1. Your personal data within the meaning of Art. 4 No. 1 GDPR (eg title, name, address, e-mail address , payment information) shall only be processed by us in accordance with the provisions of German data protection law and in consideration of the European General Data Protection Regulation (GDPR). The following regulations are about the nature, scope and purpose of the collection, processing and use of personal data.
2. The processing within the meaning of Art. 4 No. 2 GDPR of personal data is legal according to Art. 6 GDPR, if one of the following conditions exists:
(a) the data subject has given his consent to the processing of personal data concerning him/her for one or more specific purposes;
(b) the processing is necessary for the performance of a contract to which the data subject is a party or for the performance of any pre-contractual action taken at the request of the data subject;
(c) the processing is necessary to fulfill a legal obligation to which the controller is subject;
(d) the processing is necessary to protect the vital interests of the data subject or any other natural person;
(e) the processing is necessary for the performance of a task which is in the public interest or in the exercise of official authority delegated to the controller;
(f) the processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data prevail, in particular where the person concerned is a child.
3. The processing of special personal data (e.g. health data) within the meaning of Article 9 (1) of the GDPR is, in particular, lawful under Article 9 (2) of the GDPR if one of the following conditions applies:
- there is an express consent of the person;
- the processing is necessary for the assertion, exercise or defense of legal claims or for acts of the courts in the context of their judicial activity.
4. An automatic decision-making or profiling of personal data in the sense of Ar t. 22 GDPR does not take place.
5. The operator ensures the security of the data in accordance with Art. 32 GDPR by taking appropriate technical measures, taking into account the proportionality principle.
6. In the unlikely event that data protection is breached, the competent supervisory authority will be notified in accordance with Art. 33 GDPR and the data subject in accordance with Art. 34 GDPR.
Duration of data storage
The period of retention of the transferred data depends on the legal retention requirements. As far as commercial and tax retention periods are to be observed, the duration of the storage of certain data can be up to 10 years.
Transfer of data to third parties
A passing on of information provided within the framework of the contract data to third parties (Art. 4 No. 10 GDPR), takes place only if you expressly your consent (Art. 4 No. 11 GDPR) to declare or transfer the information to fulfill the contract's is requirements. The consent can be withdrawn informally at any time. Data collected by visiting the website are only collected by third parties, which are mentioned below.
Responsible according to the GDPR
The person responsible within the meaning of the General Data Protection Regulation (GDPR), as well as other data protection laws in the EU and other provisions of a data protection nature is:
Hotel Die Hirschgasse Heidelberg
Storage of access data in log files
You can visit our websites without giving any personal information. We only store access data in so-called server log files, such as the name of the requested file, the date and time of the retrieval, the amount of data transferred and the requesting provider. This data is evaluated solely to ensure trouble-free operation of the site and to improve our offer and does not allow us to conclude on your behalf. The purpose of the processing results is for our interest only within the meaning of Art. 6 para. 1 lit. f) GDPR.
An order processing contract has been finalized with our host the Mittwald CM Service GmbH & Co KG, Königsbergerstraße 6, 32339 Espelkamp.
This site stores cookies to recognize their visitors. There is no disclosure of the data obtained on the basis of cookies to third parties. If you still want to prevent the storage of cookies, you can disable this by changing your browser settings.
This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will be shortened by Google beforehand within member states of the EU or other parties to the Agreement on the European Economic Area.
Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data.
You can prevent the storage of cookies by a corresponding setting of your browser software. However, please note that in this case you may not be able to use all the features of this website to their full extent.
In addition, you may prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading the browser plug-in available under the following link and install: http://tools.google.com/dlpage/gaoptout?hl=entools.google.com/dlpage/gaoptout .
The Google Analytics anonymization feature is used to obscure IP addresses. An order fulfillment contract has been signed with Google Inc.
Google web fonts
On these websites external fonts, Google fonts are used. Google Fonts is a service of Google Inc. ("Google"). The integration of these web fonts is done by a server call, usually a Google server in the USA. This will be transmitted to the server, which of our websites you have visited. Also, the IP address of the browser of the terminal of the visitor of this website is stored by Google.
This site uses so-called web fonts provided by, Fonticons, Inc. for consistent font representation. When you call up a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
For this purpose, the browser you use must connect to the servers of, Fonticons, Inc. or the provider Stackpath record, tape. This will give, Fonticons, Inc. notice that your website has been accessed through your IP address. The use of web fonts is in the interest of a uniform and attractive presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
If your browser does not support web fonts, a default font will be used by your computer.
An order processing contract has been finalized.
Our website uses plugins from the Google-powered YouTube page. Site operator is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit one of our YouTube plug-in-enabled sites, you will be connected to the servers of YouTube. The YouTube server will be informed as to which of our pages you visited. If you're logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
During the application process, personal data such as name, address, telephone number and e-mail address are stored in the applicant database. Furthermore application documents (letters, CV , certificates, etc.) are recorded and saved. Your data will only be evaluated, processed or forwarded internally as part of the application process. Your data can only be viewed by employees and and the persons responsible for the selection. A dissemination of the data to third parties will not take place.
In the case of a successful application, the exercise data is transferred to the personnel file. The remaining applicant data will be stored for a maximum of 3 months after the end of the bidding process.
At any time you have the option to revoke the consent and to delete the applicant data. For this an informal e-mail will be enough.
Security of your data / SSL encryption
In accordance with the statutory provisions of § 13 (7) TMG, this site uses SSL encryption, which can be recognized by a lock symbol in the address bar of your browser. Submitted data can not be read by third parties if SSL encryption is activated.
In general, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we'll use 128-bit v3 technology instead. Whether a single page of our website is transmitted in encrypted form is indicated by the closed representation of the key or lock symbol in the status bar of your browser.
We also take appropriate technical and organizational security measures (TOM) to protect your data against accidental or intentional manipulation, partial or total loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
Rights of the user
You can request information about the personal data stored about you at any time and free of charge. Your rights also include the acknowledgment, correction, limitation, blocking and deletion of such data and the provision of a copy of the data in a form suitable for transmission, as well as the revocation of consent granted and the objection. Legal storage obligations remain unaffected.
Their rights arise in particular from the following standards of the GDPR:
For exercising your rights (with the exception of Art. 77 GDPR), please contact the office named under the item "Responsible according to the GDPR" (eg by e-mail).
Responsible are the state data protection officers of the federal state, in which the responsible authority (see above) has its seat (Baden-Württemberg). The current contact details can be found here: