Privacy policy of A-ROSA Resort GmbH

The requirements of the EU General Data Protection Regulation (hereinafter DSGVO) apply throughout Europe. We would like to inform you about the processing of personal data carried out by our company in accordance with this regulation (compare Articles 13 and 14 DSGVO). If you have any questions or comments about this privacy statement, you can send them at any time to the email address given in section 1.2  or 1.3.

Table of Contents:

1.     Overview
1.1        Scope
1.2        Responsible authority
1.3        Data protection officer
2.     The data processing operations in detail
2.1        General information on data processing
2.2        Calling the website
2.3        Newsletter
2.4        Reservation
3.     Data subject rights
3.1        Right of objection
3.2        Right to information
3.3        Right of rectification
3.4        Right to erasure (“right to be forgotten”)
3.5        Right to restriction of processing
3.6        Right to data portability
3.7        Right of withdrawal for consent
3.8        Right of appeal

1. overview

In this section of the Privacy Policy you will find information about the scope, the data controller and its data protection officer.

1.1 Scope

On this page, we inform you about the type, scope and purpose of the personal data collected by A-ROSA Resort GmbH, which is processed both when you visit this homepage and during other processing under our responsibility that is not related to this homepage.

1.2 Person responsible

The data controller – i.e. the person who decides on the purposes and means of the processing of personal data – in connection with the processing operations is
A-ROSA Resort GmbH
Lange Straße 1a
18055 Rostock
Phone: +49 (0) 40 – 300 322 100 
Fax: +49 (0) 40 300 322 109
E-mail: kontakt.resort@a-rosa.de

1.3 Data protection officer

You can contact our data protection officer as follows:
Contact form:
https://www.dsextern.de/anfragen
DS EXTERN GmbH
Dipl.-Kfm. Marc Althaus
Frapanweg 22 
D-22589 Hamburg

2. the data processing in detail

In this section of the privacy policy, we inform you in detail about the processing of personal data. For better clarity, we organize this information according to specific functionalities.

2.1 General information on the data processing operations

Unless otherwise specified, the following applies to all processing operations described below:
No obligation to provide
There is neither a contractual nor a legal obligation to provide the personal data. You are not required to provide data.
Consequences of non-provision
In the case of required data (data that are marked as mandatory when entered), failure to provide them will mean that the service in question cannot be provided. Otherwise, failure to provide us may mean that our services cannot be provided in the same form and quality.

Consent

In various cases, you have the option to also give us your consent (if applicable for part of the data) to further processing in connection with the processing described below. In this case, we will inform you separately in connection with the submission of the respective declaration of consent about all modalities and the scope of the consent and about the purposes we pursue with these processing operations.

Photo and film shooting

The events of the A-ROSA Resorts brand can be documented by photo and film recordings. The use of photographs, such as team photos taken or event photos, takes place on the Internet on the respective event page. Selected footage of the event can be used for impressions in social media in web resolution as well as in various print media. There will be no other transfer of photo and film recordings to third parties.

The participant may object to the storage, use and dissemination of the recordings made of him/her at any time with effect for the future. If the objection is made before the start of an A-ROSA Resorts brand event, DSR Hotel Holding will delete all recordings of the participant immediately after the end of the event. The objection can be declared in writing (e.g. letter) or in text form (e.g. by fax or e-mail). Please include your last and first name, as well as the date and name of the event with your objection.

Transmission to government authorities

We only transfer personal data to government authorities (including law enforcement authorities) if this is necessary for the fulfillment of a legal obligation to which we are subject (legal basis: Art. 6 para. 1 c) DSGVO) or if it is necessary for the assertion, exercise or defense of legal claims (legal basis Art. 6 para. 1 f) DSGVO).

Storage duration

We do not store your data longer than we need it for the respective processing purposes. If the data are no longer required, they are regularly deleted, unless their temporary retention is still necessary. Reasons for this may include the following:

• The fulfillment of retention obligations under commercial and tax law
• Obtaining evidence for legal disputes within the scope of the statutory limitation provisions

Recipient categories

In addition to the categories of recipients explicitly listed below, personal data is also transferred to the following categories of recipients: Shipping service providers, telephone and fax providers.

Data categories

• Personal master data: Title, title/gender, first name, last name, date of birth
• Address data: street, house number, if necessary address additions, postal code, city, country
• Contact information: Telephone number(s), fax number(s), e-mail address(es).
• Registration Data: Information about the service through which you have registered; timing and technical information about registration, confirmation and deregistration; data provided by you during registration.
• Booking data: Bookings, prices, payment information
• Payment data: Account data, credit card data, data on other payment services.
• Access data: Date and time of the visit to our service; the page from which the accessing system arrived at our site; pages accessed during use; session identification data (session ID); in addition, the following information of the accessing computer system: Internet Protocol address (IP address) used, browser type and version, device type, operating system and similar technical information.

2.2 Calling the website

This describes how we process your personal data when you access the website.

Processing information

• Data category: Access data
• Purpose: connection establishment, display of the contents of the Service, detection of attacks on our site based on unusual activity, error diagnosis.
• Legal basis: Protection of legitimate interests (Art. 6 para. 1f DSGVO)
• Legitimate interest, if any: proper functioning of the Services, security of data and business processes, prevention of misuse, prevention of damage due to interference with information systems.
• Storage duration: 7 days
• Recipients: IT security service provider, hosting service provider, Consenttool provider
• Third country transfer: –

Tracking to analyze and optimize our services and their use, as well as to measure the success of advertising campaigns and optimize the display of advertising
Information on the services used can be found under “Manage cookies” in the footer or in the Consenttool.

2.3 Newsletter

What happens to your personal data in connection with a subscription to our newsletter is described here:

Processing information

Data category:

• E-mail address
• Newsletter usage profile data
• Login data

Purpose:

• Verification of registration (double opt-in procedure), newsletter delivery
• interest-oriented design of the newsletter
• Traceability of successful newsletter registration/confirmation/unsubscription

Legal basis:

• Consent (Art. 6 para. 1a DSGVO)
• Consent (Art. 6 para. 1a DSGVO)
• Protection of legitimate interests (Art. 6 para. 1f DSGVO)

If applicable, legitimate interest: Proof of successful newsletter subscription/confirmation/unsubscription.
Storage period: duration of newsletter subscription, (unsubscribe data, indefinitely to meet accountability requirements).
Recipient: Service provider for newsletter dispatch
Third country transfer: –

2.4 Reservation

How we process your personal data when you contact our customer service can be found here:
Processing information

Data category:

• Personal master data
• Contact details
• Contents of the inquiries/bookings/complaints
• Payment data

Purpose: Processing of customer inquiries, bookings and complaints.
Legal basis: contract (Art. 6 para. 1b DSGVO), safeguarding legitimate interests (Art. 6 para. 1f DSGVO).
Legitimate interest, if applicable: Customer loyalty, sales, improving customer satisfaction.
Storage period: processing of the request, booking data according to the legal requirements. Retention period (10 years)
Recipient: Payment service provider
Third country transfer: –

3. data subject rights

3.1 Right of objection

You have the right to object at any time with future effect, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out pursuant to Art. 6 para. 1 lit. e) or f) DSGVO is carried out.
You can exercise the right of objection free of charge.

3.2 Right to information

You have the right to know whether personal data concerning you are processed by us, which personal data these are, if any, as well as to receive further information in accordance with Art. 15 of the GDPR.

3.3 Right of rectification

You have the right to request that we correct any inaccurate personal data concerning you without undue delay (Art. 16 DSGVO). Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data – also by means of a supplementary declaration.

3.4 Right to erasure (“right to be forgotten”)

You have the right to request that we delete personal data concerning you without undue delay if one of the circumstances described in Art. 17 para. 1 DSGVO and the processing is not necessary for one of the reasons listed in Art. 17 (1) DSGVO. 3 DSGVO is necessary for the purposes regulated.

3.5 Right to restriction of processing

You are entitled to request a restriction in the processing of your personal data if one of the conditions set out in Art. 18 para. 1 letters a) to d) DSGVO is given.

3.6 Right to data portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. Furthermore, you have the right to transmit this data to another responsible party without hindrance by us or to obtain that a direct transmission by us takes place, provided that this is technically possible. This should always apply if the basis of the data processing is consent or a contract and the data is processed automatically. Accordingly, this does not apply to data held in paper form only.

3.7Right of revocation in case of consent

Insofar as the processing is based on your consent, you have the right to revoke your consent at any time. The lawfulness of the processing carried out on the basis of the consent until revocation is not affected by this.

3.8 Right of appeal

You have a right of appeal to a supervisory authority.