Data protection

Data Privacy Policy for our website


I. Name and address of the controller

Under the General Data Protection Regulation and other national data protection laws in the Member States as well as other data protection regulations, the controller is:

GenoHotel Karlsruhe GmbH & Co. KG
Am Rüppurrer Schloss 40
76199 Karslruhe
Phone: +49 (0)721 -9898-0
email:hotel@genohotel-karlsruhe.de


II. General information on data processing


1. Scope of processing of personal data
We only ever collect and use our users' personal data where this is necessary for providing a functioning website and our contents and services. Our users' personal data is usually only collected and used with the users' consent. Exceptionally, this is not the case if it is not possible to obtain prior consent for material reasons and the processing of such data is permitted by law.


2. Legal basis for the processing of personal data
The processing of personal data is lawful when the data subject has given consent to such processing under Article 6(1) a) of the EU General Data Protection Regulation (GDPR).
The processing necessary for the performance of a contract to which the data subject is a contracting party is lawful under Article 6(1) b) GDPR. This also applies to processing which is necessary prior to entering into a contract.
The processing of personal data necessary for compliance with a legal obligation to which our company is subject is lawful under Article 6(1) c) GDPR.
Processing which is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, is lawful under Article 6(1) f) GDPR.


3. Erasure of data and storage period
The data subject's personal data will be erased or made unavailable for use as soon as the reasons for which such data have been stored no longer apply. Personal data may also be stored if this is envisaged in European or national laws, European Union regulations, laws or other legal provisions to which the controller is subject. Data are also made unavailable for use or erased if a period of storage stipulated in the stated norms expires, unless the data must continue to be stored for the purpose of entering into or fulfilling a contract.


III. Provision of the website and generation of log files


1. Description and scope of data processing
Our system automatically collects data and information from the computer system of the accessing computer every time our website is visited.
The following data are collected:

  • Information about the type and version of browser used
  • The user’s operating system
  • The user’s internet service provider
  • The user’s IP address
  • The date and time of access
  • Websites from which the user’s system came to our website
  • Websites accessed by the user’s system from our website

These data are also stored in our system’s log files. These data are not stored together with the user’s other personal data.


2. Legal basis for the processing of data
The temporary storage of data and the log files is lawful under Article 6(1) f) GDPR.


3. Purpose of data processing
The IP address needs to be stored temporarily by the system to enable the website to be displayed on the user’s computer. For this purpose the user’s IP address must be stored for the duration of the session.

Data are stored in log files in order to ensure the functionality of the website. The data are also used to optimise the website and to guarantee the security of our information technology systems. The data are not assessed for marketing purposes in this connection.

We also have a legitimate interest in these purposes under Article 6(1) f) GDPR.


4. Duration of storage
The data are erased as soon as they are no longer required for the purposes for which they have been collected. When data are collected for the purpose of displaying the website this is the case when the session ends.

Data which are stored in log files are erased after seven days at the latest. The data can be stored for longer than this. In this case users’ IP addresses are erased or altered in a way that prevents them being assigned to the accessing client.


5. Right to object and removal
Data has to be collected in order to display the website; data has to be stored in log files to enable the website to be operated. The user cannot, therefore, object.


IV. Use of cookies


1. Beschreibung und Umfang der Datenverarbeitung
Our website uses cookies. Cookies are text files which are stored in or by the internet browser on the user’s computer system. A cookie may be stored on the user’s operating system when he or she visits a website. This cookie contains a characteristic character string which enables the browser to be unmistakably identified when the website is accessed the next time.
We use cookies to make our website more user friendly. Some of the elements on our website need to be able to identify the accessing browser even after it has moved on to another page.
The following data are stored and transmitted in the cookies:
We also use cookies on our website which enable us to analyse the user’s surfing behaviour.
Consequently, the following data may be transmitted:

  • Any search terms entered
  • Frequency with which particular pages are visited
  • Use of website functions

Technical measures are adopted to pseudonymise the data collected from the user in this way. This means that it is no longer possible to assign the data to the visiting user. The data are not stored with any of the user’s other personal data.
When you visit our website, an information banner informs you about the use of cookies for analysis purposes and refers you to this data privacy policy. You will also then be informed about how you can change your browser settings to prevent cookies being stored.
The user data collected by technically essential cookies are not used to create user profiles.
The analysis cookies are used to improve the quality of our website and its contents. We are then informed about how the website is used and can in this way continuously improve our offer.
We also have a legitimate interest under Article 6(1) f) GDPR in the processing of personal data for these purposes.


2. Legal basis for data processing
The processing of personal data using cookies is lawful under Article 6(1) f) GDPR.


3. Purpose of data processing
Technically essential cookies are used to make it easier to use the website. Some of the functions on our website can only be offered in conjunction with the use of cookies. This means that the browser must be recognised again even after it has moved on to another page.
The user data collected by technically essential cookies are not used to create user profiles.
The analysis cookies are used to improve the quality of our website and its contents. We are then informed about how the website is used and can in this way continuously improve our offer.
We also have a legitimate interest under Article 6(1) f) GDPR in the processing of personal data for these purposes.


4. Duration of storage, right to object and removal
Cookies are stored on the user’s computer and transmitted from the user’s computer to our website. This means that you, the user, have full control over the way cookies are used. You can disable or restrict the transmission of cookies by changing the settings in your internet browser. Cookies which have already been stored can be erased again at any time. This can be done automatically. If you disable cookies for our website, you may no longer be able to use all the website functions in full.


V. Registration


1. Description and scope of data processing

The member portal on our website offers users who are our members (e.g. employees of cooperatives) the option of providing personal data for registration purposes. Registration is undertaken by a member’s administrator. The user can contact this administrator via a contact form to ask for user access to be set up. No other data are sent to third parties.


The following data are collected during the registration process:

First name, family name, email address, street and house number, postal code, town/city; function, name and address of cooperative


The following data are also stored at the time you register:


  • The user’s IP address
  • The date and time of registration


2. Legal basis for the processing of data
The processing of data is lawful under Article 6(1) f) GDPR. If the purpose of registration is to fulfil a contract to which the user is a party or to take steps prior to entering into a contract, the processing of data is also lawful under Article 6(1) b) GDPR.


3. Purpose of data processing
The user must register for the purpose of accessing certain contents and services on our website.

The registered user then has access to content reserved for members of the Baden-Württembergischer Genossenschaftsverband e.V., including but not limited to circulars, statistics and additional information. It is necessary to process the registration data to ensure that the user is identified as one of our members and, where relevant, to make contact with the user.


4. Duration of storage
The data are erased as soon as they are no longer required for the purposes for which they have been collected. This is the case for data collected during registration when registration is cancelled or changed on our website.


5. Right to object and removal
As a user you have the right to cancel your registration at any time. You can have the data stored on you altered at any time.

A more detailed description of how accounts and data can be altered follows below.


VI. Contact form and email contact


1. Description and scope of data processing
There is a contact form on our website which can be used to make contact electronically. If you wish to contact us in this way, the data which you enter will be sent to us and stored. These data are:

First name, family name, company/cooperative, telephone, email address, message box “Your message”

The following data are additionally stored at the moment the message is sent:

  • The user’s IP address
  • The date and time of registration

The data are processed when the “Send” button is clicked.

Alternatively, you can write to the email address provided. In this case only the personal data sent with the email will be stored.

The data are not passed on to third parties in this connection. The data are used solely to process the conversation.


2. Lawfulness of data processing

The legal basis for the processing of the data sent using the contact form or by email is Article 6(1) f) GDPR. If the purpose of the email is to enter into a contract, processing is also lawful under Article 6(1) b) GDPR.


3. Purpose of data processing
We only process the personal data entered by you in the input mask to process your message. If contact is made by email, we also have a legitimate interest in processing the data.
Other personal data processed when making contact are used to prevent the contact form from being misused and to secure the safety of our information technology systems.


4. Duration of storage
The data are erased as soon as they are no longer required for the purposes for which they have been collected. This is the case for data entered in the input mask in the contact form or sent by email when the relevant conversation with the user is ended. The conversation is ended when it can be inferred from the circumstances that the issue in question has been conclusively clarified.

Other personal data collected during transmission will be erased after a period of seven days at the latest.


VII. Rights of data subjects

If your personal data is processed, you are the data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:


1. Right of access
You can ask the controller to confirm whether or not we process your personal data.
If we do process your personal data, you have the right to be provided with the following information by the controller:


  • The purposes for which personal data are processed;
  • The categories of personal data which are processed;
  • The previous or current recipients and/or the categories of previous or current recipients of your personal data;
  • The period for which it is planned that your personal data will be stored or, if no specific data are available in this respect, criteria for the stipulation of such period;
  • The existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • All available information about the origin of data if the personal data are not collected from the data subject;
  • The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.


You have the right to ask for information about whether the relevant personal data are transferred to an international organisation or third country. In this connection you have the right to demand information about suitable guarantees in accordance with Article 46 GDPR in connection with such transfer.


2. Right to rectification:
You have a right to require that the controller rectify and/or complete any of your personal data which are incorrect or incomplete. The controller must rectify incorrect data immediately.


3. Right to restriction of processing
You have the right to demand that the processing of your personal data is restricted in the following circumstances:


  • if you dispute the accuracy of the personal data relating to you for long enough for the controller to verify whether or not the personal data are correct;
  • the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of the use of the personal data;
  • the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or
  • you have objected to processing pursuant to Article 21(1) GDPR pending verification of whether the legitimate grounds cited by the controller override the grounds cited by you.


If the processing of your personal data has been restricted, such personal data shall, with the exception of storage, only be processed with your consent for the establishment, exercise or defence of legal claims, for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If processing has been restricted in compliance with the above requirements, you will be informed before such restriction is lifted.


4. Right to erasure (‘right to be forgotten’)
a) Duty to erase
You have the right to obtain from the controller the immediate erasure of your personal data and the controller is then obliged to erase this personal data immediately where one of the following grounds applies:


  • Your personal data are no longer required for the purposes for which they were collected or otherwise processed.
  • You withdraw the consent on which the processing is based in accordance with Article 6(1) a) or Article 9(2) a) GDPR and there is no other legal basis for the processing.
  • You object to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 (2) GDPR.
  • The personal data concerning you have been unlawfully processed.
  • Your personal data must be erased in order to comply with a legal obligation in Union or Member State law to which the controller is subject.
  • Your personal data have been collected in relation to the offer of information society services in accordance with Article 8(1) GDPR.


b) Information for third parties
Where the controller has made your personal data public and is obliged in accordance with Article 17(1) GDPR to erase the personal data, the controller must take reasonable steps, taking account of available technology and the cost of implementation, including technical measures to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copies or replications of such personal data.

c) Exceptions
There is no right to erasure if the processing is necessary


  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health in accordance with Article 9(2) h) and i) as well as Article 9(3) GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) GDPR insofar as the right referred to in a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • for the establishment, exercise or defence of legal claims.


5. Right of notification
If you have asserted your right to rectification, erasure or restriction of processing to the controller, the controller must communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right to be informed by the controller about these recipients.


6. Right to data portability
You have the right to receive the personal data concerning you which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, if:

  • the processing is based on consent in accordance with Article 6(1) a) GDPR or Article 9(2) a) GDPR or a contract in accordance with Article 6(1) b) GDPR; and
  • the processing is carried out by automated means.

In exercising this right you also have the right to have your personal data transmitted directly from one controller to another, where technically feasible. This right must not adversely affect the rights and freedoms of others.
The right to data portability does not apply to the processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.


7. Right to object
You have the right, based on grounds relating to your particular situation, to object at any time to the processing of your personal data in accordance with Article 6(1) e) or f) GDPR; this also applies to any profiling based on these provisions.
The controller may then no longer process the personal data relating to you unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or demonstrates that the data must be processed for the establishment, exercise or defence of legal claims.
If your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing purposes; this also includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, we will no longer process your personal data for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.


8. Right to revoke consent given under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. Withdrawal of consent does not affect the lawfulness of any processing conducted on the basis of the consent up to the point of withdrawal.


9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision


  • is necessary for entering into or performing a contract between you and the controller;
  • is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  • has been made with your explicit consent.


However, such decisions must not be based on special categories of personal data referred to in Article 9(1) GDPR unless Article 9(2) a) or g) GDPR applies and suitable measures to safeguard your rights and freedoms and your legitimate interests are in place.
In the cases referred to in points 1 and 3, the controller must implement suitable measures to safeguard your rights and freedoms and your legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.


10. Right to lodge a complaint with a supervisory body
Regardless of another legal remedy under administrative law or through the courts, you have the right to appeal to a supervisory authority, in particular in the Member State of your place of residence, your workplace or the place of the suspected infringement if you are of the opinion that the processing of the personal data concerning you infringes the GDPR.
The supervisory authority with which the complaint has been lodged must inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.


Objection to the use of our analysis service