An overview of data protection

General

The following gives a simple overview of what happens to your personal information when you visit our website. Personal information is any data with which you could be personally identified. Detailed information on the subject of data protection can be found in our privacy policy found below.

Responsability

Who is responsible for the data collection on this website?
The data collected on this website are processed by the website operator:

Hotel Bergkristall GmbH & Co. KG
Willis 8
87534 Oberstaufen
Tel.: +49 8386 911-0
Fax: +49 8386 911-150
Mail: wellness@bergkristall.de
Internet: www.bergkristall.de

Data protection officer required by law
We have appointed a data protection officer for our company:
Marc Sohler | securo
Im Lehen 12/2
88097 Eriskirch
Deutschland
Tel: +49 75 22 – 90 91 00
Mail: sohler@sicherheitsberatung.pro

SSL and TLS-encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Encrypted payment transactions on this website

If there is an obligation to provide us with your payment details (e.g. account number for direct debit authorisation) after the conclusion of a chargeable contract, this data is required for payment processing.

Payment transactions via the usual means of payment (Visa/MasterCard, direct debit) are made exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

With encrypted communication, the payment data you transmit to us cannot be read by third parties.

Data acquisition on this website

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This may be data that you enter in a contact form, for example.

Other data is collected automatically by our IT systems when you visit the website. This is primarily technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter our website.

What do we use your data for?

Some of the data is collected to ensure that the website is provided without errors. Other data may be used to analyse your user behaviour.

Cookies

Some of our web pages use cookies. Cookies do not harm your computer and do not contain any viruses. Cookies help make our website more user-friendly, efficient, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit. Other cookies remain in your device's memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.

Necessary data storage includes cookies that are absolutely essential for the functions of a website. This means, for example, the storage of log-in data, the shopping basket or the language selection by so-called session cookies (which are deleted when the browser is closed).

On the other hand, text files that do not solely serve the functionality of the website, but also collect other data, are considered non-essential cookies. These include the following cookies:

• Tracking cookies
• Targeting cookies
• Analysis cookies
• Cookies from social media website

Necessary cookies may be set from the outset, i.e. even without the user's prior consent. In contrast, website visitors must give their consent before cookies store non-essential data.

Cookie consent

Our website uses Cookiebot technology to obtain your consent to store certain cookies in your browser and to document this in accordance with data protection regulations. This technology is provided by Usercentrics A/S, Havnegade 39, DK-1058 Copenhagen. When you visit our website, a vioma cookie is stored in your browser, which stores the consents you have given or the revocation of these consents. This data is not passed on to us.

Revocation of your consent

Your consent given in the cookie consent dialog to store certain cookies, or the revocation of this consent, can be revoked at any time with effect for the future. If you would like to change your selection in the cookie consent dialog, please click here. Once you have clicked on the link, the cookie consent dialog will reappear and you can change your selection. Alternatively, you can request us to delete your data or delete the Cookiebot consent cookie yourself in your browser. From that point on, we will no longer process your data. Your consent/non-consent is logged on the basis of a legal obligation pursuant to Section 76 BDSG, Art. 6 (1) sentence 1 lit. c GDPR. Mandatory statutory retention periods remain unaffected.

Server log files

The website provider automatically collects and stores information that your browser automatically transmits to us in "server log files". These are:

• Browser type and browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP adress

These data will not be combined with data from other sources.

This data is collected on the basis of Art. 6 (1) (b) and (f) GDPR. We have a legitimate interest in the technically error-free presentation and optimization of our website—for this purpose, the server log files must be collected. The processing also serves to fulfill a contract or to carry out pre-contractual measures.

By e-mail, contact form, telephone or fax

Enquiry

If you contact us by e-mail, contact form, telephone or fax, your enquiry including all personal data (name, e-mail, enquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR, insofar as your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures, or on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR), as we have a legitimate interest in the effective processing of the enquiries addressed to us.

The data you send to us via contact requests will remain with us until the purpose for data storage no longer applies (e.g. after your request has been processed) or you request us to delete it. Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

Vioma voucher

Voucher purchase and voucher management

Our website uses the Software vioma VOUCHER, provided by vioma GmbH ("vioma"), Industriestrasse 27, 77656 Offenburg, Germany for the sale, redemption, and management of online vouchers.

If you purchase an online voucher via our website, we need your e-mail address for processing your voucher purchase and the first and last name of the voucher recipient. We will also ask for your preferred shipping method so we can deliver the voucher according to your wishes. If you choose to send the voucher by e-mail, we process the e-mail address of the recipient. If you choose to send it by post, we process the postal address of the recipient for delivery by post.

In the voucher management system, the remaining value of the voucher, redemptions, and the current status (open, paid, redeemed, etc.) is also recorded.

The processing of your data for the online purchase of vouchers takes place on the basis of Art. 6 para. 1 lit. b GDPR and serves the fulfillment of a contract or the implementation of pre-contractual measures. The processing of your data in the voucher management is based on Art. 6 para. 1 lit. c GDPR and serves the fulfillment of the legal storage obligations.

The data you transmit to us will remain with us until the purpose for storing the data no longer applies (e.g. after processing your request has been completed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

Execution of a data processing agreement

In order to guarantee processing in compliance with data protection regulations, we have concluded a data processing agreement with vioma.

Vioma Interactive

We use the vioma INTERACTIVE module on our website. The provider is vioma GmbH ("vioma"), Industriestr. 27, 77656 Offenburg. This module allows us to implement special overlays and dialog boxes within our website.

If you attempt to leave the current browser window of our website with your mouse or input device, or if you have spent a predefined amount of time on a section of our website, overlays with content specified by us may appear.

To ensure the protection of your personal data and your device, when using vioma INTERACTIVE, only when you actively interact with the respective overlay is this information stored in your session storage. This prevents the clicked overlay from being displayed again during your website visit. No additional processing of personal data takes place. It is not possible for either us or vioma to draw any conclusions about you as a visitor to our website through the mere use of vioma INTERACTIVE.

Registration on this website

You can register on our website in order to access additional functions offered here. The input data will only be used for the purpose of using the respective site or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration.

To inform you about important changes such as those within the scope of our site or technical changes, we will use the email address specified during registration.

We will process the data provided during registration only based on your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

We will continue to store the data collected during registration for as long as you remain registered on our website. Statutory retention periods remain unaffected.

Openstreetmap

Mapping service

We are using the mapping service provided by OpenStreetMap ("OSM") to display the route to our company for you and to make it easier for you to plan your journey.

We embed the map data from OSM on the server of the OpenStreetMap Foundation ("OSMF"), St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. The United Kingdom is considered a secure third country under data protection law. This means that the United Kingdom has a level of data protection that is equivalent to the level of data protection in the European Union.

When using the OSM maps, a connection is established to the servers of the OSMF. In the process and among other things, your IP address and other information about your behavior on this website may be forwarded to the OSMF. OSM may store cookies in your browser or use similar recognition technologies for this purpose. Further information on how OSM handles your personal data can be found here:
https://wiki.osmfoundation.org/wiki/Privacy_Policy

The use of OSM is exclusively based on Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time.

Usage of external tracking services

When you visit our website, your surfing behaviour may be statistically evaluated. This is primarily done using cookies and so-called analysis programmes. The analysis of your surfing behaviour is usually anonymous; the surfing behaviour cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. You can find detailed information on this in the following data protection information.

You can object to this analysis. We will inform you about the objection options in this privacy policy.

This website uses the following external tracking services:

• Google Analytics 4, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, IE
• Google Ads, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, IE
• Meta Pixel, Meta Platforms Ireland Ltd., Merrion Road, Dublin 4, D04 X2K%, IE
• Google Tag Manager, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, IE
• Hotjar Tracking, Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, MT
• Pinterst Tracking, Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2 IE

Google Analytics 4 (without Google-Signals)

This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior patterns of website visitors. To that end, the website operator receives a variety of user data, such as pages accessed, time spent on the page, theutilized operating system and the user’s origin. This data is assigned to the respective end device of the user. An assignment to a device-ID does not take place.

Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Google Analytics uses various modeling approaches to augment the collected data sets and uses machine learning technologies in data analysis.

Google Analytics uses technologies that make the recognition of the user for the purpose of analyzing the user behavior patterns (e.g., cookies or device fingerprinting). The website use information recorded by Google is, as a rule transferred to a Google server in the United States, where it is stored.

The use of these services occurs on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR a. You may revoke your consent at any time.

Browser plug-in

You can prevent the recording and processing of your data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en. For more information about the handling of user data by Google Analytics, please consult Google’s Data Privacy Declaration at: https://support.google.com/analytics/answer/6004245?hl=en.

Google Signals

We use Google Signals. When you visit our website, Google Analytics collects your location, search history, YouTube history, demographic data (visitor data), and other information. This data can be used for personalized advertising with the help of Google Signals. If you have a Google account, Google Signal links the visitor data to your Google account and uses it for personalized advertising messages. The data is also used to create anonymous statistics on the user behavior of our users.

Google Analytics e-commerce-tracking

This website uses the “E-Commerce-Tracking” function of Google Analytics. With the assistance of E-Commerce-Tracking, the website operator is in a position to analyze the purchasing patterns of website visitors with the aim of improving the operator’s online marketing campaigns. In this context, information, such as the orders placed, the average order values, shipping costs and the time from viewing the product to making the purchasing decision are tracked. These data may be consolidated by Google under a transaction ID, which is allocated to the respective user or the user’s device.

Conclusion of an order processing contract

We have concluded an order processing contract with Google and implement the requirements of the German data protection authorities when using Google Analytics. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

Google Ads with conversion tracking

Wie have integrated Google Ads on this website. The operating company for Google Ads services is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display ads in the Google search engine or on third-party websites, if the user enters certain search terms into Google (keyword targeting). It is also possible to place targeted ads based on the user data Google has in its possession (e.g. location data and interests; target group targeting). As the website operator, we can analyze these data quantitatively, for instance by analyzing which search terms resulted in the display of our ads and how many ads led to respective clicks.

The purpose of Google Ads is to promote our website by displaying interest-based advertising on the websites of third-party companies and in the search engine results of the Google search engine.

If you access our website via a Google ad, Google will place a conversion cookie on your IT system. A conversion cookie expires after thirty days and is not used to identify you. The conversion cookie is used to track whether certain subpages, such as the shopping cart of an online shop system, have been accessed on our website, provided that the cookie has not yet expired. The conversion cookie allows both us and Google to track whether a user who accessed our website via an AdWords ad generated a sale, i.e., completed or canceled a purchase.

The data and information collected through the use of the conversion cookie is used by Google to compile visit statistics for our website. We in turn use these visit statistics to determine the total number of users who were referred to us via Ads, i.e. to determine the success or failure of the respective Ads and to optimize our Ads for the future. Neither our company nor other Google Ads advertisers receive information from Google that could be used to identify you.

The conversion cookie stores personal information, such as the websites you have visited. Each time you visit our website, personal data, including the IP address of the Internet connection you are using, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected using technical procedures to third parties.

These processing operations are carried out exclusively with your express consent in accordance with Art. 6 (1) lit. a GDPR.

The parent company Google LLC is certified as a US company under the EU-US Privacy Shield Framework. This means that an adequacy decision has been made in accordance with Art. 45 GDPR, so that personal data may be transferred without further guarantees or additional measures.

The privacy policy and further information from Google Ads can be found at: https://www.google.de/intl/de/policies/privacy/.

Further information about Google's use of your personal data can be found on Google's „Privacy and Terms of Use“ page at https://business.safety.google/privacy/

Meta Pixel

This website uses Meta's visitor action pixels to measure conversions. This service is provided by Meta Platforms Ireland Ltd, Merrion Road, Dublin 4, D04 X2K5, Ireland. However, according to Meta, the data collected is also transferred to the USA and other third countries.

This allows the behavior of website visitors to be tracked after they have been redirected to the provider's website by clicking on a Meta advertisement. This allows the effectiveness of Meta advertisements to be evaluated for statistical and market research purposes and future advertising measures to be optimized.

The data collected is anonymous to us as the operator of this website, we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Meta, so that a connection to the respective user profile on Facebook or Instagram is possible and Meta can use the data for its own advertising purposes in accordance with the Meta Data Use Policy. This enables Meta to place advertisements on Facebook or Instagram pages and other advertising channels. As the website operator, we have no influence over this use of the data.

The use of this service is based on your consent, Art. 6 (1) (a) GDPR; consent can be revoked at any time.

Insofar as personal data is collected on our website using the tool described here and forwarded to Meta, we and Meta Platforms Ireland Ltd, Merrion Road, Dublin 4, D04 X2K5, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). This joint responsibility is limited exclusively to the collection of data and its transfer to Meta. The processing by Meta after the transfer is not part of the joint responsibility. Our joint obligations have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Meta tool and for the data protection-compliant implementation of the tool on our website. Meta is responsible for the data security of Meta products. You can assert your rights as a data subject (e.g., requests for information) regarding the data processed by Facebook or Instagram directly with Meta. If you assert your rights as a data subject with us, we are obliged to forward them to Meta.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum und https://de-de.facebook.com/help/566994660333381.

You can find further information on protecting your privacy in Meta's privacy policy: https://de-de.facebook.com/about/privacy/.

You can also disable the “Custom Audiences” remarketing feature in the ad settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook.

If you do not have a Facebook or Instagram account, you can disable Meta's usage-based advertising on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the US that aims to ensure compliance with European data protection standards when processing data in the US. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this is available from the provider at the following link: https://www.dataprivacyframework.gov/participant/4452.

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that helps us integrate tracking or statistics tools and other technologies into our website. Google Tag Manager itself does not create user profiles, store cookies, or perform independent analyses. It is used solely for the management and display of the tools integrated via it. However, Google Tag Manager does collect your IP address, which may also be transferred to Google's parent company in the United States.

The use of Google Tag Manager is based on your consent pursuant to Art. 6 (1) (a) GDPR; consent can be revoked at any time.

Hotjar

This website uses Hotjar. The provider is Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: https://www.hotjar.com).

Hotjar is a tool for analysing your user behaviour on this website. Hotjar allows us to record your mouse and scroll movements and clicks, among other things. Hotjar can also determine how long you remain with the mouse pointer in a certain position. Hotjar uses this information to create so-called heat maps, which can be used to determine which website areas are favoured by website visitors. Furthermore, we can determine how long you stayed on a page and when you left it. We can also determine at which point you cancelled your entries in a contact form (so-called conversion funnels). In addition, Hotjar can be used to obtain direct feedback from website visitors. This function serves to improve the website operator's web offerings.

Hotjar uses cookies. Cookies are small text files that are stored on your computer and saved by your browser. They are used to make our website more user-friendly, effective and secure. In particular, these cookies can be used to determine whether this website has been visited with a specific end device or whether the Hotjar functions have been deactivated for the browser in question. Hotjar cookies remain on your device until you delete them. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

The use of Hotjar and the storage of Hotjar cookies are based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

Deactivating Hotjar

If you wish to deactivate data collection by Hotjar, click on the following link and follow the instructions there: https://www.hotjar.com/opt-out Please note that Hotjar must be deactivated separately for each browser or end device. For more information about Hotjar and the data collected, please refer to Hotjar's privacy policy at the following link: https://www.hotjar.com/privacy

Contract for order processing

We have concluded a contract for order processing with Hotjar in order to implement the strict European data protection regulations.

Pinterest Plugin

On this website, we use social plugins from the social network Pinterest, which is operated by Pinterest Europe Ltd. (“Pinterest”), Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland.

When you visit a page that contains such a plugin, your browser establishes a direct connection to Pinterest's servers. The plugin transmits log data to Pinterest's server in the USA. This log data may include your IP address, the address of the websites you visited that also contain Pinterest features, the type and settings of your browser, the date and time of the request, your use of Pinterest, and cookies.

The storage and analysis of the data is based on your consent, Art. 6 (1) (a) GDPR; consent can be revoked at any time.

For more information about the purpose, scope, and further processing and use of data by Pinterest, as well as your rights and options for protecting your privacy, please refer to Pinterest's privacy policy: https://policy.pinterest.com/de/privacy-policy.

Information, deletion and correction

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if applicable, the right to correction or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the imprint.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time at the address given in the imprint. The right to restriction of processing exists in the following cases:

If you dispute the accuracy of your personal data stored by us, we usually need time to check this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
If the processing of your personal data happened/is happening unlawfully, you can request the restriction of data processing instead of erasure.

If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request restriction of the processing of your personal data instead of erasure.
If you have lodged an objection pursuant to Art. 21 para 1 GDPR, a balancing of your and our interests must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to demand the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.

Withdrawal of your consent of data processing

Many data processing operations are only possible with your explicit consent. You can revoke the consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation

Right to object to date collection in special cases and to direct marketing (Art. 21 DSGVO)

If data processing is carried out on the basis of Art. 6 Abs. 1 LIT. E or F DSGVO, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the purpose of asserting, exercising or defending legal claims (objection under Art. 21 Abs. 1 DSGVO).

If your personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 Abs. 2 DSGVO).

Right to appeal to the competent supervisory authority

In the event of breaches of the GDPR, data subjects have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged breach. The right of appeal is without prejudice to any other administrative or judicial remedy.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in performance of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another person responsible, this will only be done insofar as it is technically feasible.

YouTube with enhanced data protection

This website embeds videos from the YouTube website. YouTube is operated by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video.

As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, YouTube can store various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent attempts at fraud.

If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no influence.

The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

Further information about data protection at YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=de. 

One Page Booking of HotelNetSolutions

Online bookings

Our website uses the booking technology One Page Booking, provided by HotelNetSolutions GmbH, Genthiner Straße 8, 10785 Berlin ("HNS"). We have concluded an order processing agreement with HNS.

If you make an online booking via our website, we need your e-mail address, your telephone number, your travel dates, the product booked and your full address with first and last name for processing.

The dates of your stay, the product selected and the number of people travelling are required to calculate the valid travel price. If you are travelling with children, please make a booking request by telephone on +49 8386 - 9110 or by e-mail to wellness@bergkristall.de. Further information in the form is provided on a voluntary basis.

The processing of your data for the online booking is based on Art. 6 para. 1 lit. b GDPR and serves the fulfilment of a contract.

The data you transmit to us will remain with us until the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

Conclusion of a contract for oder processing

In order to ensure data protection-compliant processing, we have concluded an order processing contract with HNS.

What's App

Messenger & communication tools

What are messenger & communication functions?

We offer the instant messaging service WhatsApp on our website. The service provider is the American company WhatsApp Inc., a subsidiary of Meta Platforms Inc. WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, is responsible for the European region.
The above-mentioned messenger tool also processes and stores your data to the extent necessary to respond to your inquiry and take subsequent action. If content is end-to-end encrypted, this is indicated in the individual privacy policy texts or in the privacy policy of the respective provider. End-to-end encryption simply means that the content of a message is not visible even to the provider. However, information about your device, location settings, and other technical data may still be processed and stored.

Why are we using messenger & communication functions?

Communication channels with you are very important to us. After all, we want to talk to you and answer any questions you may have about our service as best we can. Effective communication is an important part of our service. With our convenient messenger and communication features, you can choose your preferred channel at any time. In exceptional cases, however, we may not be able to answer certain questions via chat or messenger. This is the case, for example, when it comes to internal contractual matters. In such cases, we recommend other communication options such as email or telephone. We generally assume that we remain responsible for data protection, even when using the services of a social media platform. However, the European Court of Justice has ruled that in certain cases, the operator of the social media platform may be jointly responsible with us within the meaning of Art. 26 GDPR. 

Where this is the case, we will indicate this separately and work on the basis of a relevant agreement. The essence of the agreement is reproduced below for the platform concerned.
Please note that when using our built-in elements, your data may also be processed outside the European Union, as many providers, such as Facebook Messenger or WhatsApp, are American companies. This may make it more difficult for you to assert or enforce your rights with regard to your personal data.

What data is processed?

Exactly which data is stored and processed depends on the respective provider of the messenger & communication functions. Basically, it is data such as name, address, telephone number, e-mail address and content data such as all information that you enter in a contact form. In most cases, information about your device and IP address is also stored. Data collected via a messenger & communication function is also stored on the provider's servers. If you want to know exactly what data is stored and processed by the respective providers and how you can object to data processing, you should carefully read the respective company's privacy policy.

How safe is the data transfer with WhatsApp?

WhatsApp also processes your data in the USA, among other places. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of protection for data transfers to the USA. This may entail various risks for the legality and security of data processing.
 WhatsApp uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 GDPR) as the basis for data processing with recipients based in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular in the USA) or data transfer to these countries. Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through these clauses, WhatsApp undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de
Information on data transmission at WhatsApp, which corresponds to the standard contractual clauses, can be found at https://www.whatsapp.com/legal/business-data-transfer-addendum-20210927

Right to object

You also have the right and the option to withdraw your consent to the use of cookies or third-party providers at any time. This works either via our cookie management tool or via other opt-out functions. For example, you can also prevent data collection by cookies by managing, deactivating or deleting cookies in your browser. For more information, please refer to the section on consent.

As cookies may be used for messenger & communication functions, we also recommend that you read our general privacy policy on cookies. To find out exactly what data of yours is stored and processed, you should read What's App's privacy policy.

Legal basis

If you have consented to your data being processed and stored by integrated messenger & communication functions, this consent is the legal basis for data processing (Art. 6 Abs. 1 lit. a DSGVO). We process your enquiry and manage your data in the context of contractual or pre-contractual relationships in order to fulfil our pre-contractual and contractual obligations or to answer enquiries. The basis for this is Art. 6 Abs. 1 S. 1 lit. b. DSGVO. In principle, your data will also be stored and processed on the basis of our legitimate interest (Art. 6 Abs. 1 lit. f DSGVO) in fast and good communication with you or other customers and business partners if consent has been given.

Travel Assistant (Klickberater)

Our website uses a travel assistant (hereinafter referred to as “Klickberater”) to provide interactive advice to our visitors. The Click Advisor software is operated by five digital GmbH. The company is based in Germany (https://www.five-digital.de/impressum). The data entered when using Click Advisors is transmitted via SSL encryption and stored in a database to enable us to contact you or send you the requested information. Hotel Bergkristall GmbH & Co. KG is responsible for this data within the meaning of Art. 24 GDPR. five digital GmbH is merely the developer and operator of the software and, in this context, the processor pursuant to Art. 28 GDPR. The basis for processing by five digital GmbH is a contract for order processing between Hotel Bergkristall GmbH & Co. KG and five digital GmbH. In addition, five digital GmbH processes further data, some of which may also be personal data, for the purpose of providing its services, in particular for the operation of Klickberater. Further information can be found at https://www.five-digital.de/datenschutz/. To ensure data protection-compliant processing, we have concluded a contract for order processing with HNS.

Deletion of data

We delete personal data as a matter of principle when there is no longer any need for further storage. A need may exist in particular if the data is still required to fulfill contractual services, to check and grant or defend warranty and, if applicable, guarantee claims. In the case of statutory retention obligations, deletion will only be considered after the respective retention obligation has expired.