Rebhan’s Business und Wellness Hotel

Privacy

Privacy Statement

As an international applicant, please use our website: Career.

The protection of your privacy is of the utmost importance for us when we process your data. We therefore only collect and process your personal data in accordance with the provisions of the German Federal Data Protection Act and other data protection regulations. We want to ensure you feel in safe hands when you visit our website.

In the following, we will explain which data we, Rebhan’s Business and Wellness Hotel, collect when you visit our website and how this data will be used.

In principle, our website can be used without the disclosure of personal data. If we do collect your personal data when you visit our website, it shall be exclusively processed in accordance with the EU General Data Protection Regulation 2016/679; GDPR), the German Federal Data Protection Act dated 30th July 2017 (BDSG-updated) and the German Telemedia Act (TMG). Your personal data shall only be processed in compliance with the provisions of this data protection declaration.

This data protection declaration applies for the use of the website www.hotel-rebhan.de. All linked content from other providers is subject to the corresponding data protection declaration on the provider’s website.

We would like to draw your attention to the fact that security breaches may occur when data is transferred online that cannot be prevented by the technical design of this website. We are not able to ensure complete protection of your personal data when you use the internet.

Data controller

Responsible for the processing of personal data when using this website is:

Hans Rebhan Grundbesitz- und Beteiligungs GmbH & Co. KG
Ludwigsstädter Str. 95 + 97
96342 Stockheim – Neukenroth
Telefon: +49 (0) 9265/955 – 6100
Fax: +49 (0) 9265/955 – 6600
E-Mail: info@hotel-rebhan.de
Internet: www.hotel-rebhan.de

Managing directors authorized to represent: Hans Rebhan
Register court: District court Coburg
Register number: HRB 3169, HRA 4350
VAT ID no.: in accordance with Section 27 a of the Value Added Tax Act: DE 814781582

Responsible for content according to the Telemedia Act (TMG): Hans Rebhan Grundbesitz- und Beteiligungs GmbH & Co. KG

Data protection officer

You can contact our data protection officer as follows:
E-Mail: datenschutz@hotel-rebhan.de

Personal data

Personal data is individual information relating to personal or factual circumstances of an identified or identifiable natural person. This includes information such as your name, address and phone number.

Your personal data will be transmitted to third parties when you use our website.

Hosting

Our website is operated on servers by:
Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany (hoster)

Collection of personal data

When you visit our website, our web server automatically collects general information – predominately for the purpose of maintaining the security of our systems. This includes the type of web browser, the operating system used, the domain name of the internet service provider, the connection data of the computer used (IP address), the website you visited us from (referred URL), the pages you visited on our website and the date and duration of your visit.

When you access our website, your data will be automatically collected and saved in log files on our host server. This data may contain personal references. The data collected includes:

– Name of the requested website
– Date and time of the visit
– Data volume transmitted
– Notification of successful access
– Type of internet browser
– Version of internet browser
– The browser operating system incl. patch level
– Previously visited website
– Requesting provider
– Anonymised IP address

The hosting platform uses the collected data to operate the website and ensure IT security. In the case of specific indications, the log files may be retroactively analysed.
All data saved by the hosting platform will be erased after 6 months.

Protection of minors

Persons who have not yet reached the age of 16 may not transmit any personal data to us without the consent of their legal guardians. Personal information may only be made available to us by persons who have not yet reached the age of 16 if they have the express consent of their legal guardians or if the persons have reached the age of 16 or are older. These data are processed in accordance with this data protection declaration.

Use of cookies

In addition to the aforementioned data, cookies are used on your computer when you use and visit our website.

Cookies are small text files that are stored by your browser on your device to store certain information. Furthermore, these cookies are used to make the use of our offer more pleasant and convenient for you or for analytical purposes.

Most of the cookies we use are so-called “session cookies”. They are used to make the services of our website technically available to you. After your visit, these cookies will be automatically deleted from your browser.

Other cookies remain on your computer and ensure that we recognize your device on your next visit (so-called persistent or permanent cookies).

The next time you visit our website with the same device, the information stored in cookies will either be read by our website (“first party cookie”) or another website to which the cookie belongs (“third party cookie”).

These cookies are automatically deleted from your system after a preset period of time, which differs depending on the cookie.

Through the information saved and sent back, the respective website recognizes that you have already accessed and visited it with the browser of your device.

We use this information to be able to optimally design and display the website according to your preferences. Only the cookie itself is identified on your device.

Any further storage of personal data will only take place with your express consent or if this is absolutely necessary in order to be able to use the service offered and requested by you.

This website uses the following types of cookies, the scope and functionality of which are explained below:

– Essential cookies

The use of essential cookies on our website is possible without your consent.

These necessary cookies guarantee functions without which you cannot use our website as intended. These cookies are used exclusively by us and serve, for example, to ensure that you, as a registered user, always remain logged in when accessing various sub-pages of our website, so that you do not have to re-enter your login data every time you visit a new page.

– Cookies for external media from third parties

Cookies for external media from third parties enable our website to save information that has already been entered (e.g. registered name or language selection) and to offer you improved and more personal functions based on this. These cookies only collect and store anonymized information so that they cannot track your movements on other websites.

You have the option of generally deactivating cookies in your browser at any time (see below). However, if cookies are deactivated, the functionality of this website may be restricted.

– Marketing cookies

Marketing cookies are only set after you have given your active consent.

These cookies come from third party cookies and are used to collect information about the websites visited by the user in order to create target group-oriented advertising for the user.

If you agree to the tools mentioned (cookies for external media from third parties, marketing cookies), you give your consent in accordance with Art. 6 Paragraph 1 Clause 1 lit. a in conjunction with Art. 49 Paragraph 1 a) GDPR that your personal data may be processed in the USA. In a judgment of July 16, 2020, the European Court of Justice declared the EU-US Privacy Shield to be ineffective. As a result, the USA is to be classified as an unsafe third country, as the EU data protection standards are only inadequately met. In particular, there is a risk that your data will be processed by US authorities for control and monitoring purposes. As the person concerned, you may then not have any legal remedies.”

Opt-out for marketing cookies

You can also save cookies that are used for online advertising via the tools developed in many countries as part of self-regulatory programs, such as the US-based https://www.aboutads.info/choices/ or the in EU-based http://www.youronlinechoices.com/uk/your-ad-choices manage.

You can revoke this consent to cookies at any time with effect for the future [borlabs-cookie type =”btn-cookie-preference” title =”here” element=”link”/].

You can set your browser so that you are informed about the setting of cookies and cookies only in individual cases, e.g. third-party cookies (cookies that are set by a third party, i.e. not by the actual website on which You are currently located), allow the acceptance of cookies for certain cases or generally exclude, and activate the automatic deletion of cookies when you close the browser. You can delete saved cookies at any time using your web browser.

If cookies are deactivated, the functionality of this website may be restricted.

Management of cookies:

You can find out more about this option for the most popular browsers using the following links:

Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox: http://support.mozilla.org/de/kb/cookies-informationen-websites-auf-ihrem-computer
Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&answer=95647
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: http://help.opera.com/Linux/12.10/de/cookies.html

If you have not made or are making any deviating settings, cookies that enable or ensure the necessary technical functions remain on your device until you close the browser; other cookies can remain on your device for a longer period (maximum 6 months).

To ensure your privacy, you should regularly check the cookies on your respective end device and your browser history and delete them yourself.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the website operator, this site uses an SSL or. TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If the SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties (end-to-end encryption). The protocols authenticate the communication partner and ensure the integrity of the transported data.

Contact options (form / email)

You can contact us on our website using the contact form or by email.

In this context, your details from the form, including the contact details you provided there, will be stored and processed by us for the purpose of processing the request and in the event of follow-up questions. These data (e.g. company, name (mandatory field), telephone number, email address (mandatory field), IP address) will not be passed on to third parties without your consent.

The data will not be merged with other data collected on this website.

The data may be stored as part of customer relations management (CRM) if you are already a customer of our company.

The contact form is sent encrypted using TLS technology. The encryption serves to prevent unauthorized access by third parties to your personal data.

This data is processed on the basis of Article 6 (1) (b) GDPR, provided that your request is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 Para. 1 lit. f GDPR).

The data you provide will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.

Applications

We accept digital applications, regardless of whether you are applying for a position advertised by us or whether it is an unsolicited application.

Career.

Google Tag Manager

We use “Google Tag Manager” on our websites. The service is operated by Google LLC., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, or if you are based in the EU, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Google Tag Manager provides a functionality that enables us to easily, efficiently and dynamically integrate further services on our website. In addition, we can quickly configure and adapt services integrated via Google Tag Manager without having to make technical changes to our website. Services that you have otherwise already objected to will not be delivered to your browser by Google Tag Manager.

When using Google Tag Manager, Google does not collect any personal data. Google collects technical data without personal reference for the general use and implementation of Google Tag Manager.

The data processing takes place on the basis of Art. 6 Para. 1 S. 1 lit. f GDPR. Our legitimate interest lies in the efficient provision of our website including the embedded services and functions.

We have concluded standard data protection clauses within the meaning of Art. 46 Paragraph 2 lit. c) GDPR for the transmission of data to the USA with Google.

Please refer to the following link for Google’s privacy policy: https://policies.google.com/privacy?hl=de.

You can find the terms of use of Google Tag Manager under the following link: https://www.google.de/tagmanager/use-policy.html.

Use of Google Analytics

This website uses the web analysis service “Google Analytics”, operated by Google LLC., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, or if you have your company headquarters or your place of residence in the EU, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Google Analytics uses so-called “cookies”, text files that are stored on your computer and that enable your use of the website to be analyzed if you have consented to the use of cookies for marketing purposes.

The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.

IP anonymization is active on this website. By activating the IP anonymization through the anonymizeIP function on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address will only be sent to a Google server in the USA and shortened there in exceptional cases.

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. The data will be deleted after 14 months.

You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by using the browser available under the following link -Download and install the plugin: http://tools.google.com/dlpage/gaoptout?hl=de.

The terms of use and information on data protection can be found at http://www.google.com/analytics/terms/de.html or under https://www.google.de/intl/de/policies/.

Google processes your personal data on our behalf. We have therefore concluded an order processing contract with Google in accordance with Art. 28 Para. 3 GDPR, in which Google undertakes to protect your personal data and not to pass them on to third parties for purposes other than those mentioned above

The legal basis for the use of Google Analytics is your consent in accordance with Article 6, Paragraph 1, Sentence 1, Letter a of the GDPR, provided that you give us your consent when you first access the page.

The legal basis for the transmission of data to the USA is your consent in accordance with Article 49 Paragraph 1 Clause 1 lit. Furthermore, we have concluded standard data protection clauses within the meaning of Art. 46 Paragraph 2 lit. c GDPR for the transmission of data to the USA with Google.

You can revoke your consent to data processing and transmission at any time without giving reasons by sending a message to the specified contact details of our data protection officer, deleting the cookies in your browser (see Management of cookies).

The legality of data processing that has already taken place is not affected by the withdrawal of consent.

Google Fonts

This page uses so-called web fonts, which are provided by Google, for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

The font files are installed locally on our web server.

If your browser does not support web fonts, a standard font will be used by your computer.

You can find more information about Google Web Fonts at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://www.google.com/policies/privacy/.

Gstatic

A web service from Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter: Gstatic) is loaded on our website.

This data is used to ensure the full functionality of our website.
In this context, your browser may transmit personal data to Gstatic.
The legal basis for the use of Gstatic is your consent in accordance with Art 6 paragraph 1 sentence 1 lit. a GDPR, insofar as you give us your consent when you first call up the page.

Since there is no adequacy decision by the EU Commission for the transfer of personal data to the USA, we have concluded standard data protection clauses with Google within the meaning of Article 46 (2) (c) GDPR.

The data will be deleted as soon as the purpose for which it was collected has been fulfilled. For more information on how the transmitted data is handled, see Gstatic’s privacy policy: https://policies.google .com/privacy.

You can prevent Gstatic from collecting and processing your data by disabling the execution of script code in your browser or installing a script blocker in your browser.

Use and disclosure of personal data

If you entrust us with the provision of a service or the delivery of goods, your personal data will only be used without your separate consent to the extent necessary for the provision of the service or the execution of the contract.

This includes, in particular, the transfer of your data to transport companies, credit companies or other service providers used to provide the service or to process contracts.

We also pass on personal data on official and / or judicial instruction. A transfer of personal data that goes beyond what is mentioned in this data protection declaration does not take place.

Cooperation with external service providers

We hire other companies and individuals to perform tasks for us. Examples include Parcel delivery, sending letters or e-mails, advertising measures (including the provision of search results and links), processing of payments (credit card, direct debit and purchase on account) and customer service. These service providers have access to personal information that is required to carry out their tasks. However, you may not use them for any other purpose. In addition, you are obliged to treat the information in accordance with this data protection declaration and German data protection laws.

If these subcontractors are contract data processors in accordance with Art. 28 GDPR, we have concluded corresponding legally compliant contracts with them.

Obligation of employees and external service providers

Of course, our employees and the service companies commissioned by us are obliged to maintain secrecy and to comply with the provisions of the Federal Data Protection Act.

Purpose-related use of personal data

Your personal data will only be used for the stated purposes and to the extent necessary to achieve these purposes.

Exceptions

We disclose customer accounts and personal data about customers if we are legally obliged to do so or if such disclosure is necessary in order to enforce our general terms and conditions or other agreements or to protect our rights as well as the rights of our customers and those third parties. This includes data exchange with companies that specialize in preventing and minimizing abuse and credit card fraud. It is expressly made clear that in this context, the data will not be passed on to these companies for commercial use that contradicts this data protection declaration.

Liability for linked content

Our websites contain links to other offers. We have no influence on how the providers of the linked websites handle the information shown on these pages. Insofar as the collection, processing or use of personal data is associated with the use of the websites of other providers, please note the data protection information of the respective provider. If you have any questions about this, please contact these third parties directly. We are not responsible for compliance with data protection regulations or the content of these websites.

Profiles in social networks

Our presences on social networks and video platforms, which we name below, serve active and contemporary communication with our customers and interested parties. There we provide information about our services, products and interesting special promotions relating to our company and our services. You can find more information about us as a provider of the social media channel in our Legal.

In the following, we give you the data protection information in accordance with Article 13 of the General Data Protection Regulation (GDPR) on the social media sites we operate:

Facebook: https://de-de.facebook.com/rebhans
Instagram: https://www.instagram.com/rebhanshotel?igshid=1gfu3jix6tbxv

a) YouTube

The video platform YouTube is operated by Google LLC., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, or, if you are based in the EU, Google Ireland Limited, Gordon House, Barrow Street , Dublin 4, Ireland (“Google”).

The following information does not apply to any direct integration of YouTube videos on our website.

When you visit our channel on YouTube, your data can be automatically collected and stored for market research and advertising purposes. So-called usage profiles are created from this data using pseudonyms. These can be used to e.g. B. To place advertisements inside and outside the video platform that presumably correspond to your interests. For this purpose, cookies are usually used on your end device. The function of cookies is explained in the data protection instructions there, so please see the relevant information there. The visitor behavior and the interests of the user are stored in these cookies.

Furthermore, we receive a statistical evaluation from the data collected, which groups of people are interested in our individual videos posted on YouTube. In particular, we are provided with the number of views and playing times of videos in this context. The data is made available for statistical evaluations in such an anonymous form that it is not possible to draw any conclusions about individual persons. The information contained includes, for example, the approximate geographical location, the age group and other summarizing properties.

The legal basis for the collection and processing of data is your consent within the meaning of Article 6 (1) (a) GDPR, which you may have given or give to Google when you visit the website (s) there. You can revoke your consent to data processing at any time with effect for the future; please contact Google immediately. The revocation of the consent does not affect the legality of the data processing carried out until the revocation.

For detailed information on the processing and use of data by Google on the YouTube website, as well as a contact option and your rights and setting options in this regard to protect your privacy, please refer to Google’s data protection information, which you can find under the following link: https://policies.google.com/privacy?hl=de&gl=de

Since there is no adequacy decision by the EU Commission for the transmission of personal data to the USA, we have concluded standard data protection clauses with Google within the meaning of Art. 46 Paragraph 2 lit. c) GDPR.

b) Fan page on Facebook / Facebook presence

The social network Facebook is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you have your company headquarters or your place of residence in the EU, Facebook Ireland Ltd., 4 Grand Canal Square , Dublin 2, Ireland (“Facebook”).

When you visit our online presence on social media, your data can be automatically collected and saved for market research and advertising purposes. So-called usage profiles are created from this data using pseudonyms. These can be used to e.g. B. To place advertisements inside and outside the platforms that presumably correspond to your interests. For this purpose, cookies are usually used on your device.

The function of cookies is explained in our privacy policy, so please see the relevant information there. The visitor behavior and the interests of the user are stored in these cookies. This serves to safeguard our predominantly legitimate interests in an optimized presentation of our services and offers as well as effective communication with customers and interested parties. The legal basis for processing is therefore Article 6 (1) (f) GDPR.

The legal basis for the collection and processing of data is your consent within the meaning of Article 6 (1) (a) GDPR, which you may have given or give to Facebook when you access the website there. You can revoke your consent to data processing at any time with effect for the future; please contact Facebook immediately. The revocation of the consent does not affect the legality of the data processing carried out until the revocation.

For detailed information on the processing and use of data by the providers on their pages, as well as a contact option and your related rights and setting options to protect your privacy, in particular options for objection (so-called opt-out), please refer to Facebook’s data protection information: https://www.facebook.com/about/privacy/.

You can find the opt-out option as follows: https://www.facebook.com/settings?tab=ads.

The data processing takes place on the basis of an agreement between jointly responsible persons in accordance with Art. 26 GDPR, which you can see here: https://www.facebook.com/legal/terms/page_controller_addendum.

Since there is no adequacy decision by the EU Commission for the transmission of personal data to the USA, we have concluded standard data protection clauses with Facebook within the meaning of Art. 46 Para. 2 lit.c GDPR.

c) Instagram

The social network Instagram is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you have your company headquarters or your place of residence in the EU, Facebook Ireland Ltd., 4 Grand Canal Square , Dublin 2, Ireland (“Facebook”).

When you visit our online presence on social media, your data can be automatically collected and saved for market research and advertising purposes. So-called usage profiles are created from this data using pseudonyms. These can be used, for example, to place advertisements inside and outside the platforms that presumably correspond to your interests.

Cookies are usually used on your device for this purpose. The function of cookies is explained in our privacy policy, so please see the relevant information there. The visitor behavior and the interests of the users are stored in these cookies.

This serves to safeguard our legitimate interests, which predominate in the context of a weighing of interests, in an optimized presentation of our services and offers as well as effective communication with customers and interested parties. The legal basis for processing is therefore Article 6 (1) (f) GDPR.

The legal basis for the collection and processing of data is your consent within the meaning of Article 6 (1) (a) GDPR, which you may have given or give to Facebook when you visit the website there.

You can revoke your consent to data processing at any time with effect for the future; please contact Facebook immediately. The revocation of the consent does not affect the legality of the data processing carried out until the revocation.

For detailed information on the processing and use of the data by the providers on their pages, as well as a contact option and your related rights and setting options to protect your privacy, in particular options for objection (so-called opt-out), please refer to the data protection information of Service Instagram: https://help.instagram.com/519522125107875.

You can find the opt-out option in the privacy settings of your Instagram account under: https://www.instagram.com/accounts/login/?next=/accounts/privacy_and_security/.

Furthermore, we have concluded standard data protection clauses within the meaning of Art. 46 Para. 2 lit. c) GDPR for the transmission of data to the USA with Facebook.

Your rights and assertion of rights

You have the rights listed below. You can assert this against us. To claim, please use the above data or contact us by email at: datenschutz@hotel-rebhan.de.

Right to information

You have the right to information as to whether we process personal data about you, for what purposes we process the data, which categories of personal data about you we process, to whom the data may have been forwarded, for how long If necessary, data should be saved and what rights you have.

Right to correct data

You have the right to have inaccurate personal data relating to you that is stored by us corrected. You also have the right to have us add to an incomplete data record that we have saved.

Deletion

You can request the deletion of your personal data from us if (1) the data has been processed unlawfully, (2) the purpose for which the data was collected has been fulfilled, (3) you have given your consent to data processing have revoked and there is no other legal basis for the processing, (4) we are subject to a legal obligation to delete the data (5), you are under 16 years old or (6) you have objected to the processing and there are no overriding legitimate reasons on our part for processing.

Right to restriction of processing

You can request that we restrict processing in the following cases. In these cases, we will mark the data with a blocking note and will not process it further. (1) If you dispute the accuracy of the personal data for the duration of our review. (2) If you have requested deletion and we cannot or may not carry out a deletion. (3) If you need the data to assert claims, but we would be obliged to delete it because the purpose of the processing has been fulfilled. (4) If you have raised an objection to the processing and a final decision has not yet been made.

Right to data portability

You have the right to request data that you have made available yourself within the framework of a contract or on the basis of your consent and that are automatically processed from us as a common machine-readable format (data record).

Revocation of a given consent

If you have given us your consent to the processing of personal data, you can revoke your consent at any time. Please send your revocation to the data given above or by email to: datenschutz@hotel-rebhan.de .

Right to complain about data protection supervision

You have the right to lodge a data protection complaint with the supervisory authorities. The supervisory authority responsible for us is the Bavarian State Office for Data Protection Supervision. The complaint can be lodged with any supervisory authority regardless of responsibility.

Changes to this data protection declaration

We reserve the right to change this data protection declaration at any time in compliance with the applicable data protection regulations. We will publish the changes here.

Current status is September 2022.