Privacy policy

• Personal data
• Collection and processing of personal data
• Purpose of use
• Security
• Cookies
• Dealing with comments and posts
• Google reCAPTCHA
• Google Maps
• Order processing in the online shop and user account
• Newsletter
• Third-party services and content
• Online presence in social media
• Use of social share plugins
• Room booking - use of the online booking tool DIRS21 from TourOnline AG
• Right to information and revocation
• Currentness of this privacy policy
• Objection to advertising emails

The protection of your personal data is an important concern for the Kreuz-Post Hotel-Restaurant-Spa as the operator of this website. This is intended to provide security to visitors to this website. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

Responsible according to Art. 4 Para. 7 EU General Data Protection Regulation (GDPR)

Kreuz-Post Hotel-Restaurant-Spa
Landstr. 1
79235 Vogtsburg-Burkheim
Telefon: 07662/90910
Telefax: 07662/1298
E-Mail: info@kreuz-post.de
Internet: https://www.kreuz-post.de

Personal data is specific information about personal or factual characteristics that relate to a specific natural person or to a natural person who can be identified. This includes data such as name, address, telephone number and date of birth. Data that cannot be directly linked to an identity - such as preferred websites or the number of users of a site - are not considered personal data.

Our website can generally be used without providing personal data. If personal data (such as name, address or email addresses) is collected on our website, this is always done on a voluntary basis wherever possible. This data will not be passed on to third parties without your express consent.

When these websites are visited, the provider's web servers always save the connection data of the computer that accesses these pages for security reasons. This includes:

• Visitor's IP address

• a list of visits to these websites

• the date and duration of the visit - the identification data of the browser and operating system used

• the website from which this website was accessed

Personal data is only stored if you provide it to us voluntarily, e.g. to request information or as part of an inquiry / booking / voucher request. Your personal data will only be passed on to third parties if this is necessary for the purpose of contract processing or for billing purposes, in compliance with Section 11 of the Federal Data Protection Act (BDSG) on contract data processing, or if you have previously consented.

We do not sell your personal data to third parties.

Disclosure to state institutions and authorities entitled to information only takes place within the framework of mandatory legal provisions or if we are legally obliged to do so.

The hosting services used by the website operator serve to provide the following services:

• Infrastructure and platform services

• Computing capacity, storage space and database services

• Security services and technical maintenance services used for the purpose of operating this online service.

Data collected when contacting us (e.g. through contact forms) is intended solely for the purpose of processing/answering/providing the requested products or services. The data is stored on the hosting provider's systems. This data will not be passed on to third parties without consent. We have obliged our employees to maintain confidentiality and to comply with data protection regulations.

The Kreuz-Post Hotel-Restaurant-Spa uses technical and organizational measures to protect your data against accidental or intentional manipulation, loss, destruction or unauthorized access. Our security measures are continuously improved in line with technical developments. However, we would like to point out that data transmission over the Internet (e.g. when communicating by email) can have security gaps. Complete protection of data against access by third parties is not possible.

Confidential information is transmitted using an SSL certificate using the HTTPS protocol, where possible. You can recognize an encrypted connection by the fact that the address line of the browser changes from http:// to https://.

These websites use cookies. These are files with pure text content. Depending on the configuration/software configuration of the device used, these may be stored on it. The program used to display the content (browser) uses this data to ensure that these websites are user-friendly and displayed.

Contributions or comments left on this website are saved with the author's public IP address. This is for the security of the website operator. If this content violates applicable law, the identity of the author must be traceable.

These websites use the Google reCAPTCHA service, which protects this website from spam and misuse. reCAPTCHA prevents automated software (bots) from carrying out abusive activities on the website. Therefore, it is checked whether the entries made actually come from a human. In order to determine this, the following data is collected and processed. Within the scope of the current state of knowledge, these are

• Referrer (address of the page on which the captcha is used)

• Visitor's IP address

• Google account (if the user is logged in to Google, this will be recognized and assigned)

• The user’s input behavior (e.g. answering the reCAPTCHA question)

• Input speed in the form fields

• Order of selection of input fields by the user) is used to improve pattern recognition at Google

• Browser, browser size and resolution, browser plugins, date, language setting

• Display instructions (CSS) and scripts (Javascript) of the website

• Mouse or touch events within the page

• Google also reads cookies from other Google services such as Gmail, Search and Analytics.

Google's subsequent evaluation decides in which form the captcha is displayed on the page - in the form of a checkbox or via text input.

Google reCAPTCHA is a service of

Google Inc.
1600 Amphitheatre Parkway
Mountain View
California 94043
USA

Furthermore, the different data protection provisions of Google Inc. apply. Further information on the data protection guidelines of Google Inc. can be found at https://www.google.com/intl/en/policies/privacy/

This website uses Google Maps to display a digital map and to create directions. Google Maps is a service of

Google Inc.
1600 Amphitheatre Parkway
Mountain View
California 94043
USA

By using Google Maps, information about the use of this website, including your IP address and the address data entered as part of the route planner functions, can be transmitted to Google.

On pages of this website that contain Google Maps, the browser establishes a direct connection to Google's servers. The map content is transmitted by Google directly to your browser, which integrates it into the website. The website operator has no influence on the extent of the data collected by Google in this way. As far as we know, these are:

• Date and time of the visit to the website in question

• Internet address or URL of the website accessed

• Visitor's IP address

• Addresses entered during route planning.

The operator of this website has no influence on the further processing and use of the data by Google and therefore cannot accept any responsibility for this.

The purpose and scope of data collection and the further processing and use of the data by Google can be found in Google's privacy policy.

By using our website, you agree to the processing of the data collected about you by Google Maps Route Planner in the manner and for the purpose described above. The different data protection regulations of Google Inc. also apply. Further information on the data protection guidelines of Google Inc. can be found at https://www.google.com/intl/en/policies/privacy/

The website operator processes data from its customers as part of the ordering process in the online shop of this website in order to enable visitors to select and order the selected products and services, as well as to pay for and deliver/ship them, or to carry them out.

The data processed by customers, interested parties and business partners includes:

• Inventory data

• Communication data

• Contract data

• Payment details

The processing is carried out for the purpose of providing contractual services within the online shop for billing, delivery and customer services. The operator of this website uses so-called session cookies to store the shopping cart contents.

The information marked as required (mandatory fields) is required to establish and fulfill the contract. The website operator only passes this data on to third parties within the scope of delivery, payment or within the scope of legal permissions and obligations to legal advisors and authorities. This data is only processed in third countries if this is necessary to fulfill the contract, e.g. for delivery or payment.

Website visitors can create a user account to simplify future ordering processes, for example. As part of the registration, the required mandatory information is communicated to the users. The user accounts are not public and are not indexed by search engines. If users have canceled their user account, their data with regard to the user account is deleted.

As part of a registration and repeated logins and use of the online services, the website operator saves the IP address and the time of the respective actions of the user. This data is stored on the basis of the legitimate interests of the website operator and the user to protect against misuse. This data is generally not passed on to third parties unless there is reasonable suspicion of criminal acts.

By subscribing to the newsletter, users of these websites agree to receive it and the associated procedures. Content of the newsletter: The website operator only sends newsletters, emails and promotional information with the consent of the recipient. Newsletters contain information about the website operator's services and offers. If the content of the newsletter on these websites is described differently, this also applies.

"Double opt-in" and logging: Registration for the newsletter on these websites is carried out using a so-called double opt-in process. This means that after registration, the user receives an email asking them to confirm their registration. This confirmation is necessary so that no one can register with someone else's email address. Registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the requirements. This includes storing the time of registration and confirmation, as well as the IP address.

To register for the newsletter, the user must provide their email address. Names are collected for personal addressing. Cancellation or revocation: Users can cancel their newsletter subscription at any time, thereby revoking their consent. A link to cancel the newsletter is included in every newsletter. An individual request for deletion is possible at any time. Users can contact the contact details provided in the imprint.

The website operator uses content or service offers from third parties on its websites in order to integrate their content and services, e.g. videos. This requires that the relevant third parties obtain knowledge of the IP address of the user of these websites, since without this IP no data can be sent. The IP address is required to display this content. The website operator cannot rule out that third parties use so-called pixel tags (invisible graphics) for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic. Such information can also possibly be stored in cookies on the users' end devices.

The website operator maintains online presences within social networks and platforms in order to communicate with customers, interested parties and users active there and to inform them about its services. When accessing the respective social networks (also called "social media") and platforms, the terms and conditions and data processing guidelines of the respective operators apply.

Unless otherwise stated in the context, the website operator processes the data of users if they communicate with us within the social networks and platforms, e.g. write posts on these online presences or send messages to the operator of the presences.

These websites use so-called "social share plugins" from various social networks. This makes it possible to share or recommend content from these websites with other people within social networks. The plugins used can be identified by the respective logo of the associated social network.

If a visitor to these websites does not belong to any of the social networks whose plugins are used on these websites, these social networks cannot collect any data that can be assigned to this visitor by visiting these websites.

The social share plugins used on these websites are activated by clicking on the corresponding logo of the linked social network and establish a connection to the social network's websites. Data about visiting these websites can already be transmitted. If a user is already logged into the websites of a social network, this data can be linked to their personal data stored there. In addition, a suggestion for publishing a post is generated in the browser window. This post can be edited and published by the user. No publication takes place without further interaction. If the user does not want publication, the corresponding browser window should be closed.

We expressly point out that we ourselves have no influence on the amount of data that Facebook, Twitter, Google, Linked In or XING collect using the social share plugins. In case of doubt, the website provider recommends logging out of social networks before visiting these websites. The data protection notices and declarations of the respective providers also apply:

Facebook: https://www.facebook.com/help/568137493302217

Twitter: https://twitter.com/privacy

Google+: https://www.google.com/policies/privacy/partners/?hl=en

Linked in: https://www.linkedin.com/legal/privacy-policy?_l=en_EN

Xing: https://www.xing.com/app/share?op=data_protection

In order to enable you to book a room via our homepage, an online booking system from the provider Dirs21 (hereinafter "OBT") is integrated into our website. The information you provide will be processed exclusively for the provision of our contractual services and will of course be treated confidentially.

TourOnline AG
Borsigstraße 26
73249 Wernau, Deutschland
(www.dirs21.de, hereinafter "TOAG")

Within the framework of the OBT, TOAG processes the data as the responsible party.

The information and provisions on data protection can be found in TOAG's data protection declaration for the OBT, which you can access at any time from the OBT or view at www.dirs21.de/datenschutz.

Upon written request, the website operator will inform you about which personal data (e.g. name, address) has been stored. The operator of this website can block, correct or request deletion of personal data at any time without giving reasons.

The website operator reserves the right to change this privacy policy at any time with or without prior notice. By using the websites of this website provider, the visitor/user agrees to this data protection regulation.

The use of contact data published as part of the imprint obligation to send unsolicited advertising and information materials is hereby prohibited. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited advertising information being sent, for example through spam emails.