3. General information and mandatory disclosures

Data protection

The operators of this website take the protection of your personal data seriously. Your personal data is treated as confidential and processed in accordance with applicable data protection legislation and this Privacy Policy.

When you use this website, various categories of personal data are collected. This Privacy Policy explains what data is collected, how it is used and for what purpose.

Please note that data transmitted over the internet — including via e-mail — may be subject to security vulnerabilities. Complete protection against access by third parties cannot be guaranteed.

Data controller

The party responsible for processing personal data on this website is:

Manfred Ronstedt
Schenkendorfstraße 3
D-34119 Kassel, Germany

Telephone: +49 561 76668 444
E-mail: info@ronstedt-hotelconcepts.de

The data controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data.

Retention periods

Unless a more specific retention period is stated in this Privacy Policy, your personal data will be retained for as long as the purpose for which it was collected continues to apply. If you submit a valid request for erasure or withdraw consent to processing, your data will be deleted unless other legally permissible grounds for retention exist (for example, statutory retention obligations under tax or commercial law); in that event, deletion will occur once those grounds cease to apply.

Legal bases for processing

Where you have consented to processing, your personal data is processed on the basis of Art. 6(1)(a) GDPR, or Art. 9(2)(a) GDPR where special-category data within the meaning of Art. 9(1) GDPR is involved. Where explicit consent has been given to the transfer of data to third countries, processing additionally relies on Art. 49(1)(a) GDPR. Where you have consented to the storage of cookies or to access to information on your device, processing also relies on §25(1) TDDDG. Consent may be withdrawn at any time. Where data is required for the performance of a contract or for pre-contractual steps, processing relies on Art. 6(1)(b) GDPR. Where processing is required to fulfil a legal obligation, it relies on Art. 6(1)(c) GDPR. Processing may also rely on our legitimate interests under Art. 6(1)(f) GDPR. The applicable legal basis in each case is identified in the sections that follow.

Data transfers to third countries and to non-DPF-certified US companies

We use tools from providers based in countries that do not offer a level of data protection equivalent to that required under EU law, as well as US-based tools whose providers are not certified under the EU–US Data Privacy Framework (DPF). Where such tools are active, your personal data may be transferred to and processed in those countries. Please note that an EU-equivalent level of data protection cannot be guaranteed in such jurisdictions.

The United States is recognised as a third country offering a broadly equivalent level of data protection. Data transfers to the US are permissible where the recipient holds DPF certification or provides appropriate supplementary safeguards. Information on specific transfers and recipients is set out in this Privacy Policy.

Recipients of personal data

In the course of our business activities, we work with external parties, and this sometimes requires the transfer of personal data to those parties. We share personal data only where this is necessary for the performance of a contract, required by law, justified by our legitimate interests under Art. 6(1)(f) GDPR, or authorised by another applicable legal basis. Where processors are engaged, personal data is shared only on the basis of a valid data processing agreement. Joint processing arrangements are governed by a joint processing agreement.

Withdrawal of consent

Many processing operations require your explicit consent. Consent already given may be withdrawn at any time with future effect. The lawfulness of processing carried out prior to withdrawal is unaffected.

Right to object — specific circumstances and direct marketing (Art. 21 GDPR)

WHERE PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO OBJECT AT ANY TIME TO PROCESSING OF YOUR PERSONAL DATA, INCLUDING PROFILING BASED ON THOSE PROVISIONS. THE APPLICABLE LEGAL BASIS IS IDENTIFIED IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL CEASE PROCESSING YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR UNLESS PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS (ART. 21(1) GDPR).

WHERE YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO SUCH PROCESSING, INCLUDING PROFILING RELATED TO DIRECT MARKETING. IF YOU OBJECT, YOUR DATA WILL NO LONGER BE USED FOR THAT PURPOSE (ART. 21(2) GDPR).

Right to lodge a complaint

In the event of a breach of the GDPR, you have the right to lodge a complaint with a supervisory authority — in particular in the Member State of your habitual residence, place of work or the place of the alleged breach. This right is without prejudice to other administrative or judicial remedies.

Right to data portability

You have the right to receive personal data that we process automatically on the basis of your consent or for the performance of a contract, in a structured, commonly used and machine-readable format, for transfer to you or to another controller. Direct transfer to another controller will be carried out where technically feasible.

Access, rectification and erasure

Within the limits of applicable law, you have the right at any time to obtain, free of charge, information about your stored personal data, its origin and recipients and the purpose of processing, together with the right to rectification or erasure. Please contact us for any query relating to your personal data.

Right to restriction of processing

You have the right to request restriction of processing of your personal data. Please contact us in this regard. The right applies in the following circumstances:

• Where you dispute the accuracy of your personal data, we require time to verify it; during that period you may request restriction of processing.
• Where processing was or is unlawful, you may request restriction rather than erasure.
• Where we no longer need your data but you require it for the establishment, exercise or defence of legal claims, you may request restriction rather than erasure.
• Where you have objected under Art. 21(1) GDPR, restriction applies pending the outcome of the balancing exercise.
• Where processing has been restricted, your data — other than storage — may only be processed with your consent, for the establishment, exercise or defence of legal claims, for the protection of the rights of another person, or for reasons of important public interest.

SSL/TLS encryption

This website uses SSL or TLS encryption to protect the transmission of confidential content — including enquiries submitted via the contact form. An encrypted connection is indicated by ‘https://’ in the browser address bar and a padlock symbol.

When encryption is active, data transmitted to us cannot be intercepted by third parties.

Unsolicited marketing communications

Use of the contact details published in compliance with our legal notice obligation for the purpose of sending unsolicited advertising or information materials is expressly prohibited. We reserve the right to take legal action in the event of unsolicited marketing communications, including spam.