1. General
This data protection declaration clarifies the nature, scope and purpose of the processing of personal data (hereinafter referred to as “data”) in the context of the provision of our services, as well as our online offer and the associated websites, functions and content as well as external online presence, such as our Social Media Profile (collectively referred to as the “Online Offering”). With regard to the terminology used, e.g. “Processing” or “Responsible” we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Responsible
Marco Richter
Brink 10
19322 Cumlosen (Germany)
E-Mail Address: kontakt@fewo-wittenberge.de
Link to the imprint: https://fewo-wittenberge.de/impressum
Relevant legal bases
In accordance with Art. 13 GDPR, we inform you about the legal basis of our data processing. For users within the scope of the General Data Protection Regulation (DSGVO), i. the EU and the EEC, if the legal basis in the data protection declaration is not mentioned, the following applies:
The legal basis for obtaining consent is Article 6 (1) lit. a and Art. 7 GDPR;
The legal basis for the processing for the performance of our services and the execution of contractual measures as well as the response to inquiries is Art. 6 para. 1 lit. b DSGVO;
The legal basis for processing in order to fulfill our legal obligations is Art. 6 (1) lit. c DSGVO;
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d DSGVO as legal basis.
The legal basis for the processing required to carry out a task in the public interest or in the exercise of official authority which has been delegated to the controller is Article 6 (1) lit. e DSGVO.
The legal basis for processing in order to safeguard our legitimate interests is Article 6 (1) lit. f DSGVO.
The processing of data for purposes other than those for which they were collected is governed by the provisions of Article 6 (4) GDPR.
The processing of special categories of data (pursuant to Art. 9 (1) GDPR) is governed by the provisions of Art. 9 (2) GDPR.
Safety measures
We will take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing and the different likelihood and severity of the risk to the rights and freedoms of individuals The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, input, disclosure and availability and their separation. In addition, we have established procedures to ensure the enjoyment of data subject rights, the erasure of data and the response to data compromise. Furthermore, we consider the protection of personal data already in the development, or selection of hardware, software and procedures, according to the principle of data protection through technology design and privacy-friendly default settings.
Collaboration with contract processors, joint controllers and third parties
If, in the context of our processing, we disclose data to other persons and companies (contract processors, joint controllers or third parties), transmit them to them or otherwise grant access to the data, this will only be done on the basis of a legal permission (eg if the data has been transmitted to third parties, such as to payment service providers, to fulfill the contract), users have consented to a legal obligation to do so or on the basis of our legitimate interests (eg in the use of agents, web hosts, etc.) If we disclose data to other companies in our group, transmit or otherwise grant them access, this is done in particular for administrative purposes as a legitimate interest and, moreover, based on a legal basis.
Transfers to third countries
If we process data in a third country (ie outside the European Union (EU), the European Economic Area (EEA) or the Swiss Confederation) or in the context of the use of third party services or disclosure, or transmission of data to other persons or companies This will only happen if it is to fulfill our (pre) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to express consent or contractually required transmission, we process or disclose the data only in third countries with a recognized level of privacy, including those certified under the Privacy Shield, or on the basis of specific warranties, such as limited liability. contractual obligation by so-called standard protection clauses of the European Commission, the existence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the European Commission).
Rights of data subjects
You have the right to ask for confirmation as to whether such data is being processed and for information about this data, as well as for further information and copy of the data in accordance with legal requirements.
You have accordingly. the legal requirements to request the completion of the data concerning you or the correction of the incorrect data concerning you.
In accordance with the legal requirements, they have the right to demand that the relevant data be deleted immediately, or alternatively to demand a restriction of the processing of the data in accordance with the statutory provisions.
You have the right to request that the data relating to you provided to us be obtained in accordance with the statutory requirements and to request their transmission to other persons responsible.
They also have the right, in accordance with the statutory provisions, to submit a complaint to the competent supervisory authority.
Withdrawal
You have the right to revoke granted consent with effect for the future.
contradictory legal
You may object to the future processing of your data in accordance with legal requirements at any time. The objection may in particular be made against processing for direct marketing purposes.
2. Analysis service Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). The use includes the operating mode “Universal Analytics”. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and analyze the activities of a user across devices. Google Analytics uses so-called “cookies”, text files that are stored on your computer and the one Analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, in the event of activation of IP anonymisation on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. We point out that on this website Google Analytics has been extended by an IP anonymization to ensure an anonymous collection of IP addresses (so-called IP masking). The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data. For more information about Terms of Use and Privacy, please visit https://www.google.com/analytics/terms/us.html or https://policies.google.com/?hl=en.
Purposes of processing:
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator.
Recipients / categories of recipients:
The recipient of the data collected is Google. Transfer to third countries: The personal data will be transmitted under the EU-US Privacy Shield on the basis of the adequacy decision of the European Commission to the United States. You can get the certificate here.
Duration of data storage:
The data sent by us and linked to cookies, user IDs (eg user ID) or advertising IDs will be automatically deleted after 14 months. The deletion of data whose retention period has been reached is done automatically once a month.
Rights of persons affected:
You can revoke your consent at any time with future effect by preventing the storage of cookies by setting your browser software accordingly; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible.
You may also prevent the collection of the cookie-generated and website-related information (including your IP address) to Google and the processing of such data by Google by downloading and installing the browser add-on. Opt-out cookies prevent future collection of your data when you visit this website. To prevent Universal Analytics tracking across devices, you must opt-out on all systems you use. If you click here, the opt-out cookie will be set: [google_analytics_optout] Click here to prevent detection by Google Analytics [/google_analytics_optout].
3. Booking process
During the booking process, we collect information about you.
What we collect and store:
As you visit our website, we record:
- Featured Products: Here are some products you have recently viewed.
- Location, IP address and browser type: We use this for purposes such as estimating taxes and shipping costs
- Shipping Address: We will ask you to indicate this, for example, to determine the shipping costs before you place an order, and to be able to send you the order.
We also use cookies to track the content of your shopping cart while you visit our website.
When you book with us, we will ask you to provide information such as your name, billing address, e-mail address and phone number, credit card details / payment details, and optional account information such as username and password. We use this information for the following purposes:
- Sending information about your account and booking
- Answer to your inquiries, including refunds and complaints
- Processing of payment transactions and prevention of fraud
- Set up your account for our website
- Compliance with all legal obligations, such as tax calculation
- Improvement of our offers
- Send marketing messages if you would like to receive them
When you create an account with us, we’ll store your name, address, email address and phone number. This information will be used in future orders to complete the payment information.
We usually store information about you as long as we need it for the purpose of collection and use and are required to store it. For example, we store order information for 10 years for tax and billing reasons. This includes your name, your e-mail address and your billing and shipping address.
We also store reviews if you decide to leave them.
Who from our team has access
Employees of our accommodation have access to the information you provide us. For example, both accommodation operators, their employees, and website administrators can access:
- Booking information such as booked products, the time of Booking and the period of time of the booking and
- Customer information such as your name, e-mail address, and billing information and address.
Our employees have access to this information to process bookings, refund and assist you.
What we share with others
We share information with third parties that help us to offer you our orders and services.
Payments
We accept payments with PayPal and Stripe. When processing your payment, some of your data will be shared with PayPal or Stripe (depending on your selection). Only information required to process or execute the payment, such as the total purchase price and payment information, is passed on.
Here you can see the PayPal Privacy Policy.
Here you can see the Stripe Privacy Policy.
4. Google Maps
This website uses Google Maps to display interactive maps and create driving directions. Google Maps is a map service provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, California 94043, USA. By using Google Maps, information about Google users in the United States can be transmitted. When you visit a web page on our website that contains Google Maps, your browser will connect directly to Google’s servers. The content of the map will be handed over by Google directly to the browser and integrated into the website. There’s a noting on the thumbs of that’s is Google. According to our knowledge, the most common data are:
- Date and time of visit to the fraudulent website,
- Internet address or URL of the website visited,
- IP address, introduction to the route planning (start) address.
On the further processing and use of the data by Google, we have an insight and can take no responsibility here.
If you do not want Google to inform you about our website, you can activate JavaScript in your browser. In this case, you simply can not use the map display.
Google’s Privacy Policy (https://policies.google.com/?hl=en) also applies to Google and its privacy policy.
By using our website you will get an overview of Google Maps, which you can open in your browser.
5. Contact requests / contact possibilities
If you contact us via contact form or e-mail, the data provided by you will be used to process your request. The specification of the data is necessary for processing and answering your inquiry – without their provision we can not answer your inquiry or at best only to a limited extent.
The legal basis for this processing is Article 6 (1) lit. b) GDPR.
Your data will be deleted, provided that your request has been finally answered and deletion does not conflict with any statutory storage requirements, such as in the event of subsequent contract execution.
6. Google ReCaptcha
We use Google’s reCaptcha service to determine if a human or computer is typing in our contact or newsletter form. Google uses the following data to check whether you are a human or a computer: the IP address of the device used, the website you visit, the captcha, the date and duration of the visit, the identification data of the device used Browser and OS type, Google Account, when you’re logged in to Google, mouse movements on the reCaptcha surfaces, and tasks that require you to identify images. The legal basis for the data processing described is Article 6 (1) (f) of the General Data Protection Regulation. There is a legitimate interest on our part in this data processing to ensure the security of our website and to protect us from automated input (attacks).
7. HOSTING AND E-MAIL SHIPPING
The hosting services we use are designed to provide the following services: infrastructure and platform services, computing capacity, storage and database services, e-mail delivery, security and technical maintenance services we use to operate this online service.
Here we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer acc. Art. 6 para. 1 lit. f DSGVO i.V.m. Art. 28 GDPR.
8. SSL-BZW. TLS ENCRYPTION
This site uses, for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as a site operator, an SSL or. TLS encryption. An encrypted connection is indicated by the browser’s address bar changing from “http://” to “https://” and the lock icon in your browser bar.
If SSL or TLS encryption is enabled, the data you submit to us can not be read by third parties.
9. WORDFENCE
This site uses the security plugin WORDFENCE to protect the site from hacker attacks, etc. Provider is DEFIANT, 800 5th Ave Ste 4100, Seattle, WA 98104.
The DSGVO-compliant data processing agreement has been completed.
WORDFENCE currently uses three cookies, and then explains what each cookie does, who set the cookie, and why the cookie helps protect the page.
wfwaf-authcookie- (hash) What it does: This cookie is used by the WORDFENCE firewall to perform a proficiency check on the current user before loading WordPress. Who receives this cookie: This cookie is only set for users who log in to WordPress. How this cookie helps: With this cookie, the WORDFENCE Firewall detects logged-in users and gives them more access. WORDFENCE can also detect unregistered users and restrict their access to secure areas. The cookie informs the firewall about what level of access a visitor has to help the firewall, make smart decisions about who is allowed to be admitted, and who should be blocked.
wf_loginalerted_ (hash) What it does: This cookie is used to notify the WORDFENCE administrator when an administrator logs in from a new device or location. Who receives this cookie: This cookie is only for administrators. How this cookie helps: This cookie helps web site operators to know if an admin login has taken place from a new device or location.
wfCBLBypass What it does: WORDFENCE provides site visitors with the ability to bypass country blocking by accessing a hidden URL. With this cookie can be understood, who may bypass the blocking of the country. Who receives this cookie: If a defined site administrator hidden URL is called, is checked with this cookie if the user can access the site from a country, which is limited by the blocking of the country. This is set for anyone who knows the URL, which allows the default country blocking. This cookie will not be set for someone who does not know the hidden URL to bypass the country blocking. How this cookie helps: This cookie allows website owners to allow certain users to block blocked countries even though their country has been blocked.
The legal basis for the data processing described is Article 6 (1) (f) of the General Data Protection Regulation. There is a legitimate interest on our part in this data processing to ensure the security of our website and to protect us from automated input (attacks).
For more information on how to deal with user information, see the DEFIANT privacy policy: https://www.WORDFENCE.com/privacy-policy/