Personal data are such as name, address, e-mail address, dot adress or telephone number of a data subject. The collecting of personal data shall always be in line with the General Data Protection Regulation (GDPR).
1. Name and Address of the controller
Controller for the purposes of the General Data Protection Regulation (GDPR) according to Art. 4 Nr. 7 GDPR is:
Frau Ulrike Munte
Alte Kirchstrasse 6 A-D
Telefon: +49 531 – 26340
Fax: +49 531 – 2634-444
If you want to object to the collecting, processing or use of your personal data you can contact our controller and send an e-mail with your objection.
2. Which personal data do we collect?
We collect, handle, process, transfer and liquidate following personal data:
– interested individual persons and individual guests of our BoardingHouse
– all other individual persons, that have contact with us (e.g. appointed agents of our guests, legal guardians, staff of legal persons, visitors from our website
We collect your personal data, when you contact us by e-mail or by telephone. Are you staying at our BoardingHouse Mascherode we also collect your personal data. This data is highly sensitive.
We collect and process personal data as follows:
- personal data (e.g. first name, surname, adress, date of birth, place of birth, e-mail-adress, phone number, data of credit card)
any data concerning kids are processed if these are named by the legal guardians and stay as
3. Collecting of General data and information
Our website collects a series of general data and information when a data subject calls up the website. This data is necessary to show you our website correctly and to guarantee the stability and security. Legal basis is Art. 6 Abs. 1 S. 1 f) GDPR.
an Internet protocol address (IP address)
the date and time of access to the Internet site,
difference of time zone to Greenwich Mean Time (GMT)
status of access/HTTP-Statuscode
transferred amount of data
the website from which an accessing system reaches our website
the Internet service provider of the accessing system
operating system and its surface
the browser types and versions used
If you contact us either per contact form or e-mail, we process your data in order to be able to handle your inquiry and further questions. If the processing of personal data concerns the procedure of conditions precedent to the contract respectively if you already are our guest in order to handle the contract, the legal basis is Art. 6 Abs. 1 S. 1 b) GDPR.
We process other personal data only
if you agree (Art. 6 Abs. 1 S.1 a) GDPR)
if we have a legitimate interest on processing your personal data (Art. 6 Abs. 1 S. 1 f) GDPR)
a legitimate interest e.g. is given, when we answer your e-mail.
Art. 6 Abs. 1 S. 1 b) GDPR: in order to provide our services according to our contract for accomodation and aswell for management of inquiries and reservations, handling of payments
Art. 6 Abs. 1 S. 1 c) GDPR: to fullfill a legal commitment (e.g.book keeping commitment, tax law et cetera)
- Art. 6 Abs. 1 S. 1 f) GDPR: claim and defence legal demands and protection of interests by legal conflicts, to prevent and clear up crime acts, to realize reliability risk, to ensure IT-security and IT-services.
Cookies can not perform programs and can not transfer virus on your computer. Cookies provide the users of this website with more user-friendly services that would not be possible without the cookie setting.
This website uses transient cookies. We want to explain the range and mode of operation:
Transient cookies are automatically deleted, when you close the network browser.
The session cookies belong to the transient cookies. The session cookies save the session-ID, which allows to relate the different inquiries of your browser to the joint session. Thereby your computer can be recognized, if you return to our website. The session cookies are deleted, when you log out or close your browser.
You may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. In this case we want to inform you, that if you deactivate the setting of cookies in the Internet browser used, not all functions of our website may be entirely usable.
4. Who receives your personal data?
Basically we process your data only in our office.
We transfer your personal data to a third party in following situations:
- you have given us your permission to transfer the data
- this is legal and necessary for carrying out our contractual duties
- background for transferring personal data is a legal obligation
- a special interest justifies the transfer of personal data and there is no indication that you have an overriding protective interest of not having the data transferred
If and to the extend to which we engage a third pary to fullfill our contracts (e.g. order processing), this third party only receives personal data, which is absolutely necessar to fullfill the demand.
In case we outsorce certain components of data handling, we obligate the order processers bound by contract, to use the personal data according to the GDPR. Furthermore they have to guarantee the protection of the rights of the subject of data.
5. Transfer of personal data to a third-party-country
We only transfer personal data to a third-party-country outside of the European Union, if it is necessary for handling your reservation respectively to carrying out your stay at our BoardingHouse Mascherode, it is statutory or we got your consent.
The transfer of personal data to a third-party is permitted, if the European Kommission has decided that in a certain third-party-country an adequate level of protection is guaranteed.
If the European Commission has not decided about a certain third-party-country we can transfer your personal data, if there are adequate guarentees according to Art. 46 Abs. 1 GDPR and enforceable rights and effective legal remedies are given.
6. Provision of data
In order to establish and handle the contract for commodation we need that personal data from you, that is necessary for your stay. Furthermore we need the personal data which is statutory, e.g. the registration form according to § 30 Abs. 2 Bundesmeldegesetz.
We have integrated Google Maps services into this website. The Google Maps API is used to display geographical information visually. Our aim by using Google Maps is that you can find our place easierly. This is therefore a legitimate interest according to Art. 6 Abs. 1 lit. f) GDPR.
When using Google Maps, Google also collects, processes and uses data about the use of map functions by visitors. Personal data, including the IP address of the Internet connection used by the person concerned, is therefore transferred to Google in the United States of America each time you visit our website. This personel data is stored by Google in the United States of America. Google may disclose personal data collected through the technical process to third parties. We have no influence on this and cannot prevent it.
The operator of the Google Maps services is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. If you want further information about the use of your personal data through Google Maps, you can find this in the data privacy statement of Google:
8. Period of storageg
We store personal data only as long as it is necessary to achieve the purpose. In some cases the storage of personal data is regulated by law, e.g. fiscal law or commercial law. In these situations we only keep the data saved for the legal purpose, but we do not process the data ulterior and we delete the data at the end of the legal period of safekeeping. The period of safekeeping ranges from 2 to 10 years.
9. Rights of the data subject
According to the GDPR you have divers rights respective your personal data. If you want to claim your rights, please send an e-mail or a letter to our adress, which is stated in Number 1. Now please find a summary of your rights:
a) Right of confirmation
b) Right of access
- The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
- Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.
- 1The controller shall provide a copy of the personal data undergoing processing. 2For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. 3Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
- The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.
c) Right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. 2Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
d) Right to erasure (Right to be forgotten)
- The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article(2), and where there is no other legal ground for the processing;
- the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
- Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
- Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise or defence of legal claims.
e) Right of restriction of processing
f) Right to data portability
- The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
- the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9 (2) or on a contract pursuant to point (b) of Article 6(1); and
- the processing is carried out by automated means.
- In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
- 1The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. 2That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.
g) Right to object
- The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. 2The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
- Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
- Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
- At the latest at the time of the first communication with the data subject, the right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information.
- In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
- Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1), the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
i) Right to withdraw data protection consent
10. Controlling Institution for complaints
Die Landesbeauftragte für den Datenschutz Niedersachsen