The protection of your data is important to us. We will therefore only process your data within the limits of current data privacy laws and protect them using the latest technology. More information about the processing of your personal data and your rights in accordance with data privacy laws is provided below. You will find further information about the processing of your customer data at https://www.vilavitapannonia.at/en/dataprivacystatement
1. Controller and data protection officer
Vila Vita Pannonia Betriebsgesellschaft mbH
Storchengasse 1
A-7152 Pamhagen
T +43 2175 2180 - 0
F +43 2175 2180 - 444
E info@vilavitapannonia.at
You can also contact our data protection officer at the address provided above, citing the reference "Data Protection Officer" or at datenschutz@vilavitapannonia.at.
In the following, the companies of the VILA VITA Group
would like to inform you about the processing of your personal data
The controller within the meaning of Article 4 (7) GDPR (General Data Protection Regulation) is the respective company of the VILA VITA Group,
The companies of the VILA VITA Group work closely together in a variety of activities and services. This also applies to the processing of your personal data. The companies of the VILA VITA Group have therefore concluded an agreement on joint responsibility in accordance with Article 26 GDPR. In it, the parties have agreed who fulfils which obligations under the GDPR. This concerns in particular the fulfilment of the rights of data subjects. Joint responsibility exists on the one hand in the joint processing of customer or guest data to improve our services and on the other, in the areas of guest and customer relations management, for example in the case of bookings or reservations in our hotels and restaurants. Thus, in case of full occupancy, we can offer you alternatives in another hotel or restaurant of the VILA VITA Group or link services, such as joint invoicing. There is also joint responsibility between the parties in the areas of (online) marketing, IT infrastructure and facilities and financial accounting. VILA VITA Marburg GmbH, Anneliese Pohl Allee 17, 35037 Marburg, Germany, has been designated by the VILA VITA Group as the primary controller, in particular for the fulfilment of the rights of data subjects. This does not affect the assertion of your rights against the other companies of the VILA VITA Group.
You can also reach our data protection officer at the above addresses – making sure your correspondence is addressed to “Data Protection Officer” – or at datenschutz@vilavitahotels.com.
If the legal basis is not expressly stated in this Data Protection Notice, the following legal bases apply:
You have the right
The restrictions of sections 34 and 35 BDSG (the German Federal Data Protection Act) apply to the rights of access and the right to erasure.
In addition, you have the right to lodge a complaint with a data protection supervisory authority in accordance with Article 77 GDPR pursuant to section 19 BDSG.
You can withdraw your consent to the processing of your personal data at any time with future effect.
Where not otherwise stated in this Data Protection Notice, personal data will only be stored for as long as is necessary to fulfil the relevant purpose, or to fulfil our contractual or legal obligations. We are subject to various storage and documentation obligations. These result in particular from the German Handelsgesetzbuch (Commercial Code), the Abgabenordnung (Fiscal Code), the Geldwäschegesetz (Money Laundering Act) and the Meldegesetz (Registration Act). The periods stipulated in these cases may be up to 10 years.
If we transfer personal data to other persons or companies, this will only be done on the basis of your consent, legal permission, a legal obligation (for example to public bodies and institutions such as supervisory or financial authorities) or an agreement on order processing in accordance with Article 28 GDPR. Further recipient categories can be found in this Data Protection Notice.
Personal data is only processed outside the European Economic Area if a third country has been confirmed by the European Commission as having an adequate level of data protection pursuant to Article 44 et seqq. GDPR or other appropriate guarantees for the protection of personal data are in place.
Your data is partially automatically processed in order to evaluate certain personal aspects (profiling), for marketing and advertising purposes and to send you personalised advertising by email or post.
Legal and regulatory provisions for combating money laundering, the financing of terrorism and financial crime are also binding for us. Data analyses are also carried out within this context.
For the purposes of this Data Protection Notice, “online services” means all
that are operated by us or for which we are responsible and from which you access this Data Protection Notice.
Our online services make use of cookies, which are small text files that are stored on the user’s terminal device. In addition to so-called session cookies, which are automatically deleted as soon as you log out or close the browser, so-called permanent cookies that recognise a returning user are also used. These cookies are automatically deleted after a specified period of time.
It is always possible to object to the storage of cookies by making the appropriate setting changes in your internet browser. You can delete cookies that have already been stored at any time. If you deactivate cookies, you may not be able to use all the functions of our website fully. Some cookies are necessary for the operation of a website, for example, for shopping baskets in the online shop or to save logins or user settings. Some cookies are also used for security purposes. The legal basis for storing these so-called essential or absolutely necessary cookies is the protection of the aforementioned legitimate interests in accordance with Article 6 (1) (f) GDPR.
In addition, there are statistics, marketing and personalisation cookies. These are used, for example, to measure reach or to display personalised content that corresponds to the potential interests of a user. If we use statistical, marketing and personalisation cookies, we will inform you about this when you access our website and in this Data Protection Notice. The legal basis is your consent in accordance with Article 6 (1) (a) GDPR.
When our online services are accessed, general data and information are automatically collected and stored in a server log. The following data may be collected:
The processing of this data is used for the provision of our website, to ensure the functionality of our information technology systems and to optimise our website. We statistically evaluate this data and information, which is always collected anonymously, with the aim of ensuring data protection and data security. The data of the log files is always stored separately from other personal data that may be collected and is generally not disclosed to third parties. The erasure of the data takes place automatically after the expiry of the deadline. The legal basis for the temporary processing of the data is the protection of the aforementioned legitimate interests pursuant to Article 6 (1) (f) GDPR.
Some of our websites provide a contact form and an e-mail address that enables you to contact us electronically. If you use one of these options to contact us, the personal data you send us will be automatically stored. The storage and further processing of this data is solely for the purpose of processing your contact request and subsequently contacting you. Data will never be disclosed to third parties outside the VILA VITA Group. The data forwarded by you will be erased after completion of the process, provided that its erasure is not subject to any contractual or legal storage periods. In such a case, the data for which storage is required will be erased after expiry of the storage period. The legal basis for the processing of this data is Article 6 (1) (f) GDPR.
Our newsletter provides information about current products, offers, events and news of the VILA VITA Group (VILA VITA Hotel & Touristik GmbH, VILA VITA Marburg GmbH, Congresszentrum Marburg GmbH & Co. KG). To subscribe, it is generally sufficient to enter your email address. Providing further data is voluntary. If you have subscribed to our newsletter, we will use your email address and, where appropriate, any other data you have voluntarily provided to send the newsletter. If you successfully subscribe to the newsletter, we store the date of your registration and, in the case of registration via a website, also your IP address. This storage serves as proof in the event that a third party makes fraudulent use of an email address and subscribes to the newsletter without the knowledge of the authorised person. The newsletter is sent on the basis of your consent in accordance with Article 6 (1) (a) GDPR. If consent is not required to advertise our own similar goods or services, this is done on the basis of legitimate interests in accordance with Article 6 (1) (f) GDPR in advertising our goods and services, provided that this is legally permitted – for example in the case of advertising to existing customers – and you have not objected to this. We also store the data collected in the subscription process on the basis of legitimate interests in order to, where appropriate, be able to prove your consent if necessary. You can cancel your newsletter subscription at any time by clicking on the unsubscribe link found in each newsletter. Alternatively, you can also contact us directly at the above-mentioned postal or email address. Upon termination, we may store the unsubscribed email addresses for up to three years in order to be able to prove any consent previously given.
In order to continuously optimise our newsletter and to be able to offer you a user-oriented and secure newsletter, we evaluate individual user activities. We measure how often the newsletter is opened and which links users click on. For this purpose, the newsletter contains a so-called “web beacon”; a file that is retrieved from our server once the newsletter has been opened. This initially collects technical information (for example browser type, operating system, time of retrieval). Whether and when a newsletter was opened and which links were clicked on can also be determined. This information helps us to recognise the usage and reading habits as well as interests of our subscribers in order to adapt content and improve the user experience. The evaluation is based on your consent as well as on our legitimate interests in providing a user-friendly and informative newsletter.
We use Google Analytics 4 (GA4), a user analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google Ireland). The user analysis is carried out using a pseudonymous user identification number. This is used to assign information to an end device. The information collected helps us to evaluate visitor flows and to better understand how visitors use the website. In this way, we can design and improve our website to meet the needs of our visitors. To this end, GA4 collects information on what content you have accessed, how long the visit lasted, from where you came to us, and what search terms you may have used or which sources link to our site. We can also recognise a renewed visit to our website in this way. The IP address is shortened by the last two digits by default and is not logged. In addition to the above information, GA4 may also collect geo-information, e.g. on the user's location, from where our online services were used or accessed (city, including latitude and longitude, country, continent). Even if Google processes the user data on servers within the EU, processing of the data in third countries, in particular the USA, cannot be completely ruled out, as data from Google Ireland may be passed on to the parent company, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Processing of data for the purpose of user analysis only takes place with your consent. The legal basis is therefore Art. 6 para. 1 lit. a DSGVO. If no consent is obtained, the processing is based on the legitimate interests described above in accordance with Art. 6 (1) lit. f DSGVO. The order processing agreed upon with Google as well as standard contractual clauses to ensure the level of data protection in the case of processing in third countries, can be viewed at https://business.safety.google/adsprocessorterms/. Additional information on the types of processing and the data processed can be found here: https://privacy.google.com/businesses/adsservices. Google's terms of use and privacy notices for Google Analytics can be found at https://policies.google.com/terms?hl=en and https://policies.google.com/privacy. Further information on Google Analytics can also be found at https://marketingplatform.google.com/intl/en_uk/about/analytics/. You can find an objection option here: https://tools.google.com/dlpage/gaoptout?hl=en.
We use the analysis tool Google Analytics, a web analysis service of Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Web analytics involves the collection, collation and analysis of information about the behaviour of website users. This includes for example information about which site you reached us from, the sub-pages you accessed and the length of time spent on those sub-pages. Cookies are used for this purpose. Cookies are text files that are placed and stored on a computer system via an internet browser. The information collected by the cookie is transmitted to a Google Inc. server in the USA. In addition to information on website usage, this also includes your IP address. However, we use Google Analytics with the, “AnonymizeIP” add-on. This means that your IP address will be truncated and anonymised by Google if you access our site within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. The transmitted IP address will also not be merged with other Google data. The purpose of the data processing is the evaluation of visitor flows and website usage by visitors in order to design and improve our website in line with requirements. Google creates online reports on our behalf for this purpose. We use the information obtained from this to optimise our website. The legal basis for data processing is your consent in accordance with Article 6 (1) (a) GDPR. If consent is not obtained, processing is based on the legitimate interests described above in accordance with Article 6 (1) (f) GDPR.
The applicable terms of service and terms of use of Google Analytics can be found at https://marketingplatform.google.com/about/analytics/terms/us/ and https://policies.google.com/?hl=en.
You can also prevent the placement of cookies by our site by making the appropriate setting changes in your internet browser, in doing so permanently objecting to the placement of cookies. In addition, the cookies already stored by Google can be deleted at any time using an internet browser or other software programmes.
Furthermore, you have the option of objecting to and preventing the collection of the data generated by the cookie and related to the use of this site, as well as to the processing of this data by Google. To do this, you must download and install a browser add-on. You can download it here: https://tools.google.com/dlpage/gaoptout?hl=en. The add-on will prevent your data from being collected and processed in the future.
We use marketing and remarketing services provided by Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Google’s marketing services (including Google Adwords, Google Conversion Tracking, Google Optimize and Google Double Click) allow us to display more targeted ads, for example to show users on our website or on other websites with only those advertisements that potentially match their interests.
If you access an online service that uses Google’s marketing services, a cookie will be stored on your terminal device, through which cookies from various domains can be set (including google.com, doubleclick.net, etc.). The stored cookie saves which websites you have visited, which content you were interested in and which offers you clicked on. In addition, technical details about the browser and operating system, referring websites, the duration of the visit and other details about the use of the online offer are collected. Your IP address will also be collected, but will be truncated within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will it be transferred in full to a Google server in the USA and truncated there. The IP address will not be merged with other data from other Google services. Google may combine the aforementioned information with such information from other sources. If you subsequently visit other websites, ads tailored to your interests may be displayed in this way. User data is processed in pseudonymised form as part of Google’s marketing services, i.e. without storing and processing the name or email address of the user. This does not apply if a user has expressly allowed Google to process the data without pseudonymisation. The information collected about users by Google’s marketing services is transmitted to Google and stored on Google’s servers in the USA.
The Google marketing services we use include, among other things, the online advertising programme Google AdWords. Every AdWords customer receives a so-called conversion cookie. The information obtained with the help of the cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers are informed of the total number of users who have clicked on their ad and have been redirected to a site equipped with a conversion tracking tag. However, they do not receive any information with which users can be personally identified.
The legal basis for data processing is your consent in accordance with Article 6 (1) (a) GDPR. If consent is not obtained, processing is based on the legitimate interests described above in accordance with Article 6 (1) (f) GDPR.
The applicable terms of service and terms of use of Google Marketing Services can be found at policies.google.com/technologies/ads.
You can prevent the storage of cookies by our site at any time by making the appropriate setting changes in your internet browser, in doing so permanently objecting to the storage of cookies. In addition, cookies already placed by Google can be deleted at any time via an internet browser or other software programmes.
If you wish to object to targeted advertising by Google’s marketing services, you can use the options provided by Google at https://myadcenter.google.com/?hl=de&sasb=true.
Some of our online services use services and content from third-party providers. This applies in particular to so-called “social plugins”, videos or fonts. This content is obtained directly from the server of the respective third-party provider either when you access our online service or pending your consent (for example by separately activating a plug-in). Your IP address is also transmitted in the process. If this doesn’t happen, the third-party provider cannot deliver the content to your browser or offer the desired function.
If we ask for your consent to activate embedded functions and content, the legal basis is your consent in accordance with Article 6 (1) (a) GDPR. Otherwise, the data is processed on the basis of our legitimate interests in providing and disseminating our content and a user-friendly as well as optimal user experience in accordance with Article 6 (1) (f) GDPR. We may, where appropriate, use the following services or service providers with embedded functions and content:
Some companies of the VILA VITA Group use social networks to make direct contact with customers. The possibility of also getting in contact with customers via social networks and providing a corresponding platform for this purpose is a legitimate interest in accordance with Article 6 (1) (f) GDPR. If you visit our sites, your data will also be processed by the respective social network, where appropriate also outside the European Union, for example in the USA. The respective social network is responsible for this processing and for the processing operations that go beyond it, such as the analysis of user behaviour by social networks. The companies of the VILA VITA Group have no influence on this. The VILA VITA companies are represented on the following social networks:
We offer you the possibility to book rooms online. For this purpose, the data required for the reservation as well as for the further initiation and conclusion of the contract are collected, in particular your name, the names of any accompanying persons, address, telephone number and e-mail address, booking or travel dates, as well as details of the selected payment method. The data required for your booking are marked accordingly. All other data is voluntary. Your online booking is made via online reservation systems of third-party providers. We may use the following providers:
After completing the booking, you will receive a booking confirmation to the e-mail address you provided. The legal basis for the processing of your data is Art. 6 para. 1 lit. b DSGVO. We store your address, payment and booking data for a period of ten years due to the commercial and tax law regulations for which we are responsible.
If you would like to reserve a table online in one of our restaurants or bars, we require details from you on the date, time, number of persons as well as your name and, if applicable, your email address or telephone number. For this purpose, we use the online reservation system Reservision, a service provided by RESERViSiON GmbH, Seestr. 29, 64354 Reinheim, Germany. Your details will be stored and processed for the purpose of processing your enquiry or reservation. The legal basis is Article 6 (1) (b) GDPR. Your reservation data will be erased upon cancellation of the reservation or on the day following the reservation, unless we still need your data for billing and other questions in the follow-up to your reservation. In order to be able to respond to future enquiries from you – or in the case of future reservations, to your individual requests – we store certain data about your visit or your requests, provided you have given your consent. The legal basis for data processing is your consent in accordance with Article 6 (1) (a) GDPR. If consent is not obtained, processing is based on the legitimate interests described above in accordance with Article 6 (1) (f) GDPR.
If you use our online or voucher shop, we process the data you provide for the purpose of processing your order, its payment and delivery. We use your data to update you on the delivery status or in case of problems with the delivery. If necessary, we use service providers, in particular postal and shipping companies, for order processing and delivery. We also use your data to process complaints and product warranty claims and, if necessary for an order, to determine whether you are of legal minimum age to make the purchase. We use various online services from banks and payment service providers to process payments. The data required for the order processing, delivery and payment processing is marked accordingly. The legal basis is the performance of the contract or the implementation of pre-contractual measures in accordance with Article 6 (1) (b) GDPR.
On some of our pages we use a chatbot from DialogShift GmbH, Rheinsberger Str. 76/77, 10115 Berlin. This is software that answers your questions or provides you with useful tips or information while you are using our websites. If you use the chat function, the chatbot processes the information you enter. In addition, we store the content of your communication. If you complete registration processes, submit declarations of consent or other declarations via the chatbot, we log these in order to be able to prove them later. Furthermore, the chatbot stores a cookie with an identification number in order to recognise you as a user. This cookie is stored for 90 days from the last use of the chatbot. You can deactivate the storage of the cookie in your browser settings or delete the cookie. However, the chat functions cannot be used without the cookie. The disclosure of personal data such as your name, e-mail address, etc. is voluntary. In addition to the data you enter, data on user behaviour may also be collected for the purpose of statistical analysis and optimisation of the service. The legal basis for data processing is Art. 6 para. 1 lit. a DSGVO and Art. 6 para. 1 lit. f DSGVO. The particular interest lies in effective customer support and customer communication. Further information on the processing of personal data by the chatbot can be found here: https://www.dialogshift.com/de/dsvgo.
In the context of your stay in one of our hotels or the provision of our services, we process your data for the following purposes:
We process different types of personal data to fulfil the respective purposes. In particular:
In connection with the processing of orders and bookings, we transfer personal data to service providers who support us with this processing. This applies in particular to providers of credit card billing services, insofar as the transfer of data is necessary to process the payment. In this respect, we collaborate with the company SIX Payment Services (Germany) GmbH, Global Data Protection Support, Langenhorner Chaussee 92-94, 22415 Hamburg, Germany. You can view the company’s privacy statement at https://www.six-payment-services.com/en/home.html. Where applicable, individual online services offer the possibility of using the online payment service of PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg. If you choose PayPal as your payment method, the data required for the payment process will automatically be transferred to PayPal. Under certain circumstances, PayPal may transfer data to credit agencies for the purpose of checking your identity and creditworthiness. Further information on data processing by PayPal can be found here: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full. If you use Apple Pay, Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment is made via the “Apple Pay” function of your iOS terminal device (for example iOS, watchOS, macOS) and by charging the payment card deposited with Apple Pay. For the purpose of payment processing, the information you provide during the payment or ordering process, including information about your order, is disclosed to Apple in encrypted form. Further information on data processing by Apple and data protection can be found at: https://support.apple.com/en-gb/HT203027
The legal basis for the above processing activities is Article 6 (1) (b) GDPR.
In certain cases, we also disclose personal data to third parties, but only if you have consented, if there is a legal basis for the disclosure or if we are legally obliged to do so. Recipients may in particular be other companies within the VILA VITA Group, for example in order to make bookings and reservations, to plan and hold events, to process enquiries and complaints or to invoice services provided by us. Furthermore, we also pass on personal data to external service providers, in particular in the context of the provision of IT systems and services, payment and order processing or event organisation. To the extent that we are legally required or in the context of law enforcement, we also disclose personal data to public authorities.
The VILA VITA Group,
The controller within the meaning of Article 4 (7) GDPR is the respective company of the VILA VITA Group, which is indicated in the respective job advertisement.
You can also reach our data protection officer at the address given in the job advertisement – making sure your correspondence is addressed to “Data Protection Officer” – or at datenschutz@vilavitahotels.com.
The data you provide as part of your application will be processed solely for the purpose of selecting job applicants or for the application process. This is particularly true in the case of checking your suitability for the advertised position or, if applicable, for other vacancies within the company or the VILA VITA Group. We use the data you have provided us with for this purpose. This may also include information that you make available in professional online networks or job boards.
We will only disclose your job applicant data to other companies in the VILA VITA Group if you have expressly consented to this.
The legal basis for data processing is Article 6 (1) (b) GDPR and section 26 of the German Bundesdatenschutzgesetz (Federal Data Protection Act, BDSG). Should data be required for legal defence after completion of the application process, this data processing is based on legitimate interests in accordance with Article 6 (1) (f) GDPR. Our legitimate interest in the further processing is then the assertion of or defence against claims.
We only process the data you provide us with, usually:
In the course of the application process, further data may be added, for example from interviews or from generally accessible sources such as professional online networks or former employers. In certain cases, for example for management positions, we may conduct assessments or potential analyses.
Applicant data will be erased six months after completion of the application process, unless there is a legal reason for erasure or you have expressly consented to longer storage.
If we conclude an employment contract with you, we will store your application documents in your personnel file or in our personnel information system for the purpose of implementing the employment relationship on the basis of Article 6 (1) (b) GDPR and section 26 BDSG.
As a matter of principle, only persons who need this data to carry out the application process will have access to your data. This includes employees of the HR department. They will view and process your application as soon as they receive it. In addition, department heads for the vacant position will have access to your application data.
Application data is generally processed in data centres within the Federal Republic of Germany or the European Economic Area (EEA). Should data be processed outside the EEA, this will only be done if a third country has been confirmed by the European Commission as having an adequate level of data protection pursuant to Article 44 et seqq. GDPR or other appropriate guarantees for the protection of personal data are in place.
You have the right
The restrictions of sections 34 and 35 BDSG apply to the rights of access and the right to erasure.
In addition, you have the right to lodge a complaint with a data protection supervisory authority in accordance with Article 77 GDPR pursuant to section 19 BDSG.
You can withdraw your consent to the processing of your personal data at any time with future effect.
An automated individual case decision will be not be made in connection with your application.
With the following Data Protection Notice, we would like to inform you about the processing of your personal data pursuant to Article 13 of the General Data Protection Regulation if you are a service provider or supplier in a business relationship with a company of the VILA VITA Group
The controller within the meaning of Article 4 (7) GDPR is the respective company of the VILA VITA Group,
The companies of the VILA VITA Group work closely together in purchasing and procurement. This applies to the processing of personal data in these areas as well as in financial accounting or bookkeeping and the joint IT infrastructure and IT facilities. The companies of the VILA VITA Group have therefore concluded an agreement on joint responsibility in accordance with Article 26 GDPR. In it, the parties have agreed who fulfils which obligations under the GDPR. This concerns in particular the fulfilment of the rights of the data subjects. VILA VITA Marburg GmbH, Anneliese Pohl Allee 17, 35037 Marburg, Germany, has been designated by the VILA VITA Group as the controller, in particular for the fulfilment of the rights of data subjects. This does not affect the assertion of your rights against the other companies of the VILA VITA Group.
You can also reach our data protection officer at the above addresses – making sure your correspondence is addressed to “Data Protection Officer” – or at datenschutz@vilavitahotels.com.
The processing of personal data is carried out for the fulfilment of our obligations arising from the respective contract or for the implementation of pre-contractual measures such as, in particular, the request for individual offers for work, services or the delivery of products, calculating fees, contractual correspondence and complaints. The legal basis is Article 6 (1) (b) GDPR. Furthermore, we process personal data on the basis of legitimate interests in accordance with Article 6 (1) (f) GDPR. This includes, in particular, obtaining creditworthiness information and exchanging data with credit agencies, asserting legal claims and defending ourselves in legal disputes, ensuring IT security and IT operations, preventing and investigating criminal offences and measures to ensure house rules. In addition, we process your data if this is necessary for the fulfilment of legal obligations, in particular for compliance with commercial and tax law in accordance with section 257 HGB and section 147 AO.
We usually collect the following data:
Where not otherwise stated in this Data Protection Notice, personal data will only be stored for as long as is necessary to fulfil the relevant purpose, or to fulfil our contractual or legal obligations. We are subject to various storage and documentation obligations. These result in particular from the German Handelsgesetzbuch (Commercial Code), the Abgabenordnung (Fiscal Code) and the Geldwäschegesetz (Money Laundering Act). The periods stipulated in these cases may be up to 10 years.
If we transfer personal data to other persons or companies, this will only be done on the basis of your consent, legal permission, a legal obligation (for example to public bodies and institutions such as supervisory or financial authorities) or an agreement on order processing in accordance with Article 28 GDPR. Further recipient categories can be found in this Data Protection Notice.
Your data will generally be processed at locations within the Federal Republic of Germany or the European Economic Area (EEA). Should data be processed outside the EEA, this will only be done if a third country has been confirmed by the European Commission as having an adequate level of data protection pursuant to Article 44 et seqq. GDPR or other appropriate guarantees for the protection of personal data are in place.
You have the right
The restrictions of sections 34 and 35 BDSG apply to the rights of access and the right to erasure.
In addition, you have the right to lodge a complaint with a data protection supervisory authority in accordance with Article 77 GDPR pursuant to section 19 BDSG.
You can withdraw your consent to the processing of your personal data at any time with future effect.