Privacy Policy

Privacy Policy

Thank you for visiting our website. In the following, we would like to inform you which personal data we collect, for which purposes we process your personal data and which rights you are entitled to.

Definition

According to Article 4 No. 1 GDPR, personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. According to Article 4 No. 2 GDPR, the term "processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Responsible Party

Jens and Claudia Sonnenberg, Sonnenberg GbR (civil law association)
Gartenstraße 15
74249 Jagsthausen
Germany
Phone: 0049 7943 5699835
E-Mail: fewo@sonnenberg-jagsthausen.de

Data protection officer

We have not appointed a data protection officer, nor are we legally obliged to do so. Please send your request to the responsible party.

Types of processed data 

Stock data (name, address, etc.)
Contact data (e-mail, telephone number, etc.)
Meta /communication data / usage data (IP address, operating system, etc.)

Rights of the affected


Right to information (Article 15 GDPR)

You have the right to request confirmation from us as to whether we are processing personal data about you. If this is the case, you have the right to information about this personal data and to the information mentioned in Article 15 (1) GDPR.

Right to rectification (Article 16 GDPR)


If we process incorrect personal data about you, you have the right to request correction of this incorrect data. In addition, you have the right to request the completion of incomplete personal data.

Right to erasure (Article 17 GDPR)

If one of the reasons listed in Article 17 (1) GDPR applies, you have the right to demand the immediate deletion of your personal data. This does not apply if one of the reasons mentioned in Article 17 (3) GDPR applies.

Right to restriction of processing (Article 18 GDPR)

Insofar as one of the conditions specified in Article 18 (1) GDPR applies, you have the right to demand the restriction of the processing of your data.

Right to object to processing (Article 21 GDPR)

If we process personal data of yours on the basis of Article 6(1) e) or f) of the GDPR, you have the right to object to such processing on grounds relating to your particular situation in accordance with Article 21(1) of the GDPR.

Right to data portability (Article 20 GDPR)

You have the right, provided the conditions set out in Article 20(1) of the GDPR are met, to receive the personal data relating to you that you have provided to us in a structured, commonly used and machine-readable format and you have the right to transfer this data to another responsible person without hindrance from us.

Right to withdraw consent at any time (Article 7 (3) GDPR)

You have the right to withdraw your consent at any time. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

Right to complain to a supervisory authority (Article 77 GDPR)

You may also contact a data protection supervisory authority with any complaints about the processing of your personal data. Responsible for us, as the responsible party, is the State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg. Contact details: Lautenschlagerstraße 20, 70173 Stuttgart, Germany. Telephone: 0049 711 / 61 55 41 - 0 Fax: 0049 711 / 61 55 41 - 15 E-mail: poststelle@lfdi.bwl.de However, you can generally address your complaint to any data protection supervisory authority, in particular also to the supervisory authority of your own place of residence or work or the place of the alleged violation.

Existence of automated decision-making including profiling (Article 13 (2) f), Article 22 (1), (4) GDPR)

We do not use automated decision-making including profiling (Article 13 (2) f), Article 22 (1), (4) GDPR).

Processing operations

Personal data is processed in the following operations:

Contact form / inquiry by telephone or e-mail

If you contact us via the contact form provided on our website, the data you enter there will be processed. The purpose of the processing is to respond to your enquiry and to fulfil any (pre-)contractual obligations. The legal basis is (implied) consent pursuant to Article 6 (1) a) GDPR and, if applicable, Article 6 (1) b) GDPR. We will store the data for as long as is necessary to answer your enquiry or to fulfil (pre-)contractual or legal obligations. The same also applies accordingly for contact by telephone and for contact by e-mail.

Google Maps

We integrate Google Maps on our website using the Google API. Google Maps is an interactive map service of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Imprint: https://www.google.de/intl/de/contact/impressum.html. Google Ireland Limited is a subsidiary of Google LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter "Google"). Google's privacy policy can be found here: https://policies.google.com/privacy?hl=en-US.

If you call up a sub-page on which the Google Maps plugin is implemented, Google will receive information about this call. In addition to this information, the above-mentioned meta/communication data/usage data is also transmitted to Google. Google uses this data to create a user profile, even if you do not have a Google account. If you have a Google account and are logged in when you visit the subpage, the transmitted data will be assigned to your Google account. This data is stored by Google and used for advertising and/or market research purposes, such as the provision of tailored advertising. You have the right to object to this, but you must express this directly to Google. The legal basis for this processing is your consent pursuant to Article 6 (1) a) GDPR in conjunction with Article 49 (1) a) GDPR.

Since personal data is transferred to the USA when Google Maps is used and the parent company of Google Ireland is a US company, data transfer to third countries takes place (Article 44 et sqq. GDPR), or at least cannot be ruled out. The USA is an unsafe third country from a data protection perspective. For the USA, there is currently neither an EU adequacy decision nor other suitable guarantees. In the USA, there is currently no level of data protection equivalent to that in the EU, which is why your personal data is less well protected and there is therefore a risk to your rights and freedoms. In particular, due to the legal situation in the USA, it is not excluded that government agencies may gain access to data transferred to the US or processed/stored by US companies. One such legal basis for US authorities is Section 702 of the Foreign Intelligence Surveillance Act ("FISA", a law that regulates the foreign intelligence and counterintelligence activities of the United States).

In addition to this legal regulation, US companies from the telecommunications sector and "remote computing services" (especially cloud providers fall under this) are subject to the so-called "Cloud Act" (Clarifying Lawful Overseas Use of Data Act). This is a legal clarification according to which the access rights of US authorities to personal data also apply if this data is processed outside the USA, provided that the data is controlled by US companies.

If US authorities gain access to your data on the basis of this current legal situation in the US, you as an EU citizen have no effective legal protection. The risk with this processing therefore lies in particular in the lack of enforceable rights and effective legal remedies against access and processing by US authorities. If you give us your consent, you do so in full knowledge of the risks just described. Your consent is the legal basis for the transfer of data to a third country in accordance with Article 49 (1) a) GDPR.

Cloudflare

On our website, a connection is established to servers of the company Cloudflare, Inc. (101 Townsend St., San Francisco, CA 94107, USA). The use of Cloudflare is related to the use of certain JavaScript libraries that are provided on Cloudflare servers and to which a connection is established when you visit our website. In our case, we use the JavaScript "bootstrap-datepicker". During this processing, data is also transmitted to servers in the USA. The legal basis for this processing is Article 6 (1). f) GDPR. Our legitimate interest lies in the use of the aforementioned JavaScript with the help of which we can offer our "service" or "product".

Data is transferred to third countries (Article 44 et sqq. GDPR). The USA is an unsafe third country from a data protection perspective. For the USA, there is currently neither an EU adequacy decision nor other suitable guarantees. In the USA, there is currently no level of data protection equivalent to that in the EU, which is why your personal data is less well protected and there is therefore a risk to your rights and freedoms. In particular, due to the legal situation in the US, it is not excluded that government agencies may gain access to data transferred to the US or processed/stored by US companies. One such legal basis for US authorities is Section 702 of the Foreign Intelligence Surveillance Act ("FISA", a law that regulates the foreign intelligence and counterintelligence activities of the United States).

In addition to this legal regulation, US companies from the telecommunications sector and "remote computing services" (especially cloud providers fall under this) are subject to the so-called "Cloud Act" (Clarifying Lawful Overseas Use of Data Act). This is a legal clarification according to which the access rights of US authorities to personal data also apply if this data is processed outside the USA, provided that the data is controlled by US companies.

If US authorities gain access to your data on the basis of this current legal situation in the US, you as an EU citizen have no effective legal protection. The risk with this processing therefore lies in particular in the lack of enforceable rights and effective legal remedies against access and processing by US authorities.

Adobe Typekit

We use the web fonts service Typekit of the company Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland on our website. The parent company of this Irish-based company is: Adobe Inc, San Francisco, 345 Park Avenue, San Jose, California 95110, USA.

When using Typkit, a connection is established to servers within the EU. In this process, personal data (such as your IP address and other "meta data") are transmitted to the servers of Typkti or Adobe. Fonts or CSS files are landed from these servers. The purpose of this processing is the appealing design of our website. The legal basis for this processing is Article 6 (1) f) GDPR. Our legitimate interest in this processing lies in the aforementioned purpose.

Smoobu

For the administration and booking of our holiday flat we use the software "smoobu" of the company Smoobu GmbH, Falckensteinstr 48, 10997 Berlin, Germany, e-mail: service@smoobu.com, phone: 0049 30 2555 7431, https://www.smoobu.com/en/. The purpose of the processing of personal data associated with the use of smoobu also lies in the simple management option that the software offers us. Through the use of smoobu, a connection is established to the Smoobu servers located in Germany. Personal data such as your IP address and other meta and communication data are transmitted to the servers of smoobu. If you make a booking via the Smoobu interface, the data you enter there will also be processed. We have concluded an order processing contract with Smoobu in accordance with Article 28 GDPR. The legal basis for this processing is Article 6 (1) b), f) GDPR, Article 28 GDPR. The legitimate interest lies in a simple and uncomplicated management of our holiday flat.