Data Protection
We take data protection seriously
The protection of your privacy when processing personal data is an important concern for us. When you visit our website, our web servers store the IP of your Internet service provider, the website from which you visit us, the web pages you visit on our site and the date and duration of the visit as standard. This information is absolutely necessary for the technical transmission of the web pages and secure server operation. A personalized evaluation of this data does not take place. This data protection declaration also refers to the processing of personal data and information in the sense of § 25 TTDSG within the framework of this internet presence in the context of this website, including the services offered there.
Responsible Body:
Bella Residencia Immobilienverwaltungs GmbH
Im Steingerüst 32
76437 Rastatt, Germany
Phone: +49 7222 59 467 - 999
Fax: +49 7222 59 467 - 998
Email: kontakt[at]bellaresidencia.de
Personal Data
Personal data is data about your person. This includes your name, address and email address. You do not have to disclose any personal data to visit our website. In some cases we need your name and address as well as other information to be able to offer you the requested service.
The same applies in the case that we supply you with information material on request or when we answer your inquiries. In these cases we will always point this out to you. In addition, we only store the data that you have transmitted to us automatically or voluntarily.
When you use one of our services, we usually only collect the data that is necessary to provide you with our service. We may ask you for additional information, but this is voluntary. Whenever we process personal data, we do so in order to provide you with our service or to pursue our commercial objectives.
Contacting
When contacting us (e.g. via contact form, email, telephone or via social media), the information provided by the person making the enquiry is processed to the extent necessary to respond to the contact enquiries and any measures requested.
The response to contact enquiries in the context of contractual or pre-contractual relationships is carried out to fulfil our contractual obligations or to respond to (pre)contractual enquiries and otherwise on the basis of the legitimate interests in responding to the enquiries.
-
Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms).
-
Data subjects: Communication partners.
-
Purposes of processing: Contact requests and communication.
-
Legal basis: Contract performance and pre-contractual enquiries (Art. 6 para. 1 lit. b. DSGVO), Legitimate Interests (Art. 6 para. 1 lit. f. DSGVO).
Automatically stored data
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
-
Date and time of the request
-
Name of the requested file
-
Page from which the file was requested
-
Access status (file transferred, file not found, etc.)
-
Web browser and operating system used
-
Complete IP address of the requesting computer
-
Amount of data transferred
This data is not merged with other data sources. The processing is carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of our legitimate interest in improving the stability and functionality of our website.
For reasons of technical security, in particular to defend against attempted attacks on our web server, we store this data for a short period of time. It is not possible for us to draw conclusions about individual persons on the basis of this data. After seven days at the latest, the data is anonymised by shortening the IP address at domain level, so that it is no longer possible to establish a link to the individual user. The data is also processed in anonymised form for statistical purposes; it is not compared with other data or passed on to third parties, even in extracts. Only within the framework of our server statistics, which we publish every two years in our activity
report, is a presentation of the number of page views made.
What data are processed and from which sources do these data originate?
We process the data that we have received from you in the context of initiating or processing a contract on the basis of your consent.
Personal data includes:
Your master/contact data, for customers this includes e.g. first name and surname, title, form of address, gender, address, contact data (email address, telephone number, fax), bank data, ID data, details of fellow travellers.
In addition, we also process the following other personal data:
-
Information on the nature and content of contract & booking data.
-
Advertising and sales data,
-
Information from your electronic dealings with us (e.g. IP address, log-in data),
-
Other data we have received from you in the course of our business relationship (e.g. in customer meetings),
-
Documentation of your declaration of consent to receive e.g. newsletters.
For what purposes and on what legal basis are the data processed?
We process your data in accordance with the provisions of the General Data Protection Regulation (DS-GVO) and the Federal Data Protection Act 2018, as amended:
-
For the fulfilment of (pre-)contractual obligations (Art 6 para. 1lit.b DS-GVO):
-
Your data is processed online or in our office for the purpose of processing contracts. The data is processed in particular when initiating business and executing contracts with you.
-
For the fulfilment of legal obligations (Art 6 para. 1 lit.c DS-GVO):
-
Processing of your data is necessary for the purpose of fulfilling various legal obligations, e.g. from the German Commercial Code or the German Fiscal Code.
-
For the protection of legitimate interests (Art 6 para. 1 lit.f DS-GVO):
-
Based on a balancing of interests, data processing may be carried out beyond the actual fulfilment of the contract in order to safeguard the legitimate interests of us or third parties. Data processing for the protection of legitimate interests takes place, for example, in the following cases:
-
Advertising or marketing
-
Measures for business management and further development of services
-
Maintaining an internal customer database to improve customer service
-
in the context of legal prosecution
-
You can object to the use of your personal data for advertising purposes at any time, either in whole or for individual measures, without incurring any costs other than the transmission costs according to the basic rates.
We are entitled, under the legal conditions of Section 7 (3) of the German Unfair Competition Act (UWG), to use the e-mail address that you provided when concluding the contract for direct advertising. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter. If you do not wish to receive such recommendations from us by e-mail, you can object to the use of your address for this purpose at any time without incurring any costs other than the transmission costs according to the basic rates. A message in text form is sufficient for this purpose. Of course, an unsubscribe link is always included in every email.
Within the scope of your consent
(Art. 6 para. 1lit.a DSGV)
Who will receive my data?
If we use a service provider in the sense of commissioned processing, we still remain responsible for the protection of your data. All commissioned processors are contractually obliged to treat your data confidentially and to process it only in the context of providing the service. The processors we commission receive your data insofar as they require the data to fulfil their respective service. These are, for example, IT service providers that we require for the operation and security of our IT system as well as advertising and address publishers for our own advertising campaigns.
In the event of a legal obligation and in the context of legal prosecution, authorities and courts as well as external auditors may be recipients of your data.
In addition, insurance companies, banks, credit agencies and service providers may be recipients of your data for the purpose of initiating and fulfilling contracts.
How long will my data be stored?
We process your data until the end of the business relationship or until the expiry of the applicable statutory retention periods (such as from the German Commercial Code, the German Fiscal Code); furthermore, until the end of any legal disputes in which the data is required as evidence.
Is personal data transferred to a third country?
In principle, we do not transfer any data to a third country. A transfer takes place in individual cases only on the basis of an adequacy decision of the European Commission, standard contractual clauses, appropriate guarantees or your express consent.
Cookies
When you visit our website, we may store information on your computer in the form of cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters by which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the visited Internet pages and servers to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific internet browser can be recognised and identified via the unique cookie ID.
Through the use of session cookies, the controller can provide the users of this website with a user-friendly service that would not be possible without the setting of cookies. Without consent, we only use technically necessary cookies on the legal basis of legitimate interest pursuant to Art. 6 (1) lit. f DSGVO.
We only use personal cookies to improve our website or for marketing/advertising purposes with your consent. During your first visit, you can voluntarily agree to tracking or analysis by clicking on the cookie banner. Your data may be passed on to partners or third-party providers. These cookies will only be stored if you explicitly agree to this; the legal basis is then your consent in accordance with Art. 6 Para. 1 lit. a DSGVO.
You can change your settings for the use of cookies here at any time: https://www.theprivatehideaway.com/en/datenschutz#
Hosting of the Website
We host the content of our website with the following provider:
Provider is Wix.com Ltd, 40 Namal Tel Aviv St, Tel Aviv 6350671, Israel (hereinafter "WIX").
WIX is a tool for creating and hosting websites. When you visit our website, WIX is used to analyse user behaviour, visitor sources, the region of website visitors and visitor numbers. WIX stores cookies on your browser that are necessary for the presentation of the website and to ensure security (necessary cookies). The data collected via WIX may be stored on various servers worldwide. The WIX servers are located in the USA, among other places.
Details entnehmen Sie der Datenschutzerklärung von WIX:
https://de.wix.com/about/privacy.
According to WIX, data transfer to the USA and other third countries is based on the standard contractual clauses, the EU Commission adequacy decision or comparable guarantees in accordance with Art. 46 DSGVO.
based. Details can be found here:
https://de.wix.com/about/privacy-dpa-users.
The use of WIX is based on Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in the most reliable presentation of our website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. A DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.
Order processing
We have concluded an order processing agreement (AVV) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that it only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DSGVO.
Vioma BOOKING - Online Bookings and Booking Requests
Our website uses the booking technology vioma BOOKING, provided by vioma GmbH ("vioma"), Industriestrasse 27, 77656 Offenburg, Germany.
If you make an online booking or a booking enquiry via our website, we require your e-mail address, your travel data, the booked product and your title as well as first and last name for processing. In individual cases, your telephone number will also be requested in order to be able to contact you quickly, particularly in relation to unforeseeable circumstances that affect your booking.
For the calculation of the valid travel price, the dates of stay, the selected product, the number of persons travelling and whether the persons are adults or children are required. If you are travelling with children, the age of the children is also requested for the correct calculation of the travel price. Furthermore, we ask for the desired means of payment for the trip. If a prepayment is applicable for your travel parameters, you will be forwarded to a payment service provider for the secure processing of the prepayment after selecting the desired means of payment. Further information in the form is provided on a voluntary basis.
The processing of your data for the online booking and the online booking request is based on Art. 6 para. 1 lit. b DSGVO and serves the fulfilment of a contract or the implementation of pre-contractual measures.
The data you send us will remain with us until the purpose for storing the data no longer applies (e.g. after processing your request has been completed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.
Conclusion of a contract on commissioned processing
In order to ensure data protection-compliant processing, we have concluded an order processing contract with vioma.
FriendlyCaptcha
For form submission, we use the anti-bot service from FriendlyCaptcha. This respects the highest German data protection standards and does not store any personal data of the end users. For more information on FriendlyCaptcha's privacy policy, please click here:
https://friendlycaptcha.com/de/legal/privacy-end-users/
CCM 19
Our website uses CCM19 to obtain your consent to the storage of certain cookies on your end device or to the use of certain technologies to document this in accordance with data protection law. The provider of this technology is Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn, Germany (hereinafter "CCM19").
When you enter our website, a connection is established to the servers of CCM19 in order to obtain your consent and other declarations regarding the use of cookies. CCM19 then stores a cookie in your browser in order to be able to allocate the consents given to you or their revocation. The data collected in this way is stored until you request us to delete it, delete the CCM19 cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.
CCM19 is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 p. 1 lit. c DSGVO.
We have concluded a contract on order processing (OP) pursuant to Art. 28 DSGVO with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors according to our instructions and in compliance with the DSGVO.
Jotform
We have integrated Jotform on this website. The provider is Jotform Inc., 111 Pine St. Suite, 1815 San Francisco, California 94111, USA (hereinafter Jotform).
Jotform enables us to create online forms to collect messages, enquiries and other input from our website visitors. All entries made by you are processed on Jotform's servers.
The use of Jotform is based on our legitimate interest in a user-friendly determination of your request (Art. 6 para. 1 lit. f DSGVO). If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 Para. 1 lit. a DSGVO and 25 Para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
The data you enter in the form will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after processing your enquiry has been completed). Mandatory legal provisions - in particular retention periods - remain unaffected.
The data transfer to the USA is secured by EU standard contractual clauses that we have concluded with Jotform. Details can be found here: https://www.jotform.com/gdpr-compliance/dpa/.
We have concluded a contract on order processing (OP) according to Art. 28 DSGVO with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DSGVO.
Google Web Fonts (local Hosting)
This site uses so-called web fonts provided by Google for the uniform display of fonts. The Google Fonts are installed locally. A connection to Google servers does not take place.
Further information on Google Web Fonts can be found at
https://developers.google.com/fonts/faq and in Google's privacy policy:
https://policies.google.com/privacy?hl=de.
Communication via WhatsApp
We use the instant messaging service WhatsApp to communicate with our customers and other third parties. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Communication takes place via end-to-end encryption (peer-to-peer), which prevents WhatsApp or other third parties from gaining access to the communication content. However, WhatsApp receives access to metadata that is created in the course of the communication process (e.g. sender, recipient and time). We would also like to point out that WhatsApp states that it shares personal data of its users with its parent company Facebook, which is based in the USA. Further details on data processing can be found in WhatsApp's privacy policy at: https://www.whatsapp.com/legal/#privacy-policy
WhatsApp is used on the basis of our legitimate interest in the fastest and most effective communication with customers, interested parties and other business and contractual
contractual partners (Art. 6 para. 1 lit. f GDPR). If a corresponding consent has been requested, the data processing takes place exclusively on the basis of the consent; this can be revoked at any time with effect for the future.
The communication content exchanged between and on WhatsApp will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular retention periods - remain unaffected.
We use WhatsApp in the “WhatsApp Business” version.
WhatsApp relies on the Transatlantic Data Privacy Framework of July 10, 2023 (TADPF) for the transfer of data to recipients based in the USA and, in the case of data transfer to other third countries, on standard contractual clauses approved by the EU Commission as a guarantee of a level of data protection comparable to that in the EU.
You can find details here: https://www.whatsapp.com/legal/business-data-transfer-addendum
Online Account on Facebook and Instagram
If you have given your consent to the respective social media operator in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, your data will be automatically collected and stored for market research and advertising purposes when you visit our online accounts on the social media platforms mentioned above, from which user profiles are created using pseudonyms. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. Cookies are generally used for this purpose. For detailed information on the processing and use of data by the respective social media operator as well as a contact option and your rights and settings options for protecting your privacy in this regard, please refer to the providers' data protection notices linked below. If you still need help in this regard, you can contact us.
Security
We have implemented technical and administrative security measures to protect your personal data against loss, destruction, manipulation and unauthorised access. All our employees and service providers working for us are bound by the applicable data protection laws.
Whenever we collect and process personal data, it is encrypted before it is transmitted. This means that your data cannot be misused by third parties. Our security measures are subject to a continuous improvement process and our data protection statements are constantly being revised. Please ensure that you have the latest version.
Data subject rights
You have a right to information, correction, deletion or restriction of the processing of your stored data at any time, a right to object to the processing as well as a right to data portability and to lodge a complaint in accordance with the requirements of data protection law.
Right to information:
You can request information from us as to whether and to what extent we process your data.
Right to rectification:
If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.
Right to erasure:
You may request that we erase your data if we are processing it unlawfully or if the processing disproportionately interferes with your legitimate interests in protection. Please note that there may be reasons that prevent immediate deletion, e.g. in the case of legally regulated retention obligations.
Irrespective of the exercise of your right to deletion, we will delete your data immediately and completely, insofar as there is no legal or statutory obligation to retain data in this respect.
Right to restriction of processing:
-
You may request us to restrict the processing of your data if
-
You dispute the accuracy of the data, for a period of time that allows us to verify the accuracy of the data.
-
The processing of the data is unlawful, but you refuse erasure and instead request restriction of the use of the data,
-
We no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
-
You have objected to the processing of the data.
Right to data portability:
You may request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you may transfer this data to another controller without hindrance from us, provided that
-
We process this data on the basis of consent given by you, which may be revoked, or for the performance of a contract between us, and
-
This processing is carried out with the aid of automated procedures.
-
If technically feasible, you may request us to transfer your data directly to another controller.
Right to object:
If we process your data for legitimate interest, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims. You may object to the processing of your data for the purpose of direct marketing at any time without giving reasons.
Right of appeal:
If you are of the opinion that we are violating German or European data protection law when processing your data, please contact us so that we can clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.
If you wish to assert any of the aforementioned rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.
Changes to this Privacy Policy
We reserve the right to change our privacy policy if necessary due to new technologies. Please ensure that you have the latest version. If fundamental changes are made to this privacy policy, we will announce them on our website.
All interested parties and visitors to our website can contact us on data protection issues at:
Mr. Fabian Fromm
Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg, Germany
Phone: +49 941 2986930
Fax: +49 941 29869316
E-Mail: anfragen@projekt29.de
Internet: www.projekt29.de