Your consent applies to the following domains: Steiger-Hotels.com, Steiger-Hotels.de, onepagebooking.com,

1. We are responsible for your data As a visitor to our website, you expect a high level of quality and competence not only from the offers and services of our company, but also in the processing of your personal data. we are responsible for the handling of your personal data, which we process in accordance with the requirements of the European General Data Protection Regulation (GDPR) and other applicable European and German data protection laws and in accordance with your specifications and wishes. Personal data is data by which you can be identified or are identifiable. Your personal data will only be processed by us if this is permitted by law or if you have given your prior consent. Name and address of the controller Margaux Paulin Steiger -Markt 13 – 01855 Sebnitz In addition to the above postal address, you can also reach us by email at info@steiger-hotels.de.Weitere. Contact information, contact persons and mandatory information can also be found in the legal notice. It is important to us that you can find out at any time from the following information which personal data is collected during your visit to our website and when you use our services and how we then process it.
   
   
2. Our data protection officer If you have any questions about data protection or data security, you can contact our data protection officer by email at info@steiger-hotels.de or by post at Margaux Paulin Steiger -Markt 13 – 01855 Sebnitz

1. General information on data processing
   
   1. Security of your data We take technical and organizational security precautions to protect your personal data against accidental or intentional manipulation, loss, destruction or access by unauthorized persons and to ensure the protection of your rights and compliance with the applicable data protection regulations of the EU and the Federal Republic of Germany. The measures taken are intended to guarantee the confidentiality and integrity of your data and to ensure the availability and resilience of the systems and services when processing your data in the long term. They are also intended to restore the availability of the data and access to it quickly in the event of a physical or technical incident. Our security measures also include the encryption of your data. All information that you enter online is technically encrypted and only then transmitted. This means that this information cannot be viewed by unauthorized third parties at any time. Our data processing and security measures are continuously improved in line with technological developments. Our employees are obliged in writing to maintain confidentiality and to comply with the requirements of the GDPR.
      
      
   1. Scope of the processing of personal data We only process the personal data of our users insofar as this is necessary to provide a functional website and our content and services. The processing of personal data of our users takes place with the consent of the user. This is not the case if prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
      
      
   2. Legal basis for the processing of personal data
      1. Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a (GDPR) serves as the legal basis.
      2. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
      3. Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
      4. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
      5. If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
         
         
   3. Data erasure and storage duration The personal data of the data subject will be erased or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract. The storage periods specified in each case may be extended accordingly if, in individual cases, particularly if the data is processed for different purposes, there is a longer statutory or contractual retention period.
      
      
   4. What is mandatory information or mandatory fields? If certain data fields are designated as mandatory fields and/or marked with an asterisk ( * ) during collection, the provision of this data is either required by law or contract, or we require this data for the conclusion of the contract, the desired service or the stated purpose. It is of course at your discretion to provide the data, even in the mandatory fields. Failure to provide data may mean that we are unable to fulfill a contract or provide the requested service or achieve the stated purpose.
      
      
   5. Data processing in detail and your rights as a data subject Below we provide you with information on data processing in detail and have divided this information into the following individual areas:
      
      • Information on the individual areas, services and functionalities of the website can be found in section D
      • Notes on individual analyses and evaluations on the website are presented in section E
      • Information on integrated third-party plugins/widgets (social media) can be found in section F

      Your rights as a data subject are described in section G.

2. Individual areas, services and functionalities of the website
   
   1. Contact form and e-mail contact
      1. Description and scope of data processing If you have any questions or requests, please do not hesitate to contact us. To facilitate communication between you and us, there is a contact form on our website that can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. These data are
         • Gender
         • Name
         • E-mail address
         • Phone number
         • Message

         The provision of address and telecommunications data marked as mandatory in our contact/message forms is necessary in order to process and respond to your request. The voluntary provision of further data makes it easier for us to process your inquiry. The following data is also stored at the time the message is sent:

         • IP address of the user Date and time of access URL of the accessed page URL from which the user comes (so-called referrer) Information about the browser type and the version used (from the user agent) Operating system of the user (from the user agent)
         • Three bytes of the IP address of the user’s calling system
         • Date and time the form was sent
         • Information about the browser type and the version used (from the user agent)
         • Operating system of the user (from the user agent)

         Your consent is obtained for the processing of the data as part of the sending process and reference is made to this privacy policy. Alternatively, you can contact us via the e-mail address(es) provided. In this case, the user’s personal data transmitted with the e-mail will be stored. The data will not be passed on to third parties in this context. The data is used exclusively for processing the conversation. As a rule, we store the information from your inquiry for three months after answering the inquiry in the event of further inquiries, unless it concerns commercial or business letters, which we store for at least six or ten years.

      2. Legal basis for data processing The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given consent; the legal basis for the processing of the data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
      3. Purpose of data processing The processing of personal data from the input mask serves us solely to process the contact. In the case of contact by email, this also constitutes the necessary legitimate interest in processing the data. The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.
      4. Duration of storage The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. The additional personal data collected during the sending process will be deleted after a period of fourteen days at the latest.
      5. Objection and removal option The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. Details on revocation and objection can be found under section G.
   2. Application form and e-mail contact
      1. Description and scope of data processing If you would like to apply electronically directly via our website, you can use our application form. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. These data are
         • First name
         • Surname
         • E-mail address
         • Phone number
         • Website
         • Message
         • File attachments

         The provision of address and telecommunications data marked as mandatory in our contact/message forms is necessary in order to process and respond to your request. The voluntary provision of further data makes it easier for us to process your inquiry. The following data is also stored at the time the message is sent:

         • Three bytes of the IP address of the user’s calling system
         • Date and time the form was sent
         • Information about the browser type and the version used (from the user agent)
         • Operating system of the user (from the user agent)

         Your consent is obtained for the processing of the data as part of the sending process and reference is made to this privacy policy. Alternatively, you can contact us via the e-mail address(es) provided. In this case, the user’s personal data transmitted with the e-mail will be stored. The data will not be passed on to third parties in this context. The data is used exclusively for processing the conversation. As a rule, we store the information from your inquiry for three months after answering the inquiry in the event of further inquiries, unless it concerns commercial or business letters, which we store for at least six or ten years.

      2. Legal basis for data processing The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given consent; the legal basis for the processing of the data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
      3. Purpose of data processing The processing of personal data from the input mask serves us solely to process the application process. In the case of an application by email, this also constitutes the necessary legitimate interest in processing the data. The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.
      4. Duration of storage The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input screen of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. The additional personal data collected during the sending process will be deleted after a period of fourteen days at the latest.
      5. Objection and removal option The user has the option to revoke their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. Details on revocation and objection can be found under section G.
3. Analyses and evaluations on the website
   
   1. Provision of the website and creation of log files
      1. Description and scope of data processingEverytime our website is accessed, our system automatically collects data and information from the computer system of the accessing computer, including the following data:
         • IP address of the user
         • Date and time of access
         • URL of the requested page
         • URL from which the user comes (so-called referrer)
         • Information about the browser type and the version used (from the user agent)
         • Operating system of the user (from the user agent)

         The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

      2. Legal basis for data processing The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.
      3. Purpose of data processing The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session. The data is stored in log files to ensure the functionality of the website. We also use the data to optimize the website and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this context. These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.
      4. Duration of storage The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. If the data is stored in log files, this is the case after fourteen days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymized so that it is no longer possible to identify the accessing client.
      5. Objection and removal options The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object.
   2. General information on the use of cookies
      1. What are cookies and what are they used for? Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. Cookies are used,
         • to make our website user-friendly and optimally tailored to your needs,
         • to enable and ensure the necessary technical functions (e.g. contact form),
         • to evaluate visits to our website pseudonymously for marketing and optimization purposes (web tracking) and
         • to note the rejection of cookies (“opt-out” cookies).

         Under certain circumstances, third-party cookies are also set (e.g. embedding YouTube or Vimeo videos or Google Maps) to enable third-party functions and technologies.

      2. Use of cookies If you continue to actively use our website after the banner information on our initial website, we assume that you consent to the use of cookies in order to make our website user-friendly and optimally tailored to your needs and to evaluate your visits to our website pseudonymously for marketing and optimization purposes (web tracking).
      3. Rejection/deletion of cookies You can declare the general rejection of cookies via the settings of your web browser. You can set your web browser so that it notifies you when cookies are set or generally rejects or restricts the setting of cookies. However, if you deactivate or restrict cookies using your web browser, you will no longer be able to use various functions on our website. You can also use your web browser to delete stored cookies at any time, even automatically. You can use the following links to find out about these options for the most commonly used browsers:
         • Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
         • Firefox: http://support.mozilla.org/de/kb/cookies-informationen-websites-auf-ihrem-computer
         • Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&answer=95647
         • Safari: https://support.apple.com/kb/PH21411?locale=de_DE
         • Opera: https://help.opera.com/en/latest/web-preferences/#cookies.

         If you have not made or do not make any different settings, cookies that enable and ensure the necessary technical functions will remain on your end device until you close the browser; other cookies may remain on your end device for longer.

   3. Own cookies
      1. Description and scope of data processing We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change. The following data is stored and transmitted in the cookies:
         • Session ID (to recognize the website visitor across page changes until the browser is closed)
         • Status of the info banner on the use of cookies

         The user data collected in this way is pseudonymized by technical precautions. It is therefore no longer possible to assign the data to the accessing user. The data is not stored together with other personal data of the user. When accessing our website, users are informed by an info banner about the use of cookies for analysis purposes and referred to this privacy policy. In this context, there is also a reference to how the storage of cookies can be prevented in the browser settings.

      2. Legal basis for data processing The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR.
      3. Purpose of data processing The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognized even after a page change. We require cookies for the following applications:
         • Use of forms (e.g. contact form and application form)
         • To check whether the info banner about the use of cookies should be displayed again or for the first time

         The user data collected by technically necessary cookies is not used to create user profiles. These purposes also constitute our legitimate interest in the processing of personal data pursuant to Art. 6 para. 1 lit. f GDPR.

      4. Duration of storage, objection and removal options Cookies are stored on the user’s computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.
4. Third-party plug-ins/widgets (social media)
   
   1. Embedding YouTube videos YouTube videos are embedded on our website, which are stored on YouTube (Google Inc., Amphitheater Parkway, Mountain View, CA 94043, USA), but can be played directly on our website. To protect your privacy, you must first activate the videos on our pages. When you activate or play the videos, cookies from YouTube or DoubleClick may be stored and/or read on your end device and data may be transferred to YouTube or DoubleClick (USA, Google), such as your IP address and cookie ID, the specific address of the page you accessed on our site, system date and time of access, and your browser ID. For the purposes and scope of data collection and processing by YouTube and DoubleClick, please refer to the information provided by Google: https://www.google.de/intl/de/policies/privacy/. If you do not want YouTube or DoubleClick to receive data about you through the use of our website, you must not activate the videos. Once the video has been activated, data is transferred regardless of whether you have a user account with YouTube or Google that you are logged into or whether you do not have a user account. If you are logged in, this data can be directly assigned to your account. If you want to avoid this as far as possible, you must log out before activating the video.
   2. Embedding of Google Maps maps We embed the maps of the “Google Maps” service of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The processed data may include, in particular, IP addresses and location data of users, which, however, are not collected without their consent (usually as part of the settings of their mobile devices). The data may be processed in the USA. Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
5. Your rights as a data subject
   
   1. Information If you have any questions about the processing of your personal data by us, we will of course be happy to provide you with information about the data concerning you.
   2. Right to rectification, erasure, right to restriction of processing and right to data portability You also have the right to rectification, erasure, restriction of processing and objection to processing if the legal requirements are met. If the legal requirements are met, you have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format.
   3. Your contact person In all these cases, please contact our data protection officer (see section B. above) at the communication addresses given there.
   1. Right to lodge a complaint with a competent data protection supervisory authority Finally, you have the right to lodge a complaint with a competent data protection supervisory authority.
   1. Right to object You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You have the option, in connection with the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures that use technical specifications.
   2. Right to revoke the declaration of consent under data protection law You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
   3. Advertising blacklist Following your objection to the processing of your personal data for advertising purposes or the withdrawal of your consent, we are obliged under data protection law in accordance with the requirements of the German data protection supervisory authorities to include the data required for this (name, address, e-mail address) in our internal advertising blacklist and to store (block) it permanently – for this purpose only – and to use it for comparison with our future advertising files. In this way, we can ensure that your objection to advertising or the withdrawal of your consent is permanently observed.
   4. Automated individual decision-making, including profiling You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
   1. Changes to the purposes of processing If we change the purposes of processing over time, we will inform you in advance by updating this data protection notice.

1. Privacy policy for the use of Google Analytics This website uses functions of the web analysis service Google Analytics. The provider is Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The usage includes the operating mode “Universal Analytics”. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyze the activities of a user across devices. Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. We have activated IP anonymization on this website. As a result, your IP address will be truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before transmission to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Further information on terms of use and data protection can be found at https://www.google.com/analytics/terms/de.html or at https://policies.google.com/?hl=de. Purposes and legal basis of processing On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity. The website operator uses this data, such as time spent, origin or language selection of visitors, in order to analyze the website and subsequently optimize it in terms of advertising effectiveness with regard to the interests of visitors and to acquire new potential customers. The legal basis for the use of Google Analytics is Art. 6 para. 1 sentence 1 lit. a GDPR. Recipient / categories of recipients The recipient of the collected data is Google. Transfer to third countries The personal data is transferred to the USA under the EU-US Privacy Shield on the basis of the adequacy decision of the European Commission. You can access the certificate here. Duration of data storage The data sent by us and linked to cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after 14 months. The deletion of data whose retention period has been reached takes place automatically once a month. Rights of data subjects You can revoke your consent at any time with effect for the future by preventing the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser add-on. Opt-out cookies prevent the future collection of your data when you visit this website. To prevent Universal Analytics from collecting data across different devices, you must opt out on all systems used. If you click here, the opt-out cookie will be set: Disable data collection by Google Analytics for this website
2. Changes to the data protection information From time to time it is necessary to adapt the content of this data protection information for data collected in the future. We therefore reserve the right to amend this information at any time. We will also publish the amended version of the data protection information here. If you visit us again, you should therefore read the data protection information again.