Data protection

The protection of the data of our customers, employees and business partners and respect for the basic right to informational self-determination are important to us. Data protection and data security are therefore of particular importance to us. We also want to know who is processing our data and for what reason. Therefore, the use of our Internet pages is basically possible without providing personal data; if you wish to take advantage of special offers or services, such as contacting us, it may be necessary to process personal data. The processing of personal data, such as the name, address, e-mail address or telephone number of a person concerned, is always carried out in accordance with the basic data protection regulation and in compliance with the country-specific data protection regulations applicable to our company. With this data protection declaration we would like to inform you about the type, scope and purpose of the personal data collected, used and processed by us. Furthermore, you will be informed about the rights to which you are entitled. We have implemented numerous technical and organisational measures in our company to ensure that the personal data processed is protected as completely as possible (data security). However, Internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed by us.

Definitions

Our data protection declaration is based on the following terms
– the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC) Basic Data Protection Regulation (DS-GVO) and
– the Act on the Adaptation of Data Protection Law to Regulation (EU) 2016/679 and on the Implementation of Directive (EU) 2016/680 (Data Protection Adaptation and Implementation Act EU – DSAnpUG-EU) Federal Law Gazette Volume 2017 Part I No. 44, issued on 05.07.2017, page 2097, as amended (Federal Data Protection Act).

Name and address of the data controller

The person responsible within the meaning of the basic data protection regulation, other data protection laws applicable in the member states of the European Union and other regulations of a data protection nature is the:

Severin_touristik GmbH
Rathausplatz 2
D-59846 Sundern

Phone +49 (0)2933 909 9629 |
Fax +49(0)29 33 987 155
info@severintouristik.com

Managing Director:
Severin Schulte, Sebastian Severin Schulte
Commercial register HRB 613
VAT ID, No. DE 123880507

Name and address of the Data Protection Officer

The Data Protection Officer of the controller is

Vossenkuhl Services
Otto-Beyer-Straße 8
45356 Essen
datenschutz@vossenkuhl-gruppe.de
www.vossenkuhl-gruppe.de

Every person concerned can contact our data protection officer at any time with all questions and suggestions concerning data protection, either directly, orally, in writing or by e-mail.

Collection of general data and information

Our website collects a number of general data and information with every visit to the website by you or by an automated system. This general data and information is stored in the log files of the server. The following can be recorded

1. browser types and browser versions used, the operating system used by the accessing system
   2. the operating system used by the accessing system,
   3. the website from which an accessing system accesses our website (so-called referrer URL)
   4. the sub-websites, which are accessed via an accessing system on our website
   5. the date and time of access to the website,
   6. an Internet Protocol (IP) address,
   7. the Internet service provider of the accessing system and
   8. other similar data and information which serve to avert danger in the event of attacks on our information technology systems.

This data is not merged with other data sources. The basis for data processing is Art. 6 Para. 1 lit. b DSGVO, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
When using this general data and information, we do not draw any conclusions about the person concerned. Rather, this information is required to

1. to deliver the contents of our website correctly
   2. to optimise the contents of our website and the advertising for it,
   3. to ensure the permanent functionality of our information technology systems and the technology of our website and
   4. to provide law enforcement authorities with information necessary for law enforcement purposes in the event of a cyber attack.

This anonymously collected data and information is therefore evaluated by us on the one hand statistically and also with the aim of increasing data protection and data security in our company in order to ensure an optimum level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by you. It is therefore not possible to draw conclusions about you.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses SSL or TLS encryption. This means that data that you transmit via this website cannot be read by third parties. You can recognise an encrypted connection by the “https://” address line of your browser and the lock symbol in the browser line.

Contact options via the website

Our website also contains information that enables you to contact our company. This also includes e-mail addresses. If you contact us by e-mail or via a contact form on the website, the personal data you provide will be stored automatically. Such personal data is stored for processing or for contacting you. This personal data is not passed on to third parties. The processing of the data entered in the contact form is based exclusively on your consent (Art. 6 para. 1 lit. a DSGVO). Data transmitted via the contact form will remain with us until you request us to delete it, revoke your consent to its storage or until there is no longer any need to store the data. Mandatory legal provisions – in particular retention periods – remain unaffected.

Routine deletion and blocking of personal data

We process personal data only for the period of time required to achieve the purpose of storage or if this has been provided for by the European Directives and Regulations or any other legislator in laws or regulations to which we are subject. If the purpose of storage ceases to apply or if a storage period prescribed by the European Directives and Regulations or any other competent legislator expires, the personal data will be blocked or deleted as a matter of routine and in accordance with the statutory provisions.

Your rights

Right to confirmation

You have the right to request confirmation from us as to whether personal data concerning you is being processed. If you wish to exercise this right, you can contact our data protection officer or us at any time.

Right to information

Any person affected by the processing of personal data has the right, granted by the European Directives and Regulations, to obtain at any time and free of charge from the data controller information on personal data relating to him/her and a copy thereof. The European Data Protection Supervisor has also granted the data subject access to the following information:
– the purposes of the processing,
– the categories of personal data processed,
– the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular to recipients in third countries or international organisations,
– if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration,
– the existence of a right of rectification or erasure of personal data relating to him or her or of a right to have the processing restricted by the controller or to object to such processing,
– the existence of a right of appeal to a supervisory authority

– if the personal data are not collected from the data subject: All available information on the origin of the data,
– the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the DPA and, at least in these cases, meaningful information on the logic involved and the scope and intended impact of such processing on the data subject.
You also have a right of information as to whether personal data has been transferred to a third country – a country outside the European Union or the European Economic Area – or to an international organisation. If this is the case, you have the right to be informed about the appropriate guarantees in connection with the transfer. If you wish to exercise this right, you may contact our data protection officer or us at any time.

Right of rectification

Any person affected by the processing of personal data has the right, granted by the European legislator, to request the rectification without delay of inaccurate personal data concerning him. The data subject shall also have the right to obtain the completion of incomplete personal data, including by means of a supplementary declaration, having regard to the purposes of the processing.
If you wish to exercise this right, you can contact our data protection officer or us at any time.

Right to cancellation (“right to be forgotten”)

You have the right to demand that we delete the personal data concerning you immediately, if one of the following reasons applies and if the processing is not necessary:
– The personal data has been collected or otherwise processed for purposes for which it is no longer necessary.
– you withdraw the consent on which the processing was based under Article 6(1)(a) of the DPA or Article 9(2)(a) of the DPA and there is no other legal basis for the processing.
– You object to the processing pursuant to Article 21 (1) DS-BER and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Article 21 (2) DS-BER.
– The personal data were processed unlawfully.
– The deletion of the personal data is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
– The personal data was collected in relation to information society services offered in accordance with Article 8 (1) of the DS-GVO.
If one of the above reasons applies and you wish to request the deletion of personal data stored by us, you can contact our data protection officer or another employee of the data controller at any time. Our data protection officer will ensure that the request for deletion is complied with immediately. If the personal data have been made public by us and if our company, as the data controller, is obliged to delete the personal data in accordance with Art. 17 Para. 1 DS-GVO, we will take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform other data controllers who process the published personal data that you have requested these other data controllers to delete all links to these personal data or copies or replications of these personal data, insofar as the processing is not necessary.

Right to limit processing

You have the right to demand that we restrict processing if one of the following conditions is met:
– You contest the accuracy of the personal data, for a period of time which allows us to verify the accuracy of the personal data.
– The processing is unlawful, you object to the deletion of the personal data and instead demand the restriction of the use of the personal data.
– We no longer need the personal data for the purposes of the processing, but you need the data to assert, exercise or defend legal claims.
– You have lodged an objection to the processing in accordance with Art. 21 (1) DS-GVO and it is not yet clear whether the legitimate reasons of the controller outweigh yours.

If one of the above-mentioned conditions is met and you wish to request the restriction of personal data stored with us, you can contact our data protection officer or us at any time.

Right to data transferability

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. You also have the right to have this data communicated to another controller without hindrance from us, provided that the processing is based on the consent pursuant to Art. 6 para. 1 letter a DS-GVO or Art. 9 para. 2 letter a DS-GVO or on a contract pursuant to Art. 6 para. 1 letter b DS-GVO and that the processing is carried out by means of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us. Furthermore, when exercising your right to data transfer in accordance with Art. 20 Paragraph 1 DS-GVO, you have the right to request that personal data be transferred directly from us to another responsible party, insofar as this is technically feasible and provided that this does not affect the rights and freedoms of other persons. To assert the right to data transfer, you can contact our data protection officer or another employee at any time.

Right of objection

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you that is carried out on the basis of Article 6(1)(e) or (f) of the DPA. This also applies to profiling based on these provisions. In the event of an objection, we will no longer process your personal data unless we can demonstrate compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims. If we process your data for the purpose of direct marketing, you have the right to object at any time to the processing of your data for the purpose of such marketing. This also applies to profiling, insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes. To exercise your right of objection, you can contact our data protection officer directly or contact us. You are also free to exercise your right of objection in relation to the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

Automated case-by-case decisions including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you in a similar way, provided that the decision
– is not necessary for the conclusion or performance of any contract between you and us, or
– is authorised by Union law or by the law of the Member States to which we are subject and that law provides for appropriate measures to safeguard your rights and freedoms and legitimate interests, or
– with your express consent.
You also have the right to have us review or intervene in the automated decision, to present your own point of view and to challenge the decision. To assert this right, you can contact our data protection officer or us at any time.

Right to revoke consent under data protection law

You have the right to revoke your consent to the processing of personal data at any time. To assert the right to revoke a consent under data protection law, you can contact our data protection officer or another employee at any time.

Right to complain to the responsible supervisory authority

In the event of a breach of data protection law, they have a right of appeal to the competent supervisory authority. The competent supervisory authority with regard to data protection issues is the State Data Protection Commissioner of the federal state in which our company is based. The following link provides a list of the state data protection officers and their contact details: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Data protection for applications and the application process

We collect and process the personal data of applicants for the purpose of processing the application procedure. The processing can also take place electronically. This is particularly the case if an applicant submits the relevant application documents to us electronically, for example by e-mail or via a web form on the website. If we conclude an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If we do not conclude an employment contract with the applicant, the application documents are automatically deleted two months after notification of the rejection decision, provided that no other legitimate interests stand in the way of deletion. Other legitimate interests in this sense are, for example, our duty of proof in proceedings under the General Equal Treatment Act (AGG).

Cookies

Our website uses cookies. These are small text files that your web browser stores on your end device. Cookies help us to make our offer more user-friendly, more effective and safer. Some cookies are “session cookies.” Such cookies are deleted automatically at the end of your browser session. On the other hand, other cookies remain on your terminal device until you delete them yourself. Such cookies help us to recognise you when you return to our website. With a modern web browser you can monitor, restrict or prevent the setting of cookies. Many web browsers can be configured so that cookies are deleted automatically when you close the program. Disabling cookies may result in limited functionality of our website. The setting of cookies, which are necessary for electronic communication processes or the provision of certain functions requested by you (e.g. shopping basket), is based on Art. 6 Para. 1 lit. f DSGVO. As operators of this website, we have a legitimate interest in the storage of cookies for the technically error-free and smooth provision of our services. If other cookies are set (e.g. for analysis functions), these will be treated separately in this data protection declaration.

Legal basis of the processing

Art. 6 I lit. a DS-GVO serves our company as a legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations necessary for the supply of goods or provision of other services or consideration, the processing is based on Art. 6 I lit. b DS-GVO. The same applies to such processing operations which are necessary to carry out pre-contractual measures, for example in cases of enquiries about our products or services. If our company is subject to a legal obligation which makes it necessary to process personal data, for example to fulfil tax obligations, processing is based on Art. 6 I lit. c DS-GVO. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our company were to be injured and his or her name, age, health insurance details or other vital information had to be disclosed to a doctor, hospital or other third party. In this case the processing would be based on Art. 6 I lit. d DS-GVO. Finally, processing operations could be based on Art. 6 I lit. f DS-GVO. Processing operations which are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or of a third party, unless the interests, fundamental rights and freedoms of the data subject prevail. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47 sentence 2 DS-GVO).

Legitimate interests in the processing pursued by the controller or a third party

If the processing of personal data is based on Article 6 I lit. f DS-GVO, our legitimate interest is to carry out our business activities for the benefit of the well-being of all our employees and our shareholders.

Duration for which personal data are stored

The criterion for the duration of storage of personal data is the respective legal retention period. After expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for the fulfilment or initiation of the contract.
Legal or contractual provisions on the provision of personal data; necessity for the conclusion of a contract; obligation of the data subject to provide the personal data; possible consequences of not providing the data
We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual regulations (e.g. information on the contractual partner). Sometimes it may be necessary for a contract to be concluded that a data subject provides us with personal data, which must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him/her. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before the data subject provides personal data, he or she must contact our data protection officer. Our data protection officer will inform the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences would be if the personal data were not provided.

Existence of automated decision making

As a responsible company, we avoid automatic decision making or profiling.

Mandatory information according to Regulation (EU) No. 524/2013 of the European Parliament and Council:

The EU Commission provides a user-friendly platform for the online settlement of consumer disputes arising from the online sale of goods or the online provision of services (OS platform). The OS platform can be accessed via the following link: https://ec.europa.eu/consumers/odr