PRIVACY POLICY

1 Name and Address of the Responsible Party

The responsible party within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

Hotel Balmer See GmbH
Drewinscher Weg 1
17429 Benz | Ot Balm
Germany
Tel: +49 (0)38 379 28-0
Fax: +49 (0)38 379 28-222
Email: info@golfhotel-usedom.de
Website: www.golfhotel-usedom.de

2 Contact Details of the Data Protection Officer

You can contact our data protection officer as follows:

Email: oliver.groeger@i-sec.tuv.com

3 General Information on Data Processing

1.1 Scope of Processing of Personal Data

We collect and use personal data of our users only to the extent necessary to provide a functioning website as well as our content and services. The collection and use of personal data of our users generally takes place only with the consent of the user. An exception applies in cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by statutory provisions.

1.2 Legal Basis for the Processing of Personal Data

If we obtain consent from the data subject for processing personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis. For the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR is the legal basis. This also applies to processing operations necessary to carry out pre-contractual measures. If the processing of personal data is necessary to comply with a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis. In cases where vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR is the legal basis. If processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights, and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR is the legal basis for processing.

1.3 Data Deletion and Storage Duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also occur if stipulated by European or national legislators in union regulations, laws, or other provisions to which the controller is subject. Blocking or deletion also takes place when a storage period prescribed by these norms expires, unless data needs to be stored further for contractual conclusion or fulfillment.

4 Provision of the Website and Creation of Log Files

1.4 Description and Scope of Data Processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer. The following data are recorded:

(1) Information about the browser type and version used
(2) Name of the retrieved website
(3) Name of the retrieved file
(4) Date and time of access
(5) Amount of data transferred
(6) Notification of successful retrieval
(7) Information about the browser type and version used
(8) User's operating system
(9) The website from which the user’s system accessed our website (referrer)
(10) Requesting provider
(10) IP address

The data are also stored in the log files of our system. There is no storage of this data together with other personal data of the user.

1.5 Legal Basis for Data Processing

The legal basis for the temporary storage of the data and log files is Art. 6 para. 1 lit. f GDPR.

1.6 Purpose of Data Processing

The storage in log files is done to ensure the operation of the website. The data also help us to optimize the website and ensure the security of our IT systems. The data are not evaluated for marketing purposes. This is also our legitimate interest according to Art. 6 para. 1 lit. f GDPR.

1.7 Duration of Storage

In the case of data stored in log files, this usually occurs for a maximum of seven days. Further storage is possible, in which case IP addresses of users will be deleted or anonymized so that assignment to the calling client is no longer possible.

1.8 Objection and Removal Options

Data collection for website provision and data storage in log files are essential for operating the website. Therefore, users cannot object to this.

5 Use of Cookies

1.9 Description and Scope of Data Processing

Our website uses cookies. Cookies are text files stored in the internet browser or by the internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string that allows identification of the browser when visiting the website again. We use cookies to make our website more user-friendly. Some components of our website require that the browser is identifiable even after a page change. Users are informed about the use of cookies for analysis purposes and their consent is obtained for processing the personal data used in this context. Reference is also made to this privacy policy.

1.10 Legal Basis for Data Processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR.

1.11 Purpose of Data Processing

The purpose of technically necessary cookies is to facilitate the use of websites for users. Some functions of our website cannot be offered without cookies as the browser must be recognized after a page change. The personal data collected through necessary cookies are not used to create user profiles. This also constitutes our legitimate interest in processing personal data under Art. 6 para. 1 lit. f GDPR.

1.12 Duration of Storage, Objection and Removal Options

Cookies are stored on the user's computer and transmitted to our site from there. Users have full control over cookie use. By changing your browser settings, you can deactivate or restrict cookie transmission. Already stored cookies can be deleted at any time, also automatically. If cookies are deactivated, some website functions may no longer be fully usable.

6 Processing of Applicant Data

1.13 Scope of Processing

Within application procedures, personal data provided by applicants with their documents are processed. Usually, these are personal details from the job posting, postal and contact addresses, and application documents such as cover letter, resume, and certificates. Applicants may voluntarily provide additional information. If special categories of personal data according to Art. 9 para. 1 GDPR are voluntarily provided (e.g., health data such as severe disability or ethnic origin), processing is performed additionally pursuant to Art. 9 para. 2 lit. b GDPR. If special categories of personal data relevant to the advertised position are requested from applicants, processing also follows Art. 9 para. 2 lit. a GDPR (e.g., health data necessary for professional practice). By submitting the application to us, applicants consent to data processing for application purposes as described here. Processing may also occur electronically, especially if the application is submitted via the HOTELCAREER portal of YOURCAREERGROUP GmbH. Electronic submission is only possible if applicants are registered and logged in on the HOTELCAREER platform. Further data protection details can be found on YOURCAREERGROUP GmbH's website at: https://www.hotelcareer.de/datenschutzerklärung.

1.14 Legal Basis for Processing Personal Data

Legal basis for applicant data processing is Art. 88 para. 1 GDPR in conjunction with § 26 para. 1 sentence 1 BDSG. If an applicant voluntarily submits documents containing "special categories of personal data" (Art. 9 GDPR) (e.g., ethnic origin visible from the application photo, wearing glasses indicates visual impairment, thus health data, etc.), legal basis with consent is Art. 6 para. 1 lit. a GDPR. Processing follows additionally Art. 9 para. 2 lit. b GDPR. If special categories of personal data relevant to the position are requested, processing follows Art. 9 para. 2 lit. a GDPR.

1.15 Purpose of Data Processing

Data processing aims to decide on establishing an employment relationship. If an employment contract is concluded after the application process, we store your application data in your personnel file for usual organizational and administrative purposes, respecting further legal obligations. Legal basis is also § 26 para. 1 sentence 1 BDSG in conjunction with Art. 88 para. 1 GDPR.

1.16 Duration of Storage

If an application is rejected, data will be deleted at the latest six months after the application process concludes. This period allows for any follow-up questions and compliance with the proof obligation under the Equal Treatment Act. Legal basis for this proof obligation is Art. 6 para. 1 lit. f GDPR and § 24 para. 1 no. 2 BDSG. Our legitimate interest lies in legal defense or enforcement. Storage beyond this period occurs only with applicant consent for consideration at a later date.

1.17 Objection and Removal Options

Applicants can object to the processing of their personal data at any time. Consent can be revoked with future effect at any time.

7 Newsletter

1.18 Description and Scope of Data Processing

Our website offers the possibility to subscribe to a free newsletter. Upon signing up, data from the input form are transmitted to us, which include:

(1) Provided email address
(2) Provided name of the data subject

Additionally, the following data are collected during registration:
(1) IP address of the requesting computer
(2) Date and time of registration

Consent is obtained during registration, referencing this privacy policy. No data are shared with third parties in connection with newsletter data processing. Data are used exclusively for sending the newsletter.

1.19 Legal Basis for Data Processing

Legal basis for data processing after newsletter registration is Art. 6 para. 1 lit. a GDPR if consent is present.

1.20 Purpose of Data Processing

Collecting the user's email address serves to deliver the newsletter. Collecting other personal data during registration prevents misuse of the services or email address.

1.21 Duration of Storage

Data are deleted once they are no longer necessary for their collection purpose. The email address is stored as long as the newsletter subscription is active.

1.22 Objection and Removal Options

Newsletter subscription can be canceled anytime by the user. Each newsletter contains a corresponding link for this purpose.

2 Contact Form and Email Contact

2.1 Description and Scope of Data Processing

Our website has a contact form for electronic contact. When used, the entered data is transmitted and stored. These data include:
(1) First name
(2) Last name
(3) Email
(4) Subject
(5) Message

At the time of message sending, the following data is also stored:
(1) User's IP address
(2) Date and time of registration

Consent is obtained during the sending process, referencing this privacy policy. Alternatively, contact via the provided email address is possible. In this case, personal data sent with the email is stored. Data are not shared with third parties and are used exclusively for processing the conversation.

2.2 Legal Basis for Data Processing

Legal basis for processing with user consent is Art. 6 para. 1 lit. a GDPR. For data sent by email, legal basis is Art. 6 para. 1 lit. f GDPR. If email contact aims at concluding a contract, additional legal basis is Art. 6 para. 1 lit. b GDPR.

2.3 Purpose of Data Processing

Processing personal data from the input form serves solely to handle the contact request. For email contacts, there is also the necessary legitimate interest. Other personal data collected during sending help prevent misuse of the contact form and ensure IT system security.

2.4 Duration of Storage

Data are deleted once they are no longer needed. For personal data from the contact form and email, this is when the conversation with the user ends, i.e., when circumstances show the matter is conclusively resolved. Additional personal data collected during sending are deleted after seven days at the latest.

2.5 Objection and Removal Options

Users can revoke their consent anytime. If contacted by email, users can object to storage anytime, which ends the conversation. Revocation can be done by sending a message to info@golfhotelusedom.de.

All personal data stored during contact will be deleted in this case.

8 Newsletter Tracking

2.6 Scope of Processing

Our newsletters contain so-called tracking pixels—tiny graphics embedded in HTML emails to enable log file recording and analysis.

2.7 Legal Basis for Processing Personal Data

Legal basis is Art. 6 para. 1 lit. f GDPR.

2.8 Purpose of Data Processing

Tracking enables statistical evaluation of online marketing campaign success. The tracking pixel allows us to see if and when an email was opened and which links were clicked. Data include:
(1) Email
(2) Time of access
(3) Time of clicks on embedded links

These personal data collected via tracking pixels are stored and evaluated by the data controller to optimize newsletters and better tailor future content to recipients' interests. Data are not shared with third parties.

2.9 Duration of Storage

Data are stored as long as the evaluation is ongoing.

2.10 Objection and Removal Options

Consent given via double opt-in can be revoked anytime. After revocation, data are deleted by the controller. Unsubscribing is automatically interpreted as revocation.

9 Booking of Rooms / Junior Suites / Apartments

2.11 Scope of Processing

On our website, you can book rooms, junior suites, or apartments. We collect data necessary for reservation, execution, and confirmation of the booking. Contact data of the reserving person are collected for any short-term queries. To confirm and secure the booking, a credit card must be provided. Data collected include:

(1) First and last name
(2) Email
(3) Phone number
(4) Details for invoicing the company
(5) Remarks (e.g., arrival time, additional requests)
(6) Guest details (if different from the booker)
(7) Credit card number
(8) Credit card expiration date
(9) Credit card CVV
(10) Cardholder name

2.12 Legal Basis for Processing Personal Data

Legal basis is Art. 6 para. 1 lit. b GDPR.

2.13 Purpose of Data Processing

Data are processed to execute and confirm the booking. Credit card information secures the booking against violation of booking terms.

2.14 Duration of Storage

Data are stored until the transaction completes unless statutory retention periods (especially accounting regulations) prevent this.

2.15 Objection and Removal Options

After completion, no objection or removal is possible as far as statutory retention periods apply.

10 Ordering Vouchers

2.16 Scope of Processing

On our website, you can order a voucher. We collect data necessary for creating the voucher, issuing, and sending the invoice. Contact data are collected for queries. These data include:
(1) First name
(2) Last name
(3) Telephone number
(4) Email
(5) Voucher value
(6) Occasion/dedication (free text)

2.17 Legal Basis for Processing Personal Data

Legal basis is Art. 6 para. 1 lit. b GDPR.

2.18 Purpose of Data Processing

Data are processed to create the voucher and invoice and send the invoice.

2.19 Duration of Storage

Data are stored until the transaction completes unless statutory retention periods prevent this.

2.20 Objection and Removal Options

After completion, no objection or removal is possible as far as statutory retention periods apply.

11 Disclosure of Personal Data to Third Parties

We cooperate with external service providers to provide certain services. We only disclose personal data necessary for service fulfillment. Processing is under contract according to Art. 28 GDPR. These providers are bound by instructions and contractual obligations.

2.21 Disclosure to Service Providers for Booking Rooms / Junior Suites / Apartments

11.1.1 Scope of Processing Personal Data

We cooperate with an external provider for online room reservations. We also use the provider's service to secure against violations of booking conditions by users. Data include:
(1) First and last name
(2) Email
(3) Phone number
(4) Billing details
(5) Remarks (arrival time, additional requests)
(6) Guest details (if different from booker)
(7) Credit card number
(8) Credit card expiration
(9) CVV
(10) Cardholder

11.1.2 Legal Basis for Processing Personal Data

Legal basis is Art. 6 para. 1 lit. f GDPR.

11.1.3 Purpose of Data Processing

The provider's tool is used to conduct the booking process.

11.1.4 Duration of Storage

The provider stores data according to the time periods specified in this policy, up to contract end.

2.22 Objection and Removal Options

After completion, no objection or removal is possible as far as statutory retention periods apply.

2.23 Disclosure to Technical Service Providers

11.1.5 Scope of Processing Personal Data

We use technical service providers for website operation. They receive only necessary data. The website administrator processes personal data voluntarily provided via contact forms, including:
(1) First name
(2) Last name
(3) Email
(4) Telephone number

He also gains knowledge of personal data stored via cookies (see above).

11.1.6 Legal Basis for Processing Personal Data

Legal basis is Art. 6 para. 1 lit. f GDPR.

11.1.7 Purpose of Data Processing

Processing ensures proper service delivery and website security.

11.1.8 Duration of Storage

The provider stores data according to specified time periods, up to contract end.

2.24 Objection and Removal Options

After completion, no objection or removal is possible as far as statutory retention periods apply.

2.25 Disclosure to Service Providers for Table Reservations

11.1.9 Scope of Processing Personal Data

We cooperate with an external provider for online table reservations in our restaurants. Data include:
(1) First name
(2) Last name
(3) Email
(4) Telephone
(5) Information about selection of "à la carte" or "half board"

11.1.10 Legal Basis for Processing Personal Data

Legal basis is Art. 6 para. 1 lit. f GDPR.

11.1.11 Purpose of Data Processing

Provider's tool is used to perform the reservation process.

11.1.12 Duration of Storage

Provider stores data according to specified time periods, up to contract end.

2.26 Objection and Removal Options

After completion, no objection or removal is possible as far as statutory retention periods apply.

2.27 Facebook

2.27.1 Scope of Processing Personal Data

Our online offer contains a direct link to Facebook, a social network operated by Facebook Inc., headquartered in the USA. Clicking the link redirects to our Facebook profile page, and Facebook receives information that you visited our website with your IP address. If logged in to Facebook, your visit is assignable to your Facebook profile. We have no knowledge of content sent to or used by Facebook. More info is in Facebook's privacy policy at http://de.de.facebook.com/policy.php.

2.27.2 Legal Basis for Processing Personal Data

Legal basis is Art. 6 para. 1 lit. f GDPR.

2.27.3 Objection and Removal Options

You can prevent assignment between your visit and your Facebook profile by logging out of Facebook before visiting our site.

2.28 YouTube

Our online offer includes a direct link to YouTube, a video portal owned by YouTube LLC., a subsidiary of Google LLC. Google and YouTube guarantee compliance with EU data protection via the EU-US Privacy Shield. Clicking the link leads to our YouTube channel. If logged into YouTube, the visit is assigned to your account. Further info is in Google's privacy policies: https://policies.google.com/privacy.

2.28.1 Legal Basis for Processing Personal Data

Legal basis is Art. 6 para. 1 lit. f GDPR.

2.28.2 Objection and Removal Options

You can prevent assignment to your YouTube profile by logging out beforehand or adjusting your YouTube account settings.

2.29 TripAdvisor (Germany)

Our online offer includes a direct link to TripAdvisor Germany, a booking portal of TripAdvisor LLC. Clicking the link leads to TripAdvisor. If logged in, your visit is assigned to your TripAdvisor account. Further info is in TripAdvisor's privacy policy: https://tripadvisor.mediaroom.com/DE-privacy-policy.

2.29.1 Legal Basis for Processing Personal Data

Legal basis is Art. 6 para. 1 lit. f GDPR.

2.29.2 Objection and Removal Options

You can prevent assignment to your TripAdvisor profile by logging out beforehand or adjusting your account settings.

2.30 Web Analytics Services by Google Analytics

11.1.13 Scope of Processing Personal Data

We use Google Analytics, a web analytics service of Google Inc., to analyze user surfing behaviors. Google Analytics places a cookie on users' computers. Data on online behavior are transmitted to and stored on Google's servers in the USA. We use Google Analytics only with activated IP anonymization. Only in exceptional cases is the full IP address sent. IP address is not associated with other Google data. When individual pages are accessed, the following data are stored:

(1) Two bytes of the user's IP address
(2) The accessed website
(3) Website from which the user accessed the page (referrer)
(4) Subpages accessed
(5) Duration on the website
(6) Frequency of website access

11.1.14 Legal Basis for Processing Personal Data

Legal basis is Art. 6 para. 1 lit. f GDPR.

11.1.15 Purpose of Data Processing

Google uses this information to assess website usage, prepare reports on activities, and provide related services to us. Pseudonymous user profiles may be created. We use data analysis to improve our website and its usability. This is also our legitimate interest under Art. 6 para. 1 lit. f GDPR. IP anonymization protects user privacy.

11.1.16 Duration of Storage

Data are deleted once no longer needed for recording purposes.

11.1.17 Objection and Removal Options

Cookies are stored on users' computers and transferred to our site. Users control cookie use via browser settings and can delete cookies at any time. If cookies are deactivated, some website functions may be limited. Users can download the browser plugin under http://tools.google.com/dlpage/gaoptout?hl=de to opt out. Further info on Google's use of data for advertising and options can be found on Google's websites linked above.

2.31 Other Services

11.1.18 Scope of Processing Personal Data

Our offer includes content, services, and features from other providers, e.g., maps from Google Maps and graphics from other websites. To display these, the IP address must be transmitted to these providers (third parties). While we use only providers that require IP addresses solely to deliver content, we have no influence on potential storage. This supports statistical purposes. If we know IP addresses are stored, users are informed.

3 Rights of the Data Subject

If your personal data are processed, you are a data subject under the GDPR and can exercise the following rights against the controller:

3.1 Right of Access

You may request confirmation whether personal data concerning you are processed. If so, you can request access to:
(1) Purposes of processing;
(2) Categories of personal data processed;
(3) Recipients or categories of recipients who have or will receive your data;
(4) Storage duration or criteria for determining it;
(5) Existence of rights to rectification or erasure, restriction of processing, or objection;
(6) Existence of complaint rights with a supervisory authority;
(7) Source of data if not collected from you;
(8) Existence of automated decision-making including profiling with meaningful information about logic, significance, and consequences for you.

You have the right to know whether data are transferred to a third country or international organization and to be informed about appropriate safeguards according to Art. 46 GDPR.

3.2 Right to Rectification

You can request correction or completion of inaccurate or incomplete personal data concerning you. The controller must do so without delay.

3.3 Right to Restriction of Processing

You can request restriction in the following cases:

(1) You contest accuracy for a period to allow verification;
(2) Processing is unlawful and you oppose erasure, requesting restriction instead;
(3) Controller no longer needs data but you require them for legal claims;
(4) You object under Art. 21 para. 1 GDPR and it's unclear whether controller’s interests override yours.

Restricted data may only be processed with your consent or to assert or defend legal claims, protect others' rights, or for important public interest reasons. You will be informed before lifting the restriction.

3.4 Right to Erasure

11.1.19 Obligation to Erase

You can demand immediate erasure of personal data and the controller is obliged to erase when:

(1) Data are no longer necessary for collection purposes;
(2) You withdraw consent and no other legal basis exists;
(3) You object under Art. 21 para. 1 GDPR and no overriding reasons exist, or under para. 2;
(4) Data were processed unlawfully;
(5) Erasure is required to comply with legal obligations;
(6) Data were collected per Art. 8 para. 1 GDPR (information society services to minors).

11.1.20 Information to Third Parties

If data were made public and erasure is required, the controller will take reasonable measures, including technical ones, to inform others processing the data to erase links, copies, or replications.

11.1.21 Exceptions

Right to erasure does not apply if processing is necessary:
(1) For freedom of expression and information;
(2) To comply with legal obligations or public interest tasks;
(3) For public health reasons per Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
(4) For archiving, scientific, historical research, or statistical purposes per Art. 89 para. 1 GDPR, unless this impedes the purpose;
(5) To assert, exercise, or defend legal claims.

3.5 Right to Information

If you requested rectification, erasure, or restriction, the controller must notify all recipients of your data unless impossible or disproportionate. You have the right to be informed about those recipients.

3.6 Right to Data Portability

You have the right to receive personal data you provided in a structured, common, machine-readable format and to transmit it to another controller if:

(1) Processing is based on consent or a contract;

(2) Processing is automated.

You also have the right to have data transmitted directly between controllers if technically feasible. Rights of others must not be affected. This right does not apply if processing is necessary for public interest tasks or public authority exercise.

3.7 Right to Object

You can object anytime based on your situation to personal data processing under Art. 6 para. 1 lit. e or f GDPR, including profiling. Controller will then stop processing unless legitimate reasons override or data is for legal claims. For direct marketing, you always have the right to object, including profiling related to direct marketing. You can exercise your objection rights via automated methods regardless of Directive 2002/58/EC.

3.8 Right to Withdraw Consent

You can withdraw consent anytime. Withdrawal does not affect the legality of processing before withdrawal.

3.9 Automated Individual Decision-Making Including Profiling

You have the right not to be subject to decisions based solely on automated processing, including profiling, which have legal effects or significant impact unless:

(1) Necessary for contract conclusion or performance;

(2) Permitted by law with safeguards;

(3) Based on explicit consent. Such decisions must not be based on special categories of data unless exceptions and protections apply. In cases (1) and (3), the controller must ensure rights such as human intervention and contesting the decision.

3.10 Right to Complain to Supervisory Authority

You have the right to complain to a supervisory authority, especially at your residence, workplace, or alleged violation site, if you believe data processing violates the GDPR. The authority informs you about complaint status and results including judicial remedies under Art. 78 GDPR.

12 Links

This privacy policy covers only content of our website, not linked external websites. We strive to ensure these links also comply with data protection and security standards. We have no influence on others’ compliance. Please inform yourself on other providers' websites about their privacy policies.

13 Changes to the Privacy Policy

To ensure compliance with current laws, we reserve the right to change this privacy policy anytime, including upon new or revised services. The new policy applies from your next visit.

Severability Clause

If parts or formulations of this text do not, no longer, or not fully comply with the law, the remaining parts remain valid. All rights reserved. Publication of this web content requires explicit consent from Hotel Balmer See GmbH. Publication and evaluation of press info are permitted. All images are copyrighted and may only be used with explicit permission of the owner.

Content of the Online Offer

Hotel Balmer See GmbH assumes no liability for correctness or completeness of the provided information. Claims for damages based on use or non-use of information or use of incorrect/incomplete info are excluded unless intentional or gross negligence exists. All offers are non-binding. We reserve the right to change, supplement, delete parts, or stop publication without notice.

References and Links

Hotel Balmer See GmbH declares that at link setting, linked pages were free of illegal content. We have no influence on future changes. We expressly distance ourselves from content changed after link placement. This applies to all links and guestbook entries. Provider of the linked site is liable solely for illegal or incorrect content, not the one who links.

Copyright and Trademark Rights

Hotel Balmer See GmbH strives to respect copyrights by using own or license-free graphics, sound, video, and texts. All third-party trademarks are subject to trademark law and owners' ownership rights. Listing does not imply no third-party rights exist. Copyright for published content remains with authors. Reproduction or use in other electronic or print publications is prohibited without approval.