1. We are responsible for your data

   As a visitor to www.naturerholt.de, you can expect not only tourist highlights, but also a high level of quality in the processing of your personal data. We are responsible for the handling of your data, which we process in accordance with your wishes and the provisions of German and EU data protection laws. Your personal data will only be processed by us if this is permitted by law or if you have given your prior consent. We, i.e. HKM Heilbäder und Kurorte Marketing GmbH, Esslinger Straße 8, 70182 Stuttgart (e-mail: info@heilbaeder-bw.de) and our service providers, process your data on our behalf for the purposes specified below (hereinafter referred to as „we“). Our service providers include IT service providers, file and internet hosts, printers, lettershops, payment and web analysis service providers. Our service providers are prohibited from processing your data for purposes other than the specific order. Our service providers that enable the display of the website and its functions also include Amazon Web Services, Inc, 410 Terry Avenue North, Seattle WA 98109, United States, („Amazon“) and Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“). Amazon and Google have submitted to the EU Privacy Shield, which the EU Commission has determined offers sufficient guarantees for an adequate level of data protection when processing data in the USA (certificate available at: https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4 or https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI). Transparent and lawful processing of your data is of great importance to us. Therefore, the following information should enable you to find out at any time which personal data is collected during your visit to our website and when using our services and offers and how we process your data.

2. How secure is your data?

   We take technical and organizational security precautions to protect your personal data against accidental or intentional manipulation, loss, destruction or access by unauthorized persons and to ensure the protection of your rights and compliance with the applicable data protection regulations of the EU and the Federal Republic of Germany. The measures taken are intended to ensure the confidentiality, integrity, availability and resilience of the systems and services in connection with the processing of your data in the long term and to restore them quickly in the event of a physical or technical incident. This also includes the encryption of your data. All information that you enter online is encrypted using at least SSL technology (Secure Socket Layers SSL, RSA 1024 bit, RC4 -256 bit) and only then transmitted to our servers. Our data processing and security measures are continuously improved in line with technological developments.

3. Contact person for data processing

   If you have a question about data protection or data security, you can reach us by email at info@heilbaeder-bw.de or by mail at HKM Heilbäder und Kurorte Marketing GmbH, Esslinger Straße 8, 70182 Stuttgart.

4. Which personal data are processed?

   Personal data is any information that relates to an identified or identifiable person. This includes, for example: Address data: Name, postal address, email address Telecommunication data: Landline, mobile phone number, email address Booking and purchase data: Requested, booked/or ordered service, category, period or quantity, prices, service providers, payment method, data on any fellow travelers Financial data: Bank account details, credit card details, PayPal transaction data

5. What are mandatory disclosures?

   If certain data fields are designated as mandatory entries or mandatory fields during collection and are marked with an asterisk (*), the provision of this data is required by law or contract, or is necessary for the conclusion of the contract, the desired service, or the specified purpose. Providing this data is at your discretion. Failure to provide it may result in the contract not being fulfilled, the desired service not being rendered, or the specified purpose not being achieved.

6. What is your data processed for?

   • Contact requests

     We process your details to respond to your contact requests (Art. 6(1)(b), (f) GDPR), either directly, through service providers we use, or by forwarding them to the respective service provider (accommodation, activity providers, etc.). Providing your address and/or telecommunication data is necessary in order to process your request and respond via your preferred communication channel. We will typically store the information from your contact request, and potentially that of the respective service provider, for an additional six months after responding to the request, in case of further inquiries, unless it needs to be stored longer due to legal retention obligations (see, for example, storage duration for purchases, bookings, and contract-related inquiries below b.).

     Request form
     
     On our website, we offer you the opportunity to receive quotes from hosts for your specified requests via an inquiry form. If you take advantage of this option, the data entered in the input mask – name and email address, and possibly other voluntarily provided data – will be transmitted to us. We will forward your inquiry and your data via email so that the hosts can respond to you via email and send you a quote. No further processing of your personal data or further transmission to third parties will occur.
     
     The processing of your personal data by the hosts is their sole responsibility. However, we have instructed them to promptly delete the data and requests upon termination of communication, unless it is necessary for further contract fulfillment.
     
     We will delete your request and your data immediately after sending it to the hosts, but no later than 3 months.
     
     The legal basis for data processing is your consent given to us (Art. 6(1)(a), Art. 7 GDPR), which you can withdraw at any time with future effect. In this case, we will delete your data and details immediately.

• Advertising

  E-mail newsletter. With your consent, we will send you our newsletter with tourist information from the region via e-mail (§ 7 para. 2 no. 3 UWG, Art. 6 para. 1 a GDPR). Of course, you can revoke your consent at any time with effect for the future. To obtain your consent to our e-mail newsletter, we use the so-called double opt-in procedure online to prevent our newsletter from being sent to e-mail addresses of people who have not requested it. We will send you a confirmation request by e-mail and will only start sending our newsletter after your confirmation. Your IP address will also be recorded and stored for documentation purposes (Art. 7 para. 1, Art. 6 para. 1 c GDPR).

  Storage period for advertising We store data collected for advertising purposes as long as the advertising purpose continues or until you withdraw your consent or object to the processing of your data for advertising purposes (see Section 7).

• Display of web content and features

  We also continue to process data that arises from the use of our website, naturally for displaying the desired content and for executing the functions you have selected (Art. 6 para. 1 b and f GDPR).

• Ensuring system security

  When a user accesses a page from our website offering, data about this process is temporarily stored and processed in a log file (Art. 6(1)(f) GDPR). This includes:

  • Category and type, name, and URL of the retrieved file.,
  • Date and time of retrieval,
  • transferred data amount,
  • Report whether retrieval was successful,
  • the access method/function requested by the requesting computer,
  • A description of the type of web browser used, with further details about the system.,
  • IP address, website from which access is made.

    The temporary storage of these so-called server log data is necessary for providing the service for technical reasons and subsequently for ensuring system security. The data will be anonymized by truncating the IP address at the latest after seven days, unless and to the extent that irregularities suggest possible system errors, attempts at unauthorized access, or other hacking attacks, and longer storage is required for further investigation, technical resolution of problems, and/or possible legal prosecution. The other evaluation of this data is carried out anonymously for statistical purposes.

• Change of purpose

  If we change the purposes of processing over time, we will inform you in advance with an update to this privacy notice.

• Extension of storage periods

  The specified storage periods may be extended accordingly if, in individual cases, a longer statutory or contractual retention period exists, especially if the data is processed for different purposes.

1. Consent

   By clicking on or off the banner on our website, you hereby irrevocably consent (Art. 6(1)(a) GDPR) that we may use cookies and pseudonymous analysis technologies, including those of our service providers, on our website to evaluate visits to our website so that we can optimally adapt our website to your needs and make it user-friendly. In order to be able to determine that your consent has been given, a corresponding consent cookie will be placed on your computer. You can revoke your consent by clicking here. Please note that you must not delete your cookies so that we can also permanently take your revocation into account.

   Liability for links Our offer contains links to external websites of third parties, on whose content we have no influence. Therefore, we cannot assume any liability for this external content. The respective provider or operator of the linked pages is responsible for the content of the linked pages. Illegal content was not apparent at the time of linking. However, a permanent content review of the linked pages is not feasible without concrete evidence of a legal infringement. If we become aware of infringements, we will remove such links immediately.
   
   Privacy Policy for the Use of Facebook Plugins
   Plugins from the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA are integrated on our pages. An overview of the Facebook plugins can be found here: developers.facebook.com/docs/plugins/ When you visit our pages, a direct connection is established between your browser and the Facebook server via the plugin. Facebook receives the information that you have visited our site with your IP address. If you click on the Facebook „Like“ button while you are logged into your Facebook account, you can link the content of our pages to your Facebook profile. This allows Facebook to associate your visit to our pages with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Facebook. Further information on this can be found in Facebook's privacy policy at de-de.facebook.com/policy.php If you do not want Facebook to be able to associate your visit to our pages with your Facebook user account, please log out of your Facebook user account.
   
   Instagram
   On the homepage, we use an Instagram plugin that displays the latest post from our Instagram account. These features are integrated by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can visit the content of our pages with your Instagram profile by clicking on the Instagram plugin. This allows Instagram to associate your visit to our pages with your user account. Please note that we, as the provider of the pages, do not receive any information about the content of the transmitted data or its use by Instagram. You can find more information on this in Instagram's privacy policy: instagram.com/about/legal/privacy/

   How can you exercise your data privacy rights?

   If you have questions about the processing of your personal data by us, we will of course be happy to provide you with information about the data concerning you (Art. 15 GDPR). Furthermore, provided the legal requirements are met, you have the right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR), and objection (Art. 21 GDPR). You also have the right to data portability (Art. 20 GDPR). In all these cases, please contact our Data Protection Officer using the communication addresses provided. Finally, you have the right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR, § 19 BDSG).

   Changes

   From time to time, it will be necessary to adapt the content of this privacy notice. We therefore reserve the right to change it at any time for the future. We will also publish the changed version of the privacy notice here. Therefore, when you visit us again, you should read the privacy notice again.

Cookie Banner

To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents, we use the consent tool „Real Cookie Banner.“ Details on how „Real Cookie Banner“ works can be found at https://devowl.io/de/rcb/datenverarbeitung/.

The legal bases for processing personal data in this context are Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR. Our legitimate interest is the management of the cookies and similar technologies used and the related consents.

Providing personal data is neither contractually required nor necessary for the conclusion of a contract. You are not obliged to provide personal data. If you do not provide personal data, we cannot manage your consents.