We take the protection of your personal data very seriously and treat it confidentially and in accordance with the statutory data protection regulations and this privacy policy. We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

General notes and mandatory information
As a visitor to www.albtherme-waldbronn.de, you can expect not only tourist highlights, but also a high level of quality in the processing of your personal data. We are responsible for the handling of your data, which we process in accordance with your wishes and the provisions of German and EU data protection laws. Your personal data will only be processed by us if this is permitted by law or if you have given your prior consent.

We, that is Kurverwaltungsgesellschaft mbH Waldbronn, Marktplatz 7, 76337 Waldbronn, phone: 07243 5657-0, e-mail: kurverwaltung@waldbronn.de, registration number: HBR 360345, VAT ID: DE143243396 and our service providers who process your data on our behalf for the purposes stated below (hereinafter: "we").

Our official data protection officer is Mr Dirk Benjowsky, lawyer, Ligusterweg 27, 76337 Waldbronn, Germany. You can reach him at datenschutz@anwalt-waldbronn.de.

Our service providers include IT service providers, file and internet hosters, printers, lettershops, payment and web analysis service providers. Our service providers are prohibited from processing your data for purposes other than the specific order.

Our service providers that enable the display of the website and its functions also include Amazon Web Services, Inc, 410 Terry Avenue North, Seattle WA 98109, United States, ("Amazon") and Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Amazon and Google have submitted to the EU Privacy Shield, which the EU Commission has determined offers sufficient guarantees for an adequate level of data protection when processing data in the USA (certificate available at:
https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4or https://www.privacyshield.gov/par ticipant?id=a2zt000000001L5AAI).
Transparent and lawful processing of your data is of great importance to us. Therefore, the following information should enable you to find out at any time which personal data is collected during your visit to our website and when using our services and offers and how we process your data.
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

Data collection on our website

What data do we collect?
Personal data is all information that relates to an identified or identifiable person.
identifiable person. This includes, for example
- Address data: Name, postal address, e-mail address
- Telecommunications data: Landline and mobile phone number, email address
- Booking and purchase data: Requested, booked/ordered service, category, period or quantity, prices, service provider, payment method, data on any fellow travellers

What is mandatory information?
If certain data fields are designated as mandatory or required fields and are marked with an asterisk ( * ), the provision of this data is required by law or contract, or is necessary for the conclusion of the contract, the desired service or the stated purpose. Provision is at your discretion. Failure to provide this data may result in the contract not being fulfilled or the desired service not being provided or the stated purpose not being achieved.

How do we collect your data?
On the one hand, your data is collected when you provide it to us. This may, for example, be data that you enter in a contact or enquiry form, when making an online booking or requesting a brochure.
Other data is collected automatically by our IT systems when you visit the website. This is primarily technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter our website.

What do we use your data for?

a. Contact enquiries
We process your data to answer your contact enquiries (Art. 6 Para. 1 b, f GDPR), either directly, through contracted service providers or transmission to the respective service provider (accommodation, leisure provider, etc.). The communication of address data or telecommunications data is necessary in order to process your request and to be able to answer it via the desired communication channel. As a rule, we and, if applicable, the respective service provider store the information from your contact enquiry for a further six months after answering the enquiry in the event of further enquiries, unless they have to be stored for longer due to statutory retention obligations (see e.g. the storage period for purchases, bookings and contract-related enquiries below).

b. Bookings, purchases
In the case of a booking or purchase or other contract-related enquiries, we initially process your personal data (address data, telecommunications data, booking and purchase data, financial data if applicable) for the processing and handling of the booking, order or other contract-related enquiry and, if necessary, for billing and payment processing (Art. 6 para. 1 b GDPR).

When booking or purchasing third-party services, we transmit your data to the respective service provider as specified in the offer, who will process the data for the same purposes.

Where data is marked as mandatory, it is required for the processing or fulfilment of the corresponding contract or for invoicing. We or the service providers store your data relevant to the booking, order or other contract-related enquiry and the associated documents (e.g. commercial letters, invoices) in accordance with the statutory requirements for six years (Section 257 (4) HGB, Art. 6 (1) c GDPR) or ten years (Section 147 (3) AO, Art. 6 (1) c GDPR) after conclusion of the contract in accordance with the statutory provisions.

c. Display of web content and functions
Furthermore, we process data that is generated when you use our website, naturally for the display of the desired content and for the execution of the functions you have selected (Art. 6 para. 1 b and f GDPR).

d. Ensuring the security of the system
Every time a user accesses a page on our website, data about this process is temporarily stored and processed in a log file (Art. 6 para. 1 f GDPR). These are:
- Category or type, name and URL of the retrieved file,
- Date and time of access,
- Amount of data transferred,
- notification as to whether the request was successful,
- the access method/function requested by the requesting computer,
- a description of the type of web browser used with further information about the system,
- IP address,
- website from which the access was made.
The temporary storage of this so-called server log data is necessary to provide the service for technical reasons and then to ensure system security. The data is anonymised by truncating the IP address after seven days at the latest, unless and insofar as there are any anomalies indicating possible system errors, attempts at unauthorised access or other hacker attacks and longer storage is necessary for further clarification, technical elimination of the problems and/or legal prosecution. The other evaluation of this data is anonymised for statistical purposes.

e. Change of purpose
If we change the purposes of processing over time, we will inform you in advance by updating this data protection notice.

f. Extension of the storage periods
The specified retention periods may be extended accordingly if a longer statutory or contractual retention period exists in individual cases, in particular if the data is processed for different purposes.

How secure is your data?
We take technical and organisational security precautions to protect your personal data against accidental or intentional manipulation, loss, destruction or access by unauthorised persons and to ensure the protection of your rights and compliance with the applicable data protection regulations of the EU and the Federal Republic of Germany.
The measures taken are intended to ensure the confidentiality, integrity, availability and resilience of the systems and services in connection with the processing of your data in the long term and to restore them quickly in the event of a physical or technical incident.
This site therefore uses SSL encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

What rights do you have regarding your data?
You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the correction, blocking or deletion of this data. You can contact us at any time at the address given in the legal notice if you have any further questions on the subject of data protection. You also have the right to lodge a complaint with the competent supervisory authority.

Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can withdraw your consent at any time. All you need to do is send us an informal email. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to lodge a complaint with the competent supervisory authority
In the event of breaches of data protection law, the data subject has the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority for data protection issues is the state data protection officer of the federal state in which our company is based. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only take place if it is technically feasible.

Information, blocking, deletion
Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if necessary, a right to correction, blocking or deletion of this data at any time. You can contact us at any time at the address given in the legal notice if you have further questions on the subject of personal data.
Analysis tools and tools from third-party providers
When you visit our website, your surfing behaviour may be statistically analysed. This is primarily done using cookies and so-called analysis programmes. The analysis of your surfing behaviour is usually anonymous; the surfing behaviour cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. You can object to this analysis. We will inform you about the objection options in the following section of the privacy policy.

Cookies and tracking