Privacy Policy

Privacy policy

1. responsibilities
We are very pleased about your interest in our company. Data protection has a particularly high priority for the management of Schlosshotel Steinburg.
On this page we would like to explain which data we collect, process and use, when and for what purpose.
If you have any questions or comments about our data protection notice, you can contact the responsible office at the following contact details:

Schlosshotel Steinburg
Reußenweg 2
97080 Würzburg
Germany
Tel.: +49 (0)931 9702-0
E-mail: datenschutz@steinburg.com

The data protection officer can be reached by e-mail at datenschutz@steinburg.com and by post at Schlosshotel Steinburg, Attn: Data Protection Officer, Reußenweg 2, 97080 Würzburg.

2. data subject rights
You can request information at any time as to whether we have stored personal data about you and what this data is.
If personal data is processed by you, you are a data subject within the meaning of the EU General Data Protection Regulation (hereinafter referred to as DSGVO) and you have the following rights against the controller who collected your personal data:

– Right of access (Art. 15 DSGVO). You may request confirmation from the controller as to whether personal data concerning you are being processed by us, for what purpose and for how long, what categories of data are involved, to which recipients or categories of recipients this data is disclosed.
– Right to rectification (Art. 16 GDPR), completion, restriction (Art. 18 GDPR): You may request the correction or completion of your concerning incorrect or incomplete data. You also have a right to restriction of processing, in particular in the case of legal retention obligations.
– Right to erasure (Art. 17 DSGVO): In particular, they may request the deletion of data concerning them in the event of a revocation of their consent.
– Right to data portability (Art. 20 DSGVO): You have the right to request that personal data concerning you be provided in a machine-readable format.
– Right of objection, revocation and complaint: You may object to the processing of your personal data and revoke your consent. They have the right to lodge a complaint with a supervisory authority.
– With regard to further data subject rights vis-à-vis data processing by our own data controllers (including Facebook, Twitter, Snapchat and Instagram), please refer to their privacy policy.

3. legal basis
The DSGVO, the Federal Data Protection Act (BDSG) and subsequently also the Telemedia Act (TMG) protect personal data. This is data that relates to natural persons. Data of legal persons are not subject to this protection. Personal data is individual information about personal or factual circumstances that can be assigned to their person (e.g., their name in connection with their telephone number or their e-mail address). Information that cannot be directly linked to their actual identity (such as the articles displayed to them on a website) is not included.

We process their personal data either on the basis of consent given (Art. 6(1)(a) DSGVO) or in accordance with Art. 9(2)(a) DSGVO, to fulfill a contract to which they are a party (Art. 6(1)(b) DSGVO), to fulfill a legal obligation of ours (Art. 6(1)(c) DSGVO) or to protect our legitimate interests (Art. 6(1)(f) DSGVO).

In rare cases, the processing of personal data might become necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and as a result his or her name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d DSGVO.

4 Recipients of the data
As a matter of principle, we do not pass on your data to third parties. No third parties in this sense are order processors.

5. basic principles
Your communication with our websites is encrypted. This protects the communication between you and our web server and helps to prevent misuse of the data (eavesdropping) by third parties.
All personal data collected in the course of our website will be processed in accordance with the applicable provisions on the protection of personal data only for the purpose of the services ordered by you and to process your requests.

5.1 Access to our web pages
Every time our website is accessed, i.e. every time a file on this server is retrieved or attempted to be retrieved, data about this process is stored in a log file.

In detail, the following data record is stored about each retrieval:

– IP address
– Name of the retrieved file
– date and time of the retrieval
– amount of data transferred
– Message as to whether the retrieval was successful
– Message, why a retrieval failed, if applicable
– Operating system and browser software of your computer
– screen resolution
– browser language
– color depth
– browser plug-ins (Javascript, Flash Player, Java, Silverlight, Adobe Acrobat Reader, etc.)
– the website from which you visited us

After the statistical analysis, the log file is deleted. We cannot assign the stored data to you. We also do not pass on the data to third parties. Only in the case of violations of our rights, we reserve the right to forward individual data records to the appropriate authorities in order to initiate prosecution of the violations.

Data processing is carried out on the basis of Art. 15 TMG and Art. 6 para. 1 lit. f) DSGVO in order to optimize our website offer for you.

The data records created are stored in log files for statistical purposes and deleted after statistical evaluation.

6. technologies used
Issuu
This site links to the service provider Issuu for some of the e-paper media presented. The provider is Issuu Inc, 131 Lytton Ave, Palo Alto, CA 94301, USA. Issuu, Kollwitzstraße 75, 10435 Berlin, Germany.
To use the functions of Issuu, it is necessary to store your IP address. This information is usually transferred to an Issuu server in the USA and stored there. If you are logged into your Issuu account, you enable Issuu to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Issuu account. The provider of this site has no influence on this data transmission.
Issuu is used in the interest of an appropriate presentation of our content. This represents a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO.
More information on the handling of user data can be found in Issuu’s privacy policy: https://issuu.com/legal/privacy.

Google Analytics
We use the analysis service Google Analytics. This web analytics service is operated by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). We use Google Analytics to evaluate your use of our website and to compile reports on user activities.
This analysis tool works in particular on the basis of cookies. A cookie is a data record that is sent when you visit a website and is temporarily stored on the hard drive of the user of the website to enable an analysis of your use of the website. The information stored by the cookie is usually transferred to a Google server in the USA and then stored there. Within the scope of IP anonymization, your IP address will be shortened beforehand by Google within a member state of the EU or another state party to the Agreement on the European Economic Area. On our behalf, Google will use the transmitted information to compile a report on the use of the website. We have concluded an order processing contract with Google. If you wish to prevent the use of cookies, you can do so by locally making changes to your settings in the Internet browser used on your computer (e.g. Safari, Internet Explorer, Opera, Firefox, etc.), i.e. the program used to open and display Internet pages. Furthermore, you can prevent the collection and processing of your data by the cookie from Google, by downloading and installing a browser plugin offered by Google at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
You can prevent the collection by Google Analytics by clicking on the following link. Then a so-called opt-out cookie will be set, which prevents the future collection of your data when visiting this website: Deactivate Google Analytics Further information on the terms of use and data protection of Google and Google Analytics can be found at http://www.google.com/analytics/terms/de.html and at https://www.google.de/intl/de/policies/. We would like to point out that the extension “anonymizeIp” has been added to Google Analytics. This ensures anonymized collection of IP addresses.

Cookie Information:
Categorization for consent: Marketing
Cookies used (lifetime in parentheses): _ga (2 years), _gid (1 day), _gat_UA-* (1 minute),_utma (2 years), _utmb (30 minutes), _utmc (session), _utmt (10 minutes), _utmz (6 months).
Please note that due to the Cloud Act, American intelligence agencies might gain access to personal data that is inevitably exchanged with Google when embedding this tool due to the Internet Protocol.

Google Maps
This website uses the mapping software Google Maps from Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). By using this website, you consent to the collection, processing and use of data that may be automatically collected by Google and its agents. Google Maps Terms of Use. For additional information, please see Google’s privacy policy. Google Maps reloads Google fonts in order to display the map correctly. The Google fonts are also loaded from a Google server. For more information about these Google Fonts, please visit https://developers.google.com/fonts/faq.
Please note that due to the Cloud Act, U.S. intelligence agencies may have access to personal data that is inevitably exchanged with Google when this tool is embedded due to the Internet Protocol.

Usercentrics
We use the consent management service Usercentrics, of Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany (Usercentrics). This allows us to obtain and manage the consent of website users for data processing. The processing is necessary to comply with a legal obligation (Art. 7 para. 1DSGVO) to which we are subject (Art. 6 para. 1 p. 1 lit. c DSGVO). The following data is processed for this purpose:
Date and time of access Browser information Device information Geographic location Cookie preferences URL of the visited page.
The functionality of the website is not guaranteed without the processing.
Usercentrics is a recipient of your personal data and acts as a processor for us.
The processing takes place in the European Union. For more information on objection and removal options vis-à-vis Usercentrics, please visit: https://usercentrics.com/de/datenschutzerklaerung/.

The data will be deleted after 3 years.

Please see our general comments above about deleting and deactivating cookies.

Use of cookies:
We use so-called “cookies” on our websites and use the local storage capacity of your browser (“Local Storage”) to offer you maximum user comfort and to make our online offer attractive for you in the future.
Cookies are text files that are stored by the browser on your computer and contain information about your use of our website. The use of cookies allows us to recognize when you visit our website repeatedly from the same computer. We use cookies for statistical purposes. They remain permanently on your computer unless you delete them.
Cookies can be reset at any time via your browser. Please note, however, that turning off cookies may limit your use of the website, especially in the shopping list area.

Facebook Pixel
To measure our advertising effectiveness, we use the Facebook Pixel analysis tool from Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. With your consent (Art. 6 para 1. lit. a) DSGVO), you agree to the use of so-called “cookies” (text files), which are stored on your used end device while using the website. All information collected in these files is forwarded to Facebook and allows Facebook to draw conclusions about your personal user behavior. The data transfer takes place regardless of whether you have a user account with Facebook. If you have a user account with Facebook and have seen our advertising on Facebook, Facebook links the transmitted data with it and can thus evaluate the effectiveness of our advertisements on Facebook for statistical purposes and for the purposes of market research.

For the type and scope of the personal data collected, the further associated processing and use by Facebook, as well as your rights in this regard and setting options for protecting your privacy, please refer to the privacy notices of Facebook https://www.facebook.com/about/privacy/.

We only receive anonymized data from Facebook, which is used for the purpose of optimizing and measuring the success of our advertising effectiveness in line with reception. We can use the data to analyze the success of our advertising measures and improve our website offering.

You can object to the use of cookies by Facebook by clicking on the link to deactivate Facebook Pixel. By clicking on the link, a so-called opt-out cookie is set in the web browser used, which permanently prevents future data collection and storage by Facebook Pixel on your end device used. If you delete all your cookies in the web browser, you will have to object to the use of cookies by Facebook again if you agree to the cookie consent again.

7. castle hotel steinburg newsletter
On the website of the Schlosshotel Steinburg, users are given the opportunity to subscribe to our enterprise’s newsletter. The personal data transmitted to the controller when the newsletter is subscribed to is specified in the input mask used for this purpose.
The Schlosshotel Steinburg informs its customers and business partners at regular intervals by means of a newsletter about enterprise offers. The newsletter of our enterprise can basically only be received by the data subject, if (1) the data subject has a valid e-mail address and (2) the data subject registers for the newsletter mailing. For legal reasons, a confirmation e-mail will be sent to the e-mail address entered by a data subject for the first time for newsletter dispatch using the double opt-in procedure. This confirmation e-mail serves to verify whether the owner of the e-mail address as the data subject has authorized the receipt of the newsletter.

When registering for the newsletter, we also store the IP address of the computer system used by the data subject at the time of registration, as assigned by the Internet service provider (ISP), as well as the date and time of registration. The collection of this data is necessary in order to be able to trace the (possible) misuse of the e-mail address of a data subject at a later point in time and therefore serves the legal safeguarding of the controller.

The personal data collected in the context of a registration for the newsletter are used exclusively for sending our newsletter. Furthermore, subscribers to the newsletter could be informed by e-mail if this is necessary for the operation of the newsletter service or a registration in this regard, as could be the case in the event of changes to the newsletter offer or changes to the technical circumstances. No personal data collected as part of the newsletter service will be passed on to third parties. The subscription to our newsletter can be cancelled by the data subject at any time. The consent to the storage of personal data that the data subject has given us for the newsletter mailing can be revoked at any time. For the purpose of revoking consent, a corresponding link can be found in each newsletter. Furthermore, it is also possible to unsubscribe from the newsletter mailing directly on the website of the controller at any time or to notify the controller of this in another way.

The data processing is carried out on the basis of Art. 6 para. 1 lit. a), c), f) DSGVO.

The newsletter of the Schlosshotel Steinburg contains so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in such emails that are sent in HTML format to enable log file recording and log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, the Schlosshotel Steinburg may see if and when an e-mail was opened by a data subject, and which links in the e-mail were called up by the data subject.

Such personal data collected via the tracking pixel contained in the newsletters will be stored and analyzed by the controller in order to optimize the newsletter dispatch and to better tailor the content of future newsletters to the interests of the data subject. This personal data will not be disclosed to third parties. Data subjects are entitled at any time to revoke the separate declaration of consent given in this regard via the double opt-in procedure. After a revocation, this personal data will be deleted by the controller. The Schlosshotel Steinburg automatically regards a withdrawal from the receipt of the newsletter as a revocation.

8. data processing for marketing measures
If you participate in one of our marketing measures (e.g. customer surveys or satisfaction inquiry after an order), this is done on a purely voluntary basis. The legal basis for this is either a granted consent (Art. 6 para. 1 lit. a) DSGVO) or legitimate interests (Art. 6 para. 1 lit. f) DSGVO). Our legitimate interests follow in this respect from the need to improve and optimize our offer, as well as to determine your satisfaction as a customer. This data is anonymized after 365 days.
Consents can be revoked at any time with effect for the future. The revocation does not affect the lawfulness of the processing until the revocation.
The results of our marketing measures are generally used for internal evaluations. We do not pass on personal data to third parties unless you have expressly consented to this.

How long do we store your data?
We store your data for as long as is necessary to achieve the processing purposes or to comply with statutory retention and storage periods.
With the exception of data to be retained for reasons of commercial and tax law, data is deleted after 365 days.
After these deletion periods have expired, we only retain the data to be retained in accordance with commercial and tax regulations for the periods prescribed by law. The legal basis is the fulfillment of a legal obligation (Art. 6 para. 1 lit. c) DSGVO).

9. online applications

Data processing through our career site.
You have the option to apply for advertised positions through our career site. For this purpose, you provide us with personal data, which we process exclusively as part of the application process. In order to be able to process your application conscientiously, your documents will be forwarded automatically. There they will be processed for the purpose of your application.

This data processing is carried out in each case on the basis of your consent in accordance with Art. 6 Para. 1 lit. a) DSGVO and in accordance with § 26 BDSG. The respective consent can be revoked at any time by contacting us at “datenschutz@steinburg.com” and informing us of your revocation. The revocation does not affect the lawfulness of the processing until the revocation.

Your personal data will be deleted six months after completion of the application process. The storage period will be extended by a further six months if you actively consent to longer storage. If your application is successful, the application documents will be transferred to the personnel file.

External career sites or job portals
You can also apply to us via job portals such as Stepstone, Monster, Indeed, etc. In this case, the operator of these job portals, in addition to ALDI, is responsible for the processing of your personal data on the site under data protection law. The operator processes your personal data independently and only forwards us the data relevant for the application, including your application documents, e-mail address, first and last name. Details about the collection and storage of your personal data as well as about the type, scope and purpose of its use can be found in the data protection information or cookie guidelines of the respective operator.

Each time you access career sites, i.e. each time you access or attempt to access a file on these career sites, at least the following data about this process is stored in a log file at the external career site operator (log file):

– Access, device, and (if applicable) location data.
– IP address
– Name of the retrieved file
– Date and time of access
– Amount of data transferred
– Message as to whether the retrieval was successful
– Message as to why a retrieval failed, if applicable
– Operating system and browser software of your computer

This data processing is carried out in each case on the basis of your consent pursuant to Art. 6 para. 1 lit. a) DSGVO and the legitimate interest of the career site operators pursuant to Art. 6 para. 1 lit. f) DSGVO. The processing of your application documents with us is then also carried out in accordance with Section 26 BDSG: The respective consent can be revoked at any time by contacting the career site or us at “datenschutz@aldi-nord.de” and informing us of the revocation. The revocation does not affect the lawfulness of the processing until the revocation.

Please note that the respective career site operator may not be based in the EU / EEA or may transfer your data to a country with a lower level of data protection than in the EU / EEA for other reasons.

10. contact to Schloßhotel Steinburg

Contact form
You can send us information and requests at any time via our contact form.

Your data will be processed in each case exclusively for the purpose of taking note of the information, answering the inquiry. A use for other purposes, in particular for advertising purposes, does not take place.

With the exception of data to be retained for reasons of commercial and tax law, your personal data will be deleted after 3 months.

E-mail contact
If you write to an e-mail address provided on our websites, your request will be processed.

This data processing is based on Art. 6 para. 1 lit. a), b), c) and f) DSGVO.

In each case, your data will be processed exclusively for the purpose of taking note of the information or answering the inquiry. Use for other purposes, in particular for advertising purposes, does not take place. With the exception of data to be retained for reasons of commercial and tax law, your personal data will be deleted after 3 months.

Telephone customer service
You can reach our telephone customer service at any time.

In this context, we process your personal data in order to be able to help you in a timely manner and in the best possible way. The data processing is based on your consent in accordance with Art. 6 (1) a) DSGVO.

Your data provided during the call will be processed exclusively for the purpose of taking note of the information, answering the inquiry or handling the complaint. There will be no use for other purposes, in particular for advertising purposes. We store your data for as long as is necessary to achieve the processing purposes or to comply with legal retention and storage periods.

Fraud prevention and tracking
For fraud prevention or detection purposes, we may share your data with law enforcement authorities or payment service providers. Your personal data is processed to protect our legitimate interests. Our interests are the fight against fraud and the detection of criminal offences. The legal basis for this processing is Art. 6 (1) f) DSGVO and Section 24 BDSG.

11. social media

Data processing by Facebook and Instagram
When using Facebook or Instagram, in addition to Schloßhotel Steinburg, the operator of the social networks is also responsible for data processing under data protection law:
Facebook Ireland Ltd.

4 Grand Canal Square
Grand Canal Harbour
Dublin 2 Ireland
The data protection officer can be contacted via the contact form and by post at Facebook Ireland Ltd. 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland.

Facebook provides the analytics tool “Facebook Insights”. We use this tool to obtain a presentation of statistically processed data without personal reference. This allows us to determine the behavior of our users and use it to optimize our posts. For more information on the scope and processing of your personal data and the duration of the processing, please refer to Facebook’s privacy notice and Instagram’s privacy notice as well as the terms of use.

What options do you have with regard to the storage or further use of your data?
An explanation of your options with regard to the storage or further use of your data can be found in the category “Data subject rights”. In addition, you can exercise the same rights on the above-linked Fanpage operator websites.

Contact details
You can send us information and inquiries at any time via hotel@steinburg.com.

The data processing required for the purpose of responding to your inquiry is based on Art. 6 para. 1 lit. a) DSGVO. For the contact details of fan page operators, please refer to their privacy notices.

12. insurance
Your personal data (first name, last name, address, telephone number) are processed for the purpose of handling the insurance transaction. The processing is based on consent, for the fulfillment of contractual and legal obligations and due to our legitimate interests in the involvement of our insurer (Art. 6 para. 1 lit. a), b), c) and f) DSGVO). After the insurance process has been completed, the data will be deleted.

13. customer invoice:
Your personal data (first name, last name, address) will be processed for invoicing purposes. The processing is based on § 14 UStG in conjunction with Art. 6 para.1 lit. b) and c) EU-DSGVO. Due to tax requirements, personal data will be deleted after 10 years.

14. giro and credit card payment:
If you have selected the payment method giro or credit card, we collect your personal data in the booking portal. We transmit the data to the payment service provider Concardis (Helfmann-Park 7, 65760 Eschborn) for payment processing. Details on the processing of your personal data can be found here. You can reach the data protection officer of Concardis at: DPO-DACH@nets.eu

The processing of your personal data (e.g. card data, date, time, amount) is based on consent and for the fulfillment of contractual and legal obligations (Art. 6 para. 1 lit. a), b) and c) DSGVO). We will delete your data after completion of processing within 15 months, unless longer retention is required for reasons of verifiability, customer service or legal retention periods. We reserve the right, in the event of a legal obligation, to disclose information about you if we are required to do so by lawful authorities or law enforcement bodies.

15. paper applications
Your personal data (including surname, first name, telephone number, e-mail address, cover letter, curriculum vitae and certificates) will be processed for the purpose of filling vacancies in a qualified manner and contacting you as part of the application process. The personal data collected for the application will be deleted after completion of the application process, at the latest after six months. The processing is based on Art. 6 para. 1 b) DSGVO in conjunction with § 26 para. 1 BDSG. You can also apply online via our application portal https://steinburgkarriere.com/#.
may).