X
MENU
Scroll

Privacy policy

PRIVACY POLICY

for the Erlebnisberg Kappe Winterberg

1. introduction

With the following information, we would like to give you as a "data subject" an overview of the processing of your personal data by us and your rights under data protection laws. It is generally possible to use our website without entering personal data. However, if you wish to make use of special services of our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain your consent.

The processing of personal data, such as your name, address or e-mail address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to "Erlebnisberg Kappe Winterberg". By means of this data protection declaration, we would like to inform you about the scope and purpose of the personal data we collect, use and process.

As the controller, we have implemented numerous technical and organizational measures to ensure the most complete protection possible for personal data processed via this website. Nevertheless, Internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us by alternative means, for example by telephone or post.

You too can take simple and easy-to-implement measures to protect yourself against unauthorized access to your data by third parties. We would therefore like to give you some tips on how to handle your data securely:

  • Protect your account (login, user or customer account) and your IT system (computer, laptop, tablet or mobile device) with secure passwords.
  • Only you should have access to the passwords.
  • Make sure that you only ever use your passwords for one account (login, user or customer account).
  • Do not use the same password for different websites, applications or online services.
  • The following applies in particular when using publicly accessible IT systems or IT systems shared with other people: You should always log out after logging in to a website, application or online service.

Passwords should consist of at least 12 characters and be chosen in such a way that they cannot be easily guessed. Therefore, they should not contain common everyday words, your own name or the names of relatives, but should contain upper and lower case letters, numbers and special characters.

2. responsible person

The controller within the meaning of the GDPR is the:

Erlebnisberg Kappe Winterberg

Am Waltenberg 89, 59955 Winterberg, Germany

Phone: 02981 / 92 96 43 3
Fax: 02981 / 92 96 43 4

E-mail: info@erlebnisbergkappe.de

Representative of the responsible person: Mr. Nico Brinkmann

3. data protection officer

You can reach the data protection officer as follows:

Julia Borgmann

Phone: 02985 / 99 99 69 0
Fax: 02985 / 99 99 69 3

E-mail: j.borgmann@great-oak.de

You can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

4. legal basis of the processing

Art. 6 para. 1 lit. a) GDPR (in conjunction with. § Section 25 (1) TDDDG (formerly TTDSG)) serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 para. 1 lit. b) GDPR. The same applies to such processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries about our products or services.

If our company is subject to a legal obligation which requires the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 6 para. 1 lit. c) GDPR.

In rare cases, it may be necessary to process personal data in order to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and his or her name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. The processing would then be based on Art. 6 para. 1 lit. d) GDPR.

Ultimately, processing operations could be based on Art. 6 para. 1 lit. f) GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if you are a customer of our company (Recital 47 Sentence 2 GDPR).

5. technology

5.1 SSL/TLS encryption

This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact requests that you send to us as the operator. You can recognize an encrypted connection by the "https://" in the address line of the browser instead of "http://" and by the lock symbol in your browser line.

We use this technology to protect your transmitted data.

5.2 Hosting by dogado GmbH

We host our website with dogado GmbH, Antonio-Segni-Straße 11 D-44263 Dortmund (hereinafter referred to as dogado).

When you visit our website, your personal data (e.g. IP addresses in log files) are processed on dogado's servers.

The use of dogado is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the most reliable presentation, provision and security of our website.

We have concluded a data processing agreement (DPA) with dogado in accordance with Art. 28 GDPR. This is a contract prescribed by data protection law, which ensures that dogado processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

You can find more information about dogado's privacy policy at: https://www.dogado.de/legal/datenschutz

6. cookies

6.1 Borlabs Cookie (Consent Management Tool)

We use the WordPress cookie plugin "Borlabs Cookie" from Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany. This service enables us to obtain and manage the consent of website users for data processing.

Borlabs Cookie uses cookies to collect data generated by end users who use our website. When an end user gives consent, the following data, among others, is automatically logged:

  • Cookie lifetime,
  • Cookie version,
  • Domain and path of the WordPress page,
  • Selection in the cookie banner,
  • UID (a randomly generated ID),

The consent status is also stored in the end user's browser so that the website can automatically read and follow the end user's consent in all subsequent page requests and future end user sessions for up to 12 months. The consent data (consent and withdrawal of consent) is stored for three years. The retention period corresponds to the regular limitation period in accordance with Section 195 of the German Civil Code (BGB). The data will then be deleted immediately.

The functionality of the website is not guaranteed without the described processing. The user has no right to object as long as there is a legal obligation to obtain the user's consent to certain data processing operations, Art. 7 para. 1, 6 para. 1 sentence 1 lit. c) GDPR.

The data collected will not be forwarded to Borlabs GmbH, nor will Borlabs GmbH have access to it.

You can find more information at: https://de.borlabs.io/borlabs-cookie/.

7. contents of our website

7.1 Moving Pictures (360° Panorama)

The offer on this website uses the services of mp moving-pictures gmbh (Am Flughafen 12A, D-87766 Memmingerberg).

This service enables us to present you with panoramic images on our website.

You can obtain detailed information on data processing by mp moving-pictures via the following link https://www.moving-pictures.de/kontakt/datenschutz.html.

7.2 feratel media technologies AG (webcam)

The offer on this website uses the services of feratel media technologies AG (Maria-Theresien-Straße 8, A-6020 Innsbruck).

This service enables us to present you with a webcam view on our website.

You can obtain detailed information about feratel's data processing via the following link https://www.feratel.com/datenschutz.html.

8 Our activities in social networks

So that we can also communicate with you on social networks and inform you about our services, we have our own pages there. If you visit one of our social media pages, we are jointly responsible with the provider of the respective social media platform for the processing operations triggered by this, within the meaning of Art. 26 GDPR.

We are not the original provider of these pages, but only use them within the scope of the possibilities offered to us by the respective providers.

As a precautionary measure, we would therefore like to point out that your data may also be processed outside the European Union or the European Economic Area. Use may therefore be associated with data protection risks for you, as it may be more difficult to safeguard your rights, e.g. to information, deletion, objection, etc., and processing in social networks is often carried out directly for advertising purposes or for the analysis of user behavior by the providers without us being able to influence this. If user profiles are created by the provider, cookies are often used or the user behavior is assigned to your own social network member profile.

The described processing operations of personal data are carried out in accordance with Art. 6 para. 1 lit. f) GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider in order to be able to communicate with you in a timely manner or to inform you about our services. If you have to give your consent to data processing as a user with the respective providers, the legal basis refers to Art. 6 para. 1 lit. a) GDPR in conjunction with Art. 7 GDPR. Art. 7 GDPR.

As we do not have access to the providers' databases, we would like to point out that it is best to assert your rights (e.g. to information, correction, deletion, etc.) directly with the respective provider. Further information on the processing of your data in the social networks is provided below by the respective social network provider we use:

8.1 Facebook

(Joint) controller for data processing in Europe:

Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Privacy policy (data policy): https://www.facebook.com/about/privacy

8.2 Instagram

(Joint) controller for data processing in Germany:

Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Privacy policy (data policy): https://instagram.com/legal/privacy/

8.3 YouTube

(Joint) controller for data processing in Europe:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Privacy policy: https://policies.google.com/privacy

9. social media plugins

9.1 Facebook plugin

We have integrated components of the company Facebook on this website. Facebook is a social network.

A social network is a social meeting place operated on the Internet, an online community that generally enables users to communicate with each other and interact in virtual space. A social network can serve as a platform for the exchange of opinions and experiences or enable the Internet community to provide personal or company-related information. Facebook allows users of the social network to create private profiles, upload photos and network via friend requests, among other things.

The operating company of Facebook is Meta Inc, 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the USA or Canada, the controller for the processing of personal data is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Each time you access one of the individual pages of this website, which is operated by us and on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on your IT system is automatically prompted by the respective Facebook component to download a representation of the corresponding Facebook component from Facebook. A complete overview of all Facebook plug-ins can be accessed at https://developers.facebook.com/docs/plugins/?locale=de_DE. As part of this technical process, Facebook receives information about which specific sub-page of our website you are visiting.

If you are logged in to Facebook at the same time, Facebook recognizes which specific subpage of our website you are visiting each time you access our website and for the entire duration of your visit to our website. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account. If you click on one of the Facebook buttons integrated on our website, for example the "Like" button, or if you leave a comment, Facebook assigns this information to your personal Facebook user account and stores this personal data.

Facebook always receives information via the Facebook component that you have visited our website if you are logged in to Facebook at the same time as accessing our website; this takes place regardless of whether you have clicked on the Facebook component or not. If you do not want this information to be transmitted to Facebook, you can prevent it from being transmitted by logging out of your Facebook account before accessing our website.

This US company is certified under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures.

Personal data will only be processed using the social media buttons with your express consent in accordance with Art. 6 (1) (a) GDPR.

The data policy published by Facebook, which is available at https://de-de.facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. It also explains the setting options Facebook offers to protect privacy. In addition, various applications are available that make it possible to suppress the transmission of data to Facebook. You can use such applications to suppress data transmission to Facebook.

9.2 Instagram plugin

We have integrated components of the Instagram service on this website. Instagram is a service that qualifies as an audiovisual platform and allows users to share photos and videos and also to redistribute such data in other social networks.

The operating company of the Instagram services is Meta Inc, 1 Hacker Way, Menlo Park, CA 94025, USA.

Each time you access one of the individual pages of this website, which is operated by us and on which an Instagram component (Instagram button) has been integrated, the Internet browser on your IT system is automatically prompted by the respective Instagram component to download a representation of the corresponding Instagram component. As part of this technical process, Instagram receives information about which specific subpage of our website you are visiting.

If you are logged in to Instagram at the same time, Instagram recognizes which specific subpage you are visiting each time you access our website and for the entire duration of your visit to our website. This information is collected by the Instagram component and assigned to your Instagram account by Instagram. If you click on one of the Instagram buttons integrated on our website, the data and information transmitted with it will be assigned to your personal Instagram user account and stored and processed by Instagram.

Instagram always receives information via the Instagram component that you have visited our website if you are logged in to Instagram at the same time as accessing our website; this occurs regardless of whether you have clicked on the Instagram component or not. If you do not want this information to be transmitted to Instagram, you can prevent it from being transmitted by logging out of your Instagram account before accessing our website.

This US company is certified under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures.

Personal data will only be processed using the social media buttons with your express consent in accordance with Art. 6 (1) (a) GDPR.

Further information and the applicable data protection provisions of Instagram can be found at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

9.3 YouTube plugin

We have integrated YouTube components on this website. YouTube is an Internet video portal that enables video publishers to post video clips free of charge and other users to view, rate and comment on them free of charge. YouTube allows the publication of all types of videos, which is why complete film and television programs as well as music videos, trailers or videos made by users themselves can be accessed via the Internet portal.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Each time you access one of the individual pages of this website, which is operated by us and on which a YouTube component (YouTube plug-in) has been integrated, the Internet browser on your IT system is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. Further information about YouTube can be found at https://www.youtube.com/yt/about/de/. During the course of this technical procedure, YouTube and Google gain knowledge of what specific sub-page of our website you are visiting.

If you are logged in to YouTube at the same time, YouTube recognizes which specific subpage of our website you are visiting when you access a subpage that contains a YouTube plugin. This information is collected by YouTube and Google and assigned to your YouTube account.

YouTube and Google always receive information via the YouTube component that you have visited our website if you are logged in to YouTube at the same time as accessing our website; this occurs regardless of whether you click on a YouTube video or not. If you do not want this information to be transmitted to YouTube and Google, you can prevent it from being transmitted by logging out of your YouTube account before accessing our website.

The use of YouTube is in the interest of convenient and easy use of our website. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR.

This US company is certified under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures.

Personal data will only be processed using the social media buttons with your express consent in accordance with Art. 6 (1) (a) GDPR.

The data protection provisions published by YouTube, which can be accessed at https://www.google.de/intl/de/policies/privacy/, provide information about the collection, processing and use of personal data by YouTube and Google.

10. web analysis

10.1 Google Analytics 4 (GA4)

On our websites we use Google Analytics 4 (GA4), a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

In this context, pseudonymized user profiles are created and cookies (see "Cookies") are used. The information generated by the cookie about your use of this website may include, but is not limited to

  • short-term recording of the IP address without permanent storage
  • Location data
  • Browser type/version
  • Operating system used
  • Referrer URL (previously visited page)
  • Time of the server request

The pseudonymized data may be transmitted by Google to a server in the USA and stored there.

The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage for the purposes of market research and the needs-based design of this website. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf.

These processing operations are only carried out if express consent is given in accordance with Art. 6 (1) (a) GDPR.

Google's default data storage period is 14 months. Otherwise, the personal data is stored for as long as it is required to fulfill the purpose of processing. The data is deleted as soon as it is no longer required to achieve the purpose.

The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures.

Further information on data protection when using GA4 can be found at: https://support.google.com/analytics/answer/12017362?hl=de.

10.2 Google Analytics 4 (GA4) - Additional information on Consent Mode, simple implementation

Under the Digital Markets Act, Google is obliged to obtain user consent before processing user data for personalized advertising. Google meets this requirement with the "Consent Mode". Users are obliged to implement this and thus prove that they have obtained the consent of website visitors.

Google offers two implementation modes, the simple and the advanced implementation.

We use the simple implementation method of Google Consent Mode. Only if you give your consent to the use of Google Analytics (see above) will a connection to Google be established, a Google code executed and the processing described above carried out. If you refuse consent, Google will only receive information that consent has not been given. The Google code is not executed and no Google Analytics cookies are set.

11. plugins and other services

11.1 Google Maps

We use Google Maps (API) on our website. The operating company of Google Maps is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Maps is a web service for displaying interactive (land) maps in order to visualize geographical information. By using this service, you can, for example, view our location and make it easier for you to find us.

Information about your use of our website (such as your IP address) is transmitted to Google servers in the USA and stored there as soon as you access those subpages in which the Google Maps map is integrated, provided that you have given your consent within the meaning of Art. 6 para. 1 lit. a) GDPR. In addition, Google Maps loads Google Web Fonts and Google Photos as well as Google stats. The provider of these services is also Google Ireland Limited. When you access a page that integrates Google Maps, your browser loads the web fonts and photos required to display Google Maps into your browser cache. The browser you use also establishes a connection to Google's servers for this purpose. This informs Google that our website has been accessed via your IP address. This occurs regardless of whether Google provides a user account that you are logged into or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google profile, you must log out of your Google user account. Google stores your data (even for users who are not logged in) as usage profiles and analyzes them. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

If you do not agree to the future transmission of your data to Google in the context of the use of Google Maps, you also have the option of completely deactivating the Google Maps web service by switching off the JavaScript application in your browser. Google Maps and thus also the map display on this website can then not be used.

These processing operations are only carried out if express consent has been granted in accordance with Art. 6 (1) (a) GDPR.

You can view Google's terms of use at https://www.google.de/intl/de/policies/terms/regional.html, the additional terms of use for Google Maps can be found at https://www.google.com/intl/de_US/help/terms_maps.html.

The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures.

You can view the data protection provisions of Google Maps at ("Google Privacy Policy"): https://www.google.de/intl/de/policies/privacy/.

11.2 Google Photos

We use the Google Photos service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to store images that are embedded on our website.

Embedding is the integration of specific third-party content (text, video or image data) that is provided by another website (Google Photos) and then appears on your own website (our website). An embed code is used for embedding. If we have integrated an embed code, the external content from Google Photos is displayed immediately by default as soon as one of our web pages is visited.

Your IP address is transmitted to Google Photos via the technical implementation of the embedding code that enables the display of images from Google Photos. Google Photos also records our website, the type of browser used, the browser language, the time and length of access. In addition, Google Photos may collect information about which of our subpages you have visited and which links you have clicked on, as well as other interactions you have carried out when visiting our site. This data may be stored and analyzed by Google Photos.

These processing operations are only carried out if express consent has been granted in accordance with Art. 6 (1) (a) GDPR.

This US company is certified under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures.

You can view Google's privacy policy at: https://www.google.com/policies/privacy/.

11.3 Google Tag Manager

We use the Google Tag Manager service on this website. The operating company of Google Tag Manager is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

This tool allows "website tags" (i.e. keywords that are integrated into HTML elements) to be implemented and managed via an interface. By using Google Tag Manager, we can automatically track which button, link or personalized image you have actively clicked on and can then record which content on our website is of particular interest to you.

The tool also triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If you have made a deactivation at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.

These processing operations are only carried out if express consent has been granted in accordance with Art. 6 (1) (a) GDPR.

The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures.

Further information on Google Tag Manager and Google's privacy policy can be found at: https://www.google.com/intl/de/policies/privacy/.

11.4 Google WebFonts

Our website uses so-called web fonts for the uniform display of fonts. Google Web Fonts are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

These processing operations are only carried out if express consent has been granted in accordance with Art. 6 (1) (a) GDPR.

The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures.

Further information on Google WebFonts and Google's privacy policy can be found at: https://developers.google.com/fonts/faq ; https://www.google.com/policies/privacy/.

11.5 YouTube (videos)

We have integrated YouTube components on this website. The operating company of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

YouTube is an Internet video portal that allows video publishers to post video clips free of charge and other users to view, rate and comment on them, also free of charge. YouTube allows the publication of all types of videos, which is why complete film and television programs as well as music videos, trailers or videos made by users themselves can be accessed via the Internet portal. Each time you access one of the individual pages of this website, which is operated by us and on which a YouTube component (YouTube video) has been integrated, the Internet browser on your IT system is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. The services Google WebFonts, Google Video and Google Photo can also be downloaded from YouTube. Further information about YouTube can be found at https://www.youtube.com/yt/about/de/. As part of this technical process, YouTube and Google receive information about which specific subpage of our website you are visiting.

If you are logged in to YouTube at the same time, YouTube recognizes which specific subpage of our website you are visiting when you access a subpage that contains a YouTube video. This information is collected by YouTube and Google and assigned to your YouTube account.

YouTube and Google always receive information via the YouTube component that you have visited our website if you are logged in to YouTube at the same time as accessing our website; this occurs regardless of whether you click on a YouTube video or not. If you do not want this information to be transmitted to YouTube and Google, you can prevent it from being transmitted by logging out of your YouTube account before accessing our website.

These processing operations are only carried out if express consent has been granted in accordance with Art. 6 (1) (a) GDPR.

The parent company Google LLC is certified as a US company under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures.

You can view YouTube's privacy policy at https://www.google.de/intl/de/policies/privacy/.

11.6 YouTube videos in extended data protection mode (YouTube NoCookies)

Some subpages of our website contain links or links to YouTube content. In general, we are not responsible for the content of linked websites. However, in the event that you follow a link to YouTube, we would like to point out that YouTube stores the data of its users (e.g. personal information, IP address) in accordance with its own data usage guidelines and uses it for business purposes.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.

We also directly integrate videos stored on YouTube on some subpages of our website. With this integration, content from the YouTube website is displayed in parts of a browser window. When you call up a (sub)page of our website on which YouTube videos are integrated, a connection to the YouTube servers is established and the content is displayed on the website by notifying your browser.

The integration of YouTube content only takes place in "extended data protection mode". This is provided by YouTube itself and ensures that YouTube does not initially store any cookies on your device. However, when the relevant pages are accessed, the IP address and, if applicable, other data are transmitted and thus, in particular, which of our websites you have visited. However, this information cannot be assigned to you unless you have logged in to YouTube or another Google service before accessing the page or are permanently logged in. As soon as you start playing an embedded video by clicking on it, YouTube only stores cookies on your device through the extended data protection mode, which do not contain any personally identifiable data, unless you are currently logged in to a Google service. These cookies can be prevented by making the appropriate browser settings and extensions.

Requesting the video also constitutes your consent to the placement of the corresponding cookie (Art. 6 para. 1 sentence 1 lit. a) GDPR).

This US company is certified under the EU-US Data Privacy Framework. This constitutes an adequacy decision pursuant to Art. 45 GDPR, meaning that personal data may be transferred without further guarantees or additional measures.

You can view YouTube's privacy policy at: https://www.google.de/intl/de/policies/privacy/.

11.7 Online voucher store (SOFORT voucher system)

This website uses the service (SOFORT voucher system (FIRMEDIA GmbH & Co. KG, Zum Ritzhagen 5, D-34508 Willingen) for the purpose of online voucher ordering.

FIRMEDIA GmbH & Co. KG acts as a processor for us and also ensures the security of your data through suitable and state-of-the-art technical and organizational measures. As our partner, FIRMEDIA GmbH & Co. KG, as our partner, is not permitted to use the personal data provided for purposes other than those for which it was provided. Further information on data protection can be found at https://www.sofort-gutschein.com/tools/datenschutz/0/2020. FIRMEDIA GmbH & Co. KG does not store user data for longer than legally required.

12. payment provider

12.1 secupay AG

On this website, the controller has integrated the components secupay.direct debit, prepayment and secupay.credit card as well as SOFORT via secupay of secupay AG (hereinafter secupay), Goethestr. 6, 01896 Pulsnitz, Germany.

secupay is a payment institution within the meaning of the German Payment Services Supervision Act (ZAG) and is registered with the German Federal Financial Supervisory Authority (BaFin), Graurheindorfer Str. 108, 53117 Bonn (registration number: 126737) and enables cashless payment of products and services on the Internet.

Further information on secupay's data protection provisions can be found at: https://secupay.com/datenschutz

14. updating and amending the privacy policy

This privacy policy is currently valid and has the status: June 2024.

It may become necessary to amend this privacy policy as a result of the further development of our website and services or due to changes in legal or official requirements. You can access and print out the current privacy policy at any time on the website at "https://www.erlebnisbergkappe.de/kontakt-mehr/datenschutz/".

15. list of supervisory authorities

You can find a list of the supervisory authorities at https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html.

This Privacy Policy has been generated by Great Oak Datenschutz GmbH & Co. KG with the support of the data protection software: GO DSM.

+49 2981 92 96 433
E-mail
Approach