Privacy notice

I. Preamble

For us, building partnership based on trust starts with taking care of the details. For us, this naturally includes protecting your data from the outset. In this privacy notice, we would like to explain how, why and what elements of your personal data are processed and used by us when you visit our website as we seek to make the online experience as pleasant as possible for our customers.
Our privacy policy has been compiled by taking into account the requirements of the GDPR General Data Protection Regulation of the European Union, the BDSG German Federal Data Protection Act, and the TMG German Telemedia Act.
 

II. Introduction

a. Controller

The controller within the meaning of the GDPR is:


GLC Glücksburg Consulting AG
represented by the Management Board: Professor Martin Weigel
Albert-Einstein-Ring 5
22761 Hamburg, Germany
Tel: +49 (0)40 8540 060
Fax: +49 (0)40 8540 0638
Email: info(at)glc-group.com
www.glc-group.com


b. Data protection officer

We are advised on questions concerning data protection by ARCONDA SYSTEMS AG, where our external data protection officer is Frank Espenhain. He can be contacted at the following address:
ARCONDA SYSTEMS AG
Sportallee 6
22335 Hamburg / Germany or per mail at f.espenhain@arconda.ag

c. Terminology

The terminology in this privacy notice corresponds to that used in the GDPR and the BDSG. The main terms used include the following:

  • ‘Personal data’: Any information pertaining to an identified or identifiable natural person (‘data subject’). An identifiable natural person is some who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person (Article 4(1) GDPR).
  • ‘Processing’: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (Article 4(2) GDPR).
  • ‘Third party’: A natural or legal person, public authority, agency or body other than the data subject, controller, processor or persons who, under the direct authority of the controller or processor, are authorized to process personal data (Article 4(10) GDPR).
  • ‘Consent’ of the data subject: Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her (Article 4(11) GDPR).

d. Types of data

In particular, the following types of data are processed on our website:

  • Inventory data (data required for the establishment, content creation, amendment or termination of a contractual relationship, e.g. names and address)
  • Contact details (data which can be used to contact you or your company, e.g. email addresses and telephone numbers)
  • Content data (content of messages sent, e.g. text entered by you, images, videos)
  • Usage data (technical information regarding for example access times and websites visited)
  • Communication data (data which provides us with information about the communication channel used, e.g. your browser, device information, IP addresses)
  • The following types of data also arise in connection with business-related processing:
  • Contract data (contract text and subject matter, term, etc.)
  • Payment details (e.g. bank details and accounting history)

 

e. Data subject groups and general purpose of processing 

Personal data is collected from the users of this website. Data collected from you is processed to help make this website available and to respond to enquiries. We also collect some data for the purposes of reach measurement and to improve the design of our website for our customers. Information about what data is collected, on what legal basis, and how we process it is contained in the specific explanations in this privacy notice.

f. Right of withdrawal

It goes without saying that, pursuant to Article 7(3) GDPR, you have the right at any time to withdraw the consent you have granted with future effect without stating your reasons for doing so. Withdrawal need not be expressed in a specific way to be valid and will take effect and be observed by us upon receipt, regardless of the medium used. However, to make things smoother for both you and us, we kindly request that declarations of withdrawal be sent to the following email address: datenschutz(at)glc-group.com.

g. Cookies

These days, nearly all websites use various cookies to ensure that the pages work as intended and in order to optimize their design and features for you. Cookies are information files which are transmitted by our web server or third-party web servers to your web browser, where they are stored for later retrieval. These information files are specific information packets related to your device (PC or smartphone and the browser you use). However, they do not enable us to identify you. Cookies are mainly used to improve the user-friendliness of websites (e.g. by storing login data or your preferred language). Cookies will not harm your device and do not contain viruses, trojan horses or other malicious software. 


What types of cookies do we use?

This website uses transient and persistent cookies. Their scope and how they work are explained below.

Transient cookies are automatically deleted as soon as you close your browser. They mainly include session cookies. Session cookies store a ‘session ID’, which can be used to remember various browser requests throughout the entire session, hence enabling your computer to be recognized if you visit our website again. Using these cookies means you do not have to log in each time you return to our website if you have an account with us. Session cookies are deleted when you log off or close your browser.
Persistent cookies automatically expire after a specific length of time, which may vary from one cookie to the next. Cookies can be deleted in your browser’s security settings at any time.

How can I prevent the usage of cookies?

Most browsers accept cookies by default. If you do not want cookies to be saved on your device, the corresponding option can be disabled in your browser’s system settings. Saved cookies can also be deleted in the system settings of your browser. However, please note that certain functions of this website may be impaired if cookies are not used. The following links explain how to disable cookies on the most popular browsers:
Google Chrome: support.google.com/accounts/answer/61416
Microsoft Internet Explorer: support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
Safari: support.apple.com/en-gb/guide/safari/sfri11471/mac support.apple.com/kb/ph21411
Firefox: support.mozilla.org/en-US/kb/delete-cookies-remove-info-websites-stored
Opera: help.opera.com/en/latest/web-preferences/

h. Objection to processing of personal data (including for direct marketing purposes)

Pursuant to Article 21 GDPR, regardless of your visit to our website, please note that you naturally always have the right to object to the processing of your personal data.

Under Article 21(2) GDPR, you also have the right to object to your personal data being processed for direct marketing purposes. Objection need not be expressed in a specific way to be valid and will take effect and be observed by us upon receipt, regardless of the medium used. However, to make things smoother for both you and us, we kindly request that objections be sent to the following email address: datenschutz(at)glc-group.com.

i. General right to erasure and restriction of processing

Your personal data can be erased or restricted in accordance with Articles 17 and 18 GDPR. Data is in particular erased by us as soon as the purpose for which the data was originally collected no longer applies and there is no statutory retention period. Under Section 257(1) HGB German Commercial Code, we are for instance legally obliged to keep account books, inventories, opening balance sheets, annual financial statements, individual financial statements as defined by Section 325(2a), management reports, consolidated financial statements and consolidated management reports as well as procedural instructions necessary to understand them and other organizational documentation, commercial letters and accounting receipts for a period of six years. If statutory retention obligations apply, we shall restrict the processing of data so that we can only process it for the statutorily prescribed purpose.

j. Data security

To ensure the security of your data, we use the widespread SLL (Secure Socket Layer) protocol to transmit both website content and data entered by you. Data is sent between you and our hosting provider using 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. 
 

III. Your rights

The aim of our efforts to protect your data is for you to always have full control over the information you provide. As such, in addition to the aforementioned rights, you also have rights regarding the personal data stored by us, which are described below in detail.

 

a. Right to obtain confirmation of processing

Pursuant to Article 15 GDPR, you have the right to obtain confirmation from us regarding the processing of your personal data. 

 

b. Right of access

If we process your personal data, under Article 15 GDPR, you have the right to access your data in our possession. We will provide you with this information in accordance with the provisions of Article 15 GDPR.

 

c. Right to completion and rectification 

Pursuant to Article 16 GDPR, you have the right to request us to rectify incorrect personal data concerning you without delay. You also have the right to complete incomplete data stored by us. 

 

d. Right to erasure

Under Article 17 GDPR, you have the right to request that your personal data be erased without delay if one of the following points applies and if none of the exceptions provided for in Article 17(2, 3) GDPR apply: 

  • The personal data is no longer required for the purposes for which it was collected or processed in some other way
  • The data subject withdraws his or her consent on which processing is based under Article 6(1a) or Article 9(2a) and there is no other legal basis for processing
  • The data subject objects to processing in accordance with Article 21(1) and there are no overriding legitimate grounds for processing, or the data subject objects to processing under Article 21(2)
  • The personal data has been unlawfully processed
  • The personal data must be erased to comply with a legal obligation under Union or Member State law to which the controller is subject
  • The personal data was collected in relation to the offer of information society services referred to in Article 8(1) 

 

e. Right to the restriction of processing

Under Article 18 GDPR, you have the right to request that the processing of your personal data be restricted without delay if one of the following applies:

  • The accuracy of personal data is contested by the data subject, restriction to apply for a period enabling the controller to check the personal data’s accuracy
  • Although processing is unlawful, the data subject opposes the erasure of the personal data and requests that its use be restricted instead
  • Although the controller no longer needs the personal data for the purposes of processing, it is required by the data subject to establish, exercise or defend legal claims 
  • The data subject has objected to processing under Article 21(1) GDPR pending verification of whether the controller’s legitimate grounds outweigh those of the data subject 

Where processing has been restricted under paragraph 1, such personal data may, with the exception of storage, only be processed with the data subject’s consent, for the establishment, exercise or defence of legal claims, to protect the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State. We will notify you prior to the lifting of any such restriction.

 

f. Right to data portability

Under Article 20 GDPR, you have the right to receive personal data concerning you in a structured, commonly used and machine-readable format, and to request that it be transmitted to a third party without hindrance. Restrictions to this right may apply under Article 20 GDPR.

 

g. Right to lodge a complaint

Pursuant to Article 77 GDPR, you have the right to lodge a complaint with the relevant supervisory authority. The competent authority can be contacted at the following address: Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit, Klosterwall 6, 20095 Hamburg, Germany; tel: 040 428544040; fax: 040 428 54 4000; email: mailbox(at)datenschutz.hamburg.de.

IV. Processing for technical reasons 

a. Hosting the website

To be able to make this website available to you, we work with a hosting provider who supplies the infrastructure for the smooth operation of this website and carries out regular maintenance to ensure your data is not lost. To ensure compliance with data protection standards and that your data is protected, our hosting provider has signed a data processing agreement pursuant to Article 28 GDPR obliging it to observe our high data protection standards. This provider processes inventory, contact, content, contract, use and communication data for users of this website on the basis of our legitimate interest in the maintenance, operation and security of this website pursuant to Article 6(1f) GDPR.


In addition, usage data is created every time our website is visited. This includes in particular the name of the website accessed, downloaded files, the date and time of access, the volumes of data transferred in each case, messages about successful website access, the browser type and operating system used, the site previously visited, the IP address and the provider used. This data is processed by us or our hosting provider on our behalf and on the basis of our legitimate interest in protection from misuse and for security reasons pursuant to Article 6(1f) GDPR. With the exception of personal data which must continue to be stored for evidence purposes, personal data is stored for seven days and then automatically erased. 

b. Contacting us

By contact form
If you wish to contact us, you can do so by using our contact form. We will process the data collected there to deal with your contact enquiry pursuant to Article 6(1b) GDPR. If in addition we stay in touch with you for commercial purposes, your personal data may also be processed in a customer relationship management system. If the data is no longer required to respond to your enquiry, we will erase it provided that no statutory archiving obligations apply. 


Contacting us by email or telephone
If you contact us by telephone or email, your details will be processed in order to deal with your contact enquiry pursuant to Article 6(1b) GDPR (necessary details prior to entering into a contract) or Article 6(1f) GDPR (legitimate interest in responding to your enquiry). If you contact us by email, we will also save the content you send us by email. If you provide us with information about communication channels (such as telephone numbers), we may also contact you via these communication channels to answer your request. The personal data you provide will only be used for the purpose for which you provided us with it when contacting us.

We will erase the data we receive when you contact us as soon as it is no longer required to achieve the purpose for which it was collected. This also applies to data you provide voluntarily. It is in our legitimate interest to store this data together with the required data. Personal data sent by email or provided to us by telephone will be erased when the conversation with the user has ended. The conversation is deemed to have ended when it can be inferred from the circumstances that the matter in question has been finally clarified, albeit no later than one month after the most recent contact. If a contract is concluded with you, the statutory retention periods apply.

c. Privacy in connection with applications and application procedures

To deal with application procedures, applicants’ personal data is collected and processed by the controller. Processing may also take place electronically. This is mainly done whenever an applicant submits application documents digitally (e.g. by email) to the controller. If a contract of employment is subsequently concluded between the controller and the applicant, the data provided will be saved in order to implement employment in compliance with the statutory regulations. If an applicant is informed that he or she has been turned down, the application documents will be automatically deleted after six months assuming no contract of employment is concluded between the controller and the applicant unless other legitimate interests on the part of the controller stand in the way of deletion. An example of other legitimate interests in this sense is the burden of proof in proceedings under the AGG General Equal Treatment Act.

d. Booking enquiries 

Holiday accommodation in the Bad Sachsa region can be reserved or booked on our website. Your personal data provided by you in connection with your enquiry will be processed in order to deal with your enquiry on the basis of Article 6(1b) GDPR.


e. Ordering brochures

Brochures can be ordered on our website. To do so, you need to provide us with your surname, first name and address. This data is collected to deal with your request in accordance with Article 6(1b) so that the brochure(s) ordered can be sent to you. Once your request has been dealt with and your data is no longer required, it will be erased by us.
 

V. Use of third-party services – technical features and information

a. Google Analytics

(1) This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the usage of cookies about your use of this website will be transmitted to and stored by Google on servers in the United States. In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.

(2) The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

(3) You may refuse the usage of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: tools.google.com/dlpage/gaoptout.

(4) For data processing in connection with Google Analytics by Google, data processing based on the EU standard data protection clauses has been concluded by our company with the service provider.

(5) Information of the third party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001

Terms of use: www.google.com/analytics/terms/de.html

Privacy policy overview: www.google.com/intl/de/analytics/learn/privacy.html

Privacy policy: www.google.de/intl/de/policies/privacy

b. Google Ads Conversion Tracking

We also use Google Conversion Tracking on our website on the basis of our legitimate interest in optimizing our website and gauging the success of advertising campaigns pursuant to Article 6(1f) GDPR. As soon as you arrive on our website by clicking on a linked Google advertisement, Google Ads places a cookie on your device. The cookie will expire after 30 days and contains a unique identifier. While the cookie is still active, it can also be identified by subsequent pages and used by Google for tracking purposes. Conversion tracking enables Google to provide its Ads customers with statistics showing the total number of users who have clicked on an advert and been forwarded to a page containing a conversion tracking tag. However, it is not possible for Ads customers to identify individual users. For more information about Google’s privacy policy in connection with conversion tracking, please visit https://services.google.com/sitestats/en.html.

c. Google Analytics Remarketing

We also use Google Analytics Remarketing on our website on the basis of our legitimate interest in promoting our offering among individuals and target groups pursuant to Article 6(1f) GDPR. Data from Google Analytics and Ads may be merged. This enables us to display advertising to you which we believe contains offers relevant to you.

For more information about Google’s terms of service and privacy, please visit https://www.google.com/analytics/terms/gb.html and https://policies.google.com. For specific information about how Google Analytics Remarketing works, please visit https://marketingplatform.google.com/about.

d. Google Maps

This website uses Google Maps to display interactive maps and produce travel directions. Google Maps is a map service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. The use of Google Maps allows information on the use of this website to be transmitted to Google in the USA, including your IP address and the (start) address entered in the journey planner. When you access a page on our website containing Google Maps, your browser establishes a direct connection to Google’s servers. The map content is transmitted directly by Google to your browser, which integrates it into the website. We therefore have no control over the scope of data collected by Google in this way which, to our knowledge, includes at least the following:

•          The date and time of your visit to the website concerned

•          The web address or URL of the accessed website

•          Your IP address 

•          The (start) address entered for journey planning

We have no control over – and therefore cannot be held responsible for – the further processing and use of this data by Google. If you do not want Google to collect, process or use data relating to you through our website, you can disable JavaScript in your browser settings, although this means you will not be able to use the map viewer. To learn more about the purpose and extent of data collection, the further processing and use of this data by Google, as well as your relevant rights and configuration options to safeguard your privacy, please see Google’s privacy policy: https://policies.google.com/privacy

By using our website, you agree to the data collected about you by the Google Maps journey planner being processed in the manner and for the purpose described above.

e. Cloudflare CDN

We use a service provided by Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter: Cloudflare) on the basis of our legitimate interest in optimizing and ensuring the stability of our website and protecting it from cyberattacks. All enquiries reaching our website are also transmitted to Cloudflare’s servers in the USA. Cloudflare uses this data solely to maintain its offering and assuredly will not pass on this data to third parties.

In addition, Cloudflare is certified under the Privacy Shield agreement and has thus undertaken to comply with European data protection law. Its status can be verified by visiting www.privacyshield.gov/participant.

For more information about the terms of service and privacy policy of Cloudflare, please visit www.cloudflare.com/terms and www.cloudflare.com/security-policy/.&nbsp.

f. DS Destination Solutions GmbH - A company of the HRS Group

We use the booking system of DS Destination Solutions GmbH, Breslauer Platz 4, 50668 Cologne (DS) to arrange and book overnight accommodation. If you make a booking on our site, you agree to your personal data being stored and processed by DS in order to deal with your booking. Your personal data will be forwarded to DS and processed. Furthermore, your data will be forwarded to the provider of the accommodation booked. This data is stored and processed to support and deal with your booking and your authentication as well as for billing purposes between DS and GLC Glücksburg Consulting AG as the agency partners of the accommodation provider. Whenever a booking is made, the data will be stored for the commercial retention period of ten years.

For more information (in German) about DS’s terms of service and privacy policy as well as the possible contracting of external data processing partners, please visit https://www.im-web.de/datenschutzerklaerung.php.

g. Die NetzWerkstatt

Organizers can register and then enter information about events in the event calendar such as the name of the event, date, time, meeting place, the name of the organizer and additional information. This data will be forwarded to our contractor Die NetzWerkstatt GmbH & Co. KG, An der Schiffbrücke 2, 24768 Rendsburg. Your data will be collected by the contractor by way of processing pursuant to Article 6(1b) GDPR. The event calendar is integrated on our website via iFrame. Responsibility for data concerning events is borne by the respective organizer. A data processing agreement has been signed with the contractor. The data entered will be erased by the contractor once it is no longer required after the event. The current privacy policy of Die NetzWerkstatt (in German) can be found at https://www.die-netzwerkstatt.de/datenschutzerklaerung/.

VI. Use of third-party services – social bookmarks 

Bad Sachsa is of course also on Facebook. We have included links to these social media platforms on our website to enable you to network with us.

As the owner of our social media pages, we are responsible together with the hosts of these social networks pursuant to Article 4 (7) GDPR. If you visit our company pages on social media, personal data will be processed by those responsibles.
Further information can be found in the privacy policy of the third party providers:

VII. Validity and changes to this privacy notice

This privacy notice was drawn up in July 2021 and is the version currently in force. It may be necessary to amend this privacy notice as our website and services are developed or in response to legal changes. 

We are using cookies

Our website uses cookies, which improve our site and enable us to deliver the best possible service. By clicking ‘accept’, you agree to our use of cookies. You can change your settings at any time in our privacy policy.

Essentials

Tools that enable essential services and functonality.

Analytics

Tools that collect anonymous data about how visitors use our site and how it performs. We are using this procedure in order to improve our products, services and user experience.

Dismiss
Open settings
Accept