Privacy Policy
1. Data protection at a glance
General information
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you. For detailed information on the subject of data protection, please refer to our privacy policy listed below.
Data collection on this website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find their contact details in the "Information on the Controller" section of this privacy policy.
How do we collect your data?
One way your data is collected is when you provide it to us—for example, by entering it into a contact form.
Other data is collected automatically or with your consent by our IT systems when you visit the website. This primarily consists of technical data (e.g., internet browser, operating system, or the time the page was accessed). This data is collected automatically as soon as you enter the website.
For what purpose do we use your data?
Some data is collected to ensure the website functions correctly. Other data may be used to analyze your user behavior.
What rights do you have regarding your data?
You have the right to obtain information about the origin, recipients, and purpose of your stored personal data free of charge at any time. You also have the right to request the correction or deletion of this data. If you have given your consent for data processing, you may revoke this consent at any time with effect for the future. Furthermore, you have the right to request the restriction of the processing of your personal data under certain circumstances. You also have the right to lodge a complaint with the competent supervisory authority.
You may contact us at any time regarding this matter or any other questions concerning data protection.
Analytics tools and third-party tools
When you visit this website, your browsing behavior may be statistically analyzed. This is primarily done using analytics programs.
You can find detailed information about these analytics programs in the following privacy policy.
2. Hosting
We host the content of our website with the following provider:
Jimdo
The provider is Jimdo GmbH, Stresemannstraße 375, 22761 Hamburg (hereinafter referred to as "Jimdo").
Jimdo is a tool for creating and hosting websites. When you visit our website, Jimdo collects various log data, such as your IP address, browser type and language, as well as the date and time of access to the website. Jimdo also stores cookies in the process. This data is used for analysis, maintaining the technical operation of the website, and preventing misuse.
The use of Jimdo is based on Art. 6(1)(f) GDPR. We have a legitimate interest in ensuring our website is displayed as reliably as possible. Where consent has been requested, processing is based exclusively on Art. 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user's end device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.
Data Processing Agreement
We have entered into a data processing agreement (DPA) for the use of the aforementioned service. This is a contract required under data protection law that ensures the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
. General Information and Mandatory Information
Data Protection
The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.
When you use this website, various items of personal data are collected. Personal data is data that can be used to personally identify you. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this occurs.
Please note that data transmission over the Internet (e.g., when communicating via email) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.
Information on the Controller
The controller responsible for data processing on this website is:
Mariana Welte
Strandbadweg 3
77781 Biberach
Phone: +49 (0) 15170137400
E-mail: [email protected]
The controller is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g., names, e-mail addresses, or similar).
Retention Period
Unless a specific retention period is stated in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or withdraw your consent to data processing, your data will be deleted unless we have other legally permissible grounds for retaining your personal data (e.g., statutory retention periods under tax or commercial law); in the latter case, deletion will take place once those grounds no longer apply.
General information on the legal bases for data processing on this website
If you have consented to data processing, we process your personal data based on Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR (where special categories of data pursuant to Art. 9(1) GDPR are processed). In the event of explicit consent to the transfer of personal data to third countries, data processing also takes place based on Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), data processing additionally takes place based on Section 25(1) TDDDG. Consent may be revoked at any time. If your data is required for the performance of a contract or to take steps prior to entering into a contract, we process your data based on Art. 6(1)(b) GDPR. Furthermore, we process your data based on Art. 6(1)(c) GDPR where this is necessary for compliance with a legal obligation. Data processing may also take place based on our legitimate interests pursuant to Art. 6(1)(f) GDPR. Information regarding the specific legal bases applicable in each individual case is provided in the following sections of this privacy policy.
Recipients of personal data
As part of our business operations, we work with various external entities. In doing so, it is sometimes necessary to transmit personal data to these external entities. We only disclose personal data to external entities if this is necessary for the performance of a contract, if we are legally obliged to do so (e.g., disclosure of data to tax authorities), if we have a legitimate interest in the disclosure pursuant to Art. 6(1)(f) GDPR, or if another legal basis permits the disclosure. When engaging data processors, we only disclose our customers' personal data on the basis of a valid data processing agreement. In the event of joint processing, a joint processing agreement is concluded.
Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You may revoke consent you have already given at any time. The lawfulness of data processing carried out prior to the revocation remains unaffected by the revocation.
Right to object to data collection in specific cases and to direct marketing (Art. 21 GDPR)
WHERE DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. PLEASE REFER TO THIS PRIVACY POLICY FOR THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR).
WHERE YOUR PERSONAL DATA ARE PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION PURSUANT TO ART. 21(2) GDPR).
Right to lodge a complaint with the competent supervisory authority
In the event of infringements of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement. This right to lodge a complaint exists without prejudice to any other administrative or judicial remedies.
Right to data portability
You have the right to have data that we process automatically based on your consent or in the performance of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.
Information, Correction, and Deletion
Subject to applicable legal provisions, you have the right at any time to obtain information free of charge regarding your stored personal data, its origin and recipients, and the purpose of the data processing, as well as—where applicable—the right to have this data corrected or deleted. You may contact us at any time regarding this matter or for further questions concerning personal data.
Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. You may contact us at any time to do so. The right to restriction of processing applies in the following cases:
If you contest the accuracy of the personal data we hold about you, we generally require time to verify this. For the duration of this verification, you have the right to request the restriction of the processing of your personal data.
If the processing of your personal data was or is unlawful, you may request the restriction of data processing instead of erasure.
If we no longer need your personal data, but you require it for the establishment, exercise, or defense of legal claims, you have the right to request the restriction of the processing of your personal data instead of erasure.
If you have lodged an objection pursuant to Art. 21(1) GDPR, a balancing of your interests against ours must be carried out. Until it is determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.
If the processing of your personal data has been restricted, such data may—with the exception of storage—only be processed with your consent, for the establishment, exercise, or defense of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or of a Member State.
SSL or TLS encryption
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content—such as orders or inquiries that you send to us as the site operator—this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the browser's address bar changes from "http://" to "https://" and by the lock symbol in your browser bar.
When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
4. Data collection on this website
Cookies
Our websites use so-called "cookies." Cookies are small data packets that do not damage your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted after your visit ends. Permanent cookies remain stored on your device until you delete them yourself or until your web browser automatically deletes them.
Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of specific services provided by third-party companies into websites (e.g., cookies for processing payment services).
Cookies serve various functions. Many cookies are technically necessary because certain website functions would not work without them (e.g., the shopping cart function or video display). Other cookies may be used to analyze user behavior or for advertising purposes.
Cookies that are required to carry out the electronic communication process, to provide specific functions you have requested (e.g., the shopping cart function), or to optimize the website (e.g., cookies for measuring web audience)—referred to as "necessary cookies"—are stored based on Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to ensure the technically error-free and optimized provision of their services. If consent for the storage of cookies and comparable recognition technologies has been requested, processing is based exclusively on that consent (Art. 6(1)(a) GDPR and Section 25(1) TDDDG); consent may be revoked at any time. You can configure your browser to notify you when cookies are set and to allow cookies only on a case-by-case basis, to refuse cookies in specific instances or generally, and to activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.
You can find details regarding the cookies and services used on this website in this privacy policy.
Server Log Files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include:
Browser type and version
Operating system used
Referrer URL
Hostname of the accessing computer
Time of the server request
IP address
This data is not combined with other data sources.
This data is collected on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of their website—collecting server log files is necessary for this purpose.
Contact Form
If you send us inquiries via the contact form, the information provided in the inquiry form—including the contact details you entered—will be stored by us for the purpose of processing the inquiry and handling any follow-up questions. We do not share this data without your consent.
The processing of this data is based on Art. 6(1)(b) GDPR if your inquiry relates to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively handling inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), provided such consent has been requested; consent may be revoked at any time.
The data you enter in the contact form will remain with us until you request its deletion, revoke your consent for storage, or the purpose for data storage no longer applies (e.g., after your inquiry has been fully processed). Mandatory statutory provisions—particularly retention periods—remain unaffected.
Inquiries via email, telephone, or fax
If you contact us via email, telephone, or fax, your inquiry—including any personal data arising from it (such as your name and the details of the inquiry)—will be stored and processed by us for the purpose of handling your request. We do not pass this data on to third parties without your consent.
The processing of this data is based on Art. 6(1)(b) GDPR if your inquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively handling inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), provided such consent has been requested; consent may be revoked at any time.
The data you submit to us via contact inquiries will remain with us until you request its deletion, revoke your consent for storage, or the purpose for data storage no longer applies (e.g., after your request has been fully processed). Mandatory legal provisions—particularly statutory retention periods—remain unaffected.
5. Plugins and Tools
Google Maps
This site uses the Google Maps map service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
To use the functions of Google Maps, it is necessary to store your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. When Google Maps is activated, Google may use Google Fonts for the purpose of uniform font display. When you access Google Maps, your browser loads the required web fonts into your browser cache to display text and fonts correctly.
Google Maps is used in the interest of an appealing presentation of our online services and to make it easy to find the locations we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. Where consent has been requested, processing is based exclusively on Art. 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's end device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.
Data transmission to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
For more information on the handling of user data, please refer to Google’s privacy policy: https://policies.google.com/privacy?hl=en.
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF commits to adhering to these data protection standards. You can obtain further information on this from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
Use of the Webplanner Calendar
To display the booking availability of our vacation properties, we use the "Webplanner" software provided by the German company Webplanner (Drubbel 3, 48143 Münster, Germany). You can view the provider's privacy policy here: https://www.webplanner.de/datenschutz
6. E-commerce and payment service providers
Processing of customer and contract data
We collect, process, and use personal customer and contract data for the purpose of establishing, defining the terms of, and modifying our contractual relationships. We collect, process, and use personal data regarding the use of this website (usage data) only to the extent necessary to enable the user to utilize the service or to bill for it. The legal basis for this is Art. 6(1)(b) GDPR.
The collected customer data will be deleted upon completion of the order or termination of the business relationship and the expiration of any applicable statutory retention periods. Statutory retention periods remain unaffected.
Spam protection with Google reCAPTCHA
We have implemented Google reCAPTCHA in the forms on our website to verify whether the data entered into the forms originates from human visitors or from machines or automated programs, also known as "bots." This tool automatically analyzes the behavior of website visitors as soon as they interact with the website, using various information such as IP address, duration of the visit, and mouse movements. The processed data includes usage data—such as the webpage accessed, the date and time of access, and mouse movements—as well as communication data, such as IP addresses, browser type, and operating system. This processing applies to website visitors and users of online services. The primary purpose of this processing is to prevent misuse of our contact form and thereby enhance security. The legal basis for this is our legitimate interest pursuant to Art. 6(1)(f) of the GDPR. The data recipients are Google Ireland Ltd, located at Google Building Gordon House, Barrow St, Dublin 4, Ireland (https://policies.google.com/privacy), and our website hosting provider. While your personal data is processed within the EU, the retention period for the processed data is determined by Google Ireland Limited. Further information can be found in the Google reCAPTCHA privacy policy: https://policies.google.com/privacy
Website Analysis (Creator Statistics)
When you visit our website, we collect information about your usage via a web analytics tool provided by our hosting service. This tool collects and combines your IP address and user agent, truncates them, and stores the resulting data using a hash function. This process creates a visitor identifier encrypted with a randomly generated value (salt) that changes every 24 hours. This method ensures that your IP address cannot be reconstructed from the stored visitor identifier, thereby preserving your anonymity. Furthermore, we do not combine this information with other data, and it is stored solely on the hosting provider's server.
We also process web analytics data, HTTP data, and web analytics profile data. The web analytics tool we use creates and stores a web analytics profile containing details about your use of the website, such as page views, visit frequency, time spent on each page, and your device's user agent. This includes usage data (such as visited web pages and access times) and communication data (such as browser type, operating system, and IP addresses).
We process this data to analyze user behavior in aggregated form in order to improve the presentation and content of our website. The legal basis for this processing is our legitimate interest (Art. 6(1)(f) GDPR), specifically in conducting web analytics to improve our products and our website.
The collected data is shared with our website hosting provider and processed within the EU.
