Do you have a question?
{{phoneView}}
Opening hours:

Easter - October:
Mon - Fri 09:00 - 17:00
Sat, Sun, public holiday 10:00 - 16:00

October - Easter:
Mon. - Fri. 09:00 - 17:00
Sat. 10:00 - 16:00
Closed on Sundays

Privacy

Privacy Notice for Users of Our Website and Customers

We would like to inform you about the processing of your personal data in accordance with the General Data Protection Regulation ("GDPR").

Our privacy notice is structured modularly. It consists of General Information regarding any processing of personal data and processing situations (I.), and specific information that applies only to the respective processing situation (II. ff.). Please refer to the following structure to find the relevant parts for you:

I. General Information

II. Additional Information for the Website (https://www.pas-poel.de)

III. Newsletter Distribution

IV. Additional Information for Communication with Us

V. Additional Information for Our Customers

I. General Information

1. Data Controller

The data controller within the meaning of the GDPR and other national data protection laws of the Member States, as well as other data protection regulations, is:

Luca Julian Hadler, Poeler Appartement Service GmbH, Am Royberg 12, 21266 Jesteburg, lu-hadler@web.de

2. Legal Basis for the Processing of Personal Data

We process some of your personal data based on the following legal grounds:

a) Consent of the Data Subject: Where we obtain the consent of the data subject for specific purposes, Art. 6 para. 1 sentence 1 lit. a GDPR serves as the legal basis.

b) Performance of Contractual Obligations: Where the processing is necessary for the performance of a contract to which you are a party, Art. 6 para. 1 sentence 1 lit. b GDPR serves as the legal basis. This also applies to processing activities necessary for pre-contractual measures.

c) Legal Obligations: Where processing is required to fulfill a legal obligation to which we are subject, Art. 6 para. 1 sentence 1 lit. c GDPR serves as the legal basis.

d) Legitimate Interests: Where processing is necessary for the purposes of our legitimate interests or those of a third party, and your interests, fundamental rights, and freedoms do not override the former, Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis.

3. Retention and Deletion of Personal Data

Personal data will be deleted or blocked as soon as there is no longer a purpose or legal basis for processing.

4. Recipients of Personal Data

Internally, only those departments that need personal data to fulfill their processing purposes will process the data. This also applies to the service providers and agents we employ. All entities and individuals working with personal data are obligated to maintain confidentiality and handle the data sensitively.

Personal data will only be shared with third parties if this is in accordance with data protection regulations. In particular, persons engaged in the operation of our business (e.g., service providers for IT and EDV services, banks, tax advisors) as well as state authorities may receive your personal data if this is necessary to fulfill a legal obligation.

5. Data Processing in Third Countries

Some of our services may require the processing of personal data in countries outside the EU/EEA ("third countries") by our processors. Where personal data is processed in a country that does not have an adequate level of data protection, as confirmed by an adequacy decision from the European Commission under Art. 45 para. 3 GDPR, we have entered into EU Standard Contractual Clauses with the processors to ensure appropriate safeguards in accordance with Art. 46 GDPR. A copy of the EU Standard Contractual Clauses can be found here: https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32021D0914&from=DE.

Where processing takes place in a third country, we will inform you accordingly below.

6. Rights of Data Subjects

If your personal data is processed, you are a data subject within the meaning of the GDPR, and you have the following rights against us as the data controller:

a) Right of Access You have the right to request information about the personal data we process about you in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the categories of data, the recipients to whom your data has been or will be disclosed, and whether personal data is transferred to a third country or an international organization (in this context, you may request information about the appropriate safeguards pursuant to Art. 46 GDPR), the planned retention period, and the existence of rights to correction, deletion, restriction of processing, or objection, the existence of a complaint right, the source of the data if not collected by us, and the existence of automated decision-making, including profiling under Art. 22 paras. 1 and 4 GDPR, and at least meaningful information about the logic involved, as well as the scope and intended consequences of such processing.

b) Right to Rectification You have the right to request the rectification and/or completion of your personal data if it is inaccurate or incomplete, as per Art. 16 GDPR. We will promptly make the rectification.

c) Right to Restriction of Processing You have the right to request the restriction of the processing of your data in accordance with Art. 18 GDPR if the accuracy of the data is contested or if the processing is unlawful.

If the restriction of processing is lifted, we will notify you beforehand.

d) Right to Deletion You have the right to request the deletion of your personal data under Art. 17 GDPR, unless the processing is necessary for exercising the right to freedom of expression and information, for fulfilling a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.

e) Right to Notification If you have exercised your right to rectification, deletion, or restriction of processing, we are obligated to inform all recipients to whom your personal data has been disclosed about the rectification, deletion, or restriction of processing unless this proves impossible or involves disproportionate effort.

f) Right to Data Portability You have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format, or to request the transfer to another controller, in accordance with Art. 20 GDPR.

g) Right to Object You have the right to object to the processing based on Art. 6 para. 1 sentence 1 lit. e or lit. f GDPR, as per Art. 21 GDPR. If it is not an objection to direct marketing, we ask you to state the reasons why we should not process your data as performed. In this case, we will review the matter and either stop or adjust the data processing, or we will show you our compelling legitimate grounds to continue the processing.

h) Right to Withdraw Consent You have the right to withdraw your data protection consent at any time under Art. 7 para. 3 GDPR. The withdrawal of consent will not affect the legality of the processing carried out before the withdrawal.

i) Right to Lodge a Complaint with a Supervisory Authority You have the right to lodge a complaint with a supervisory authority according to Art. 77 GDPR if you believe that our processing of your personal data infringes your rights.

II. Additional Information for the Website (https://www.pas-poel.de)

We are responsible for our website and its subpages (“Website”). By using our website, personal data is processed. Below we provide detailed information about the data processing activities.

1. Provision of the Website and Creation of Logfiles When accessing our website, we automatically collect data and information from the user's device (so-called logfiles).

Processor To provide our website, we use the services of the processor vOffice GmbH, Untere Querstraße 3, 23730 Neustadt in Holstein (“vOffice”), with whom we have entered into a data processing agreement. vOffice, in turn, uses the service provider Amazon Web Services (“AWS”, Amazon.com Inc., 2012 Seventh Ave., Seattle, Washington 98121, USA) as a sub-processor, with whom vOffice has entered into a data processing agreement, and who processes personal data solely on our behalf.

AWS also provides a "Content Delivery Network" (CloudFront CDN) to deliver our website more quickly and securely. In this context, personal data is also processed solely on behalf of vOffice. It is possible that AWS processes personal data through sub-processors in a third country. AWS has therefore entered into EU Standard Contractual Clauses with its sub-processors to ensure appropriate safeguards in accordance with Art. 46 DSGVO. Furthermore, Amazon Web Services Inc. is certified under the EU-US Data Privacy Framework (Adequacy Decision according to Art. 45 (3) DSGVO).

Processed Information & Duration of Processing The following information is processed:

  • Information about the browser type and version used
  • The operating system of the user’s device
  • The user's Internet service provider
  • The IP address of the user’s device
  • Date and time of access
  • Referrer URL

The logfiles are deleted no later than 7 days after collection.

Purpose of Processing & Legal Basis The data is required to display the website on the user’s device, ensure its functionality, and analyze any potential issues. Additionally, the data helps optimize the website and ensures the security of our information technology systems.

The legal basis for processing is Art. 6 (1) S. 1 lit. f DSGVO. The collection of logfiles is essential for the operation of the website. Therefore, there is no option for the user to object.

2. Use of Mandatory Cookies

We use cookies on our website. These are text files that are stored on or from the user's internet browser on the user's device when visiting a website.

Processed Information & Duration of Processing Each cookie contains a unique string of characters, which allows identification of the browser during the next visit to the website, thus identifying the respective user device.

The necessary cookies are deleted after the following time periods:

  • Duration of the session

Purpose & Legal Basis Some features of our website cannot function without the use of cookies. These technically necessary cookies are not used to identify the user or create user profiles.

The legal basis for storing mandatory cookies is § 25 (2) No. 2 TTDSG.

The legal basis for processing the resulting personal data is Art. 6 (1) S. 1 lit. f DSGVO.

The use of these cookies is essential for the operation of the website. Therefore, the user has no option to object.

3. Consent Manager

We have integrated a consent solution (so-called "Consent Manager") on our website to ensure the legally required consent for the use of cookies. The Consent Manager allows the necessary consent to store cookies or access information already stored in cookies to be granted and documented. The Consent Manager also includes detailed information about the cookies and technologies used.

Purpose of Processing & Legal Basis
The legal basis is Art. 6 (1) S. 1 lit. c DSGVO.

Processor
The "CCM19" Consent Manager from Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn, is used. The Consent Manager has been integrated via the servers of our service provider vOffice GmbH.

As long as the user has not given consent, the Consent Manager blocks the setting of consent-required cookies. To assign page views to individual users and to record and store consents, the Consent Manager collects certain user information, including the IP address. These data are not shared with the Consent Manager provider. The collected data will be stored until the user deletes the cookie themselves, requests deletion, or the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected.

4. Use of the Google Analytics Analysis Service

We use the Google Analytics analysis tool on our website, which uses analysis cookies or similar technologies.

Processor & Third-Country Processing
The analysis tool we use is offered by Google Ireland Limited (“Google”), Gordon House, Barrow Street, 4 Dublin, Ireland, which acts as our sub-processor and with which our service provider vOffice has entered into a (sub-)data processing agreement. It is possible that Google processes personal data in a third country. Therefore, the Google companies have entered into EU Standard Contractual Clauses to ensure appropriate safeguards in accordance with Art. 46 DSGVO. Further information on data protection at Google can be found in Google’s privacy policy: https://policies.google.com/privacy.

Processed Information
The analysis tool collects the following categories of personal data:

  • Ad visibility measurement
  • Timestamp
  • Clicks on ads tracking
  • IP (shortened)
  • Time & date tracking
  • Tracking of the user’s device
  • Tracking of the user’s location
  • Visitor behavior
  • User-agent
  • Language
  • Visited website
  • Time zone

Purpose, Legal Basis & Duration

Using analysis tools allows us to analyze how our website is used. Processing is based on the consent of the user, which they provide during their first visit to the website. The consent is given through our Consent Manager, which you can access again at https://www.pas-poel.de.

The consent includes the storage and retrieval of information on the user’s device in accordance with § 25 (1) TTDSG.

It also includes the processing of personal data for analysis purposes in accordance with Art. 6 (1) S. 1 lit. a DSGVO.

Processing will continue until the consent is withdrawn unless the purpose of processing ceases earlier.

5. Other Services

We use the Google Tag Manager on our website.

Processor & Third-Country Processing
The Google Tag Manager is provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, 4 Dublin, Ireland, which acts as our sub-processor and with which our service provider vOffice has entered into a data processing agreement. It is possible that Google processes personal data in a third country. Therefore, the Google companies have entered into EU Standard Contractual Clauses to ensure appropriate safeguards in accordance with Art. 46 DSGVO. Further information on data protection at Google can be found in Google’s privacy policy: https://policies.google.com/privacy.

Processed Information
The Google Tag Manager tool processes the following categories of personal data:

  • Date/Time Stamp
  • IP Address (shortened)
  • Tracking of user location
  • Language
  • Visited Website
  • Time Zone

Purpose, Legal Basis & Duration

The Google Tag Manager is a helper service. It loads other components, which may collect data in turn. The Google Tag Manager does not access these data. The processing is based on the consent of the user, which is provided during their first visit to the website. The consent is granted through our Consent Manager, which you can access again at https://www.pas-poel.de.

The consent includes the storage and retrieval of information on the user’s device in accordance with § 25 (1) TTDSG.

It also includes the processing of personal data for analysis purposes in accordance with Art. 6 (1) S. 1 lit. a DSGVO.

Processing will continue until the consent is withdrawn unless the purpose of processing ceases earlier.

6. Payment Service Provider Stripe

For processing payments initiated through our website, we use the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (“Stripe”). When Stripe provides services as a payment service provider (PSP), Stripe itself is the data controller within the meaning of the DSGVO. Payment processing via credit card and SEPA direct debit takes place directly through Stripe. We do not process these data for our own purposes.

If necessary, the exchange of such data may also be required to process payment disputes between us and Stripe, related to your booking. These data transfers take place on the basis of a legitimate interest in accordance with Art. 6 (1) lit. f DSGVO. Please note that Stripe, as a financial service provider and responsible party regarding the processing of financial transaction data, may also share your personal data with credit agencies, affiliated companies, and subcontractors, as far as necessary to fulfill contractual obligations, based on legitimate interest, or if the data is processed on behalf of Stripe. It is not excluded that Stripe may transfer personal information to affiliated companies outside the EU or the EEA (e.g., in the USA).

Your data will be transmitted to Stripe in encrypted form and processed exclusively by Stripe for payment processing purposes. Stripe is legally obligated to process and verify this data.

For further information on data protection in relation to this payment service provider, please refer to Stripe’s privacy policy: https://stripe.com/at/privacy.

If necessary, we will also provide your data to our service providers in the fields of banking, taxation & tax consulting, and – within the legal requirements – to the tax authorities.

7. Card Providers

To provide the maps, our processor vOffice uses the services of the OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, United Kingdom (“OpenStreetMap”).

Processed Information & Duration of Processing
The following data is processed for the display of maps:

  • The IP address of the end device
  • Date, time

The data is deleted after each session.

Purpose of Processing & Legal Basis

The data is processed to improve the usability of the website and our offerings, serving our legitimate interest as well as the user's legitimate interest according to Art. 6 (1) S. 1 lit. f DSGVO.

8. Virtual 3D Tours

The 3D tours (also called "Virtual Tours") are provided via the service provider Matterport Inc., 352 E. Java Drive, Sunnyvale, CA 94089, USA.

Processed Data Categories:

  • The IP address of the end device
  • Date, time
  • Data for creating usage statistics
  • Data about website usage
  • Logging of clicks on individual elements

Legal Basis for Processing:
Your consent according to Art. 6 (1) lit. a DSGVO.

Data is transferred to the independent data controller Matterport Inc., 352 E. Java Drive, Sunnyvale, CA 94089, USA.

The legal basis for the data transfer to Matterport Inc. is your consent under Art. 6 (1) lit. a DSGVO. This may also include the transfer of personal data to a country outside the European Union.

The transfer of data is based on your consent pursuant to Art. 6 (1) lit. a in conjunction with Art. 49 (1) lit. a DSGVO.

You can read Matterport Inc.’s privacy policy here: https://matterport.com/de/node/44.

III. Newsletter Dispatch

You can sign up for our newsletter on our website. We need your email address for this. Additionally, we must verify whether you are the owner of the given email address and wish to receive the newsletter. To do this, we will send you a validation email. Our newsletter informs you about our offers, events, and vacation activities.

Legal Basis
The legal basis for sending and receiving the newsletter is your consent in accordance with Art. 6 (1) S. 1 lit. a DSGVO.

You can withdraw your consent to the collection and storage of your data at any time without giving a reason. To do so, use the unsubscribe link provided at the end of each newsletter or contact us at info@pas-poel.de.

Processor
For the newsletter dispatch, our processor vOffice uses the service provider Mailjet GmbH, Alt-Moabit 2, 10557 Berlin (“Mailjet”). vOffice has entered into a data processing agreement with Mailjet, so that Mailjet processes personal data solely on behalf of vOffice.

IV. Additional Notes for Communication with Us

The following notes apply to any communication with us. If the communication occurs within a contractual relationship, the data processing will also be governed by the additional notes under section V.

1. Phone

Processed Information & Duration of Processing
In addition to your phone number, we process the personal data provided by you during the call.

The data will be deleted once the issue is resolved, unless there is another reason for processing.

Purpose of Processing & Legal Basis
The personal data is processed solely for the purpose of processing your request and in case of follow-up questions.

If the communication is aimed at concluding a contract, the legal basis for processing is Art. 6 (1) S. 1 lit. b DSGVO. In all other cases, the legal basis is Art. 6 (1) S. 1 lit. f DSGVO. Your interest does not override our interest in responding to your request; since you are writing or calling us, responding is also in your interest, and you are aware that we must process your personal data to answer your request.

2. Email and Contact Form

You can contact us via email directly or via a contact form on our website. Please note that there are possibilities for third parties to gain insight into email communications. If you want to ensure that the information you provide is not exposed to the risk of illegal access, we recommend using a different communication method. However, if you contact us via email, we assume that further communication via this channel is in your interest.

Processed Information & Duration of Processing
In addition to your email address, we process the personal data you provide to us during the email communication.

The data will be deleted once the issue is resolved, unless there is another reason for processing.

Purpose of Processing & Legal Basis
The personal data is processed solely for the purpose of processing your request and in case of follow-up questions.

If the communication is aimed at concluding a contract, the legal basis for processing is Art. 6 (1) S. 1 lit. b DSGVO. In all other cases, the legal basis is Art. 6 (1) S. 1 lit. f DSGVO. Your interest does not override our interest in responding to your request; since you are writing to us, responding is also in your interest, and you are aware that we need to process your personal data to respond to your request.

V. Additional Notes for Our Customers

The following notes apply if we are in a contractual relationship or such a relationship is being established.

Processed Information & Duration of Processing

The processing of your data depends on the tasks within the contractual relationship. We use the personal data exclusively for the purpose for which it was provided to us. In the case of renting a vacation property, the following data is processed:

  • Salutation
  • First name
  • Last name
  • Street / House number
  • Postal code / City
  • Email address
  • Phone number
  • Country
  • Booking timestamp
  • IP address of the booking person

The personal data will be deleted once the contractual relationship with you has ended, unless there is another reason for processing.

Purpose of Processing & Legal Basis

The processing is primarily for the purpose of initiating, establishing, and executing the contractual relationship; the legal basis for this is Article 6(1)(b) GDPR.

Furthermore, we process your data based on our legitimate interest, particularly for communication management, economic controls, contract and project management, and ensuring the operation of information and telecommunications systems. The legal basis for this is Article 6(1)(f) GDPR.

In addition, we may be bound by legal obligations that must be complied with under applicable laws and regulations. The legal basis for this is Article 6(1)(c) GDPR. This includes, in particular, tax retention obligations.

Data Processing in Connection with the Digital Guest Card

Our vacation property customers are entitled to use the digital guest card, which is provided as part of our contractual relationship. The use of this card requires the input of the following data:

  • Arrival and departure date
  • First and last name of the guest
  • Date of birth
  • Nationality
  • Address
  • Number of accompanying persons and their nationality
  • ID number for foreign guests
  • Email address

This data (except for the email address) is processed to fulfill the guest registration requirement under Section 30 of the German Federal Registration Act. The data processing is therefore based on Article 6(1)(c) GDPR. Please note that we are obligated to provide this data (except for the email address) to the relevant authorities upon request. The statutory retention period is twelve months. After this period, the data will be deleted within three months.

Data for Using the Digital Guest Card

For the use of the digital guest card, the following data is processed:

  • First and last name of the guest
  • Email address
  • Data on the use of discounts

This data is processed to provide the guest with the services associated with the digital guest card. The data processing is based on Article 6(1)(b) GDPR.

The data will be deleted once any claims of the guest arising from the provision of the guest card have expired. The limitation period is three years after the end of the year in which the claim arose.

For the digital guest card, we use the company vOffice GmbH, Untere Querstraße 3, 23730 Neustadt i.H., as a processor to manage the registration obligation and the provision of the guest card for the use of discounts.

Cookies

Bitte aktivieren Sie Javascript, um die Liste aller deklarierten Cookies und ähnlicher Techniken zu sehen.
Last viewed