Data protection information
Thank you for visiting our homepage and for your interest in our vacation apartments and our farm. We would like to take this opportunity to inform you about our data protection policy. We take the protection of your personal data very seriously and treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection notice.
The controller responsible for processing
Data processing on this website is carried out by the controller, whose contact details can be found here and in the legal notice on this website:
Christian Bösch
Frauenriedhauserstrasse 19
89437 Haunsheim
info@raschbrunnenhof.de
Phone: 0162-7241070
Statutory data protection officer
We are not legally obliged to appoint a data protection officer.
General information on personal data
The following information will give you a better overview of what happens to your personal data when you visit our website. Personal data is any data that can be used to identify you personally.
How do we collect your data?
When you visit our website, some data is automatically collected and stored. This is primarily technical data that is collected to ensure that our website is provided without errors.
These data are, for example
- the address (URL) of the website accessed
- Browser and browser version
- the operating system used
- the address (URL) of the previously visited page (referrer URL)
the host name and IP address of the device from which access is made - Date and time
and are stored as web server log files. As a rule, web server log files are stored for about two weeks and then automatically deleted. The host provider is responsible for this task.
Other personal data is also collected if you provide it to us (e.g. by e-mail). In this case, your personal data will only be collected and processed in order to contact you and process your bookings.
We implement all necessary technical and organizational measures to protect your personal data against manipulation, loss, destruction and unauthorized access. These technical and organizational measures are reviewed and improved on an ongoing basis.
If you wish to send us personal data by e-mail, we would like to point out that confidential data should never be sent unencrypted by e-mail.
Hosting
This website is hosted by an external service provider. Personal data that is collected on our website is stored on the service provider’s servers. This involves technically necessary cookies, such as IP addresses, etc. The service provider is based in the EU and therefore operates in compliance with data protection regulations.
Our service provider is:
Strato AG
Otto-Ostrowski-Straße 7
10249 Berlin
In order to ensure data protection-compliant processing, we have concluded an order processing contract with the service provider.
Your rights as a data subject
As a visitor (data subject) to our website, you have the following rights under the European General Data Protection Regulation:
- Right to information about the processed data (Article 15 GDPR)
- Right to rectification if your personal data is incorrect (Article 16 GDPR)
- Right to erasure (“right to be forgotten”) (Article 17 GDPR)
- Right to restriction of processing if your data cannot be erased for legal reasons (Article 18 GDPR)
- Right to notification – notification obligation in connection with the rectification or erasure of personal data or restriction of processing (Article 19 GDPR)
- Right to data portability (Article 20 GDPR)
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only take place if it is technically feasible.
Right to object (Article 21 GDPR)
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR. Your personal data will then no longer be processed unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
Right to withdraw your consent to data processing (Art. 7, para. 3 GDPR)
Many processing operations are only possible with your express consent. You can withdraw your consent at any time. All you need to do is send us an informal email. The legality of the data processing carried out until the revocation remains unaffected by the revocation. If you wish to exercise your rights as a data subject under Articles 15-21 and Article 7, you can do so informally by sending a letter to the controller.
Right to lodge a complaint with the competent supervisory authority (Art. 77 GDPR)
In the event of breaches of data protection law, the data subject has the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority for data protection issues is the state data protection officer of the federal state in which our company is based.
The Bavarian State Commissioner for Data Protection is:
Prof. Dr. Thomas Petri
P.O. Box 22 12 19
80502 Munich
Phone: 089/21 26 72-0
Fax: 089/21 26 72-50
E-mail: poststelle@datenschutz-bayern.de
Homepage: https://www.datenschutz-bayern.de
Further processing on our website
Bookings
On our website you will find a booking mask which is used for electronic booking of rooms. This booking mask is provided by the software provider 3RPMS.
If you take the opportunity to book rooms using the booking mask, the personal data that you enter in the input mask will be transmitted to the software provider and stored. The processing of your data takes place here on the basis of Art. 6, para. 1 lit. b. GDPR, insofar as your booking request is necessary for the fulfillment of a contract or for the implementation of pre-contractual measures.
You can also contact us by e-mail. In this case, the data you provide in the e-mail will be transmitted and stored.
Your data will be deleted as soon as it is no longer required for the purpose for which it was collected. Statutory retention periods remain unaffected.
The legal basis for your bookings is Art. 6, para. 1, lit a. GDPR, which is necessary for the performance of a contract or in order to take steps prior to entering into a contract.
Processing of personal data by WordPress
We use the WordPress content management system to create our website. By using WordPress and the plugins required for our website, personal data may be collected and processed. The same applies to the administration interface of our website. A cookie is also set here if this function is used.
Cookies on our website
Cookies are used to make our website more user-friendly, effective and secure. Cookies are small data records that are stored on your computer and saved by your browser.
This website uses technical cookies, among other things. Firstly, these are so-called “session cookies” and are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser on your next visit.
Cookies that are not technically necessary require consent. This consent is based on your consent pursuant to Article 6, para. 1, lit. a, in connection with § 25 TDDDG. § Section 25 TDDDG concerns the reading and storage of cookies, Article 6, para. 1, lit. a concerns the processing of your personal data collected by the cookie.
Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. However, deactivating cookies may limit the functionality of this website, such as the calendar function with your arrival date on our homepage.
Cookies that require your consent
On the homepage, we offer you the option of entering your arrival date in a calendar so that you can see the availability of our rooms more quickly. For this purpose, a JQuery CDN library is embedded from the jQuery page. IP addresses may be collected and processed by jQuery CDN. If you reject optional cookies, this function will not be displayed in a user-friendly way, as the JQuery CDN page will not be loaded. If you wish to use this function, you must accept all cookies.
You can also use the “Book vacation apartment” booking screen to book a room. Here, your personal data is collected and processed by the software provider as described in the section “Recipients of your personal data“.
The cookie that is set in this context is crs_id, and is automatically deleted after 6 months unless you clear your browser cache beforehand.
If you have unintentionally accepted cookies or would like to change your cookie preferences, you will find a blue button with a fingerprint at the bottom left of every page. Click on this to change your settings. The page will be reloaded with the new settings as a result of the change.
Recipient of your personal data
Bookings are made with the hotel software 3RPMS, whose booking mask is secured with the Viato interface. When you make a booking, your personal data is transmitted to the software provider’s data center. The server location of the software provider is Germany. After booking, we also receive your personal data so that we can plan your stay with us.
Your personal data may be transmitted to other recipients if
- we have obtained your consent in accordance with Article 6 (1) (a) GDPR
- the disclosure is necessary for the purposes of the legitimate interests pursued by the controller, pursuant to Art. 6, para. 1, lit. f. GDPR
- there is a legal obligation for the disclosure, pursuant to Art. 6 para. 1, c GDPR
Social networks
We present our vacation guests and interested parties our farm on various social networks. You can see these on our website in the form of an icon with a link to our profiles. No personal data is transmitted directly to the network when you visit our website!
However, if you click on the icon with the link, you will be redirected to the page of the respective network. From this point on, your personal data will be automatically collected and processed by the network concerned.
Instagram and Facebook
The Instagram and Facebook services are provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.
If you have an Instagram or Facebook account and are already logged into it and then click on the icon on our site, your visit to our website will be linked to your Instagram or Facebook account. To prevent Instagram or Facebook from collecting and associating your personal data, you should log out of your accounts before continuing to browse the internet.
However, when you visit our Instagram or Facebook page, we also receive information about your visit and therefore also your personal data. Meta Platforms Ireland Limited, through Instagram and Facebook, also accesses this data. We are therefore jointly responsible with Instagram and Facebook for the processing of your personal data when you visit our profile pages in accordance with the case law of the European Court of Justice. Meta Platforms Ireland Limited refers to joint controllership on a page that you can read here: https://www.facebook.com/legal/controller_addendum
On the website https://www.facebook.com/legal/terms/data_security_terms Meta Platforms Ireland Limited describes in detail how data security is ensured when using the networks.
Information on Page Insights data and data processing on Facebook can be found at https://www.facebook.com/legal/terms/information_about_page_insights_data
Here you can also read that Meta Platforms Ireland Limited is responsible for providing you with information about the processing for Page Insights and for enabling you to exercise your rights under the GDPR. How you can exercise your data subject rights is described in the section “Responsibility for your information used to create Page Insights”.
Further information about your data at Instagram and its processing by Meta Platforms Ireland Limited, on what basis Instagram and thus also Facebook collects and processes your data, for what purpose, how long your data is stored and how you can assert your rights as a data subject at Instagram can be found here: https://privacycenter.instagram.com/policy?section_id=7-WhatIsOurLegal and https://privacycenter.instagram.com/policy.
You can also assert your rights as a data subject (e.g. revocation) with regard to our processing of your personal data. If you revoke your consent to our processing, the lawfulness of the data processing carried out until the revocation remains unaffected by the revocation.
We will also be happy to provide you with information about our processing of your data on request. In this context, however, we can only provide you with information about our own processing for the above reasons. Only Meta Platforms Ireland Limited can provide you with information about which data Instagram or Facebook processes and for what purpose; we as the site operator do not make any decisions about the processing of this data. We also have no influence and no access to the data that may be collected and processed by Instagram or Facebook.
Links to external websites
Our website contains links to third-party websites. If you click on a link to one of these websites, for example if you wish to visit places of interest near our farm, please note that these websites have their own separate privacy policies and that we accept no responsibility or liability for these policies.
SSL or TLS encryption
Encryption of personal data is the most secure solution for data transmission. For websites, this is SSL encryption (Secure Socket Layer).
You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and/or by the lock symbol in your browser line.
Changes to our privacy policy
We reserve the right to amend this data protection notice from time to time so that it always complies with current legal requirements or to implement changes to our services in the data protection notice, e.g. when introducing new services. The new data protection notice will then apply to your next visit.
Status: January 2025