privacy

What happens to your data?

Frühling

That too is necessary

The Privacy Policy

The data protection declaration is not rocket science and is only intended to show you what happens to your data:

The fol­low­ing data pro­tec­tion dec­la­ra­tion informs you about the col­lec­tion and pro­cess­ing of per­son­al data on this web­site. It is intend­ed to explain to you how we han­dle your per­son­al data and what you can expect when you use our offers. 

Sur­name and con­tact of the per­son respon­si­ble accord­ing to Arti­cle 4 para. 7 GDPR

The per­son respon­si­ble with­in the mean­ing of the Gen­er­al Data Pro­tec­tion Reg­u­la­tion and oth­er nation­al data pro­tec­tion laws of the mem­ber states as well as oth­er data pro­tec­tion reg­u­la­tions is:

smuggler’s nest
Theis­sen fam­i­ly
Kirschen­stein­weg 17
52156 Mon­schau
Tele­phone +49 2472 912988
Email: fewo@schmugglernest.de

Your per­son­al data is processed in accor­dance with Ger­man and Euro­pean data pro­tec­tion law.

The pro­tec­tion of your per­son­al data is extreme­ly impor­tant to us.

The web­site oper­a­tor adheres to the prin­ci­ple of data avoid­ance. The col­lec­tion of per­son­al data is avoid­ed as far as pos­si­ble. For secu­ri­ty rea­sons and to pro­tect the trans­mis­sion of con­fi­den­tial con­tent, such as orders or inquiries that you send to us as the site oper­a­tor, this site uses an SSL or. TLS encryp­tion. You can rec­og­nize an encrypt­ed con­nec­tion by the fact that the address line of the brows­er changes from “http://” to “https://” and by the lock sym­bol in your brows­er line.

If SSL or TLS encryp­tion is acti­vat­ed, the data that you trans­mit to us can­not be read by third parties.

General information on data processing

Scope of pro­cess­ing of per­son­al data

In prin­ci­ple, we only process the per­son­al data of our users to the extent that this is nec­es­sary to pro­vide a func­tion­al web­site and our con­tent and ser­vices. The pro­cess­ing of per­son­al data of our users takes place reg­u­lar­ly only with the con­sent of the user. An excep­tion applies in such cas­es in which it is not pos­si­ble to obtain pri­or con­sent for actu­al rea­sons and the pro­cess­ing of the data is per­mit­ted by statu­to­ry provisions.

Legal basis for pro­cess­ing per­son­al data

Inso­far as we obtain the con­sent of the per­son con­cerned for the pro­cess­ing of per­son­al data, Art. 6 para. 1 lit. a EU Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR) as the legal basis.

When pro­cess­ing per­son­al data that is required to ful­fill a con­tract to which the data sub­ject is a par­ty, Art. 6 para. 1 lit. b GDPR as the legal basis. This also applies to pro­cess­ing oper­a­tions that are nec­es­sary to car­ry out pre-con­trac­tu­al measures.

Inso­far as pro­cess­ing of per­son­al data is nec­es­sary to ful­fill a legal oblig­a­tion to which our com­pa­ny is sub­ject, Art. 6 para. 1 lit. c GDPR as the legal basis.

In the event that vital inter­ests of the data sub­ject or anoth­er nat­ur­al per­son require the pro­cess­ing of per­son­al data, Art. 6 para. 1 lit. d GDPR as the legal basis.

If the pro­cess­ing is nec­es­sary to safe­guard a legit­i­mate inter­est of our com­pa­ny or a third par­ty and if the inter­ests, fun­da­men­tal rights and fun­da­men­tal free­doms of the per­son con­cerned do not out­weigh the first inter­est, Art. 6 para. 1 lit. f GDPR as the legal basis for processing.

Data Era­sure and Stor­age Duration

The per­son­al data of the per­son con­cerned will be delet­ed or blocked as soon as the pur­pose of stor­age no longer applies. Stor­age can also take place if this has been pro­vid­ed for by the Euro­pean or nation­al leg­is­la­tor in EU reg­u­la­tions, laws or oth­er reg­u­la­tions to which the per­son respon­si­ble is sub­ject. The data will also be blocked or delet­ed if a stor­age peri­od pre­scribed by the stan­dards men­tioned expires, unless there is a need for fur­ther stor­age of the data for the con­clu­sion or ful­fill­ment of a contract.

information about the survey, Processing and use of personal data

Pro­vi­sion of the web­site and cre­ation of log files
Every time you vis­it our web­site, per­son­al data is auto­mat­i­cal­ly col­lect­ed and processed. The fol­low­ing data is col­lect­ed for the pur­pose of cre­at­ing vis­i­tor sta­tis­tics about the use of this web­site, improv­ing the web­site and pro­tect­ing it from cyber attacks:

(1)    Infor­ma­tion about the brows­er type and ver­sion used
(2)    The user’s oper­at­ing sys­tem
(3)    The user’s inter­net ser­vice provider
(4)    The IP address of the user
(5)    Date and time of access
(6)    Web­sites from which the user’s sys­tem access­es our web­site
(7)    Web­sites accessed by the user’s sys­tem through our website

The log files can con­tain IP address­es or oth­er data that enable assign­ment to a user. This could be the case, for exam­ple, if the link to the web­site from which the user arrives at the web­site or the link to the web­site to which the user switch­es con­tains per­son­al data.

Legal basis for data pro­cess­ing
The legal basis for the tem­po­rary stor­age of the data and the log files is Art. 6 para. 1 lit. f GDPR.

pur­pose of data pro­cess­ing
The tem­po­rary stor­age of the IP address by the sys­tem is nec­es­sary to enable deliv­ery of the web­site to the user’s com­put­er. For this pur­pose, the IP address of the user must remain stored for the dura­tion of the session.

Stor­age of the log files
Stor­age in log files takes place to ensure the func­tion­al­i­ty of the web­site. In addi­tion, we use the data to opti­mize the web­site and to ensure the secu­ri­ty of our infor­ma­tion tech­nol­o­gy sys­tems. An eval­u­a­tion of per­son­al data for mar­ket­ing pur­pos­es does not take place in this context.

Our legit­i­mate inter­est in data pro­cess­ing accord­ing to Art. 6 para. 1 lit. f GDPR.

Dura­tion of stor­age
The data will be delet­ed as soon as they are no longer required to achieve the pur­pose for which they were col­lect­ed. In the case of the col­lec­tion of data for the pro­vi­sion of the web­site, this is the case when the respec­tive ses­sion has ended.

If the data is stored in log files, this is the case after sev­en days at the lat­est. Stor­age beyond this is pos­si­ble. In this case, the IP address­es of the users are delet­ed or alien­at­ed so that it is no longer pos­si­ble to assign the call­ing client.

Pos­si­bil­i­ty of objec­tion and elim­i­na­tion
The col­lec­tion of the data for the pro­vi­sion of the web­site and the stor­age of the data in log files is absolute­ly nec­es­sary for the oper­a­tion of the web­site. Con­se­quent­ly, there is no pos­si­bil­i­ty of objec­tion on the part of the user.

Use of cook­ies 
Some of the web­sites use so-called cook­ies. Cook­ies do not dam­age your com­put­er and do not con­tain virus­es. Cook­ies serve to make our offer more user-friend­ly, effec­tive and secure. Cook­ies are small text files that are stored on your com­put­er and saved by your browser.

Most of the cook­ies we use are so-called “ses­sion cook­ies”. They are auto­mat­i­cal­ly delet­ed after your vis­it. Oth­er cook­ies remain stored on your end device until you delete them. These cook­ies enable us to rec­og­nize your brows­er on your next visit.

You can set your brows­er so that you are informed about the set­ting of cook­ies and only allow cook­ies in indi­vid­ual cas­es, exclude the accep­tance of cook­ies for cer­tain cas­es or in gen­er­al and acti­vate the auto­mat­ic dele­tion of cook­ies when the brows­er is closed. If cook­ies are deac­ti­vat­ed, the func­tion­al­i­ty of this web­site may be restricted.

Cook­ies that are required to car­ry out the elec­tron­ic com­mu­ni­ca­tion process or to pro­vide cer­tain func­tions you want (e.g. shop­ping cart func­tion) are set on the basis of Art. 6 Para. 1 lit. f GDPR saved. The web­site oper­a­tor has a legit­i­mate inter­est in the stor­age of cook­ies for the tech­ni­cal­ly error-free and opti­mized pro­vi­sion of its ser­vices. Inso­far as oth­er cook­ies (e.g. cook­ies for ana­lyz­ing your surf­ing behav­iour) are stored, these are treat­ed sep­a­rate­ly in this data pro­tec­tion declaration.

con­tact forms

Descrip­tion and scope of data pro­cess­ing
There are con­tact forms on our web­site which can be used for elec­tron­ic con­tact. If a user takes advan­tage of this option, the data entered in the input mask will be trans­mit­ted to us and saved. These dates are:

First and Last Name,
Com­pa­ny,
Address,
E‑mail address,
phone num­ber
Your mes­sage
Arrival date, depar­ture date
Oth­er requests / information

At the time the mes­sage is sent, the fol­low­ing data is also stored:
(1)    The IP address of the user
(2)    Date and time of registration

Your con­sent to the pro­cess­ing of the data is giv­en by the send­ing process and ref­er­ence is made to this data pro­tec­tion declaration.

Alter­na­tive­ly, you can con­tact us via the email address pro­vid­ed. In this case, the user’s per­son­al data trans­mit­ted with the e‑mail will be stored.

In this con­text, the data will not be passed on to third par­ties. The data will only be used to process the conversation.

Legal basis for data pro­cess­ing
The legal basis for pro­cess­ing the data is Art. 6 para. 1 lit. a GDPR.

The legal basis for the pro­cess­ing of the data trans­mit­ted in the course of send­ing an e‑mail is Art. 6 para. 1 lit. f GDPR. If the e‑mail con­tact is aimed at con­clud­ing a con­tract, the addi­tion­al legal basis for the pro­cess­ing is Art. 6 para. 1 lit. b GDPR.

pur­pose of data pro­cess­ing
The pro­cess­ing of the per­son­al data from the input mask serves us sole­ly to process the con­tact. If con­tact is made by email, this is also the nec­es­sary legit­i­mate inter­est in the pro­cess­ing of the data.

The oth­er per­son­al data processed dur­ing the send­ing process serve to pre­vent mis­use of the con­tact form and to ensure the secu­ri­ty of our infor­ma­tion tech­nol­o­gy systems.

Dura­tion of stor­age
The data will be delet­ed as soon as they are no longer required to achieve the pur­pose for which they were col­lect­ed. For the per­son­al data from the input mask of the con­tact form and those sent by e‑mail, this is the case when the respec­tive con­ver­sa­tion with the user has end­ed. The con­ver­sa­tion is over when it can be inferred from the cir­cum­stances that the facts in ques­tion have been final­ly clarified.

The addi­tion­al per­son­al data col­lect­ed dur­ing the send­ing process will be delet­ed after a peri­od of sev­en days at the latest.

Pos­si­bil­i­ty of objec­tion and elim­i­na­tion
The user has the option to revoke his con­sent to the pro­cess­ing of per­son­al data at any time. If the user con­tacts us by email, he can object to the stor­age of his per­son­al data at any time. In such a case, the con­ver­sa­tion can­not be continued.

All per­son­al data that was saved in the course of mak­ing con­tact will be delet­ed in this case.

Dis­clo­sure of Per­son­al Data
Fur­ther­more, per­son­al data will not be passed on with­out your express con­sent, unless there is a legal basis for per­mis­sion, e.g. if we are legal­ly oblig­ed to release data (infor­ma­tion for law enforce­ment author­i­ties and courts; infor­ma­tion for pub­lic bod­ies that receive data due to legal reg­u­la­tions e.g. social secu­ri­ty agen­cies, tax author­i­ties, etc.) or if we involve third par­ties who are bound to pro­fes­sion­al secre­cy to enforce our claims.

Online book­ing via our website

1. Descrip­tion and scope of data pro­cess­ing
You can book rooms and hotel offers on our web­site. If a user takes advan­tage of this option, the data entered in the input mask will be trans­mit­ted to us and saved. This data is: First name, last name, e‑mail address, tele­phone num­ber, billing address and con­tact per­son, age (if book­ing for chil­dren), data of fel­low trav­el­ers (title, first name, last name), dates of stay (arrival date, depar­ture date), booked rooms, time of book­ing, wish­es, pay­ment data.

When you make an online book­ing from our web­site, it is done through the online reser­va­tion sys­tem: com­pa­ny name, com­pa­ny address, coun­try. All book­ing data you enter will be trans­mit­ted in encrypt­ed form. Our con­trac­tu­al part­ner has com­mit­ted to han­dling your trans­mit­ted data in accor­dance with data pro­tec­tion reg­u­la­tions. It takes all orga­ni­za­tion­al and tech­ni­cal mea­sures to pro­tect your data. You can view the com­pa­ny name’s data pro­tec­tion reg­u­la­tions here http://internetadresse/datenschutzerklaerung.

A sep­a­rate order data pro­cess­ing was con­clud­ed with the name of the com­pa­ny in order to guar­an­tee the pro­tec­tion of your per­son­al data.

In this con­text, the data will not be passed on to third par­ties. The data will only be used to process the book­ing and for communication.

2. Legal basis for data pro­cess­ing
The legal basis for pro­cess­ing the data is the con­clu­sion of an accom­mo­da­tion con­tract with the user. The legal basis for the trans­mis­sion of the data is Arti­cle 6 para. 1 lit. a GDPR (con­sent) and Arti­cle 6 para. 1 lit. b GDPR (pro­cess­ing to ful­fill a con­tract). The trans­mit­ted data is stored in our hotel soft­ware and used to exe­cute the contract.

3. Pur­pose of data pro­cess­ing
The pro­cess­ing of the per­son­al data from the input mask serves us sole­ly to process the book­ing request and to process the pay­ment transactions.

4. Dura­tion of stor­age
The data will be delet­ed as soon as they are no longer required to achieve the pur­pose for which they were col­lect­ed. In the case of a con­trac­tu­al rela­tion­ship, we will delete the data received as soon as nation­al, com­mer­cial or con­trac­tu­al reten­tion require­ments have been met.

5. Pos­si­bil­i­ty of objec­tion and elim­i­na­tion
The user has the option to revoke his con­sent to the pro­cess­ing of per­son­al data at any time. If the user con­tacts us by email, he can object to the stor­age of his per­son­al data at any time. In such a case, the con­ver­sa­tion can­not be con­tin­ued. All per­son­al data that was saved in the course of mak­ing con­tact will be delet­ed in this case.

Pro­cess­ing of data (cus­tomer and con­tract data)
We col­lect, process and use per­son­al data only inso­far as they are nec­es­sary for the estab­lish­ment, con­tent or change of the legal rela­tion­ship (inven­to­ry data). This is done on the basis of Art. 6 para. 1 lit. b GDPR, which allows the pro­cess­ing of data to ful­fill a con­tract or pre-con­trac­tu­al mea­sures. We col­lect, process and use per­son­al data about the use of our web­site (usage data) only to the extent nec­es­sary to enable the user to use the ser­vice or to bill the user.

The col­lect­ed cus­tomer data will be delet­ed after com­ple­tion of the order or ter­mi­na­tion of the busi­ness rela­tion­ship. Statu­to­ry reten­tion peri­ods remain unaffected.

plugins and tools

Google Ana­lyt­ics

This web­site uses func­tions of the web analy­sis ser­vice Google Ana­lyt­ics. The provider is Google Inc., 1600 Amphithe­ater Park­way, Moun­tain View, CA 94043, USA.

Google Ana­lyt­ics uses so-called “cook­ies”. These are text files that are stored on your com­put­er and that enable an analy­sis of your use of the web­site. The infor­ma­tion gen­er­at­ed by the cook­ie about your use of this web­site is usu­al­ly trans­mit­ted to a Google serv­er in the USA and stored there.

Google Ana­lyt­ics cook­ies are stored on the basis of Art. 6 Para. 1 lit. f GDPR. The web­site oper­a­tor has a legit­i­mate inter­est in ana­lyz­ing user behav­ior in order to opti­mize both its web­site and its advertising.

IP anonymiza­tion

We have acti­vat­ed the IP anonymiza­tion func­tion on this web­site. As a result, your IP address will be short­ened by Google with­in mem­ber states of the Euro­pean Union or in oth­er con­tract­ing states of the Agree­ment on the Euro­pean Eco­nom­ic Area before it is trans­mit­ted to the USA. Only in excep­tion­al cas­es will the full IP address be sent to a Google serv­er in the USA and short­ened there. On behalf of the oper­a­tor of this web­site, Google will use this infor­ma­tion to eval­u­ate your use of the web­site, to com­pile reports on web­site activ­i­ty and to pro­vide oth­er ser­vices relat­ed to web­site activ­i­ty and inter­net usage to the web­site oper­a­tor. The IP address trans­mit­ted by your brows­er as part of Google Ana­lyt­ics will not be merged with oth­er Google data.

brows­er plug-in

You can pre­vent the stor­age of cook­ies by set­ting your brows­er soft­ware accord­ing­ly; we would like to point out to you how­ev­er that in this case you will if applic­a­ble not be able to use all func­tions of this web­site in full. You can also pre­vent Google from col­lect­ing the data gen­er­at­ed by the cook­ie and relat­ed to your use of the web­site (includ­ing your IP address) and from pro­cess­ing this data by Google by down­load­ing the brows­er plug-in avail­able under the fol­low­ing link and install: https://tools.google.com/dlpage/gaoptout?hl=de.

Objec­tion against data collection

You can pre­vent Google Ana­lyt­ics from col­lect­ing your data by click­ing on the fol­low­ing link. An opt-out cook­ie will be set to pre­vent your data from being col­lect­ed on future vis­its to this web­site: Dis­able Google Analytics.

You can find more infor­ma­tion on how Google Ana­lyt­ics han­dles user data in the Google data pro­tec­tion dec­la­ra­tion: https://support.google.com/analytics/answer/6004245?hl=de.

Order data processing

We have con­clud­ed an order data pro­cess­ing con­tract with Google and ful­ly imple­ment the strict require­ments of the Ger­man data pro­tec­tion author­i­ties when using Google Analytics.

Demo­graph­ic char­ac­ter­is­tics in Google Analytics

This web­site uses the “demo­graph­ic char­ac­ter­is­tics” func­tion of Google Ana­lyt­ics. This allows reports to be cre­at­ed that con­tain state­ments about the age, gen­der and inter­ests of the site vis­i­tors. This data comes from inter­est-based adver­tis­ing from Google and vis­i­tor data from third-par­ty providers. This data can­not be assigned to a spe­cif­ic per­son. You can deac­ti­vate this func­tion at any time via the ad set­tings in your Google account or gen­er­al­ly pro­hib­it the col­lec­tion of your data by Google Ana­lyt­ics as described in the point “Objec­tion to data collection”.

Google Web Fonts

This site uses so-called web fonts pro­vid­ed by Google for the uni­form dis­play of fonts. When you call up a page, your brows­er loads the required web fonts into your brows­er cache in order to dis­play text and fonts correctly.

For this pur­pose, the brows­er you are using must con­nect to the Google servers. This gives Google knowl­edge that our web­site was accessed via your IP address. Google Web Fonts are used in the inter­est of a uni­form and appeal­ing pre­sen­ta­tion of our online offer­ing. This rep­re­sents a legit­i­mate inter­est with­in the mean­ing of Art. 6 para. 1 lit. f GDPR.

If your brows­er does not sup­port web fonts, a stan­dard font will be used by your computer.

You can find more infor­ma­tion about Google Web Fonts at https://developers.google.com/fonts/faq and in Google’s pri­va­cy pol­i­cy: https://www.google.com/policies/privacy/ .

Google Maps

This site uses the Google Maps map ser­vice via an API. The provider is Google Inc., 1600 Amphithe­ater Park­way, Moun­tain View, CA 94043, USA.

In order to use the func­tions of Google Maps, it is nec­es­sary to save your IP address. This infor­ma­tion is usu­al­ly trans­mit­ted to a Google serv­er in the USA and stored there. The provider of this site has no influ­ence on this data transfer.

Google Maps is used in the inter­est of an attrac­tive pre­sen­ta­tion of our online offers and to make it eas­i­er to find the places we have indi­cat­ed on the web­site. This rep­re­sents a legit­i­mate inter­est with­in the mean­ing of Art. 6 para. 1 lit. f GDPR.

You can find more infor­ma­tion on han­dling user data in Google’s data pro­tec­tion dec­la­ra­tion: https://www.google.de/intl/de/policies/privacy/ .

Route plan­ner Google Maps

If you would like to use our route plan­ner, for exam­ple to plan your way to us, you must enter your start­ing point and des­ti­na­tion. This data is pro­vid­ed by the Google Maps map ser­vice pro­vid­ed by Google Inc. processed. By using Google Maps, infor­ma­tion about your use (in par­tic­u­lar the IP address of your com­put­er) can be sent to a serv­er of Google Inc. trans­ferred to and stored in the Unit­ed States. On the fur­ther pro­cess­ing of data by Google Inc. we have no influ­ence. Please also read the terms of use in the Google Maps map if you wish to use the ser­vice. If you do not agree with the data pro­cess­ing by Google Inc. If you agree, please refrain from using the map or deac­ti­vate the Java Script func­tion in your brows­er in order to only get a lim­it­ed view.

social media

On our web­site you will find the but­tons of the well-known social media net­works. With acti­va­tion, cer­tain data is trans­mit­ted to the respec­tive social media net­work, e.g.: the address of the web­site on which the acti­vat­ed but­ton is locat­ed, date and time the web­site was called up or the but­ton was acti­vat­ed, infor­ma­tion about the brows­er used and the oper­at­ing sys­tem used, your cur­rent IP address.

In detail, the fol­low­ing spe­cial fea­tures arise for the social media networks:

Face­book plu­g­ins (Like & Share button)

Plu­g­ins from the social net­work Face­book, provider Face­book Inc., 1 Hack­er Way, Men­lo Park, Cal­i­for­nia 94025, USA, are inte­grat­ed on our web­site. You can rec­og­nize the Face­book plu­g­ins by the Face­book logo or the “Like but­ton” (“I like”) on our site. You can find an overview of the Face­book plu­g­ins here: https://developers.facebook.com/docs/plugins/ .

When you vis­it our pages, a direct con­nec­tion is estab­lished between your brows­er and the Face­book serv­er via the plu­g­in. Face­book receives the infor­ma­tion that you have vis­it­ed our site with your IP address. If you click the Face­book “Like” but­ton while you are logged into your Face­book account, you can link the con­tent of our pages to your Face­book pro­file. This allows Face­book to asso­ciate your vis­it to our site with your user account. We would like to point out that we, as the provider of the pages, have no knowl­edge of the con­tent of the data trans­mit­ted or how it is used by Face­book. You can find more infor­ma­tion on this in Facebook’s pri­va­cy pol­i­cy at: https://de-de.facebook.com/policy.php .

If you do not want Face­book to be able to asso­ciate your vis­it to our site with your Face­book user account, please log out of your Face­book user account.

chil­dren

Our offer is basi­cal­ly aimed at adults. Per­sons under the age of 18 should not trans­mit any per­son­al data to us with­out the con­sent of their par­ents or guardians.

Rights of data subjects

If per­son­al data is processed by you, you are the data sub­ject with­in the mean­ing of the GDPR and you have the fol­low­ing rights vis-à-vis the per­son responsible:

(1) Right to information

You can request con­fir­ma­tion from the per­son respon­si­ble as to whether per­son­al data relat­ing to you is being processed by us.

If such pro­cess­ing is present, you can request infor­ma­tion from the per­son respon­si­ble for the fol­low­ing information:

  1. the pur­pos­es for which the per­son­al data are processed;
  2. the cat­e­gories of per­son­al data being processed;
  3. the recip­i­ents or cat­e­gories of recip­i­ents to whom your per­son­al data has been or will be disclosed;
  4. the planned dura­tion of the stor­age of the per­son­al data con­cern­ing you or, if spe­cif­ic infor­ma­tion on this is not pos­si­ble, cri­te­ria for deter­min­ing the stor­age duration;
  5. the exis­tence of a right to rec­ti­fi­ca­tion or era­sure of per­son­al data con­cern­ing you, a right to restric­tion of pro­cess­ing by the per­son respon­si­ble or a right to object to this processing;
  6. the exis­tence of a right of appeal to a super­vi­so­ry authority;
  7. all avail­able infor­ma­tion about the ori­gin of the data if the per­son­al data are not col­lect­ed from the data subject;
  8. the exis­tence of auto­mat­ed deci­sion-mak­ing includ­ing pro­fil­ing in accor­dance with Art. 22 para. 1 and 4 GDPR and — at least in these cas­es — mean­ing­ful infor­ma­tion about the log­ic involved as well as the scope and intend­ed effects of such pro­cess­ing for the data subject.

You have the right to request infor­ma­tion as to whether your per­son­al data is being trans­mit­ted to a third coun­try or to an inter­na­tion­al orga­ni­za­tion. In this con­text, you can request infor­ma­tion about the appro­pri­ate guar­an­tees in accor­dance with Art. 46 GDPR to be informed in con­nec­tion with the transfer

(2) Right to Rectification

You have a right to cor­rec­tion and/or com­ple­tion to the per­son respon­si­ble if the processed per­son­al data con­cern­ing you is incor­rect or incom­plete. The per­son respon­si­ble must make the cor­rec­tion immediately.

(3) Right to restric­tion of pro­cess­ing
Under the fol­low­ing con­di­tions, you can request the restric­tion of the pro­cess­ing of your per­son­al data:

  1. if you con­test the accu­ra­cy of the per­son­al data con­cern­ing you for a peri­od that enables the per­son respon­si­ble to check the accu­ra­cy of the per­son­al data;
  2. the pro­cess­ing is unlaw­ful and you refuse to delete the per­son­al data and instead request that the use of the per­son­al data be restricted;
  3. the per­son respon­si­ble no longer needs the per­son­al data for the pur­pos­es of pro­cess­ing, but you need them to assert, exer­cise or defend legal claims, or
  4. if you object to the pro­cess­ing pur­suant to Art. 21 para. 1 GDPR and it is not yet cer­tain whether the legit­i­mate rea­sons of the per­son respon­si­ble out­weigh your reasons.

If the pro­cess­ing of the per­son­al data con­cern­ing you has been restrict­ed, this data — apart from its stor­age — may only be used with your con­sent or to assert, exer­cise or defend legal claims or to pro­tect the rights of anoth­er nat­ur­al or legal per­son or for rea­sons of impor­tant pub­lic inter­est of the Union or a Mem­ber State are processed.

If the restric­tion of pro­cess­ing has been restrict­ed accord­ing to the above con­di­tions, you will be informed by the per­son respon­si­ble before the restric­tion is lifted.

(4) Right to erasure

a) Oblig­a­tion to delete
You can request the per­son respon­si­ble to delete the per­son­al data con­cern­ing you imme­di­ate­ly, and the per­son respon­si­ble is oblig­ed to delete this data imme­di­ate­ly if one of the fol­low­ing rea­sons applies:

  1. The per­son­al data con­cern­ing you are no longer nec­es­sary for the pur­pos­es for which they were col­lect­ed or oth­er­wise processed.
  2. You revoke your con­sent, on which the pro­cess­ing pur­suant to Art. Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no oth­er legal basis for processing.
  3. You lay acc. Art. 21 para. 1 DSGVO objec­tion to the pro­cess­ing and there are no over­rid­ing legit­i­mate rea­sons for the pro­cess­ing, or you sub­mit acc. Art. 21 para. 2 DSGVO objec­tion to the processing.
  4. The per­son­al data con­cern­ing you have been processed unlawfully.
  5. The dele­tion of the per­son­al data con­cern­ing you is nec­es­sary to ful­fill a legal oblig­a­tion under Union law or the law of the Mem­ber States to which the per­son respon­si­ble is subject.
  6. The per­son­al data con­cern­ing you was col­lect­ed in rela­tion to infor­ma­tion soci­ety ser­vices offered pur­suant to Art. 8 para. 1 GDPR.


b) Infor­ma­tion to third par­ties

Has the per­son respon­si­ble made the per­son­al data con­cern­ing you pub­lic and is he/she acc. Art. 17 para. 1 GDPR, he shall take appro­pri­ate mea­sures, also of a tech­ni­cal nature, tak­ing into account the avail­able tech­nol­o­gy and the imple­men­ta­tion costs, to inform those respon­si­ble for data pro­cess­ing who process the per­son­al data that you, as the per­son con­cerned, want them to delete it all links to such per­son­al data or copies or repli­ca­tions of such per­son­al data.

c) Excep­tions
The right to era­sure does not exist if pro­cess­ing is necessary

  1. to exer­cise the right to free­dom of expres­sion and information;
  2. to ful­fill a legal oblig­a­tion that requires pro­cess­ing under Union or Mem­ber State law to which the con­troller is sub­ject, or to per­form a task that is in the pub­lic inter­est or in the exer­cise of offi­cial author­i­ty vest­ed in the controller;
  3. for rea­sons of pub­lic inter­est in the field of pub­lic health in accor­dance with Art. 9 para. 2 lit. h and i as well as Art. 9 para. 3 GDPR;
  4. for archiv­ing pur­pos­es in the pub­lic inter­est, sci­en­tif­ic or his­tor­i­cal research pur­pos­es or for sta­tis­ti­cal pur­pos­es acc. Art. 89 para. 1 GDPR, inso­far as the right men­tioned under sec­tion a) is like­ly to make it impos­si­ble or seri­ous­ly impair the achieve­ment of the objec­tives of this pro­cess­ing, or
  5. to assert, exer­cise or defend legal claims.

(5) Right to Information

If you have assert­ed the right to cor­rec­tion, dele­tion or restric­tion of pro­cess­ing against the per­son respon­si­ble, he is oblig­ed to inform all recip­i­ents to whom the per­son­al data con­cern­ing you have been dis­closed of this cor­rec­tion or dele­tion of the data or restric­tion of pro­cess­ing, unless this proves to be impos­si­ble or involves a dis­pro­por­tion­ate effort.

You have the right to be informed about these recip­i­ents by the per­son responsible.

(6) Right to Data Portability

You have the right to receive the per­son­al data con­cern­ing you that you have pro­vid­ed to the per­son respon­si­ble in a struc­tured, com­mon and machine-read­able for­mat. In addi­tion, you have the right to trans­mit this data to anoth­er per­son respon­si­ble with­out hin­drance by the per­son respon­si­ble for pro­vid­ing the per­son­al data, pro­vid­ed that

  1. the pro­cess­ing is based on con­sent acc. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a con­tract acc. Art. 6 para. 1 lit. b GDPR is based and
  2. the pro­cess­ing is car­ried out using auto­mat­ed procedures.

In exer­cis­ing this right, you also have the right to have the per­son­al data con­cern­ing you trans­mit­ted direct­ly from one per­son respon­si­ble to anoth­er per­son respon­si­ble, inso­far as this is tech­ni­cal­ly fea­si­ble. The free­doms and rights of oth­er peo­ple must not be impaired by this.

The right to data porta­bil­i­ty does not apply to pro­cess­ing of per­son­al data that is required to per­form a task that is in the pub­lic inter­est or in the exer­cise of offi­cial author­i­ty that has been assigned to the controller.

(7) Right to Object

You have the right, for rea­sons aris­ing from your par­tic­u­lar sit­u­a­tion, to object at any time to the pro­cess­ing of your per­son­al data, which is based on Art. 6 para. 1 lit. e or f GDPR to file an objec­tion; this also applies to pro­fil­ing based on these provisions.

The per­son respon­si­ble no longer process­es the per­son­al data relat­ing to you unless he can demon­strate com­pelling legit­i­mate grounds for the pro­cess­ing which out­weigh your inter­ests, rights and free­doms, or the pro­cess­ing serves to assert, exer­cise or defend legal claims.

If the per­son­al data con­cern­ing you is processed in order to oper­ate direct adver­tis­ing, you have the right to object at any time to the pro­cess­ing of your per­son­al data for the pur­pose of such adver­tis­ing; this also applies to pro­fil­ing inso­far as it is asso­ci­at­ed with such direct advertising.

If you object to the pro­cess­ing for direct mar­ket­ing pur­pos­es, the per­son­al data relat­ing to you will no longer be processed for these purposes.

In con­nec­tion with the use of infor­ma­tion soci­ety ser­vices, you have the option – notwith­stand­ing Direc­tive 2002/58/EC – to exer­cise your right to object by means of auto­mat­ed pro­ce­dures that use tech­ni­cal specifications.

(8) Right to revoke the dec­la­ra­tion of con­sent under data pro­tec­tion law

You have the right to revoke your dec­la­ra­tion of con­sent under data pro­tec­tion law at any time. The revo­ca­tion of the con­sent does not affect the legal­i­ty of the pro­cess­ing car­ried out on the basis of the con­sent up to the point of revocation.

(9) Auto­mat­ed indi­vid­ual deci­sion-mak­ing includ­ing profiling

You have the right not to be sub­ject to a deci­sion based sole­ly on auto­mat­ed pro­cess­ing, includ­ing pro­fil­ing, which pro­duces legal effects con­cern­ing you or sim­i­lar­ly sig­nif­i­cant­ly affects you. This does not apply if the decision

  1. is nec­es­sary for the con­clu­sion or per­for­mance of a con­tract between you and the per­son responsible,
  2. is per­mit­ted on the basis of legal pro­vi­sions of the Union or the Mem­ber States to which the per­son respon­si­ble is sub­ject and these legal pro­vi­sions con­tain appro­pri­ate mea­sures to pro­tect your rights and free­doms as well as your legit­i­mate inter­ests or
  3. takes place with your express consent.

How­ev­er, these deci­sions must not be based on spe­cial cat­e­gories of per­son­al data accord­ing to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g DSGVO applies and appro­pri­ate mea­sures have been tak­en to pro­tect your rights and free­doms and your legit­i­mate interests.

With regard to the cas­es referred to in (1) and (3), the per­son respon­si­ble shall take appro­pri­ate mea­sures to safe­guard your rights and free­doms and your legit­i­mate inter­ests, includ­ing at least the right to obtain human inter­ven­tion on the part of the per­son respon­si­ble, to express his or her point of view and to chal­lenge the decision.

(10) Right to lodge a com­plaint with a super­vi­so­ry authority

With­out prej­u­dice to any oth­er admin­is­tra­tive or judi­cial rem­e­dy, you have the right to lodge a com­plaint with a super­vi­so­ry author­i­ty, in par­tic­u­lar in the mem­ber state of your place of res­i­dence, your place of work or the place of the alleged infringe­ment, if you believe that the pro­cess­ing of your per­son­al data vio­lates vio­lates the GDPR.

The super­vi­so­ry author­i­ty to which the com­plaint was lodged will inform the com­plainant about the sta­tus and the results of the com­plaint, includ­ing the pos­si­bil­i­ty of a judi­cial rem­e­dy under Art. 78 GDPR.

Con­tact per­son for data protection

If you have any ques­tions about the col­lec­tion, pro­cess­ing or use of your per­son­al data, or if you need infor­ma­tion, cor­rec­tion, block­ing or dele­tion of data, please contact:

smuggler’s nest
Bernd Theis­sen
Kirschen­stein­weg 17
52156 Mon­schau
Tele­phone +49 2472 912988
Email: fewo@schmugglernest.de