Privacy Notice
Information Obligations under Art. 12 et seq. GDPR (EU General Data Protection Regulation)
I. Name and Contact Details of the Controller
Your contact for matters relating to data protection under the EU General Data Protection Regulation ("EU-GDPR") and other applicable national data protection laws is:
Gorgeous Smiling Hotels GmbH
Wilhelm-Wagenfeld-Strasse 4
80807 Munich
Germany
Tel.: +49 89 588 0 588 0
Fax: +49 89 588 0 588 99
Email: info@gsh-hotels.com
(Hereinafter referred to as "we," "us," or "our").
II. Contact Details of the Data Protection Officer
Protecting your personal data is a high priority for us. We have therefore engaged a consultancy firm specialised in data protection and data security. Our Data Protection Officer is part of this experienced team:
MAGELLAN Compliance GmbH
Raiffeisenallee 9, 82041 Oberhaching
Website: www.magellan-datenschutz.de
For all questions regarding data protection and data security, please contact our Data Protection Officer directly:
datenschutz_gsh@magellan-compliance.deEmail:
Tel.: +49 89 588 0 588 0
III. General Information on Data Processing
1. Scope
We process your personal data only to the extent necessary to provide a functional website and our content and services.
2. Legal Basis
Where we obtain consent for processing, the legal basis is Art. 6(1)(a) GDPR.
If the processing is necessary for the performance of a contract or pre-contractual measures, the legal basis is Art. 6(1)(b) GDPR.
For compliance with legal obligations, the legal basis is Art. 6(1)(c) GDPR.
If processing is necessary for our legitimate interests or those of a third party and not overridden by your interests or rights, the legal basis is Art. 6(1)(f) GDPR.
3. Retention Period
Personal data is deleted when the purpose for storage no longer applies or when you withdraw consent. Further retention may occur due to legal obligations. In such cases, your data will be blocked.
4. External Links
Our website may contain links to external sites. Our privacy policy does not apply to these. Please consult the respective privacy policies of those sites.
Clicking external links may result in the processing of the following data:
IP address
Screen resolution
Browser used
Bandwidth
Language settings
IV. Data Processing on Our Website
1. Website Features
a. Provision of Website and Log Files
Purpose: To deliver the website to your device and ensure IT system security.
Legal basis: Legitimate interest, Art. 6(1)(f) GDPR.
Data: IP address, access date/time, previously visited page, browser, OS.
Retention: Log files stored for 7 days. Session data stored temporarily.
Objection: Necessary for operation; no objection possible.
b. Technically Necessary Cookies
Purpose: Ensure core functions and services.
Legal basis: Legitimate interest, Art. 6(1)(f) GDPR in conjunction with Sec. 25(2) TTDSG.
Data: IP address, browser language, cart info, etc.
Retention: Usually session-based.
Objection: Manage via browser settings.
c. Non-Essential Cookies
Details on such cookies (e.g., tracking) are found in the cookie banner.
2. Google Maps Integration
Provider: Google Ireland Ltd.
Data: IP, screen resolution, language, location.
Legal basis: Consent, Art. 6(1)(a) GDPR.
Purpose: Display maps.
Objection: Withdraw consent via cookie banner or browser.
3. eCommerce Functions
a. Room Booking
Purpose: Contract fulfilment.
Legal basis: Art. 6(1)(b) GDPR.
Data: Necessary for booking process.
Retention: Until fulfilment; longer if legally required.
b. Offer Requests
Purpose: Respond to requests.
Legal basis: Legitimate interest, Art. 6(1)(f) GDPR.
Data: Hotel name, offer, contact data, etc.
c. Restaurant Reservations
Legal basis: Contract fulfilment, Art. 6(1)(b) GDPR.
4. Contact Forms and Email Contact
Legal basis: Legitimate interest, Art. 6(1)(f) GDPR.
Purpose: Process inquiries.
Objection: Future processing can be refused.
5. Marketing
a. Newsletter
Legal basis: Consent, Art. 6(1)(a) GDPR.
b. Direct Marketing
Legal basis: Consent or legitimate interest (postal/email).
c. Google Analytics
Legal basis: Consent, Art. 6(1)(a) GDPR.
Objection: Withdraw via cookie banner or browser settings.
6. Social Media (Facebook & Instagram)
Purpose: User interaction and analytics.
Legal basis: Legitimate interest, Art. 6(1)(f) GDPR.
V. Data Recipients
Internal departments and authorised service providers (e.g., IT, banks, law firms).
VI. Third Country Transfers
Transfers occur only with safeguards (e.g., adequacy decisions or SCCs).
VII. Your Rights
Right of access
Right to rectification
Right to restriction
Right to erasure
Right to be informed
Right to data portability
Right to object
Right to withdraw consent
Right to lodge a complaint with a supervisory authority (e.g., Bavarian DPA)
Supervisory Authority:
Bayerisches Landesamt für Datenschutzaufsicht
Promenade 18
91522 Ansbach
Germany