Privacy notice in accordance with Article 13 GDPR
This data protection declaration was created by a service from www.einfach-dsgvo.de
Name and address of the data controller
The responsible body within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is:
Hofgut Sternen GmbH & Co. KG
Höllensteig 76
79874 Breitnau
Germany
Telefon: +49 7652 901 161
E-Mail: [email protected]
Name and address of the data protection officer
The data protection officer of the data controller is:
suasio GmbH - Frank Dreher
Dr. Rudolf-Eberle-Str. 2a
76534 Baden-Baden
Telefon: 07223 95666-0
E-Mail: [email protected]
www.suasio.de
General information on data processing
Legal basis for processing personal data
In accordance with Article 13 GDPR, we will inform you of the legal basis for our data processing. If the legal basis is not specified in the
privacy notice, the following applies: the legal basis for obtaining consent is Articel 6(1)(a) in conjunction with Article 7 GDPR. The legal
basis for processing in order to provide our services and fulfil contractual measures, as well as answering inquiries, is Article 6(1)(b)
GDPR. The legal basis for processing in order to fulfil our legal obligations is Article 6(1)(c) GDPR. If the processing of your data is
necessary to safeguard the legitimate interests of our company or a third party and if your interests, fundamental rights and fundamental
freedoms as the data subject do not outweigh the first interest, Article 6(1)(f) GDPR serves as the legal basis for the processing. In the
event that vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves
as the legal basis.
Data deletion and storage period
We adhere to the principles of data minimization in accordance with Article 5(1)(c) GDPR and storage limitation according to Article 5(1)
(e) GDPR. We only store your personal data for as long as is necessary to achieve the purposes stated here, or as stipulated by the
retention periods provided for by law. After the respective purpose no longer applies or after these retention periods have expired, the
corresponding data will be deleted as quickly as possible.
Note on data transfer to third countries
We also use tools from companies based in third countries (including the USA) on our website. If these tools are active, your personal
data may be transmitted to the servers of the respective companies. The level of data protection in third countries does not usually
correspond to EU data protection legislation. This means that there is a risk that your data will be passed on to authorities in these
countries. We have no influence on these processing activities.
External links
This website may contain links to third-party websites or to other websites under our responsibility. If you follow a link to any of the
websites outside our control, please note that these websites have their own privacy notices. We do not assume any responsibility or
liability for these external websites and their privacy notices. Before using these websites, please check whether you agree with their
privacy policies.
You can recognize external links either by the fact that they are displayed in a color which is slightly different from the rest of the text or
that they are underlined. Your cursor will show you external links when you move it over such a link. Only when you click on an external link
will your personal data be transferred to the destination of the link. The operator of the other website will then receive your IP address, the
time at which you clicked on the link, the website you were on when you clicked on the link, and other information that you can find in the
respective provider’s privacy notice.
Please also note that individual links may result in data transfer outside the European Economic Area. This could give foreign authorities
access to your data. You may not be entitled to any legal recourse against such data access. If you do not want your personal data to be
transferred to the link destination or potentially even accessed by foreign authorities against your will, please do not click on any links.
Rights of data subjects
As a data subject within the meaning of the GDPR, you have the option to assert various rights. The data subject rights arising from the
GDPR are the right to information (Article 15), the right to rectification (Article 16), the right to deletion (Article 17), the right to restriction of
processing (Article 18), the right to object (Article 21), the right to lodge a complaint with a supervisory authority and the right to data
portability (Article 20).
Right of revocation:
Some data processing can only take place with your express consent. You have the option to revoke your consent at any time. However,
the lawfulness of the data processing up to the point of revocation is not affected by this.
Right of objection:
If the processing is based on Article 6(1)(e) or (f) GDPR, you as the data subject can object to the processing of your personal data at any
time for reasons arising from your particular situation. You are also entitled to this right in the case of profiling based on these provisions
within the meaning of Article 4(4) GDPR. Unless we can prove a legitimate interest for the processing which overrides your interests,
rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims, we will refrain from processing your data
after the objection has been made.
If the processing of personal data serves the purpose of direct marketing, you also have the right to object at any time. The same applies
to profiling associated with direct marketing. Here, too, we will no longer process personal data as soon as you raise an objection.
Right to lodge a complaint with a supervisory authority:
If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory
authority, in particular in the member state of your place of residence, without prejudice to any other administrative or judicial remedy, your
place of work or the location of the alleged violation.
Right to data portability:
If your data is processed automatically based on consent or fulfilment of a contract, you have the right to receive this data in a structured,
common and machine-readable format. You also have the right to request that the data be transferred and made available to another data
controller, insofar as this is technically feasible.
Right of access, rectification and erasure:
You have the right to obtain information about the processing of your personal data with regard to the purpose, categories and recipients of
3 / 8
the data processing, as well as the duration of storage. If you have any questions on this topic or on other topics regarding personal data,
you can of course contact us using the contact options provided in the legal notice.
Right to restriction of processing:
You may assert your right to the restriction of processing of your personal data at any time. To do this, you must meet one of the following
requirements:
- You contest the accuracy of the personal data. While the accuracy of the data is being verified, you have the right to demand that its processing is restricted.
- If processing is unlawful, you can request the restriction of the use of the data as an alternative to deletion.
- If we no longer need your personal data for the purposes of processing, but you need the data to assert, exercise or defend legal claims, you can request the restriction of processing as an alternative to deletion.
- If you object to the processing in accordance with Article 21(1) GDPR, we will weigh up your interests against ours. Until this weighing up is completed, you have the right to request the restriction of processing.
The effect of restricting processing is that, apart from storage, the personal data may only be processed with your consent or for the
establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of
substantial public interest of the Union or a member state.
Provision of the website (web host)
When you access our website, we automatically collect and store information in so-called server log files. Your browser automatically
transmits this information to our server or our hosting company’s server.
These are:
- IP address of the website visitor's end device
- device used
- host name of the accessing computer
- visitor's operating system
- browser type and version
- name of the retrieved file
- time of server request
- amount of data
- information on whether the retrieval of the data was successful
This data is not merged with other data sources.
The legal basis for processing this data is Article 6(1)(f) GDPR . Our legitimate interest is the technically error-free presentation and optimization of this website.
Instead of operating this website on our own server, we may also commission an external service provider (hosting company) to operate it
on their own server. In this case, the personal data collected on this website will be stored on the hosting company’s servers. In addition to
the data mentioned above, data generated via a website may include, for example, contact requests, contact details, names, website
access data, meta and communication data, contract data and other data.
A further legal basis is the purpose of fulfilling the preliminary contract or contract given to the data subject (Article 6(1)(b) GDPR). In the
event that we have commissioned a hosting company, a order processing contract will have been agreed with this service provider.
Use of Local Storage Items, Session Storage Items and Cookies
Our website uses local storage items, session storage items and/or cookies. Local storage is a mechanism that enables data to be stored
within the browser on your end device. This data usually includes user preferences, such as the "day" or "night" mode of a website, and is
retained until you manually delete the data. Session storage is very similar to Local storage, whereas the storage duration only lasts during
the current session, so until the current tab is closed. The session storage objects are then deleted from your end device. Cookies are
information that a web server (server that provides web content) stores on your end device in order to be able to identify this end device.
They are either temporarily deleted for the duration of a session (session cookies) and after your visit to a website or permanently
(permanent cookies) on your end device until you delete them yourself or they are automatically deleted by your web browser.
These objects can also be stored on your end device by third-party companies when you visit our site (third-party requests). This allows
us, as the operator, and you, as a visitor to this website, to make use of certain third-party services installed on this website. Examples are
the processing payment services or displaying videos on a website.
These mechanisms have a variety of uses. They can improve the functionality of a website, control shopping cart functions, increase the
security and comfort of website use and carry out analyses regarding visitor flows and behavior. Depending on their individual functions,
they must be classified in terms of data protection legislation. They are necessary for the operation of the website and intended to provide
certain features (shopping cart feature) or serve to optimize the website (e.g. cookies to measure visitor behavior), then their use is
based on Article 6(1)(f) GDPR. As a website operator, we have a legitimate interest in storing these objects in order to ensure the
technically error-free and optimized provision of our services. In all other cases, they are only stored with your express consent (Article
6(1)(a) GDPR).
If local storage items, session storage items and cookies are used by third-party companies or for analysis purposes, we will inform you
about this separately in this privacy notice. When required, your consent will be requested and can be revoked at any time.
Use of external services
We use external services on our website. External services are services provided by third parties that are used on our website. This can
be done for a variety of reasons, such as embedding videos or website security. When using these services, personal data is also passed
on to the respective providers of these external services. If we have no legitimate interest in using these services, we will obtain your
revocable consent as a visitor to our website before using them (Article 6(1)(a) GDPR).
Analytics
We process website visitors’ personal data in order to analyze user behavior. Evaluation of this data enables us to compile information
on how visitors use individual components of our website. This allows us to increase the user-friendliness of our website. The analysis
tools may be used, for example, to create user profiles for the display of targeted or interest-based advertising messages, to recognize our
website visitors the next time they visit our website, to measure their click/scroll behavior and downloads, to create heat maps, to recognize page views, to measure the length of visits to the website or bounce rates, as well as to trace the origin of website visitors (city,
country, the website visitors have come from). The analysis tools help us to improve our market research and marketing activities.
The legal basis for the processing of data is consent (Article 6(1)(a) GDPR). As a website visitor, you have consented to the processing of
your personal data with your voluntary, explicit and prior consent. Without separate consent, we will not process your personal data in the
manner described above, provided that there is no other legal basis within the meaning of Article 6(1) GDPR on which we base the
processing. We proceed in the same way if you revoke your consent. The lawfulness of the processing carried out prior to the revocation
of consent remains unaffected.
Google Analytics
Our website uses the service Google Analytics. The provider of this service is Google Ireland Ltd., Gordon House, Barrow Street Dublin 4,
Ireland.
The use of this service may result in data transfer to a third country (USA).
Further information can be found in the provider's privacy policy at the following URL: https://policies.google.com/privacy.
Hotjar
Our website uses the service Hotjar. The provider of this service is Hotjar Ltd., Dragonara Business Centre 5th Floor, Dragonara Road
Paceville St. Julian´s STJ 3141, Malta.
Further information can be found in the provider's privacy policy at the following URL: https://www.hotjar.com/legal/policies/privacy/.
Consent management
In order to comply with data protection requirements, we use a consent management tool on our website. This tool enables us to obtain
the necessary consents for the setting of cookies or the use of external services. We then store these consents.
The data processing is necessary for compliance with a legal obligation to which the data controller (website operator) is subject. Article
6(1)(c) GDPR is therefore used as the legal basis for the processing.
Usercentrics
Our website uses the service Usercentrics. The provider of this service is Usercentrics GmbH, Sendlinger Straße 7, 80331 München,
Germany.
Further information can be found in the provider's privacy policy at the following URL: https://usercentrics.com/de/datenschutzerklaerung.
Content management system
A content management system enables the creation, editing, organization and presentation of digital content. We use a content
management system to create content for our website. This enables us to design a more attractive website.
This processing is based on our legitimate interest (Article 6(1)(f) GDPR).
Our legitimate interest is in the technically error-free display and optimization of the website.
Shopware
Our website uses the service Shopware. The provider of this service is Shopware AG, Ebbinghoff 10, 48624 Schöppingen, Germany.
As this service is hosted locally on the web server, no data is transferred to third parties.
Interface software
Business processes run faster, more cheaply and with fewer errors if they are automated using software via interfaces. This allows them
to be efficiently integrated into the company's processes via its own website or social networks. We use interface software on our website
to link different applications and to transfer personal data securely from one application to another.
The legal basis for the processing of data is consent (Article 6(1)(a) GDPR). As a website visitor, you have consented to the processing of
your personal data with your voluntary, explicit and prior consent. Without separate consent, we will not process your personal data in the
manner described above, provided that there is no other legal basis within the meaning of Article 6(1) GDPR on which we base the
processing. We proceed in the same way if you revoke your consent. The lawfulness of the processing carried out prior to the revocation
of consent remains unaffected.
Google APIs
Our website uses the service Google APIs. The provider of this service is Google Ireland Ltd., Gordon House, Barrow Street Dublin 4,
Ireland.
The use of this service may result in data transfer to a third country (USA).
Further information can be found in the provider's privacy policy at the following URL: https://policies.google.com/privacy.
Google Tag Manager
Our website uses the service Google Tag Manager. The provider of this service is Google Ireland Ltd., Gordon House, Barrow Street
Dublin 4, Ireland.
The use of this service may result in data transfer to a third country (USA).
Further information can be found in the provider's privacy policy at the following URL: https://policies.google.com/privacy.
Appointment booking
You have the option to make appointments with us directly on our website. If you enter the requested data and the desired date in the mask
provided, our system will suggest available dates. We will use the data you enter (name, email address and optionally telephone number)
to plan and carry out the appointment and, where applicable, to follow up with you afterwards.
The legal basis for the processing of data is consent (Article 6(1)(a) GDPR). As a website visitor, you have consented to the processing of
your personal data with your voluntary, explicit and prior consent. Without separate consent, we will not process your personal data in the
manner described above, provided that there is no other legal basis within the meaning of Article 6(1) GDPR on which we base the
processing. We proceed in the same way if you revoke your consent. The lawfulness of the processing carried out prior to the revocation
of consent remains unaffected.
Hofgut Sternen
Our website uses the service Hofgut Sternen. The provider of this service is Hofgut Sternen GmbH & Co. KG, Höllsteig 76, 79874
Breitnau, Germany.
Further information can be found in the provider's privacy policy at the following URL: https://www.blackforestvillageshop.
com/INFORMATION/Privacy-Policy/.
Video/Music service
We integrate audio files and videos into our website. These are retrieved from the server of our provider, the so-called audio or video
platform. In order to be able to play an audio file or a video, your end device establishes a connection with the audio or video platform and
transmits personal data to it. This includes in particular your IP address and any location data or information about your browser and end
device.
The legal basis for the processing of data is consent (Article 6(1)(a) GDPR). As a website visitor, you have consented to the processing of
your personal data with your voluntary, explicit and prior consent. Without separate consent, we will not process your personal data in the
manner described above, provided that there is no other legal basis within the meaning of Article 6(1) GDPR on which we base the
processing. We proceed in the same way if you revoke your consent. The lawfulness of the processing carried out prior to the revocation
of consent remains unaffected.
YouTube
Our website uses the service YouTube. The provider of this service is Google Ireland Ltd., Gordon House, Barrow Street Dublin 4, Ireland.
The use of this service may result in data transfer to a third country (USA).
Further information can be found in the provider's privacy policy at the following URL: https://policies.google.com/privacy.
Web fonts
This site uses so-called web fonts for the uniform display of fonts, which are provided by an external provider and loaded by the browser
when the website is accessed. When web fonts are loaded, the web font provider becomes aware that our website has been accessed
from your IP address, as your browser establishes a direct connection to the web font provider.
The legal basis for the processing of data is consent (Articel 6(1)(a) GDPR). As a website visitor, you have consented to the processing of
your personal data with your voluntary, explicit and prior consent. Without separate consent, we will not process your personal data in the
manner described above, provided that there is no other legal basis within the meaning of Article 6(1) GDPR on which we base the
processing. We proceed in the same way if you revoke your consent. The lawfulness of the processing carried out prior to the revocation
of consent remains unaffected.
Google Fonts
Our website uses the service Google Fonts. The provider of this service is Google Ireland Ltd., Gordon House, Barrow Street Dublin 4,
Ireland.
The use of this service may result in data transfer to a third country (USA).
Further information can be found in the provider's privacy policy at the following URL: https://policies.google.com/privacy.
Web security
We use tools that protect against unauthorized access, spam or other attacks on our website. This increases the security of our website.
This processing is based on our legitimate interest (Article 6(1)(f) GDPR).
Our legitimate interest is to be able to guarantee the security of our website and to protect ourselves from unauthorized access, spam and
other attacks.
Google ReCaptcha
Our website uses the service Google Recaptcha. The provider of this service is Google Ireland Ltd., Gordon House, Barrow Street Dublin
4, Ireland.
The use of this service may result in data transfer to a third country (USA).
Further information can be found in the provider's privacy policy at the following URL: https://policies.google.com/privacy.
Advertising
Our website uses tools that facilitate or enable the placement of advertising, as well as evaluating its success. Advertising is a source of
revenue through our website. Personal data processed for this purpose. For this purpose, personal data is processed, in particular the IP
address, access times and device information.
The legal basis for the processing of data is consent (Article 6(1)(a) GDPR). As a website visitor, you have consented to the processing of
your personal data with your voluntary, explicit and prior consent. Without separate consent, we will not process your personal data in the
manner described above, provided that there is no other legal basis within the meaning of Article 6(1) GDPR on which we base the
processing. We proceed in the same way if you revoke your consent. The lawfulness of the processing carried out prior to the revocation
of consent remains unaffected.
Google Ads
Our website uses the service Google Ads. The provider of this service is Google Ireland Ltd., Gordon House, Barrow Street Dublin 4,
Ireland.
The use of this service may result in data transfer to a third country (USA).
Further information can be found in the provider's privacy policy at the following URL: https://policies.google.com/privacy.
Google AdSense
Our website uses the service Google AdSense. The provider of this service is Google Ireland Limited (GV), Gordon House, Barrow Street
Dublin 4, Ireland.
The use of this service may result in data transfer to a third country (USA).
Further information can be found in the provider's privacy policy at the following URL: https://policies.google.com/privacy?hl=de&gl=de.
Google Double Click
Our website uses the service Google Double Click. The provider of this service is Google Ireland Ltd., Gordon House, Barrow Street
Dublin 4, Ireland.
The use of this service may result in data transfer to a third country (USA).
Further information can be found in the provider's privacy policy at the following URL: https://policies.google.com/privacy.
Payment service provider
We integrate the services of a specialist payment service provider on our website. If you make a purchase from us, your payment details
(e.g. name, payment amount, account details, credit card number) will be transmitted to our payment service provider and processed by
8 / 8
them for payment processing. The contractual and privacy provisions of the provider we have selected apply to these transactions.
The legal basis for the processing of data is consent (Articel 6(1)(a) GDPR). As a website visitor, you have consented to the processing of
your personal data with your voluntary, explicit and prior consent. Without separate consent, we will not process your personal data in the
manner described above, provided that there is no other legal basis within the meaning of Article 6(1) GDPR on which we base the
processing. We proceed in the same way if you revoke your consent. The lawfulness of the processing carried out prior to the revocation
of consent remains unaffected.
PayPal
Our website uses the service PayPal. The provider of this service is PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-
2449, Luxembourg.
The use of this service may result in data transfer to a third country (USA).
Further information can be found in the provider's privacy policy at the following URL:
https://www.paypal.com/myaccount/privacy/privacyhub?locale.x=de_AT.