We look forward to seeing you!
With the following privacy policy, we would like to inform you about what types of your personal data (hereinafter also referred to simply as “data”) we process, for what purposes and to what extent. This privacy policy applies to all processing of personal data carried out by us, both in the course of providing our services and, in particular, on our websites, in mobile applications and within external online presences, such as our social media profiles (collectively referred to hereinafter as the “online offering”).
The terms used are not gender-specific.
Last updated: 25 October 2022
Name: Kimberly and Dominik Probst
Anschrift: Urb. Monte Azul 1, 29749 Almayate Bajo, Spain
info@villa-soluna.de
Imprint:The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects concerned.
Below you will find an overview of the legal bases under the GDPR on which we process personal data. Please note that, in addition to the GDPR provisions, national data protection regulations may apply in your or our country of residence or establishment. If, in individual cases, more specific legal bases are relevant, we will inform you of these in this privacy policy.
In addition to the data protection provisions of the General Data Protection Regulation, national data protection regulations in Germany apply. This includes, in particular, the Act on the Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). The BDSG contains, in particular, special provisions on the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and the transfer and automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for employment purposes (§ 26 BDSG), especially with regard to the establishment, execution or termination of employment relationships and employees’ consent. In addition, the data protection laws of the individual federal states may apply.
In accordance with the legal requirements, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of the processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access relating to them, input, disclosure, ensuring availability and separation. Furthermore, we have established procedures to ensure the exercise of data subject rights, the deletion of data and responses to threats to data. We also take the protection of personal data into account as early as the development or selection of hardware, software and procedures in accordance with the principle of data protection by design and by default.
Truncation of IP addresses: If IP addresses are processed by us or by the service providers and technologies used, and processing a full IP address is not necessary, the IP address is shortened (also referred to as “IP masking”). In doing so, the last two digits, or the last part of the IP address after a dot, are removed or replaced by placeholders. The shortening of the IP address is intended to prevent or significantly hinder the identification of a person based on their IP address.
TLS encryption (https): To protect your data transmitted via our online offering, we use TLS encryption. You can recognize such encrypted connections by the prefix https:// in your browser’s address bar.
In the course of our processing of personal data, it may happen that the data is transferred to other bodies, companies, legally independent organizational units or persons, or disclosed to them. Recipients of this data may include, for example, service providers commissioned with IT tasks or providers of services and content integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.
If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or if processing takes place in the context of using third-party services or the disclosure or transfer of data to other persons, bodies or companies, this is only done in accordance with the legal requirements.
Subject to express consent or a transfer required by contract or by law, we process or have data processed only in third countries with a recognized level of data protection, on the basis of contractual obligations through so-called standard contractual clauses of the EU Commission, in the presence of certifications or binding internal data protection rules (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).
The data processed by us will be deleted in accordance with the legal requirements as soon as the consents permitting processing are revoked or other permissions cease to apply (e.g., if the purpose of processing this data no longer applies or it is no longer required for the purpose). If the data is not deleted because it is required for other legally permissible purposes, its processing is restricted to those purposes. This means the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons or whose storage is necessary for the assertion, exercise or defense of legal claims or to protect the rights of another natural or legal person.
Our privacy notices may also contain further information on the retention and deletion of data that takes precedence for the respective processing operations.
Cookies are small text files or other storage notes that store information on end devices and read information from the end devices. For example, to store the login status in a user account, the contents of a shopping cart in an online shop, the content accessed or functions used in an online offering. Cookies may also be used for various purposes, e.g., for the functionality, security and convenience of online offerings as well as for creating analyses of visitor flows.
Notes on consent: We use cookies in accordance with legal provisions. Therefore, we obtain prior consent from users unless consent is not legally required. Consent is not necessary in particular if storing and reading information, including cookies, is strictly necessary in order to provide users with a telemedia service expressly requested by them (i.e., our online offering). The revocable consent is clearly communicated to users and includes information about the respective use of cookies.
Notes on data protection legal bases: The data protection legal basis on which we process users’ personal data with the help of cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is the consent given. Otherwise, the data processed with the help of cookies is processed on the basis of our legitimate interests (e.g., in the commercial operation of our online offering and improving its usability) or, if this is done in the context of fulfilling our contractual obligations, if the use of cookies is required to fulfill our contractual obligations. We explain for what purposes cookies are processed by us in the course of this privacy policy or within the scope of our consent and processing procedures.
Storage duration: With regard to storage duration, the following types of cookies are distinguished:
General notes on revocation and objection (opt-out): Users can revoke any consents they have given at any time and also object to processing in accordance with the legal requirements of Art. 21 GDPR. Users can also declare their objection via their browser settings, e.g., by disabling the use of cookies (which may also restrict the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.
Further notes on processing operations, procedures and services:
We process data of our contractual and business partners, e.g., customers and prospective customers (collectively referred to as “contract partners”) within the scope of contractual and comparable legal relationships as well as related measures and in the context of communication with contract partners (or prior to a contract), e.g., in order to respond to inquiries.
We process this data in order to fulfill our contractual obligations. This includes, in particular, the obligations to provide the agreed services, any updating obligations and remedies in the event of warranty and other service disruptions. In addition, we process the data to safeguard our rights and for the purposes of the administrative tasks associated with these obligations and the organization of the company. Furthermore, we process the data on the basis of our legitimate interests in proper and efficient business management and in security measures to protect our contract partners and our business operations against misuse, endangerment of their data, secrets, information and rights (e.g., by involving telecommunications, transport and other auxiliary services and subcontractors, banks, tax and legal advisors, payment service providers or financial authorities). Within the scope of applicable law, we only pass on data of contract partners to third parties to the extent necessary for the aforementioned purposes or for fulfilling legal obligations. Contract partners will be informed about further forms of processing, e.g., for marketing purposes, within the scope of this privacy policy.
Which data is necessary for the aforementioned purposes is communicated to contract partners before or within the scope of data collection, e.g., in online forms, by special marking (e.g., colors) and/or symbols (e.g., asterisks), or personally.
We delete the data after the expiry of statutory warranty and comparable obligations, i.e., generally after 4 years, unless the data is stored in a customer account, e.g., for as long as it must be retained for statutory archiving reasons. The statutory retention period is ten years for tax-relevant documents and for commercial books, inventories, opening balance sheets, annual financial statements, the work instructions and other organizational documents required to understand these documents and accounting records, and six years for received commercial and business letters and reproductions of sent commercial and business letters. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory, the opening balance sheet, the annual financial statement or the management report was prepared, the commercial or business letter was received or sent, the accounting record was created, the record was made, or the other documents were created.
Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and privacy notices of the respective third-party providers or platforms apply in the relationship between users and the providers.
Further notes on processing operations, procedures and services:
We process users’ data in order to provide them with our online services. For this purpose, we process the user’s IP address, which is necessary to transmit the content and functions of our online services to the user’s browser or device.
Further notes on processing operations, procedures and services:
When contacting us (e.g., via contact form, email, phone or via social media) as well as within existing user and business relationships, the details provided by the inquiring persons are processed insofar as this is necessary to answer the contact inquiries and any requested measures.
Further notes on processing operations, procedures and services:
We maintain online presences within social networks and process user data in this context in order to communicate with users active there or to provide information about us.
We point out that user data may be processed outside the European Union. This may result in risks for users because, for example, the enforcement of users’ rights could be made more difficult.
Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, usage profiles can be created based on users’ usage behavior and the resulting interests. The usage profiles can, in turn, be used to place advertisements inside and outside the networks that presumably correspond to users’ interests. For these purposes, cookies are generally stored on users’ computers in which users’ usage behavior and interests are stored. Furthermore, data may also be stored in the usage profiles independently of the devices used by users (especially if users are members of the respective platforms and are logged in there).
For a detailed presentation of the respective forms of processing and the objection options (opt-out), we refer to the privacy policies and information provided by the operators of the respective networks.
Also in the case of requests for information and the assertion of data subject rights, we point out that these can be asserted most effectively with the providers. Only the providers have access to users’ data and can take appropriate measures and provide information directly. If you nevertheless need help, you can contact us.
Further notes on processing operations, procedures and services:
We integrate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may include, for example, graphics, videos or city maps (collectively referred to hereinafter as “content”).
The integration always requires that the third-party providers of this content process users’ IP addresses, as they could not otherwise send the content to users’ browsers without the IP address. The IP address is therefore required to display this content or functions. We endeavor to use only such content whose respective providers use the IP address solely to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on users’ devices and may contain, among other things, technical information about the browser and the operating system, referring websites, the time of visit and other information about the use of our online offering, and may also be linked with such information from other sources.
Further notes on processing operations, procedures and services:
We ask you to regularly inform yourself about the content of our privacy policy. We adapt the privacy policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require an action on your part (e.g., consent) or any other individual notification.
If we provide addresses and contact information of companies and organizations in this privacy policy, please note that addresses may change over time and we ask you to verify the information before contacting them.
As data subjects, you have various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:
This section provides an overview of the terms used in this privacy policy. Many of the terms are taken from the law and are primarily defined in Art. 4 GDPR. The legal definitions are binding. The following explanations, on the other hand, are primarily intended to aid understanding. The terms are listed alphabetically.
Created with the free Datenschutz-Generator.de by Dr. Thomas Schwenke
