebook Page:

• public profile information of the User;
• in the case of comments, personal data specified therein;
• when replying to posts, personal data specified therein;
• when tagging people in photos;
• via Instagram Insights (analytics services for usage and interaction with Instagram pages) or Facebook Insights, further statistical data of the Users are processed by Instagram and Facebook, respectively. On the part of Instagram or Facebook, no personal data is made available to the persons responsible. The responsible parties only receive numerical evaluations from Instagram / Facebook on the use and interaction of users with the Instagram / Facebook page.

(b) Legal basis for the processing of personal data

Art. 6 para. 1 lit. f DSGVO (safeguarding legitimate interests).

The data controllers also process users' personal data to safeguard their legitimate interests. These are the following purposes:

• Evaluation of the analyses and statistics of the Instagram / Facebook page created and provided by Instagram / Facebook with regard to the interaction by the users with the Instagram / Facebook page.
• Communication and interaction via the Instagram / Facebook page
• Development of the number of subscribers to the Instagram / Facebook page.

In doing so, the responsible parties do not have access to the personal data processed by Instagram / Facebook as part of Insights.

Translated with www.DeepL.com/Translator