Data privacy

Edit data privacy

Declaration of consent in accordance with EU Regulation No. 679/2016 (DSGVO).

Upon successful booking/reservation at our hotel, I consent to the processing and storage of my data to facilitate the processing of now subsequent stays. This consent can be revoked at any time and without giving reasons in writing or orally.

General privacy policy

EDELWEISS Berchtesgaden GmbH, as the operator of these pages, takes the protection of the personal data of visitors to its website (referred to in this privacy statement as “users*) very seriously in order to act as a trustworthy partner to the users of the website. The responsible party within the meaning of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other provisions with data protection character is the company

EDELWEISS Berchtesgaden GmbH Maximiliansstraße 2 83471 Berchtesgaden Germany Phone +49 8652 97 99 – 0 Fax +49 8652 97 99 – 266 E-mail: [email protected]

You can reach our data protection officer at [email protected]

1. scope of the processing of personal data

As a matter of principle, we process personal data of the users of this website only insofar as this is necessary for the provision of a functional website as well as for the use and implementation of our services. Users* of our website may submit their data in order to:

Subscribe to our newsletter
Register for events
Obtain information on services/products, offers, availability of rooms, cost estimates
book stays in our hotel

2. collection and storage of personal data

When calling up our website, information is automatically sent to the server of our website by the browser used by the user*s. This information is temporarily stored in a so-called log file. The following information is collected and stored until automated deletion:

IP address of the requesting computer
Date and time of access
Name and URL of the accessed file
Website from which access was made (referrer URL) Browser used and, if applicable, operating system of the requesting computer as well as of the user’s ISP.

The aforementioned data is processed by us for the following purposes:

Ensuring a smooth connection setup of the website
Ensuring a comfortable use of our website
Evaluation of system security and stability
For further purposes of system administration

3. use of data

Personal data is used to enable users to visit the website (connection establishment) and to compile anonymous usage statistics on the basis of the automatically transmitted data, which make it possible to track the use of the website and to design it in a way that is more tailored to needs and target groups. In addition, the data is processed in order to answer users’ contact requests, to carry out orders or bookings and to tailor the services to users’ wishes. If necessary, the users’ data may also be used to enforce our rights or the rights of third parties.

The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest is derived from the aforementioned purposes for data collection. In no case will the collected data be used for the purpose of drawing conclusions about the identity of users*.

4. use of our contact form

For the purpose of booking and other requests or questions, users are offered the opportunity to contact us via forms provided on the website. In doing so, it is necessary to provide a valid e-mail address so that we know from whom the request originates and so that we can answer it. Further information can be provided voluntarily. Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO on the basis of the consent voluntarily given by the users*. The personal data collected by us for the use of the forms will be automatically deleted after completion of the request.

5. cookies

Our website uses so-called cookies. These serve to make our offer more user-friendly and secure. Cookies are small text files that are stored on the user’s computer and saved by their browser.

Most of the cookies we use are so-called “session cookies”, which are automatically deleted after the end of the user’s visit. Other cookies remain stored on the user’s terminal device until he or she deletes them. These cookies are used to recognize the user’s browser on the next visit. When accessing the website, users can decide which cookies should be allowed or excluded in individual cases. The deactivation of individual cookies may limit the functionality of this website.

6. integration of services and contents of third parties

Our website includes services and content of the following companies or social networks:

Google Analytics, Google IP Locator, Google Maps, Google Maps Distance Api, Google reCAPTCHA Owner: Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA Social network YouTube content Owner: Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA Social network Facebook Owner: Facebook Inc, Menlo Park, California USA Social network Google Plus Owner: Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA Social network Instagram Owner: Facebook Inc., Menlo Park, California USA Social network Twitter Owner: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland Social network Vimeo Owner: Vimeo Inc., 555 West 18th Street, New York, New

a) Google Analytics

The web analytics service Google Analytics used for this website uses cookies that are stored on the terminal device used by the user*s and enable an analysis of the use of the website by the user*s. The information generated by these cookies about the use of the website by the users is usually transmitted to a Google server in the USA and stored there. We have activated the IP anonymization function on this website. This means that the IP address of the user is shortened by Google within member states of the EU or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Google is commissioned by us to evaluate the use of the website by its users in order to compile reports on website activities and to provide us with further services associated with the use of the website and the Internet. The IP address transmitted within the scope of Google Analytics is not merged with other Google data. Users* can prevent the collection of their data by Google Analytics by clicking on the following link. An opt-out cookie will then be set, which will prevent the collection of their data during future visits to this website.


b) Plugins (e.g. Like buttons) of social networks.

Plugins of the social networks listed above are integrated on our pages. These plugins can be recognized by the respective logo and the “like button” or similar on our site. When visiting our pages, a direct connection between the user’s browser and the server of the respective social network is established via the respective plugin and the IP address of the user on our page is transmitted there. We would like to point out that we, as the provider of this website, have no knowledge of the content of the transmitted data or its use by the respective network.

If the users are logged into their account on the relevant network while using this website, it will be possible for the network to assign the surfing behavior of the users directly to their personal profile. This can be prevented by logging out of the account with the relevant social network.

7. transfer of data to third parties

In connection with the processing of orders and bookings, we transmit personal data on the basis of Art. 6 para. 1 p. 1 lit. f DSGVO to service providers who support us in the processing. This concerns in particular providers of credit card billing services, insofar as the data transfer is necessary for the processing of the payment. In this respect, we work together with the following companies: American Express International Inc. NL Germany, Theodor-Heuss-Allee 112, 60486 Frankfurt am Main (for AMEX Card); hobex AG, payment systems, Josef-Brandstätter-Str. 2b, A-5020 Salzburg for Visa, MasterCard, Maestro). We only pass on user data to other companies or third parties with their express consent or in accordance with mandatory legal provisions.

8 Duration and deletion of data storage

Personal data will only be stored as long as it is necessary for the provision of the services requested by the users or for the fulfillment of legal retention periods, Art. 6 para. 1 p. 1 lit. b DSGVO.

Data that is collected when surfing our website and that can legally be considered personal data (such as the full IP address) is stored for a period of 14 days, unless an exceptional incident, such as in hacker attack, requires a longer storage period. Personal data resulting from a booking will be stored for a maximum of 10 years.

9. rights of the users

All users* have the right: according to Art. 15 DSGVO to request information about their*his personal data processed by us. In particular, information about the processing purposes, the category of personal data, the categories of recipients to whom the data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of her*his data if it was not collected by us; pursuant to Art. 16 DSGVO, the correction of inaccurate or incomplete personal data stored by us without undue delay; pursuant to Art. 17 DSGVO, the deletion of personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims; pursuant to Art. 18 DSGVO to restrict the processing of his/her personal data, insofar as the accuracy of the data is disputed by him/her, the processing is unlawful, but the user rejects its deletion and we no longer need the data, but the user requires it for the assertion, exercise or defense of legal claims, or the user objects to the processing of his/her personal data pursuant to Art. 21 DSGVO to object to the processing; pursuant to Art. 20 DSGVO to receive his/her personal data that he/she has provided to us in a structured, common and machine-readable format or to request the transfer to another controller; pursuant to Art. 7 para. 3 DSGVO to revoke his/her consent given to us at any time. This has the consequence that we may no longer continue the data processing based on this consent in the future and to complain to a supervisory authority in accordance with Art. 77 DSGVO. As a rule, she*he can contact the supervisory authority of her*his usual place of residence or workplace or our registered office in accordance with Art. 21 DSGVO to object to the processing of her*his personal data, insofar as there are grounds for doing so that arise from her*his particular situation or the objection is directed against direct advertising. In the latter case, users* have a general right of objection, which is implemented by us without specifying a particular situation. Users have the option to inform us of their objection informally by telephone, e-mail, fax or to our postal address listed at the beginning of this data protection declaration.

10. data security

To ensure data security, the transmission of the content of our website is encrypted using the SSL procedure in accordance with the state of the art. To secure the data, we and the commissioned service providers, with whom corresponding contractual agreements have been made, use suitable measures in accordance with the state of the art, in particular to restrict access to the data, to protect against changes and loss, and to ensure confidentiality in accordance with the state of the art.

Status and updating of this privacy policy This privacy policy is as of 01.06.2021. We reserve the right to update the privacy policy in due course in order to improve and/or adapt data protection.

11. EDELWEISS Guestclub

This website uses KunLeiSys guest club software (regular guest area). Provider is GASTROpoint GmbH, Pommernstraße 17, 83395 Freilassing, Germany. KunLeiSys Guest-Club Software is a service with which the Guest-Club, offers, loyalty points, e-mails on occasions and newsletter dispatch is organized and managed. You can register for the guest club on our website. We use the data entered for this purpose only for the purpose of using the respective offer or service. The mandatory information requested during registration must be provided in full. Otherwise, we will reject the registration. The processing of the data entered during registration is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke any consent you have given at any time free of charge. You can do this via the unsubscribe link in the email or by unsubscribing in the guest club. The data you have deposited with us for the purpose of the guest club will be stored by us until you unsubscribe and will be deleted from our servers as well as from the servers of GASTROpoint GmbH after you have unsubscribed and deleted your guest club account. For important changes, for example in the scope of the offer or in the case of technically necessary changes, we will use the e-mail address provided during registration or in your profile to inform you in this way. Legal retention periods remain unaffected. We have concluded an order data processing contract with GASTROpoint GmbH and fully implement the strict specifications of the data protection authorities when using KunLeiSys Gäste-Club software.