Data protection Imperial baths Usedom
1. Information on the collection of personal data
In the following we inform you about the collection of personal data when using the website https://www.kaiserbaeder-auf-usedom.de/ (the website"). Personal data is any information relating to an identified or identifiable natural person (Art. 4 No. 1 GDPR). In detail, this includes the data categories listed under point 3. a) of this data protection information.
2. Person responsible and data protection officer
The provider responsible for data protection within the meaning of Art. 4 No. 7 of Regulation (EU) 2016/679 (General Data Protection Regulation, “GDPR” for short) for the processing of your personal data on the website is:
Imperial Baths Tourism Service GmbH
Managing Director: Thomas Heilmann
17429 Bansin seaside resort
If you have any questions about data protection, you can contact us directly by e-mail
Times: Monday to Friday I 8 a.m. to 15 p.m
Phone: +038378 24420 XNUMX
You can reach our data protection officer directly via
Joint Data Protection Officer
Zweckverband Elektronische Verwaltung in Mecklenburg-Vorpommern (eGo-MV)
Eckdrift 103, 19061 Schwerin
Phone: +0385 77 33 47 51 -XNUMX
3. Processing of personal data
As part of the fulfillment of our tasks, we process your personal data exclusively for purposes that result from a legal norm and for which we are obliged or entitled (Art. 6 Paragraph 1 Letter c) and e) DSGVO in conjunction with e.g. In addition, we can process personal data based on a declaration of consent you have given (Art. 6 Paragraph 1 Letter a), Art. 7 f. GDPR). In certain cases we are legally entitled or obliged to transfer personal data to third parties (e.g authorities, in individual cases also to private individuals). Transmission can take place on the basis of statutory transmission authorizations or on the basis of consent.
We store your personal data as long as it is necessary to fulfill the task. Thereafter, the data will be deleted or destroyed within a reasonable period of time and in compliance with the statutory retention periods. Longer storage is permitted for archiving purposes. Information sheet on data collection with the registration form in accordance with Articles 13 and 14 of the General Data Protection Regulation (GDPR)
a) When accessing the website
When you access this website with a subsequent visit for information only, the browser used on your device automatically sends information to the server of our website, which is hosted by our hosting provider based in the EU. This information is temporarily stored in a so-called server log file. The following information is recorded without any action on your part and stored by our hosting provider, who is our processor within the meaning of Art. 28 GDPR, until it is automatically deleted:
- the accessed website, accessed file,
- date and time of retrieval,
- amount of data transferred,
- Notification of successful retrieval, browser type and version,
- the operating system of the user,
- Referrer URL (the previously visited page),
- IP address and the requesting provider.
This data is collected to maintain the functionality of the website and for statistical evaluation and, if necessary, evaluated for internal troubleshooting. In addition, the data mentioned is further processed in order to optimize our website, the permanent security and stability of the website and connected IT systems and to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber attack. The data stored in the server log files will be deleted after seven days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or alienated so that it is no longer possible to assign the calling client. The collection of data described above and the storage of the data in server log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection for the user. The legal basis for this data processing is Art. 6 Para. 1 lit. f GDPR. The legitimate interest follows from the above-mentioned purposes of providing and optimizing the website content and system security and stability as well as tracking cyber attacks.
b) Accommodation booking form
On the website, under the "Accommodation" section, we offer users the option of booking accommodation in the Imperial Spas via the online reservation and booking system "in-web" with the respective hotel/guesthouse/owner, for a fee, by providing personal data. We provide the accommodation booking via the website for you as an intermediary service. If you book accommodation via our website, the data will be entered into an input mask provided by us on our website (the online reservation and booking system "in-web") and saved. We will only pass on the data to the extent that this is necessary for the execution of the contract. The data is passed on: to the hotel/guesthouse/owner you booked to the system operator of the online reservation and booking system "in-web" DS - Destination Solution GmbH, who is our processor within the meaning of Art. 28 DSGVO. The following personal data are Collected as part of the booking process for an accommodation:
- First Name
- Last Name
- Zip Code
- City of residence
- Phone number
- E-mail address.
The processing of the data mentioned is necessary in order to be able to arrange the accommodation booking and the accommodation booking. The legal basis for processing the data is Article 6 Paragraph 1 Sentence 1 Letter b. GDPR. The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. The data required to fulfill the accommodation brokerage contract will be stored until the obligations arising from the brokerage contract have been completely fulfilled, taking into account the limitation periods for warranty claims. In addition, the data is stored for the purpose of fulfilling tax obligations. Which storage periods are to be observed cannot be fixed in general, but must be determined for the contract concluded and the contracting parties on a case-by-case basis.
If the data is required to fulfill the accommodation brokerage contract, the data can only be deleted prematurely if there are no contractual or legal obligations to the contrary.
c) Booking form for event tickets via Reservix GmbH
In the "Events" section, we offer users the opportunity to purchase event tickets by providing personal data. The booking itself is made directly through Reservix GmbH, Humboldtstraße 2, 79098 Freiburg, Germany. You leave our website as soon as you click on "Link to ticket sales" on our respective event page and are then on a website operated by Reservix GmbH.
If you use this to purchase an event ticket, the data will be entered into an input mask provided by Reservix GmbH and transmitted to Reservix GmbH and stored there. Further information on how to handle your data can be found in the data protection declaration of Reservix GmbH here is available. The following personal data of the user are made available to us as part of the order and reservation process by Reservix GmbH to carry out the reservation:
- First Name
- Last Name
- Phone number
- E-mail address
- Address (street name, zip code, city, country)
- We do not receive any payment data from the user.
The processing of the data mentioned is necessary in order to be able to fulfill the purchase contract with the user for one (or more) event ticket(s), or to carry out the pre-contractual measures that were taken at the user's request. The legal basis for processing the data is Article 6 Paragraph 1 Sentence 1 Letter b. GDPR.
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. The data required to fulfill the purchase contract will be stored until the obligations arising from the purchase contract have been fulfilled in full, taking into account the limitation periods for warranty claims. In addition, the data is stored for the purpose of fulfilling tax obligations. Which storage periods are to be observed cannot be fixed in general, but must be determined for the contract concluded and the contracting parties on a case-by-case basis.
d) Order form for merchandise items (online shop)
On our website, we offer users the opportunity to purchase goods (e.g. imperial baths souvenirs) by providing personal data in the online shop, which is operated by the in-house operation of the island of Usedom, Waldstraße 1, 17429 Seebad Bansin. If you purchase goods in the online shop, the data is entered into an input mask provided by the Kaiserbades Insel Usedom in-house company for “Invoice details”, for “Delivery if the delivery address differs from the billing address” and for the “Payment method” and sent to the Kaiserbades in-house company Island of Usedom transmitted. We do not receive any data. A transfer of the data by the in-house operation Kaiserbade Insel Usedom only takes place to the extent that this is necessary for the execution of the contract. The data will be passed on in the following cases: 1) Address data to shipping companies for the purpose of delivering the purchased goods. The shipping companies process this data as part of the shipping order as the person responsible for data protection; 2) Payment data to PayPal to process payments. PayPal alone is responsible for the processing of this data by PayPal under data protection law.
The following personal data is collected as part of the ordering and purchasing process by the Kaiserbades Insel Usedom in-house operation:
(1) Information on billing details:
- First Name
- Last Name
- Company Name
- Address (street name, zip code and city)
- Phone number
- E-mail address
- Opt-in box to open a customer account
(2) Delivery information if the delivery address differs from the billing address:
- First Name
- Last Name
- Company Name
- Address of the recipient (street name, zip code and city)
- User's phone number
(3) Information on the payment method:
The processing of the data mentioned is necessary in order to be able to fulfill the purchase contract that the in-house operation Kaiserbade Insel Usedom concludes with the user, or to carry out the pre-contractual measures that were taken at the request of the user. The legal basis for processing the data is Article 6 Paragraph 1 Sentence 1 Letter b. GDPR.
The data will be deleted by the in-house operation of the Kaiserbades Insel Usedom as soon as they are no longer required to achieve the purpose for which they were collected. This is the case for the data collected to create the customer account if the customer account is canceled or modified. The data required for the fulfillment of the purchase contract will be stored until the obligations under the purchase contract have been completely fulfilled, taking into account the statute of limitations for warranty claims by the in-house operation Kaiserbade Insel Usedom. In addition, the data is stored for the purpose of fulfilling tax obligations by the in-house operation of the Kaiserbades Insel Usedom. Which storage periods are to be observed cannot be fixed in general, but must be determined for the contract concluded and the contracting parties on a case-by-case basis.
As a user, you have the option to close your customer account at any time. You can have the data stored about you changed at any time. If the data is required to fulfill the purchase contract or to carry out pre-contractual measures, the data can only be deleted prematurely if there are no contractual or legal obligations to the contrary.
The transmission of your data to PayPal takes place on the basis of Article 6 Paragraph 1 lit. GDPR (consent) and Article 6 Paragraph 1 Letter b. GDPR (processing to fulfill a contract). You have the option of withdrawing your consent to data processing at any time with effect for the future by email firstname.lastname@example.org to revoke. A revocation does not affect the effectiveness of past data processing operations.
e) Contact email address
If you have any questions, we offer you the opportunity to contact us via an e-mail address provided on our website. If you contact us via this e-mail address, the user's personal data transmitted with the e-mail will be saved. We use the data exclusively for processing the conversation with you.
The legal basis for the processing of data that is transmitted and processed in the course of sending an e-mail is Article 6 Paragraph 1 Sentence 1 lit. f GDPR. If the e-mail contact is aimed at concluding a contract, the legal basis for the processing is Article 6 Paragraph 1 Sentence 1 lit. b. GDPR.
The processing of the personal data from the contact by e-mail serves solely to process the contact. This is also where the necessary legitimate interest in processing the data lies.
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is over when it can be inferred from the circumstances that the facts in question have been finally clarified.
4. Borlabs Cookie
We use the technically necessary Borlabs cookie from our service provider Borlabs - Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, Germany, to obtain and document the necessary consent for the use of tools. Your consent, which you gave when you first visited this website, will be saved and documented.
The Borlabs cookie only sets technically necessary cookies (Borlabs cookie). If our website is accessed, the following data is stored: your consent or the revocation of your consent to the setting of cookies, a cookie set by Borlabs Cookie in your browser, the cookie term and version, domain and path of the WordPress website, the IP address and UID. The UID is a randomly generated ID. This data is not passed on to the provider of Borlabs Cookie.
The data collected will be deleted after one year from the end of the use of the website, unless you ask us to delete it earlier or delete the Borlabs cookie yourself. Mandatory statutory retention periods remain unaffected. Details on data processing by Borlabs Cookie can be found at https://de.borlabs.io/kb/which-data-stores-borlabs-cookie/.
This website uses the WordPress plugin Woocommerce Germanized from the provider Automattic Inc., 60, 29th Street #343, San Francisco, CA 94110-4929, USA, to ensure that the sale of products in the online shop runs smoothly.
Information that you actively enter into a text field in the online shop operated by the Kaiserbades Insel Usedom in-house operation, such as when you order something at the checkout (title (optional), first name, last name, company name (optional), country / region, Street and house number, apartment/suite/room, etc. (optional), postal code, town/city, telephone (optional), e-mail address and payment details) are transferred to the Imperial Baths on the island of Usedom. transmitted.
There is also data that the Woocommerce plugin automatically collects from you in server log files: IP address, browser information, default language setting, date and time of web access. Woocommerce also sets cookies in your browser and uses technologies such as pixel tags (web beacons) to clearly identify you as a user. Woocommerce uses a number of different cookies that are set depending on user action. This means that if you put a product in the shopping cart, for example, a cookie will be set so that the product remains in the shopping cart even if you leave our website and come back at a later time.
The processing of the data mentioned is necessary in order to be able to sell products in the online shop of the Kaiserbade Insel Usedom in-house operation. The legal basis for processing the data is Art. 6 (1) sentence 1 lit. b) GDPR.
b) WP Statistics
Our website uses the WordPress analysis plugin WP Statistics. With WP Statistics we can analyze the use of our website. We collect log files (IP address, referrer, browser used, origin of the user, search engine used) and actions that website visitors have taken on our website (e.g. clicks and views). All data collected is completely anonymized and stored exclusively on our own server. Your IP address will also be anonymized. Personal identification of a visitor is therefore not possible, even retrospectively.
For example, WP Statistics can be used to measure how many visitors have accessed our website and what proportion of them have used a smartphone.
This analysis tool is used on the basis of your consent in accordance with Article 6 (1) (a) GDPR, which you gave in the cookie banner. You can revoke this at any time in the footer of our website under cookie settings with effect for the future.
c) Google Maps
We use the Google Maps map service on our website, which is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for users from the European Economic Area and Switzerland and by Google LLC, 1600 Amphitheater Parkway Mountain for all other users View, CA 94043, USA ("Google"). In order for the Google map material we use to be integrated and displayed in your web browser, your web browser must connect to a Google server, which may also be located in the USA, when you call up the contact page. This gives Google the information that the contact page of our website was accessed from the IP address of your device.
The legal basis is your consent, which you may have given in the cookie banner for data processing in accordance with Article 6 Paragraph 1 Clause 1 Letter a GDPR and for data transmission in accordance with Article 49 Paragraph 1 Clause 1 Letter a GDPR . Please refer to section 6 for the risks associated with data transmission to third countries. There will be no connection to the Google servers without your consent. You can revoke your consent at any time in the footer of our website under cookie settings with effect for the future.
If you call up the Google map service on our website while you are logged into your Google profile, Google can also link this event to your Google profile. If you do not wish to be assigned to your Google profile, you must log out of Google before calling up our contact page. Google stores your data and uses it for advertising, market research and personalized Google Maps display purposes. You can object to this data collection by contacting Google.
6. Eye Able
To thwart attacks and provide our service in near real time, Eye-Able® uses the Content Delivery Network (CDN) from BunnyWay doo (Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia). It is used for the purpose of fulfilling the contract with our customers (Art. 6 Para. 1 lit. b DSGVO) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 Para. 1 lit. f GDPR). All transmitted data and servers remain in the EU at all times in order to enable data protection-compliant processing according to DSGVO. Web Inclusion GmbH never collects or analyzes personal user behavior or other personal data.
In order to ensure data protection-compliant processing, Web Inclusion GmbH has concluded contracts for order processing with our hosters IONOS and BunnyWay.
7. Data transfer to third countries
We use services whose providers are located in so-called third countries (such as the USA). These are countries whose level of data protection does not correspond to that of the European Union. If this is the case and the European Commission has not issued an adequacy decision (Art. 45 GDPR) for these countries, appropriate precautions must be taken to ensure an appropriate level of data protection for any data transfers. Where this is not possible, we base the data transfer on exceptions of Art. 49 GDPR, in particular your express consent. If a transfer to a third country is planned and there is no adequacy decision or suitable guarantees, it is possible and there is a risk that authorities in the respective third country (e.g. secret services) may gain access to the transferred data in order to record and analyze it, and that enforceability Your rights cannot be guaranteed. If you obtain your consent via the cookie banner, you will also be informed of this.
8. Links to the social media presence of the imperial baths
In the footer of our website you will find links to the social media presence of the imperial baths. If you click on one of these links, you will leave our website and be redirected to the respective Imperial Baths social media presence. You can find the data protection declaration for the social media presence of the Imperial Spas here .
9. Data subject rights
You have the right:
- in accordance with Art. 15 GDPR to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
- in accordance with Art. 16 GDPR to immediately demand the correction of incorrect or completion of your personal data stored by us;
- pursuant to Art. 17 GDPR to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
- to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
- pursuant to Art. 20 GDPR to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
- to revoke your consent at any time in accordance with Art. 7 (3) GDPR. This has the consequence that we may no longer continue the data processing based on this consent for the future, and
- to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office.
10. Right of objection
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) p. 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation.
If you wish to exercise your right of objection, simply send an e-mail to email@example.com. firstname.lastname@example.org.
11. Amendment and update of this privacy notice
This data protection notice is currently valid and has the status as of January 13.01.2022, XNUMX. The provider reserves the right to change the data protection declaration in order to adapt it to changed legal provisions or regulatory requirements or as a result of the further development of our website and its content.