Privacy policy

Your personal rights have the highest priority for us and we endeavour to protect these rights to the best of our ability. We would like to inform you about the type, purpose and scope of the processing of personal data within our online offering (website and integrated services and functions).

We have implemented numerous technical and organisational measures to ensure the most comprehensive protection of the processed personal data. Our security measures are continuously improved in line with technological developments. Nevertheless, data transmission via the internet may be subject to security vulnerabilities, meaning that absolute protection cannot be guaranteed. You are therefore free to transmit personal data to us by other means, e.g. by telephone.

English version with Google Translate
French version with Google Translate
Dutch version with Google Translate

Nature and purpose of the processed data

Type of processed data
  • Address data (first and last name, address, telephone number, e-mail)
  • Text inputs (messages), photographs (uploads)
  • Usage data, visited websites, access times.
  • IP addresses and metadata (device information)
Data subjects
  • Visitors and users of our online offer
Purpose of processing
  • Provision of the online presence with content and functions
  • Processing of bookings and orders
  • Processing of contact enquiries and messages sent to us
  • Security measures
  • Statistical evaluations

Responsible for processing

Responsible within the meaning of the General Data Protection Regulation is:

Hotel Rubihaus Bed & Breakfast
Josef Heinle
Gartenstraße 1
87561 Oberstdorf
GERMANY
Tel. +49 8322 6090
Fax +49 8322 60960

Definition of terms

  • “Personal data” refers to any information that can identify known individuals or can be used to identify individuals through data stored by us.
  • “Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration.
  • The term “controller” refers to individuals, authorities or organisations that decide on the purposes and means of processing personal data.

Your rights

  • You have the right to confirmation as to whether or not your data is being processed by us, to access this information, and to obtain a copy of the data (Art. 15 GDPR).
  • You have the right to correct or complete the data concerning you (Art. 16 GDPR)
  • You have the right to have your data erased without undue delay (Art. 17 GDPR) or to request a restriction of their processing (Art. 18 GDPR).
  • You have the right to receive your personal data as a file or to request its transfer to other controllers (Art. 20 GDPR).
  • You have the right to object at any time to future processing of your data (Art. 21 GDPR).
  • You have the right to revoke consent given in accordance with Art. 7 para. 3 GDPR with effect for the future.
  • You also have the right to lodge a complaint with the competent supervisory authority in accordance with Article 77 GDPR.

Legal basis for processing

Article 6 GDPR serves as the legal basis for all processing operations in our company. We only process your data if:
  • You have given your consent for the processing of your personal data for one or more specific purposes.
  • the processing is necessary for the performance of a contract or for the implementation of pre-contractual measures requested by you
  • the processing is necessary for compliance with a legal obligation to which you are subject
  • the processing is necessary to protect your vital interests or those of another person
  • the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us (Reporting Act)
  • the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Duration of storage

We adhere to the respective legal retention period for the maximum duration of storing your personal data. After this deadline, the corresponding data will be routinely deleted unless they are no longer necessary for contract fulfillment or contract initiation.

Deletion

All personal data processed by us will be deleted or restricted for further processing in accordance with Articles 17 & 18 GDPR. In concrete terms, this means: Personal data is deleted when it is no longer required to fulfil the desired purposes or when the legal obligation to retain it has expired. This applies in particular to invoices, accounting documents and business records.

Collaboration with processors

If it is necessary to transmit the data to third parties for the fulfillment of the contract, this will only be done:
  • on the basis of the legal permission pursuant to Art. 6 para. 1 lit. b GDPR
  • based on your consent
  • if there is a legal obligation to do so
  • based on our legitimate interests (e.g. when using agents, web hosts, etc.)
If we commission third parties with the processing on the basis of a so-called “data processing agreement”, this is done on the basis of Art. 28 GDPR.

Software and services from Tramino

We use the products of our technical service provider Tramino (registered office: Weststrasse 30, D-87561 Oberstdorf, Privacy Policy) for the operation of this website and the associated software, based on our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR and a data processing agreement pursuant to Art. 28 para. 3 sentence 1 GDPR. The service provider does not use the processed personal data itself or pass it on to third parties.

We implement technical and organisational security measures in accordance with § 9 BDSG together with Tramino to protect your data managed by us against accidental or intentional manipulation, loss, destruction, or unauthorised access. Our security measures are continuously improved in line with technological developments. We store privacy-relevant information exclusively on secured IT systems in Germany. Access to this data is only possible for a few authorised persons and individuals with a special data protection obligation, who are involved in the technical, administrative or editorial management of data.

Hosting, access data and log files

We use hosting services from Tramino for the purpose of operating this online service for the following services:
  • Provision of our online platform
  • Provision of software, computing capacity, storage space, and database.
  • Security deposits and technical maintenance
Here we process, or our hosting provider processes, on the basis of our legitimate interests in an efficient and secure provision of this online offer in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with Art. 28 GDPR content data, personal data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online offer. In particular, every access to the server on which this service is located is stored in a log file.

In detail, the following is stored:
  • Name of the retrieved web page or file
  • Date and time of retrieval
  • transferred data volume, notification of successful retrieval
  • browser type and version as well as the operating system used
  • the address of the previously visited website
  • the visitor's IP address at the used provider
Log file information is stored for a maximum of 30 days for security reasons (e.g. to investigate abuse or fraudulent activities) and then deleted. Data that needs to be retained for evidentiary purposes shall be exempt from deletion until the respective incident is finally resolved.

Our host will only process your data to the extent necessary to fulfill its obligations and will comply with our instructions regarding this data.

If the corresponding consent has been obtained, the processing is based exclusively on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, to the extent that the consent includes the storage of cookies or access to information on the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

Our hoster (Tramino) sources its technical infrastructure from IDKOM Networks GmbH, Dieselstraße 1, 87437 Kempten (Allgaeu) and has entered into an agreement for data processing with this subcontractor.

Amazon Web Services (Cloudfront/S3)

We use the “Amazon CloudFront” Content Delivery Network (CDN) which is based on the “Amazon S3” Storage Service. The provider is Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxembourg.

We use the “Cloudfront” and “S3” services from Amazon Web Services to deliver images and files on our website. The domains for this are: storage.tramino.net (Cloudfront) and tramino.s3.amazonaws.com (S3)

Amazon CloudFront is a globally distributed content delivery network. The information transfer between your browser and our website is technically routed through the Content Delivery Network. This allows us to increase the global reach and performance of our website.

The use of Amazon CloudFront and S3 is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 para. 1 lit. f GDPR). The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here. For more information about Amazon CloudFront CDN, click here.

We have entered into a data processing agreement (DPA) with the provider mentioned above. This is a legally required data protection agreement that ensures that the processor processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Use of cookies

Our website uses cookies. Cookies are small text files that are stored on your computer system through your internet browser. A specific internet browser can be recognised and identified through the unique cookie ID. The purpose of this recognition is to make it easier for users to use our website. In detail, we use cookies like this:
  • We associate the contents of your shopping cart with your browser so that you can continue an incomplete booking or order at a later time.
  • If you make settings on our site (e.g. the travel period in the booking form), we assign them to your browser so that you do not have to enter them again on your next visit.
  • When you access our site through a link from another site, we assign the previous address to your cookie and retrieve this information in case of a booking, order or inquiry in order to statistically determine how our customers became aware of us.
  • If you use a login function, you do not have to enter your access data again every time you visit your website.
You can prevent the setting of cookies by our website at any time by adjusting the settings of the internet browser you are using and thus permanently object to the setting of cookies. In addition, cookies that have already been set can be deleted at any time in your internet browser. If you permanently disable the setting of cookies, some functions of our website may not be usable under certain circumstances.

Cookie settings

Cookies that are absolutely necessary for the operation of the website. more details
Cookies that we need to make your stay on our site even better. more details

SSL encryption

To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.

Contact forms

The processing of our contact forms is done with software from Tramino (located at Weststrasse 30, D-87561 Oberstdorf, privacy policy). When you contact us (e.g. via contact form, email, telephone or social media), the user's information will be processed for the purpose of handling the contact request and its processing in accordance with Art. 6 para. 1 lit. b GDPR. The user's information is stored in a Customer Relationship Management system (“CRM system”). We delete the enquiries if they are no longer required to fulfil your request. We review the necessity every two years; furthermore, the legal archiving obligations apply.

Booking & ordering system

Our bookings or orders are processed using software from Tramino (registered office: Weststrasse 30, D-87561 Oberstdorf, privacy policy). This service provider is used based on our legitimate interests according to Art. 6 para. 1 lit. f GDPR and a data processing agreement according to Art. 28 para. 3 sentence 1 GDPR and does not use the personal data generated in this process itself or disclose it to third parties.

The data collected during a booking or order (address data including postal address, communication data such as telephone number and email address) as well as information about accompanying individuals (names, dates of birth) are stored in a Customer Relationship Management system (“CRM System”). If you provide special personal data that is relevant to the fulfilment of our services, such as allergy-related intolerances, they will also be stored. We will delete this data if it is no longer necessary to fulfil your requests. We review the necessity every two years; furthermore, the legal archiving obligations apply.

Our presence on social networks

We engage in social networks and platforms to communicate with active customers and prospects there and to be able to inform them about our services. The terms and conditions and privacy policies of their respective operators apply when using the respective networks or platforms. We only process user data when they communicate with us on social networks or platforms, write posts, or send us messages.

Use of YouTube

This website embeds videos from the YouTube website. The operator of the pages is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We generally embed YouTube videos in a way that no elements from YouTube are loaded until you click “Play” to watch the video.

In some cases, YouTube videos can also be embedded in the extended privacy mode. According to YouTube, this mode prevents YouTube from storing information about visitors to this website before they watch the video. The transmission of data to YouTube partners is not necessarily excluded by the extended privacy mode. YouTube connects to the Google DoubleClick network, regardless of whether you are watching a video or not.
Once you start a YouTube video on this website, a connection to YouTube's servers is established. This informs the YouTube server which of our pages you have visited. When you are logged into your YouTube account, you allow YouTube to directly associate your browsing behaviour with your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, after starting a video, YouTube can store various cookies on your device or use similar recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This items of information are used, among other things, to collect video statistics, improve user-friendliness and prevent fraud attempts. If necessary, after starting a YouTube video, additional data processing operations may be triggered over which we have no control.

The use of YouTube is in the interest of presenting our online offer in an appealing way. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. If the corresponding consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) of the GDPR and § 25(1) of the TTDSG, to the extent that the consent includes the storage of cookies or access to information on the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

For more information about privacy on YouTube, please refer to their privacy policy.

Use of Google Analytics

This website uses features of the Google Analytics web analytics service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics allows website operators to analyse the behavior of website visitors. The website operator receives various items of usage data, such as page views, duration of stay, operating systems used, and user origin. These data are assigned to the respective user's end device. No assignment to a user ID is made.

Furthermore, we can record your mouse and scrolling movements and clicks with Google Analytics. Google Analytics also uses various modelling approaches to supplement the collected data records and uses machine learning technologies for data analysis. Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transmitted to and stored on a server in the United States.

The use of this service is based on your consent according to Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. The consent can be revoked at any time. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here.

IP anonymization: We have enabled the IP anonymisation function on this website. This will shorten your IP address by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area before it is transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to analyse your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

Browser plugin: You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB. For more information on how to handle user data with Google Analytics, please refer to Google's privacy policy.

Google Analytics E-Commerce Measurement: This website uses the “E-Commerce Measurement” feature of Google Analytics. With the help of E-Commerce Measurement, website operators can analyse the purchasing behaviour of website visitors to improve their online marketing campaigns. This includes capturing information such as the orders placed, average order values, shipping costs, and the time from viewing to purchasing a product. These data can be aggregated by Google under a transaction ID that is associated with the respective user or their device.

Processing of orders: We have concluded an agreement for data processing with Google and fully comply with the strict requirements of the German data protection authorities when using Google Analytics.

Disable Google Analytics


Using Google Maps

We embed the maps of the service “Google Maps” provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. A contract was concluded with Google based on the EU Standard Contractual Clauses to ensure an adequate level of data protection when transferring personal data to third countries. Please also refer to Google's privacy policy.

We use the Google Maps API to visually display geographic information. When using Google Maps, Google also collects, processes and uses data about the use of the map functions by visitors. You can find more information about data processing by Google in the Google Privacy Policy. You can also change your personal data protection settings there in the data protection centre.

Using Google Fonts (local hosting)

This page uses so-called Google Fonts, which are offered by Google, to display fonts. The Google Fonts are installed locally at our web host Tramino and are delivered from the domain comet.tramino.net. No connection to Google servers is made.

For more information about Google Fonts, please refer to the Google Fonts FAQ and Google's Privacy Policy.

Using Google ReCaptcha

We integrate the function for detecting bots, e.g. for inputs in online forms (“reCAPTCHA”) provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. A contract was concluded with Google based on the EU Standard Contractual Clauses to ensure an adequate level of data protection when transferring personal data to third countries. Please also refer to Google's privacy policy.

To verify whether the data input on our website (e.g. in a contact form) is done by a human or an automated program, Google reCaptcha is used. reCaptcha analyses the behaviour of the website visitor based on various characteristics (e.g. IP address, duration of the website visitor's stay on the website, or mouse movements made by the user). This analysis starts automatically as soon as the website visitor enters the website. The data collected in the process is transmitted to Google in the background, without the website visitor being notified that an analysis is taking place.

Validity of the privacy policy

By using our website, you consent to the data usage described above. It may be necessary to change this privacy policy through the further development of our website or the implementation of new technologies. We reserve the right to change the privacy policy at any time with effect for the future. We therefore recommend that you regularly reread the privacy policy.