Privacy statement according to the DSGVO
Data protection is an important concern for Ammergauer Alpen GmbH. We therefore attach great importance to data-saving and citizen-friendly data processing when processing personal data in connection with the performance of our tasks. This data protection declaration also refers to the processing of personal data and information within the meaning of Section 25 TDDDG within the framework of this website, including the services offered there.
1. Name and address of the person responsible
Your contact person within the meaning of the European General Data Protection Regulation (EU GDPR) and other national data protection laws of the member states as well as other data protection regulations is:
Ammergauer Alpen GmbH
Eugen-Papst-Str. 9a
82487 Oberammergau
Phone: +49 (0)8822 922740
Email: info@ammergauer-alpen.de
(hereinafter referred to as "we" or "our")
2. Name and address of the Data Protection Officer
The protection of your personal data is very important to us. To express this importance, we have commissioned a consulting company specializing in data protection and data security to take over these central issues. We are advised by:
actago GmbH
Weidenstrasse 66
94405 Landau on the Isar
Phone: +49 (0)9951 99990-20
Email: datenschutz@actago.de
3. General information on data processing
3.1 Scope of processing of personal data
We generally only process your personal data to the extent that this is necessary to carry out our services. Your personal data is generally only processed on the basis of your consent. An exception applies in cases where prior consent cannot be obtained for actual reasons or where the processing of your personal data is permitted by law.
3.2 Legal basis for the processing of personal data
If we obtain your consent to process personal data, Art. 6 (1) (a) EU GDPR serves as the legal basis.
When processing personal data that is necessary to fulfill a contract between you and us, Art. 6 (1) lit. b EU GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfill a legal obligation to which we are subject, Art. 6 (1) lit. c EU GDPR serves as the legal basis.
In the event that vital interests of you or another natural person require the processing of personal data, Art. 6 (1) lit. d EU GDPR serves as the legal basis.
If processing is necessary to protect a legitimate interest of ours or a third party and your interests, fundamental rights and freedoms do not outweigh the former interest, Art. 6 (1) (f) EU GDPR serves as the legal basis for processing.
3.3 Data deletion and storage period
Your personal data will be deleted or blocked as soon as the purpose for storing it no longer applies. Storage may also take place if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which we are subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or fulfillment of a contract.
4. Provision of the website and creation of log files
4.1 Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer. The following data is collected here:
- Information about the browser type and version used
- The operating system of the user
- The user's Internet service provider
- The IP address of the user
- Date and time of access
- time zone difference/HTTP status code
- Amount of data transferred in each case
- Websites from which the system of the user comes to our website
- Websites that are accessed by the user's system through our website
The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.
4.2 Legal basis for data processing
The legal basis for the processing of your personal data in the context of providing the website and creating log files is Art. 6 Para. 1 lit. f EU GDPR.
4.3 Purpose of data processing
The temporary storage of your personal data by us is necessary to enable the website to be delivered to your computer. For this purpose, your personal data must be stored for the duration of the session.
Your personal data is stored in log files to ensure the functionality of the website. We also use your personal data to optimize the website and to ensure the security of our information technology systems. Your personal data will not be evaluated for marketing purposes in this context.
Our legitimate interest in data processing pursuant to Art. 6 (1) (f) EU GDPR also lies in these purposes.
4.4 Duration of storage
Your personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. If your personal data is collected to provide the website, this is the case as soon as the respective session has ended.
If your personal data is stored in log files, it will be deleted after seven days at the latest. Storage beyond this period is possible. In this case, your personal data will be deleted or altered so that it is no longer possible to assign the calling client.
4.5 Objection and removal options
The collection of your personal data to provide the website and the storage of your personal data in log files is essential for the operation of the website. You therefore have no option to object.
5. Use of cookies
We use cookies to ensure the correct technical and functional provision of this information. Cookies are small text files that are stored on the device you use.
The legal basis for the storage of information and the processing of personal data using cookies is Section 25 TDDDG.
The use of functional cookies is voluntary. If these cookies are blocked, the provision of certain functions may not be fully possible.
Technically necessary cookies are only valid for the current session and are automatically deleted as soon as you close your browser.
When you access this website, we store cookies (small files) on your device. These are valid for:
Name: Storage period:
- CookieConsent 6 months
- __hssc End of session
- __hssrc End of session
- __hstc 6 months
- hubspotutk 6 months
- messagesUtk 6 months
6. Contact form and contact by email
6.1 Description and scope of data processing
There is a contact form on our website that can be used to contact us electronically. If you use this option, the data entered in the input mask will be sent to us and stored. This data is:
- First Name*
- Surname*
- Street, house number*
- ZIP / City*
- Email*
- Telephone number (if you would like a callback)
- Your comment*
*Mandatory information
Your consent will be obtained for the processing of the data as part of the sending process and reference will be made to this data protection declaration.
Alternatively, you can contact us using the email address provided. In this case, your personal data transmitted with the email will be saved. The data will not be passed on to third parties in this context. The data will only be used to process the conversation.
6.2 Legal Basis
The legal basis for the processing of your personal data, which is transmitted in the event of contact via the contact form or by email, is Art. 6 Para. 1 lit. f EU GDPR. If the aim of contact via the contact form or by email is to conclude a contract, Art. 6 Para. 1 lit. b EU GDPR is an additional legal basis for the processing.
6.3 Purpose of data processing
The processing of your personal data in the event of contact via the contact form or by e-mail serves solely to process the contact.
6.4 Duration of storage
Your personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.
For personal data from the input mask of the contact form and those that were sent by email, this is the case when the conversation has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
Any additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
6.5 Objection and removal options
You have the option of objecting to the processing of your personal data when contacting us via the contact form or by email at any time in the future. In such a case, the conversation between you and us cannot be continued. In this case, all personal data that was stored during the contact process will be deleted.
7. Booking request for holiday apartment & room
7.1 Description and scope of data processing
On our website we offer visitors the opportunity to make booking requests for holiday apartments and rooms in the Ammergau Alps. The following data must be provided:
- Salutation *
- First Name
- Surname*
- Street, house number*
- Postcode
- Place/City*
- Country *
- E-Mail *
- Confirm email address*
- Phone
- Your message
* Required field
Your consent will be obtained for the processing of the data as part of the sending process and reference will be made to this data protection declaration.
7.2 Legal basis for data processing
The legal basis for the processing of your personal data, if the user has given his consent, is Art. 6 (1) (a) EU GDPR.
7.3 Purpose of data processing
When making a booking, the data you provide will also be used to process the booking. For this purpose, your data will be passed on to other companies, if necessary, e.g. to the accommodation you have booked. These companies may use your data to process the order.
7.4 Duration of storage
We will delete your personal data if it is no longer necessary for the purposes for which it was collected or otherwise processed, if the processing is not necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
7.5 Objection and removal options
You have the right to have your personal data deleted at any time. We undertake to remove all your personal information from the database with immediate effect as soon as you request this by telephone, fax, letter or email.
8. Electronic mail (e-mail)
Information that you send to us unencrypted via electronic mail (e-mail) may be read by third parties during transmission. We are generally unable to verify your identity and do not know who is behind an e-mail address. Legally secure communication via simple e-mail is therefore not guaranteed. Like many e-mail providers, we use filters against unwanted advertising ("SPAM filters"), which in rare cases also automatically classify normal e-mails as unwanted advertising and delete them. E-mails that contain harmful programs ("viruses") are always automatically deleted by us.
If you have concerns about transmitting personal data or other sensitive data, please agree on suitable encryption with the recipient (our employees) before transmission, or use postal mail.
9. Active components
The information provided uses active components such as JavaScript, Java applets or Active-X controls. You can deactivate this function by adjusting the settings in your Internet browser.
10. Newsletter
10.1 Description and scope of data processing
Our website offers you a newsletter in which we inform you about current events and offers. If you would like to subscribe to the newsletter, you can optionally click a checkbox in the contact form mentioned above and thus start the subscription. If you subscribe to the newsletter, you agree to receive the newsletter and the procedures explained.
The newsletter is sent by the shipping service provider Tripicchio AG | Engesserstr. 4a | D-79108 Freiburg, Tel +49 761 208949-114 | Fax +49 761 208949–9, www.tripicchio.de | melanie.budde@tripicchio.de. Information about the shipping service provider's data protection regulations can be found at: https://www.tripicchio.de/datenschutz.
10.2 Legal basis for data processing
The legal basis for the processing of your personal data in the context of sending the newsletter is the existence of a consent in accordance with Art. 6 (1) (a) EU GDPR.
10.3 Purpose of data processing
The purpose of collecting your personal data is to send you the newsletter. The purpose of processing your personal data when sending the newsletter is to inform you about current events and offers.
10.4 Duration of storage
Your personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Your personal data will therefore be stored as long as your newsletter subscription is active.
10.5 Possibility of objection and removal
You can cancel your newsletter subscription at any time. There is a link for this purpose in every newsletter. After you cancel your subscription, your personal data will be deleted. Canceling your subscription also allows you to revoke your consent.
11. Google Maps
This site uses the Google Maps map service via an API. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this page has no influence on this data transmission.
The use of Google Maps is in the interest of an attractive presentation of our online offerings and to make it easy to find the places we indicate on the website.
Google Maps may only be used based on consent in accordance with
Art. 6 para 1 lit. a GDPR
For more information on the handling of user data, please review Google’s Data Privacy Declaration under: https://www.google.de/intl/de/policies/privacy/
12. Use of Cookiebot
We use functions from the provider Cookiebot on our website. The company behind Cookiebot is Usercentrics A/S, Havnegade 39, 1058 Copenhagen, DK. Cookiebot offers us, among other things, the option of providing you with a comprehensive cookie notice (also called a cookie banner or cookie notice). By using this function, your data can be sent to Cookiebot, stored and processed.
You have the right to access and delete your personal data at any time. You can prevent data collection and storage, for example, by rejecting the use of cookies via the cookie notice.
For more information, please visit: https://www.cookiebot.com/de/privacy-policy/.
13. Deskline
This site uses the Deskline reservation system via an API. The provider is feratel media technologies AG, Maria-Theresien-Straße 8, A-6020 Innsbruck.
When you access a page, your browser loads the required scripts into your browser cache in order to display the booking function correctly. For this purpose, the browser you use must connect to the feratel media technologies AG servers. This allows feratel media technologies AG to know that our website was accessed via your IP address. We do not know what other data is transmitted.
When a visitor makes a booking or enquiry, the data provided by the visitor is also initially processed by Deskline.
The legal basis for the processing is the user’s consent in accordance with Art. 6 (1) (a) GDPR.
If the processing serves to carry out contractual or pre-contractual measures, the legal basis for the processing arises from Art. 1 para. 1 lit. b GDPR.
You can revoke this consent at any time. In this case, all stored personal data will be deleted, unless there are statutory retention periods to the contrary.
In this case, parts of the website may not be displayed correctly.
You can revoke this consent at any time. In this case, all stored personal data will be deleted, unless there are statutory retention periods to the contrary.
In this case, functions of the website that are related to Deskline can no longer be used.
For more information about Deskline, please visit: https://www.feratel.com/datenschutz
14. Display of social media content via Flockler
To display social media content on our website, we use the “Flockler” service provided by Flockler Commerce, Inc., located at 1201 W Peachtree St NW Ste 2625 #36051, Atlanta, USA.
By interacting with the respective content, a connection is established to the Flockler servers. Your IP address is transmitted. When the content is loaded, data is also passed on to the respective social media provider. This also applies if you are not logged in to the respective social media provider or do not have an account with them. We would like to point out that as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by the social media provider. You can find more information on this in the privacy policy of the providers.
The use of the Flockler plugin is based on Art. 6 (1) lit. a GDPR.
The privacy policy and further information about this service provider can be found at: https://www.relaycommerce.io/privacy-policy.
15. 360Perspectives
We use the 360Perspektiven application on the website, which is provided by 360 Perspektiven GmbH, located at Gonzagagasse 11/25, 1010 Vienna, Austria.
The application offers the possibility to display 360-degree images of different areas from the surroundings of the Ammergau Alps on the website in order to give users of the website a better insight into the different areas of the environment.
Personal data such as the IP address is transferred to 360 Perspektiven GmbH.
The legal basis for the use is consent in accordance with Art. 6 para. 1 lit. a GDPR
You have the option to revoke this consent at any time. In this case, the content of 360 Grad Team can no longer be displayed.
Further information on how personal data is handled can be found in 360Perspektiven’s privacy policy: https://360perspektiven.com/datenschutzerklaerung/.
16th Panomax
We use the provider Panomax to embed webcam images. This is an offer from Panomax GmbH, Landesstraße 23, 5302 Henndorf aW. For technical reasons, a direct connection to the provider's servers is established when the images are called up.
This may result in the provider using browser or device data.
The legal basis for this processing is the user’s consent in accordance with Art. 6 (1) (a) GDPR.
You have the right to object to processing by Panomax at any time. In this case, all stored personal data will be deleted, unless there are statutory retention periods to the contrary. If you exercise this option, you will no longer be able to use the Panomax functions on the website.
For further information about the collection and use of personal data, please see Panomax’s privacy policy at the following link: https://www.panomax.com/datenschutz.html
17.Bergfex
We use the services of bergfex GmbH, Neupauerweg 30a, 8052 Graz, Austria on our website.
We use Bergfex to embed webcam images.
User data is stored by Bergfex.
Further information on how user data is handled can be found in Bergfex’s privacy policy: https://www.bergfex.at/c/datenschutz/.
18. Foto-webcam.eu
We use the external provider foto-webcam.eu to embed webcam images. For technical reasons, a direct connection to the provider's servers is established when the images are called up. This may result in the provider using browser or device data. For more information about the collection and use of such data, please see the privacy policy of foto-webcam.eu at the following link: https://www.foto-webcam.eu/impressum/.
19. Use of et4 for events
"Submit event" (enter via web form)
We use the data you enter to further process your submitted event. To do this, we pass your specified data on to our responsible editorial team via the web-based event software et4 from neusta destination.one GmbH. After the editorial team has checked the content, your submitted event will be published or rejected. For details about the specifications for when events may be published, please contact our Tourism Office. By using this contact form, you are asking the website operator to publish all of the data you enter without restriction to promote your reported event and to publish and pass it on via partner websites, mobile apps, radio or print products. When the event has expired, the website operator will automatically stop publication. In individual cases, your reported data will be stored in encrypted form for up to three years in order to provide you with greater ease of use when reporting events again, such as pre-filling fields.
The requirements of the GDPR are met as long as they do not conflict with the actual task of publishing the event you have recorded as often as possible.
et4 event – View wishlist
If you use the "Show notepad" module, we will send you various dates and information about events in your area. An email address is required to send the event reminder/recommendation.
et4 event – Subscribe to calendar / Add to contacts
If you use the "Subscribe to calendar" module, we will send you a one-time email with information about the event on the date of the event. An email address is required to send the event reminder/recommendation.
You can also send us a corresponding .vcf file (vCard) using the "add to contacts" button. When you open this file or the vCard, a contact form opens in which contact information is displayed.
Further information on how we handle your data can be found in the privacy policy of neusta destination.one GmbH: https://www.destination.one/datenschutz/
20. ecMaps
We use the map service ecmaps on our website. This is provided by hubermedia GmbH, located at Gablerplatz 5, D-93462 Lamm.
The service enables us to provide tours and routes on the map. Personal data such as the IP address is passed on to hubermedia. The processing of personal data takes place on the basis of consent in accordance with
Art. 6 Para. 1 lit. a GDPR.
Further information on the handling of personal data can be found in hubermedia’s privacy policy: https://www.hubermedia.de/datenschutz
21. Outdoor active
We use the services of Outdooractive GmbH und Co. KG, Missener Straße 18, 87509 Immenstadt on our website.
Outdooractive provides electronic databases that you, as our users, can use in the form of an electronic information portal in the digital tourism sector. These include, for example, maps and route planning.
User data is stored by Outdooractive.
Further information on how user data is handled can be found in Outdooractive’s privacy policy: https://www.outdooractive.com/de/privacy.html
22. GTranslate
This site offers its visitors the opportunity to have the site translated into their preferred language using the free gTranslate plugin, which is based on Google Translate technology.
For this purpose, the browser you are using must connect to the gTranslate.io and Google servers. This gives gTranslate.io and Google knowledge that our website has been accessed via your IP address.
For more information on the handling of user data, please review Google’s Data Privacy Declaration under: https://www.google.de/intl/de/policies/privacy/ , as well as in the privacy policy of gtranslate.io https://de.gtranslate.io/Bedingungen
23. Leaflet Map
This website uses Leaflet API, a map service that allows OpenStreetMap to be integrated into the website.
For correct display, it is technically necessary to send requests to other servers. Through these requests, it is generally possible that information about your use of this website (including your IP address) is transferred to other servers and stored there.
The legal basis for the processing is consent in accordance with Art. 6 (1) lit. a GDPR
You have the option of deactivating the OpenStreetMap service and thus preventing data transfer to third parties by deactivating JavaScript in your browser. However, we would like to point out that in this case you will not be able to use the map display on our website or will only be able to use it to a limited extent.
For more information about the API Leaflet used, see https://www.leafletjs.com
24. Eye-Able
We use the Eye-Able® tool on our website. This is software from Web Inclusion GmbH, based at Gartenstraße 12c, 97276 Margetshöchheim.
We use the application to ensure that everyone has barrier-free access to information on our website.
The necessary files such as JavaScript, style sheets and images are loaded from an external server. When functions are activated, Eye-Able uses the browser's local storage to save the settings. All settings are only saved locally and are not transferred further.
To ward off attacks and provide our service in near real time, Eye-Able uses the Content Delivery Network (CDN) of BunnyWay doo (Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia).
It is used for the purpose of providing a barrier-free website.
The use is based on consent in accordance with Art. 6 (1) (a) GDPR.
All transmitted data and servers remain in the EU at all times to enable data protection-compliant processing in accordance with the GDPR. Web Inclusion GmbH does not record or analyze personal user behavior at any time.
You have the right to object to processing by Eye-Able at any time. In doing so, all personal data stored in connection with Eye-Able will be deleted.
In order to ensure data protection-compliant processing, Web Inclusion GmbH has concluded contracts for order processing with our hosts IONOS and BunnyWay. Further information can be found in the privacy statements:
https://eye-able.com/datenschutz/
25. Direct Marketing
25.1 Description and scope of data processing
Our company processes personal data such as address and name in order to send you advertising by post and thereby increase the sales of goods or services.
25.2 Legal basis for data processing
The legal basis for the processing of your personal data in the context of direct marketing by post is Art. 6 Para. 1 lit. f EU GDPR.
25.3 Purpose of data processing
The legal basis for the processing of your personal data in the context of direct marketing by post is Art. 6 Para. 1 lit. f EU GDPR.
25.4 Duration of storage
Your personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected; this is particularly the case upon receipt of the objection.
25.5 Objection and removal options
You can object to the processing of your personal data for direct marketing by post at any time in the future.
26. Legal defense and enforcement
26.1 Description and scope of data processing
Our company wants to protect itself from unjustified claims through legal defense. We also enforce claims and rights to which we are entitled.
For this purpose it is necessary to process personal data.
These consist of the legally relevant data of the data subjects.
26.2 Purpose of data processing
The purpose of processing your personal data in the context of legal defense and enforcement is to prevent unjustified claims and to legally enforce claims and rights. This is our legitimate interest in data processing in accordance with Art. 6 (1) (f) of the EU GDPR.
26.3 Duration of storage
Your personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.
26.4 Objection and removal options
The processing of your personal data in the context of legal defense and enforcement is absolutely necessary for legal defense and enforcement. You therefore have no option to object.
27. Recipient categories
Within our company, personal data is received by those departments that need it to fulfil the purposes mentioned above. In addition, we sometimes use different service providers and transmit your personal data to other trustworthy recipients. These can be, for example:
• Banks
• Scan service
• Printing companies
• Lettershops
• IT service providers
• Lawyers and courts
28. Your rights
If we process your personal data, you as the data subject have the following rights:
- You have the right to information about the data stored about you (Article 15 GDPR).
- If incorrect personal data is processed, you have the right to rectification (Article 16 GDPR).
- If the legal requirements are met, you can request the deletion or restriction of processing (Articles 17 and 18 GDPR).
- If you have consented to the processing or if a data processing contract exists and the data processing is carried out using automated procedures, you may have a right to data portability (Article 20 GDPR).
- If you have consented to the processing and the processing is based on this consent, you can revoke your consent at any time for the future.
The legality of the data processing carried out on the basis of the consent until the revocation is not affected by this.
You have the right to object to the processing of your data at any time for reasons arising from your particular situation if the processing is carried out exclusively on the basis of Art. 6 Para. 1 Letter e or f GDPR (Art. 21 Para. 1 Sentence 1 GDPR).
29. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right under Article 77 of the GDPR to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 DSGVO.
(Article 77 EU GDPR)
The responsible supervisory authority for us is:
The Bavarian State Office for Data Protection Supervision (BayLDA):
www.lda.bayern.de, poststelle@lda.bayern.de
The supervisory authority to which you have submitted a complaint will inform you about the status and results of the complaint, including the possibility of a legal remedy in accordance with Art. 78 EU GDPR. If you have any questions, our data protection officer will be happy to help you at any time.
30. Note on the privacy policy
Unless otherwise stated, our use of any information we have about you is subject to this Privacy Policy.
The company reserves the right to continuously adapt this privacy policy to the necessary security measures in line with technological developments and will announce any changes here.
Status: November 2024