DATA PROTECTION
Mandatory information according to the EU GDPR
I. Name and Address of the Controller
The controller, within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states, as well as other data protection regulations, is:
Adler Apartments Sasbachwalden by living TIMELESS
Dr. Bruno Türkheimer-Str. 23
D-79215 Elzach
Telefon: +49 (0) 156 79 57 3886
E-Mail: info[at]living-timeless.de
Authorized Managing Director: Melanie Vetter
II. Name and Address of the Data Protection Officer
We are not required to appoint a data protection officer.
III. General Information on Data Processing
1. Scope of Processing Personal Data
We collect and use personal data from our users only to the extent necessary for fulfilling our contractual obligations. After the contractual obligations have been met, we process data only with the user’s explicit consent. An exception applies in cases where obtaining prior consent is not feasible for practical reasons or where data processing is permitted by statutory regulations.
2. Legal Basis for Processing Personal Data
When we obtain the consent of the data subject for the processing of personal data, Art. 6(1)(a) GDPR serves as the legal basis.
For the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations required for pre-contractual measures.
If processing is necessary for compliance with a legal obligation to which our company is subject, Art. 6(1)(c) GDPRserves as the legal basis.
If processing is necessary to protect the legitimate interests of our company or a third party, and these interests are not overridden by the interests, fundamental rights, or freedoms of the data subject, Art. 6(1)(f) GDPR serves as the legal basis for the processing.
3. Data Deletion and Retention Period
The personal data of the data subject is deleted or blocked as soon as the purpose of storage ceases to apply. Storage may continue if required by European or national legislation in Union regulations, laws, or other provisions to which the controller is subject.
Data is also blocked or deleted when a retention period prescribed by these regulations expires, unless further retention of the data is necessary for the conclusion or fulfillment of a contract.
IV. Provision of the Website and Creation of Log Files
-
Description and Scope of Data Processing
Each time our website is accessed, our system automatically collects data and information from the accessing computer's system. The following data is collected: -
Information about the browser type and version used
-
The user's operating system
-
The user's internet service provider
-
The user's IP address
-
Date and time of access
-
Websites from which the user's system accesses our website
-
Websites accessed by the user's system via our website
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
2. Legal Basis for Data Processing
The legal basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR.
3. Purpose of Data Processing
The storage of data in log files is necessary to ensure the functionality of the website. Additionally, the data helps us optimize the website and ensure the security of our IT systems. The data is not evaluated for marketing purposes in this context. These purposes also constitute our legitimate interest in data processing under Art. 6(1)(f) GDPR.
4. Duration of Storage
If data is stored in log files, it will be deleted after no more than seven days. Storage beyond this period is possible. In such cases, the users' IP addresses are deleted or anonymized so that they can no longer be associated with the accessing client.
5. Right to Object and Removal
The collection of data for the provision of the website and its storage in log files is essential for the operation of the website. Consequently, the user has no right to object.
V. Contact via Email
1. Description and Scope of Data Processing
Our website provides the option to contact us via the provided email address. In such cases, the personal data transmitted with the email will be stored. This includes the data specified in the email as well as any additional data transmitted by the user's email program.
No data is shared with third parties in this context. The data is used exclusively for processing the visitor's inquiry.
2. Legal Basis for Data Processing
The legal basis for processing the data transmitted when sending an email is Art. 6(1)(f) GDPR. If the contact aims at concluding a contract, an additional legal basis for processing is Art. 6(1)(b) GDPR.
3. Purpose of Data Processing
In the case of contact via email, the processing of personal data serves solely to handle the inquiry. This constitutes the necessary legitimate interest in processing the data.
4. Duration of Storage
Data will be deleted as soon as the purpose of its collection has been fulfilled. For personal data transmitted via email, this occurs when the conversation with the user is concluded. A conversation is deemed concluded when circumstances indicate that the matter has been fully resolved.
5. Right to Object and Removal
The user may withdraw their consent to the processing of personal data at any time. If the user contacts us via email, they may object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. All personal data stored as part of the contact will be deleted.
VI. Rights of the Data Subject
If your personal data is processed, you are considered a data subject under the GDPR and have the following rights with respect to the controller:
1. Right of Access
You may request confirmation from the controller as to whether personal data concerning you is being processed. If such processing is occurring, you may request information regarding:
-
The purposes of the processing;
-
The categories of personal data being processed;
-
The recipients or categories of recipients to whom your personal data has been or will be disclosed;
-
The planned storage duration of your personal data, or if specific information is not available, criteria for determining the duration;
-
The existence of a right to rectification, erasure, restriction of processing, or objection to processing;
-
The right to lodge a complaint with a supervisory authority;
-
The source of the data if it was not collected directly from you;
-
The existence of any transfer of personal data to a third country or international organization and the safeguards pursuant to Art. 46 GDPR regarding such transfers.
2. Right to Rectification
You have the right to have inaccurate personal data concerning you rectified and/or incomplete data completed by the controller without delay.
3. Right to Restriction of Processing
You may request the restriction of the processing of your personal data under the following conditions:
-
If you contest the accuracy of your personal data, for a period enabling the controller to verify its accuracy;
-
If the processing is unlawful and you oppose the erasure of the personal data and request restriction instead;
-
If the controller no longer needs the personal data for processing purposes but you require it for legal claims;
-
If you have objected to processing pursuant to Art. 21(1) GDPR and verification of overriding legitimate grounds is pending.
Where processing has been restricted, your data may only be processed with your consent, for legal claims, to protect another person’s rights, or for important public interest reasons. You will be notified before any restriction is lifted.
4. Right to Erasure
a. Obligation to Erase
You may request the immediate deletion of your personal data if:
-
The data is no longer necessary for the purposes for which it was collected;
-
You withdraw consent, and there is no other legal basis for processing;
-
You object to processing under Art. 21 GDPR, and there are no overriding legitimate grounds;
-
The data has been unlawfully processed;
-
Erasure is required for compliance with a legal obligation;
-
The data was collected in relation to information society services under Art. 8(1) GDPR.
b. Notification to Third Parties
If the controller has made your personal data public and is obliged to erase it, they will take reasonable steps, including technical measures, to inform other controllers that you have requested the deletion of all links, copies, or replications.
c. Exceptions
The right to erasure does not apply if processing is necessary:
-
For exercising freedom of expression and information;
-
For compliance with a legal obligation or public interest;
-
For public health or research purposes;
-
For legal claims.
5. Right to Notification
If you have exercised the right to rectification, erasure, or restriction, the controller must inform all recipients of your data unless this is impossible or requires disproportionate effort. You may request to be informed of these recipients.
6. Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller, where processing is based on consent or a contract and is carried out by automated means.
7. Right to Object
You may object to the processing of your personal data under Art. 6(1)(e) or (f) GDPR at any time. The controller will no longer process the data unless compelling legitimate grounds override your interests or the processing is for legal claims.
If your data is processed for direct marketing, you have the right to object at any time, and your data will no longer be processed for such purposes.
8. Right to Withdraw Consent
You have the right to withdraw your consent at any time. The withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.
9. Right Not to Be Subject to Automated Decisions
You have the right not to be subject to a decision based solely on automated processing that significantly affects you, unless it is necessary for a contract, authorized by law, or based on explicit consent.
10. Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority if you believe the processing of your personal data violates the GDPR. The supervisory authority will inform you of the progress and outcome of your complaint.