Privacy Policy

The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is any data that can be used to identify you personally. Detailed information on the subject of data protection can be found in the privacy policy below.

1. Data Protection at a Glance

General Information and Mandatory Notices
We take the protection of your personal data very seriously. For this reason, we act in accordance with the applicable legal regulations on the protection of personal data and data security. Information on when we store which data and how we use it can be found in this privacy policy, taking into account applicable German case law.
When you visit and use this website, various types of personal data are collected. Personal data is data that can be used to identify you personally. This privacy policy explains which data we collect and what we use it for. It also explains how and for what purpose this is done.
We would like to point out that data transmission over the internet (e.g., communication by email) may have security vulnerabilities. Complete protection of data against access by third parties is not possible.

Notice on the Responsible Party
The responsible party for data processing on this website is:

HHM Betriebs GmbH
Seehotel Forst
Geschäftsführer: Georg Hegelmann
Gottlieb-Daimler-Straße 6
76694 Forst bei Bruchsal
Phone: +49 (0) 7251 322 / 4090
Email: info@seehotel-forst.de

The responsible party alone or jointly with others determines the purposes and means of processing personal data (e.g., names, contact details, or similar information).

Legal Basis for Data Processing
We process personal data only in compliance with the applicable data protection regulations. This means that users’ data is processed only where there is a legal basis, namely:
to perform our contractual services (e.g. processing orders) and to provide online services, or where such processing is required by law (Article 6(1)(b) and (c) GDPR);
where you have given your consent (Article 6(1)(a) and Article 7 GDPR); and
on the basis of our legitimate interests (i.e. interests in the analysis, optimization, economic operation, and security of our online offering within the meaning of Article 6(1)(f) GDPR), in particular for reach measurement, the creation of profiles for advertising and marketing purposes, the collection of access data, and the use of third-party services.
Transfer of Data to Third Parties
Data is only transferred to third parties within the scope of legal requirements. We pass on users’ data to third parties only if this is necessary, for example, for contractual purposes or on the basis of legitimate interests in the economic and efficient operation of our business.
If we use subcontractors to provide our services, we take appropriate legal precautions as well as suitable technical and organizational measures to ensure the protection of personal data in accordance with the applicable legal regulations.

Data Transfer to a Third Country or an International Organization
A third country is understood to be a country in which the GDPR does not apply directly. This generally includes all countries outside the European Union or the European Economic Area.
No transfer of data to a third country or to an international organization takes place without your consent or without a legal basis.

Storage Period
Unless a more specific storage period is stated within this privacy policy, your personal data will remain with us until the purpose for processing the data no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted, provided that we have no other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law). In the latter case, the data will be deleted once these reasons no longer apply.

Revocation of Your Consent to Data Processing
Some data processing operations are only possible with your explicit consent. You may revoke consent you have already given at any time. An informal notification by email is sufficient to revoke consent. The lawfulness of data processing carried out prior to the revocation remains unaffected by the revocation.

Right to Lodge a Complaint with the Competent Supervisory Authority
In the event of a violation of data protection law, you have the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority for data protection matters is the State Data Protection Commissioner of the federal state in which our company is based. The following link provides a list of the data protection commissioners and their contact details: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Right to Data Portability
You have the right to receive data that we process automatically on the basis of your consent or in fulfillment of a contract, either for yourself or to be transferred to a third party. The data will be provided in a machine-readable format. If you request the direct transfer of the data to another controller, this will only be carried out where technically feasible.

Right of Access, Rectification, Restriction, and Erasure
Within the scope of the applicable legal provisions, you have the right at any time to obtain free information about your stored personal data, its origin, the recipients of the data, and the purpose of data processing, as well as, where applicable, the right to rectification, restriction, or erasure of this data. For this purpose, and for any further questions regarding personal data, you may contact us at any time using the contact details provided in the legal notice.

SSL or TLS Encryption
For security reasons and to protect the transmission of confidential content that you send to us as the website operator, our website uses SSL or TLS encryption. This means that data you transmit via this website cannot be read by third parties. You can recognize an encrypted connection by the “https://” in your browser’s address bar and the lock symbol in the browser bar.

Server Log Files
The website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This information includes:
Visited pages on our domain
Date and time of the server request
Browser type and browser version
Operating system used
Referrer URL
Host name of the accessing device
IP address
This data is not merged with other data sources. The legal basis for data processing is Article 6(1)(b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.

2. Data Collection / Cookies

Cookies
We use cookies on our website. Cookies do not cause any damage to your device and do not contain viruses. They are used to make our website more user-friendly, effective, and secure. Cookies are small text files that are stored on your device either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted at the end of your visit. Persistent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser.
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or video display). Other cookies are used to analyze user behavior or display advertising.
Cookies that are required to carry out electronic communication (necessary cookies), to provide certain functions requested by you (functional cookies, e.g. for the shopping cart function), or to optimize the website (e.g. cookies for measuring web audience) are stored on the basis of Article 6(1)(f) GDPR, unless another legal basis is stated. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services.
If consent for the storage of cookies has been requested, the relevant cookies are stored exclusively on the basis of this consent (Article 6(1)(a) GDPR). Consent can be revoked at any time.

Borlabs Cookies
This website uses Borlabs Cookie, which sets a technically necessary cookie (borlabs-cookie) to store your cookie consent preferences.
Borlabs Cookie does not process any personal data.
The borlabs-cookie stores the consents you provided when you first visited the website. If you wish to revoke these consents, simply delete the cookie in your browser. When you revisit or reload the website, you will be asked for your cookie consent again.

Contact Form
Data submitted via the contact form, including your contact details, is stored in order to process your inquiry or to respond to follow-up questions. This data will not be passed on without your consent.
The processing of the data entered in the contact form is based exclusively on your consent (Article 6(1)(a) GDPR). You may revoke your consent at any time. An informal notification by email is sufficient to revoke consent. The lawfulness of data processing operations carried out prior to the revocation remains unaffected.
Data transmitted via the contact form will remain with us until you request its deletion, revoke your consent to storage, or the purpose for data storage no longer applies. Mandatory statutory provisions — in particular retention periods — remain unaffected.

3. Plug-ins / Widgets / Tools / External Content

Independent Analytics
To optimize our website, improve quality, and monitor reach, we use the WordPress plugin “Independent Analytics.” Various types of data are collected and analyzed in this process; however, this data cannot generally be attributed to specific individuals. The data is not combined with other data sources. All statistics are stored and evaluated locally.

External Content
We use widgets, plugins, or content from third-party providers on our website. The use of these services is based on your consent in accordance with Article 6(1)(a) GDPR and Section 25(1) TDDDG. Such external content is only loaded and displayed once you have accepted all cookies or actively consented to the third-party content. In this case, the respective provider remains responsible for ensuring data protection compliance. Details on data collection, as well as your rights and settings options, can be found in the respective privacy policies.

Meta Platforms (Facebook, Instagram)
On our website, we use social media plug-ins from Facebook and Instagram on the basis of Article 6(1), sentence 1, letter f GDPR. These services are provided by Meta Platforms Ireland Limited (Merrion Road, Dublin 4, D04 X2K5, Ireland). The underlying promotional purpose constitutes a legitimate interest within the meaning of the GDPR. Responsibility for data protection–compliant operation lies with the respective provider.
We integrate these plug-ins using the so-called two-click method in order to provide the best possible protection for visitors to our website. The buttons used function as external links, meaning that no information is transmitted to these providers unless you actively click on one of the buttons. By clicking the buttons, the respective platforms receive information such as the fact and time that you accessed the website, your IP address, or details about the browser you are using.
Information on data protection can be found in the respective privacy policies of the providers.

Google Web Fonts
This website uses so-called web fonts provided by Google to ensure consistent font display. The Google Fonts are installed locally. No connection to Google servers is established in this process.

Google Maps
This website uses the Google Maps service via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transmitted to and stored on a Google server in the United States. The operator of this website has no influence over this data transmission. The IP address is only transmitted to Google if the website visitor consents to the transmission.
The use of Google Maps is in the interest of providing an appealing presentation of our online offerings and ensuring that the locations specified on our website are easy to find. Google Maps is used on the basis of your consent in accordance with Article 6(1)(a) GDPR and Section 25(1) TDDDG.
More information on how Google handles user data can be found in Google’s privacy policy:
https://policies.google.com/privacy.

reCAPTCHA
This website uses “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”). The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
reCAPTCHA is used to check whether the data entered on this website (e.g. in a contact form) is made by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the site. For the analysis, reCAPTCHA evaluates various types of information (e.g. IP address, length of stay on the website, or mouse movements made by the user). The data collected during this analysis is transmitted to Google.
The reCAPTCHA analyses run entirely in the background. Website visitors are not explicitly informed that such an analysis is taking place.
The storage and analysis of data is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its online services from abusive automated spying and spam. If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR; consent may be revoked at any time.
Further information on Google reCAPTCHA can be found in Google’s privacy policy and Google’s terms of use at the following links: https://policies.google.com/privacy?hl=en and https://policies.google.com/terms?hl=en.

We reserve the right to amend this privacy policy in order to adapt it to changes in the legal situation or to changes in our services or data processing. However, this applies only with regard to statements on data processing. If user consent is required or if parts of the privacy policy contain provisions governing the contractual relationship with users, changes will only be made with the users’ consent.