Das König Ludwig Wellness & SPA Resort Allgäu
Alpina Hotel Betriebs OHG
We are pleased that you visit our homepage and we thank you for your interest in our company. Dealing with our customers is a matter of trust. The trust placed in us is very important to us and therefore we handle your data carefully and to protect it from misuse.
In order to make you feel safe and comfortable when visiting our website, we take the protection of your personal data and its confidential treatment very seriously. That is why we act in accordance with the applicable legislation on the protection of personal data and data security.
For us, data protection is a high priority issue and we only work with partners who can also demonstrate a corresponding level of data protection in their processing framework. Your data will only be processed if you have given us your consent. This consent relates to a contract on a basis, provided that the relevant laws permit or oblige data processing.
With this information on data protection, we inform you that we collect, store and process the data in accordance with the applicable national legal framework as well as the requirements of the EU General Data Protection Regulation (EU GDPR) valid throughout Europe from 25.05.2018. For the protection of your personal data, we orientate ourselves to the Telemedia Act (TMG) of the Federal Republic of Germany.
The following data protection declaration explains which data is collected on our websites and which data we process and use.
- Name and address of the person responsible
The controller within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the Member States, as well as other data protection regulations, is:
Das König Ludwig Wellness & SPA Resort Allgäu
Alpina Hotel Betriebs OHG
87645 Schwangau bei Füssen
Tel. +49 (0) 8362 889 - 0
Fax. +49 (0) 8362 889 – 990
Responsible for web content:
Florian Lingenfelder, Juliane Rapp
+49 (0) 8362 889 - 0
- Name and address of the Data Protection Supervisor
MS Hotelmanagement - Datenschutz
Heimstettner Weg 18
Tel.: +49 89 95951819
- General information on data processing
1.Scope of processing of personal data
You can generally visit our websites without telling us who you are. Our web servers automatically store information of a general nature. This includes the type of web browser, the operating system used, the domain name of your Internet service provider, the website from which you visit us, the websites you visit with us, and the date and duration of your visit. This is only information that does not allow conclusions to be drawn about yourself.
We evaluate this data only for statistical purposes and only in anonymous form. The collection and use of personal data of our users takes place regularly only with the consent of the user. An exception applies in cases where prior consent is not possible for factual reasons and the processing of the data is permitted by legal regulations
2. Legal basis for the processing of personal data.
For processing of personal data, we obtain the consent of the data subject. The legal basis for processing is Article 6(1) of the GDPR.
In the case of the processing of personal data, necessary for the performance of a contract to which the data is subject, Article 6(1) lit. b GDPR. applies. If a legal obligation to process personal data is required, Article 6(1) of the lit. c GDPR will apply.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) of the lit is applicable. GDPR.
If the processing is necessary to safeguard the legitimate interests of our company or a third party and the interests, fundamental rights and freedoms of the person concerned do not outweigh the first interest, Article 6(1) of the lit shall serve as the f GDPR as the legal basis for processing.
3. Data erasure and storage
As soon as the purpose of the storage is not needed anymore, personal data of the data subject will be deleted or blocked. Storage may also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. The data shall also be blocked or deleted if a storage period prescribed by the above-mentioned standards expires, unless there is a need for further storage of the data for the conclusion of a contract or a performance of the contract.
4. Obligation to provide data
As part of our contractual relationship, you must provide the personal data that is necessary for the establishment and execution of the accommodation contract or which we are legally obliged to collect. Without this data, we will generally not be able to conclude or execute the contract with you. In particular, we are obliged to collect certain personal data about you in the context of the registration certificate in accordance with Section 30 (3) of the Federal Registration Act. If you do not provide us with the necessary information, we may not be able to provide the services you require or may not be able to provide them in full.
5. Automated decision-making and profiling
When establishing and conducting our contractual relationship, you will not be exposed to decisions based solely on automated processing, including profiling, in accordance with Article 22 GDPR, which will have legal effect on you or, impaired you.
6. Information about your right to object
pursuant to Article 21 GDPR
You have the right to object to the processing of your personal data at any time, which is based on Art 6 sec. 1 lit. e, GDPR (data processing in the public interest) or Article 6(1), lit.f GDPR (data processing on the basis of a balance of interests) to object; this also applies to profiling based on that provision in accordance with Article 4(4) of the GDPR.
In the event of an objection, your personal data will no longer be processed unless we can prove compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves the purpose of the Assertion, exercise and defence of legal claims.
If we process your personal data for direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is related to such direct marketing.
Objection is possible without form and should be addressed to our data protection officer. Contact details can be found under contact details mentioned in section II
7. Video Surveillance
If we carry out video surveillance of the company you are visiting, the following applies to the accompanying processing of personal data:
(a) Purpose of data processing
Exercise of domestic law, prevention of criminal data (e.g. damage to property or theft), safeguarding of prosecution
(b) Legal basis for data processing
Article 6(1), lit. f GDPR, Section 4 (1) p. 1 No. 2 and 3 BDSG n. Our legitimate interest is the commitment to ensure a safe stay for our guests in the hotel and in enforcing our material and intangible claims and the exercise of our right and to defend against unjustified claims.
(c) Categories of recipients of personal data
Potential recipients of the data are law enforcement authorities as well as persons or companies that we entrust with the exercise of our rights (such as lawyers). The personal data will not be transmitted to third countries or international organisations.
(d) Duration of storage of personal data
If a recording takes place, the relevant recordings shall be deleted no later than 72 hours; after this storage period, only data that is needed for the investigation of specific incidents or for the enforcement of claims based on a specific event (e.g. criminal offence) will be stored. If recorded dates are not needed anymore, they will be deleted.
We offer you the possibility to send us messages directly via a contact form. This requires an e-mail address where we can reach you. We also ask for your name to contact you. The mandatory fields are marked as such. We process the data you provide in the contact form to respond to your request. The legal basis for the data processing described is Article 6(1) of the lit. b GDPR.
Data collected when using the contact form will be automatically deleted after full processing of your request, unless we still need your request to fulfil contractual or legal obligations.
With the e-mail newsletter we regularly inform you about the offers and services of the Hotel König Ludwig as well as about the offers of our partner company Fachklinik König Ludwig according to the preferences you have given.
If you would like to receive the e-mail newsletter, we need a valid e-mail address from you. To subscribe to our newsletter, we use the so-called double-opt-in procedure. This means that after your registration we will send you an e-mail to the e-mail address provided, in which we ask you to confirm that you wish to send the newsletter. If you do not confirm your registration within 2 weeks, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and times of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to clarify any misuse of your personal data.
As subscriber to the e-mail newsletter, you can revoke your consent to the processing of your e-mail address for sending the e-mail newsletter at any time. The revocation can be made via the relevant link in any e-mail newsletter or by e-mail with the subject "Unsubscribe" to email@example.com.
You can unsubscribe from the newsletter at any time. A corresponding unsubscribe link can be found in each newsletter. A communication to the contact details given above or in the newsletter (e.g. by e-mail or letter) is of course also sufficient for this. The legal basis of the aforementioned processing is your consent in accordance with Art. a GDPR.
In some areas of our pages, so-called cookies are used. A cookie is a small text file that is placed on your hard drive by a website. Cookies do not cause any damage to your computer and do not contain viruses. The cookies on our websites do not collect any personal data. We use the information contained in cookies to facilitate your use of our pages and to tailor them to your needs.
Of course, you can also view our website without cookies. If you do not want cookies to be stored on your computer, you can deactivate the corresponding option in the system settings of your browser. You can delete stored cookies at any time in your browser's system settings. However, if you do not accept cookies, this may lead to functional limitations of our offers. The following data is stored and transmitted in the cookies:
Log- In - Information
Items in a shopping cart
Frequency of page views Date of access
Shopping cart (booking data, booked services, amount of shopping cart, currency)
Use of website functions
The data of the users collected in this way are pseudonymized by technical precautions. Therefore, it is no longer possible to assign the data to the calling user. The data is not stored together with other personal data of the users. The data used by cookies are for the purpose of safeguarding our legitimate interests as well as those of third parties in accordance with Art. 6 sec. 1, lit. f GDPR.
In your browser, you can set that cookies are stored only if you agree. Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. However, the complete disabling of cookies may result in you not being able to use all the functions of our website. If you only want to accept cookies from Hotel König Ludwig but do not accept cookies from partners, please select the "Block third-party cookies" in your browser. In the menu bar of your web browser we will display you via the help function, how you can reject new cookies and turn off already received ones.
11. Integration of services and content of third-party providers (e.g. Google Analytics, Goggle Maps)
Within the website, third-party content, such as videos from YouTube and map material from Google Maps (hereinafter referred to as "third-party providers") is included. For the use of such content, the transmission of the IP address of the user to the respective third-party provider is technically necessary. Without the IP address, the third-party providers would not be able to send the content integrated into the website to the browser of the respective user. We have no influence on whether a third-party provider stores the IP address, e.g. for statistical purposes, or uses it otherwise.
(a) Data protection for Google Analytics and Google Remarketing
Google will use this information for the purpose of evaluating your use of the website, compile reports on website activity for website operators and providing other services related to website and internet usage. Google may also transfer this information to third parties if required to do so by law or if third parties process this data on Google's behalf.
Third-party providers, including Google, use stored cookies to display ads based on a user's previous visits to this website.
However, we would like to point out that in this case you may not be able to use all functions of this website to the full extent. By using this website, you consent to the processing of the data collected about you by Google in the manner and for the purposes described above. The collection and storage of data can be objected to at any time with effect for the future.
https://www.facebook.com/ads/website_custom_audiences/ and https://www.facebook.com/privacy/explanation. If you wish to object to the use of Facebook Website Custom Audiences, you can do so at https://www.facebook.com/ads/website_custom_audiences/.
12. Rights of the person concerned
Pursuant to Art.15 DS-Gvo i.V.m. Section 34 of the German Data Protection Act (BDSG), you have the unrestricted right to free information about your data stored by us and the right to erasure or blocking of inadmissible data or the right to rectification of incorrect data in accordance with Section 35 of the German Data Protection Act (BDSG).
Upon request, we are happy to inform you in writing whether and what personal data we have stored about you. Where possible, we will take appropriate measures to update or correct your data stored by us at short notice. Any requests for information, requests for information or contradictions to data processing should be sent directly to our data protection officer by e-mail, stating your complete postal address.
If personal data is processed, you have the following rights over the controller:
You may request confirmation as to whether personal data are processed by us. If such processing is done, you can request the following information: the purposes for which the personal data are processed; the categories of personal data that are processed; the recipients or categories of recipients to whom the personal data concerning you has been or is still being disclosed; the planned duration of the storage of the personal data concerning you or, if specific information is not possible, criteria for determining the retention period; the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
- the existenceofarightofappealwitha supervisory authority;
- any available information on the origin of the data if the personal data are not collected from the data subject
- the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) GDPR and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such a Processing for the data subject.
You have the right to request information on whether the personal data concerning you is transferred to a third country or to an international organisation.
In this context, you may request to be informed of the appropriate guarantees under Article 46GDPR in connection with the transmission.
- Right to rectification
You have a right to rectification and/or completion to the controller if the personal data processed concerning you is incorrect or incomplete. The person responsible shall make the correction without delay.
- Right to restrict processing
You may request the restriction of the processing of personal data concerning you under the following conditions: if you dispute the accuracy of the personal data concerning you for a period of time that allows the controller to verify the accuracy of the personal data; the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data;
controller no longer needs the personal data for the purposes of the processing, but you need it to assert, exercise or defend legal claims, or if you have objected to the processing in accordance with Art.21 (1) GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your reasons.
If the processing of personal data concerning you has been restricted, such data may only be used with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of a other natural or legal person or for reasons of an important public interest of the Union or of a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
- Right to erasure
(a) Obligation to delete
You may request that the personal data concerning you be deleted immediately, and the controller is obliged to delete this data immediately, provided that one of the following reasons applies: The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed. You revoke your consent, on which the processing was based in accordance with Art.6 (1) lit.a or Art.9 (2) lit.a GDPR, and there is no other legal basis for the processing.
According Art.21 Para.1 GDPR you may object to the processing, if there are no primary legitimate reasons.
Your personal data have been processed unlawfully.
The erasure of personal data concerning you is necessary to fulfilale galobligation under Union law or the law of the Member States to which the controller is subject. The personal data concerning you have been collected in relation to information society services offer edinac cordance with Article8(1)GDPR.
(b) Information to third parties
If the responsible has made your personal data public and he is in accordance with Article 17(1) GDPR, obliged to delete your data, he has to take appropriate actions. Also of a technical nature in order to inform data controllers who process the personal data that you, as a data subject, have requested that you delete all links to such personal data or to copies or replications of the requested personal data.
The right to erasure does not exist to the extent that the processing is necessary:
- the exercise of the right to freedom of expression and information,
- in order to fulfilal egal obligation requiring processing under the law of the Union or of the Member States to which the controller is subject,
- or to carry out a task which is in the public interest or in the exercise of official authority entrusted to the controller
- for reasons of public interest in the field of public health, in accordance with Article 9(2) of the handare, as well as Article 9 (3) GDPR,
- for archival purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Article 89 (1) GDPR,
- insofar as the law referred to in section (a) is likely to achieve the objectives of such processing impossibly or seriously impaired, or for the assertion, exercise or defence of legal claims.
- Right to information
If you have asserted the right to rectification, deletion or restriction of the processing against the controller, the controller is obliged to make this correction or correction to all recipients to whom the personal data concerning you have been disclosed. erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients.
- Right to data portability
Youhavetherighttoreceivethepersonaldataconcerningyouthatyouhaveprovidedtothecontrollerinastructured,commonandmachine-readableformat.Inaddition,youhavetherighttotransferthisdatatoanothercontrollerwithouthindrancebythecontroller to whom thepersonaldata has beenprovided,providedthat:
(1) processing on consent in accordance with Art.6 sec.1 lit.a GDPR or Art. 9 sec. 2 lit. a GDPR or on a contract pursuant to Art. b GDPR is based and
(2) processing is carried out using automated procedures. In exercising this right, you also have the right to obtain that the personal data concerning you are transferred directly by one controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this. The right to data portability shall not apply to the processing of personal data necessary for the performance of a task which is in the public interest or carried out in the exercise of official authority delegated to the controller.
- Right to object
You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, which is based on Art.6(1) lit. e or F GDPR; this shall also apply to profiling based on these provisions.
The responsible will no longer process the personal data concerning you, unless he can prove compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves the purpose of the assertion, exercise or defence of legal claims.
If your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising, this also applies to profiling insofar as it is related to such direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You have the possibility to exercise your right of opposition in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
- Right to revocation data
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
- Automated decision-making on a case-by-case basis, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, that has legal effect on you or similarly significantly affects you. This shall not apply where the decision is necessary for the conclusion or performance of a contract between you and the controller, is permitted by Union or Member State legislation to which the controller is subject, and this legislation contains appropriate measures to safeguard your rights and freedoms and your legitimate interests or is done with your express consent. However, such decisions may not be based on specific categories of personal data under Article 9(1) GDPR, unless Article 9(2) of the a or g and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.
With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures to safeguard the rights and freedoms and your legitimate interests, including at least the right to the intervention of a person on the part of the controller, to statement of one's own position and on the challenge of the decision.
- Right to complain to a supervisory authority
You have the right to launch a complaint with a supervisory authority, in particular in your own State, place of residence, place of employment or place of the alleged breach if you believe that the processing of personal data concerning you violates the GDPR.
The supervisory authority to which the complaint was lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
Children and young people with limited legal ability may not transmit personal data to our websites without the consent of the parents or the supervisor. The Hotel König Ludwig Wellness & SPA Resort Allgäu will in no case collect or use in any way personal data obtained by children or restricted young people.
- Data protection - Information pursuant to Article 13 GDPR
Name and address of the Data Protection Officer:
Das König Ludwig Wellness & SPA Resort Allgäu
Alpina Hotel Betriebs OHG
87645 Schwangau bei Füssen
Tel. +49 (0) 8362 889 - 0
Fax. +49 (0) 8362 889 – 990