We appreciate your interest in our website. The protection of your privacy is very important to us. We will therefore process your data with due care and attention, for specific purposes, in accordance with your consent, and only strictly in compliance with the legal requirements for data protection.

In this privacy policy, we inform you about the aspects of data processing within the framework of our website.

The data controller as defined in data protection laws is:

Schloss Saareck Betreibergesellschaft mbH
Im Saareckpark
66693 Mettlach, Germany
Telephone +49 (0) 68 64 / 81 1711
E-mail schloss.saareck(at)villeroy-boch.com
(hereinafter referred to as “Schloss Saareck Saareck Castle“)

I. When and for what purpose does Schloss Saareck collect your personal data?

In principle, the use of our websites is possible without your input of personal data.

If you use one of our services (e.g. our contact/booking or inquiry form), you enter your data voluntarily. We use this data (such as your name, address, e-mail address, telephone and fax number) exclusively for the purpose for which you provide it (e.g. for processing contact requests or sending newsletters) and only for the exercise of our own business purposes. Information we receive from you helps us to process your request as smoothly as possible, improve our services for to you and prevent abuse and fraud.

When you access our website, information of a general nature is automatically collected. This information (server log files) may include the type of web browser, the operating system used, the domain name of your internet service provider and the like. This is solely information that does not allow you to be personally identified. This information is technically necessary for us to correctly deliver the content of websites requested by you and is mandatory when using the internet. Anonymous information of this kind is statistically evaluated by us in order to optimise our website and the its underlying technology.

We do not sell your data or use it for any unspecified purposes.

Your personal data will only be used within Schloss Saareck Betreibergesellschaft mbH.

You will find detailed information about how we handle your data below.

II. General information about our services

When you use our services, we will ask you for personal data (at the time of collection, we will explain what information is required and what information you can provide voluntarily).
To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.
Users who have registered for one or more of the following services may opt to change or delete the data provided at registration at any time, if necessary. Of course, we will also provide you with information about the personal data we hold about you at any time. We will also be happy to correct or delete these this data at your request, insofar as there is no legal statutory obligation to store it. To contact us in this context and to revoke your consent, please use the contact details provided at the end of this privacy policy.

III. Our services in detail

The following is a detailed explanation of our services, in particular the legal basis and the purpose of the data processing.

1. Hotel accommodations and events
The data you provide in order to benefit from our service offer will be processed by us to process your booking and to provide our services within the framework of the accommodation contract, including the implementation of your hotel stay and the processing of your payment.

Purpose of data processing: Processing of the accommodation or service contract.

Legal basis: Article 6 paragraph 1 (b) of the GDPR (required to fulfil the contract) and Article 6 paragraph 1 (c) of the GDPR (compliance with a legal obligation)

2. Contact/booking/inquiry form
If you contact us via e-mail or through the aforementioned forms, the information you provide will be stored for the purpose of processing the your request as well as for possible follow-up questions and, if necessary, for sending the requested information material.

Purpose of data processing: Responding to your request.

Legal basis: Article 6 paragraph 1 (b) of the GDPR (necessary for the implementation of pre-contractual measures, which are carried out at the request of the data subject)

3. Online application
If you contact us via our online application process, the information you provide will be used for the purpose of processing your application.

If you apply for a specific job at Schloss Saareck, it may be necessary during the processing of your application for us to forward your applicant data to the personnel department of Villeroy&Boch AG for further processing of your application.

Purpose of data processing: Processing of the application submitted by the data subject.

Legal basis: Article 6 paragraph 1 (a) of the GDPR (Consent)

4. Personal newsletter

If you have expressly registered for our newsletter, we will use your data to send you current offers at regular intervals.

For an effective registration we need a valid e-mail address. To verify that a registration is actually made by the owner of an email address, we use the "double opt-in" procedure. For this purpose, we log your order of the newsletter, the dispatch of a confirmation email and the receipt of the requested response. The data will be used exclusively for sending newsletters and will not be passed on to third parties.

You can revoke your consent to the storage of your personal data and its use for sending newsletters at any time. There is a corresponding link to this effect in every newsletter. In addition, you can unsubscribe at any time via the contact option specified at the end of this privacy policy.

If you unsubscribe, we consider your consent to the creation of your personalised user profile and the receipt of newsletters based on it to be revoked.
Purpose of data processing: Sending of routine newsletters by e-mail to the e-mail address you provided.
Legal basis: Article 6 paragraph 1 (a) of the GDPR (Consent)

Profiling: We evaluate your use of the sent the newsletters dispatched to you and the your subsequent visits to our website in order to further continue to improve the our newsletter and our website and to optimise them according to your actual interests. For this purpose, standard technologies such as cookies or tracking pixels in our newsletter are also used.

5. Right to withdraw your consent
If you use one of the aforementioned services on the basis of consent, the following applies to such consent:

Withdrawal of consent: Consent given by you is always voluntary and can be revoked at any time with future effect without it being necessary to give a reason. For this purpose you may contact us directly at the address of Schloss Saareck.

IV. Collection of data during your visit to our website

In addition to the data you enter yourself, we use cookies and tracking to collect further data from you during your visit to our website. We wish to inform you about this in the following.

1. Cookies
Some of our websites use cookies. This standard technology conceals small text files that are stored on the device you are using and which, among other things, make it possible to make your online experience of a website more user-friendly or secure. As a result, we automatically receive certain data such as your IP address, the browser used and the operating system via your computer and your internet connection. Cookies can also serve to better tailor content of a website to the interests of visitors or to make general improvements to it on the basis of statistical evaluations.
You can choose whether the browser you use allows cookies or not. Please note that website functionalites may be restricted or even disabled if cookies are blocked.
Cookies cannot be used to run programmes or transfer viruses to a computer. On the basis of the information contained in cookies, we can simplify your navigation and enable the correct display of our websites.
Further information abou this can be found in our cookie policy.

2. Use of Google Maps
This website uses Google Maps API to visually display geographical information. When using Google Maps, Google also collects, processes and uses data about visitor usage of the map. You can find more information about data processing by Google in the Google privacy policy. There you can also change your personal data protection settings in the data protection centre.
Detailed instructions for managing your own data in connection with Google products can be found here.

3. Use of Google reCAPTCHA
In certain cases, we use the reCAPTCHA service of Google Inc. to ensure adequate data security when submitting forms. This primarily serves to distinguish whether the input is made by a human being or abusively by machine and automated processing. The service includes sending the IP address and any other data required by Google for the reCAPTCHA service to Google. However, Google will shorten your IP address beforehand within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. The IP address transmitted by your browser as part of reCaptcha will not be merged with other Google data unless you are logged in to your Google account at the time of using the "reCAPTCHA" plug-in. The differing data protection provisions of Google Inc. apply here. For more information about Google Inc.’s privacy policy, visit http://www.google.de/intl/de/privacy oder https://www.google.com/intl/de/policies/privacy/

4. Use of Google Remarketing
This website uses the remarketing function of Google Inc. The function is used to present interest-based advertisements to website visitors within the Google advertising network. A so-called cookie is stored in the browser of the website visitor, which makes it possible to recognise the visitor each time they visit websites that belong to the Google advertising network of Google. On these pages, advertisements that relate to content that the visitor has previously accessed on websites that use Google’s remarketing function can be presented to the visitor.
Google says it does not collect any personal data during this process. However, if you do not wish the to use Google’s remarketing function, you can disable it by adjusting the appropriate settings at http://www.google.com/settings/ads. Alternatively, you can disable the use of interest-based advertising cookies through the advertising network initiative by following the instructions at http://www.networkadvertising.org/managing/opt_out.asp.
The EU standard contractual clauses were agreed to by Google, thereby ensuring compliance with European data protection law.

5. Purpose of processing, legal basis and legitimate interests
The following applies to the above points:
Purpose of data processing: Secure operation of the website as well as creating the possibility of targeting customers.

Legal basis: Article 6 paragraph 1 (f) of the GDPR (Legitimate interest)

Legitimate interests:
- Ensuring the correct functioning of our website
- Optimisation of our website
- Collection of statistics on the use of our website
- Processing for direct marketing purposes
V. Recipients/categories of recipients

1. To third parties
The data entered by you will only be passed on for the purpose of order fulfilment, for example to shipping companies or payment service providers, or if we are legally required to do so. Examples of such recipients include

- Authorities and courts (legal obligations to provide information)
- Lawyers (enforcement of claims)
- Credit institutions (processing of payment transactions)
- Credit agencies (credit assessments)
- Auditors (statutory audit mandate)
- Insurance companies, insurance brokers
- Tax consultants
- Experts/expert witnesses
- Health insurance companies/pension funds (social security institutions)

2. Data transfer to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or this occurs in the context of the use of third-party services or transfer of data to third parties, this only takes place if it is necessary for the fulfilment our contractual obligations, on the basis of your consent, in response to a legal obligation or on the basis of our legitimate interests.
In such a case, we will ensure by means of special guarantees or through a corresponding contractual obligation, including appropriate technical and organisational measures, that your personal data is processed in compliance with the European level of data protection.

VI. Information about children
In principle, we do not knowingly collect personal data about children under the age of 13. If we become aware that we have inadvertently collected personal information about children under the age of 13, we will take steps to delete this information as soon as possible unless we are required to retain it under applicable law.

VII. Obligation to provide data, automated decision making, profiling

1. Is there an obligation for me to provide data?
As part of the contractual relationship, you must provide the personal data required for the commencement, execution and termination of the contractual relationship and for the fulfilment of the associated contractual obligations as well as data which we are legally required to collect. Without this data, we will generally not be able to conclude or execute the contract with you.

2. To what extent does automated decision-making/profiling exist?
Within the framework of the procedure described under III.1 for sending newsletters, we use profiling to the extent described therein.

VIII. Deletion or blocking of data

We adhere to the principles of data avoidance and data minimisation.

We therefore only store your personal data for as long as is necessary to achieve the purposes mentioned herein or as provided for by the various storage statutory retention periods. Once the intended purpose has been fulfilled or these periods have expired, the corresponding data is routinely blocked or deleted pursuant to statutory provisions. Insofar as the processing is based on consent, the purpose ceases to apply when consent becomes invalid due to withdrawal or time lapse. To the extent that the processing is necessary for fulfilment of the contract, this usually occurs upon completion of the contract and after expiry of the retention periods, which derive notably from the German Commercial Code or the German Tax Code.

IX. What privacy rights do you have?
You have the right to information under Article 15 of the GDPR, the right to rectification under Article 16 of the GDPR, the right to erasure under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR, the right to object under Article 21 of the GDPR and the right to data portability under Article 20 of the GDPR.
You can contact our data protection officer to exercise these rights.

In addition, you have the right to lodge a complaint with a competent data protection supervisory authority (Article 77 of the GDPR in conjunction with § 19 BDSG). A list of regulatory authorities (for the non-public sector) with addresses can be found at:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

X. Our data protection officer
If you have any questions about this statement or data protection at Schloss Saareck, you can contact the data protection officer of Villeroy & Boch AG directly:

Contact information of our Data Protection Officer:

Villeroy&Boch AG
Data Protection Officer
Saaruferstraße
66693 Mettlach, Germany
Telephone +49 (0) 68 64 / 8 10
service.datenschutz(at)villeroy-boch.com

XI. Changes to our privacy policy

We reserve the right to adapt this privacy policy from time to time so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will subsequently apply to your next visit.
 
Last update: 25/06/2021