Naturally, your personal data is processed in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Datenschutzgesetz [Data Protection Act].
In the following, we will provide you with information about us as the controller responsible for data processing as well as the type, scope and purpose of data collection:
1. The controller responsible for the processing of these data is:
Künig GmbH (company number 216022f)
If you have any questions about privacy or the processing of your personal data, please contact us by e-mail at email@example.com. Immediately before, during or even after a stay in our health resort, you are welcome to contact the reception and otherwise also the management if you have any questions regarding the processing of your personal data.
2. Legal basis for processing:
Within the scope of our website, we process personal data of the users, namely inventory data (e.g. names and addresses of customers), contract data (e.g. services used, names of clerks, payment information), usage data (e.g. the visited web pages of our website, interest in our products) and content data (e.g. entries in the contact form).
The term "user" includes all persons affected by the data processing and is to be understood as gender-neutral. "Users" includes but is not limited to our customers, business partners and other visitors to our website.
Legal basis for data processing:
- Consent (Art 6 (1) lit a GDPR);
- Conclusion and performance of a contract (Art 6 (1) lit b GDPR);
- Fulfilment of a legal obligation (Art 6 (1) lit c GDPR);
- Processing necessary to protect the legitimate interests of the controller or a third party where the interests or fundamental rights and freedoms of the data subject do not override (Art 6 (1) lit f GDPR);
3. SSL encryption / security
For security reasons and to protect the transmission of confidential content, e.g. orders or inquiries that you send to us as the site operator, this site uses SSL encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in the address line. This means that the data you transmit to us cannot be read by third parties. Furthermore, this is intended to protect the data processed by us against accidental or intentional manipulation, destruction, loss or against access by unauthorised persons.
4. Disclosure of data to third parties
We use your personal data within our company only.
Should data be disclosed to service providers within the framework of commissioned data processing, we also oblige them to comply with our provisions regarding privacy. We will only pass on your data to bodies entitled to receive information if we are obliged to do so by law or by court order.
5. Performance of contractual services
Users can voluntarily create a user account in some areas of our website, with which they can view their orders (e.g. vouchers, online bookings, etc.). This user account is not public and cannot be read by search engines. If you terminate your user account, your data relating to the user account will be deleted, subject to its retention being necessary for reasons of commercial or tax law.
Within the scope of registration and repeated logins as well as the use of our online services, we store the IP address and the time of the respective user action.
When contacting us (via online contact form or e-mail), the user's details are processed for the purpose of handling the contact request and responding to it.
7. Access data and log files
We also collect and store information in server log files, which your browser automatically transmits to us, on the basis of our justified interests. The following information is collected: Browser type and version, operating system, referrer URL, host name of the accessing computer, time of the server request and your IP address.
Log file information is stored for security reasons (e.g. for the clarification of abuse or fraud) for a maximum of seven days and is then deleted. Data whose further retention are necessary for the purpose of evidence are exempt from deletion until the respective incident has been resolved conclusively.
These data are not merged with other data sources.
Cookies are small text files that make it possible to store specific, device-related information on the user's accessing device (PC, smartphone or similar devices). On the one hand, they support user-friendliness of websites and thus the users (e.g. storing login data). On the other hand, they serve the purpose of statistical data collection on the use of our website and support the improvement of the website. Cookies do not cause any damage to your computer and do not contain viruses. The purpose of cookies is to make our website more user-friendly, more effective and safer.
Some of these cookies are essential (necessary), while others (statistics, external services, marketing) help us to improve this website and your experience.
The following cookies are used on our website:
Most of the cookies we use come from our own website and are so-called "session cookies". They are automatically deleted after the end of your visit. These technically necessary cookies must be enabled at all times for the site to function properly. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser on your next visit.
So-called "statistics cookies" help us as a website operator to analyse how you, as a website visitor, interact with our site by collecting and reporting information anonymously. Software, e.g. Google Analytics, uses this to enable an analysis of the use of the website by you. These cookies are used exclusively for the purpose of internal research in order to continuously optimise our website.
On some of our pages, we display content from external providers, e.g. Google Maps or YouTube. In order to gain access to this content, you must actively accept the respective consent of the cookies. Therefore, no cookies from these external services will be stored if you do not access this content.
Marketing cookies are used to collect user data for future marketing and advertising purposes and are used to display content that is relevant and engaging to the individual user. Marketing cookies usually come from third-party providers, e.g. Google AdWords or Facebook.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.
9. Analysis tool - Google Analytics
(1) This website uses functions of the web analysis service Google Analytics, a web analysis service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by cookies about the use of the website by the user is usually transmitted to a Google server in the USA and stored there. The storage of Google Analytics cookies is based on Art. 6 (1) lit f GDPR.
(2) We have a legitimate interest in analysing user behaviour in order to optimise both the website and our advertising.
(3) Google will use this information on our behalf to evaluate the use of our website by users, to compile reports on the activities within this website and to provide us with further services related to the use of this website and the internet.
(4) We use Google Analytics to display the ads placed within Google's advertising services and those of its partners only to users who have also shown an interest in our website or who exhibit certain characteristics (e.g. interest in content or products determined on the basis of the web pages visited), which we transmit to Google (so-called "remarketing" or "Google Analytics" audiences). With the help of Remarketing Audiences, we also want to make sure that our ads match the potential interest of the users and do not make them feel harassed.
(5) We have activated the IP anonymisation function on this website. This means that within member states of the European Union or in other contracting states of the Agreement on the European Economic Area your IP address is shortened by Google before being transmitted to the USA. The full IP address will be transferred to a Google server in the USA and shortened there in exceptional cases only.
(6) On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser within the scope of Google Analytics will not be merged with other Google data.
(7) You can prevent the storage of cookies by setting your browser software accordingly (so-called "browser plug-in”: https://tools.google.com/dlpage/gaoptout?hl=en). Please note that you may not be able to use the full functionality of this website in this case.
(8) Further information on the use of data by Google as well as the possibility to object can be found under the following Google links:
https://policies.google.com/technologies/partner-sites?hl=en (use of data by Google when you use websites or apps of our partners)
https://policies.google.com/technologies/ads?hl=en (use of data for advertising purposes)
https://consent.google.de/m?continue=https%3A%2F%2Fadssettings.google.de%2F&gl=AT&m=0&pc=ads&hl=en-GB&src=1&oldhl=en (manage information that Google uses to show you ads)
(9) Google is certified under the Privacy Shield agreement and thus offers a guarantee of compliance with European data protection law: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
10. Marketing tool - Google Remarketing
(1) Our websites use the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google AdWords. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. ("Google".)
(2) These functions enable us to display advertisements on our website to our users in a more targeted manner, so that, for example, interest-related, personalised advertising messages that have been adapted to you based on your previous usage and surfing behaviour on one end device (e.g. mobile phone) are also displayed on another of your end devices (e.g. tablet or PC).
(3) If, for example, a user is shown ads for products in which he has already shown interest on other websites, this is referred to as remarketing. For these purposes, a so-called "web beacon" (code from Google) is executed directly by Google and integrated into the website when our website and other websites on which Google tools are active are accessed. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies).
(4) Every Google AdWords customer receives a different cookie. These cookies cannot be tracked through AdWords customers' websites. The information collected accordingly (by means of conversion cookies) is used to create conversion statistics. This means, for example, that we only know the total number of users who have clicked on an advertisement. However, these statistics do not include any information that personally identifies users.
(5) The IP address of the users is also recorded; however, we inform you within the scope of Google Analytics that the IP address is shortened within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and is transmitted in full to a Google server in the USA and shortened there in exceptional cases only. The IP address is not merged with data of the user within other offers of Google. Google may also combine the above information with information from other sources. If the user subsequently visits other websites, they can be shown ads tailored to their interests.
(6) If you do not wish to participate in the tracking, you can object to this use by easily deactivating the Google conversion tracking cookie via your internet browser under user settings. Thus, you will not be included in our conversion tracking statistics.
(8) If you wish to object to interest-based advertising by the Google marketing services, you can use the settings and opt-out options provided by Google: https://adssettings.google.com/anonymous?hl=en
(9) Google is certified under the Privacy Shield agreement, thus offering a guarantee of compliance with European data protection law
11. Facebook plugins (like & share buttons)
(1) This website integrates plugins of the social network Facebook (provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA). You can recognise these Facebook plugins by the Facebook logo or the "like" button ("like") on our site. You can find an overview of which Facebook plugins are available under: developers.facebook.com/docs/plugins/.
(3) If you do not want Facebook to be able to assign your visit on our site to your Facebook user account, please log out of your Facebook user account and delete your cookies.
(4) Facebook is certified under the Privacy Shield agreement, thus offering a guarantee of compliance with European data protection law https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
(5) You may adjust your settings and object to the use of data for advertising purposes in your Facebook profile settings: https://www.facebook.com/settings?tab=ads
12. Instagram plugin (Instagram button)
(1) This site uses features of Instagram. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. You can recognise the Instagram button by the Instagram camera icon.
(2) If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking on this Instagram button. This allows Instagram to assign the visit to our pages to your user account. Please note that as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Instagram.
13. Linktree (linking on Instagram)
(1) This site uses features of Linktree. These features are provided by Linktree Pty Ltd, 37 Islington St, Collingwood VIC 3066, Australia. You can recognize the Linktree button by the Linktree tree icon.
(2) If you are logged into your Instagram account, you can click on the Linktree link on our Instagram profile to go to an overview page. The links listed there will take you to our website. This allows link.tree to associate the visit to our pages with your user account. We would like to point out that we, as the provider of the pages, can only see the number of general page views via link.tree. However, we have no knowledge of the further content of the transmitted data or its use by Linktree.
14. Facebook pixel
(1) On our website we use the so-called "Facebook pixel" of the social network Facebook due to our legitimate interests in analysing and optimising our website. It is operated by Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are an EU resident, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").
(2) Facebook is certified under the Privacy Shield agreement, thus offering a guarantee of compliance with European data protection law: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
(3) This enables the tracking of behaviour of site visitors after they have been redirected to the provider's website by clicking on a Facebook ad. This allows us to evaluate the effectiveness of Facebook ads for statistical and market research purposes and to optimise future advertising efforts.
(4) The collected data is anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible, and Facebook can use the data for its own advertising purposes in accordance with the Facebook data usage policy. This allows Facebook to show ads both on Facebook pages and outside of Facebook. This use of data cannot be influenced by us as the operator of this website.
(6) Specific information and details about the Facebook Pixel and how it works can be found in Facebook's help section: https://www.facebook.com/business/help/651294705016616.
(7) You can object to the collection by the Facebook pixel and use of your data to display Facebook ads https://www.facebook.com/settings?tab=ads.
(1) By subscribing to our newsletter offered on our website, you agree to receive it and to the procedures described.
(2) We send out newsletters, e-mails and other electronic notifications with promotional information with the consent of the recipients or a legal permission only. Furthermore, our newsletters contain information about our current offers, news and promotions of our companies.
(3) You can register for our newsletter in a double opt-in procedure exclusively. This means that you will receive an e-mail after registering via the contact form, in which you will be asked to confirm your registration. This confirmation is necessary so that no one can register or impersonate you with an unknown e-mail address. Subscriptions to the newsletter are logged in order to be able to prove the subscription process in accordance with legal requirements. This includes storage of the registration and confirmation time, as well as the IP address. Likewise, changes to your data stored with the shipping service provider are logged.
(5) Our newsletters contain a so-called "web beacon" (a small file that is retrieved from the server of the mail service provider when the newsletter is opened). Technical information, such as information about the browser and your system, as well as your IP address and the time of access are collected. This information is used for the technical improvement of the services. These statistical purposes also include the collection of data on whether the newsletter is opened, when it is opened, and which links are clicked on within the newsletter.
(6) The use of the mail service provider, the performance of statistical surveys and analyses as well as the logging of the registration process are carried out on the basis of our legitimate interests in accordance with Art. 6 (1) lit f GDPR. We are interested in providing a user-friendly and secure newsletter system that serves our business interests and meets the expectations of our users.
(7) Unsubscribe/withdraw – You may cancel your subscription to our newsletter at any time. At the same time, your consent to its mailing by the mail service provider and the statistical analyses will expire. A separate withdrawal of the mailing by the mail service provider or the statistical evaluation is unfortunately not possible. You will find a link to unsubscribe from the newsletter at the end of each newsletter. Your personal data will be deleted after unsubscribing.
16. Brochure delivery
(1) You have the option of registering for free brochure delivery on our website via a dedicated contact form. Subscriptions to the brochure delivery are logged in order to be able to prove the subscription process in accordance with legal requirements. This includes storage of the registration and confirmation time, as well as the IP address.
(2) The data you provide will be used exclusively for the purpose of sending the brochures you have requested and will not be passed on to third parties.
(3) Your data will be deleted after expiry of the warranty, guarantee, limitation and legal or contractual retention periods applicable to us or, if applicable, after the conclusion of any legal disputes in which the data are required as evidence.
17. Non-binding inquiries, etc.
(1) You have the option of sending a non-binding inquiry to the desired Vivea Health Hotel via a designated contact form on our website. Inquiries are logged in order to be able to prove the log-in process in accordance with legal requirements. This includes storage of the registration and confirmation time, as well as the IP address.
(2) The data you provide will be used for the purpose of sending the brochures you have requested exclusively and will not be passed on to third parties.
(3) Your data will be deleted after expiry of the warranty, guarantee, limitation and legal or contractual retention periods applicable to us or, if applicable, after the conclusion of any legal disputes in which the data are required as evidence.
18. Third-party content & services
(1) On our website, service offers of third-party providers are integrated due to our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our website in terms of Art. 6 (1) lit f GDPR). This always requires that the third-party providers of this content are aware of the IP address of the user, as they would not be able to send the content to their browser without the IP address. Therefore, the IP address is required to display this content. Third-party vendors may use pixel tags (web beacons) for statistical or marketing purposes, among other things. By means of these pixels, information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on the user's device and among other things, it may contain technical information about the browser and operating system, referring web pages, time of visit and other information about the use of our website and may be combined with such information from other sources.
(2) In the following, you will find an overview of the third-party providers commissioned by us and their contents as well as the appropriate links to their respective privacy policies.
- External payment services:
- Sofort AG / Klarna: https://www.klarna.com/us/
- Concardis: Concardis: In the field of card payments (direct debit/giro card/credit cards), we are co-operating with Concardis GmbH (Concardis), Helfmann Park 7, 65760 Eschborn, Germany, represented by its managing directors Mark Freese, Jens Mahlke and Luca Zanotti. In this context, card data will also be transmitted to the above company in addition to the purchase amount and date. All payment data as well as data on possible chargebacks will only be stored as long as they are needed for payment processing (including the processing of possible chargebacks and debt collection) and for combating abuse. Usually, the data are deleted no later than 13 months after they have been collected. They may be stored past such due date if and as long as this is necessary to comply with a statutory retention period or to prosecute a specific case of abuse. The legal basis for data processing is Art. 6 (1) f) of the General Data Protection Regulation. You can request information and, if necessary, correction or deletion as well as the restriction of the processing of your data and/or, if necessary, object to the processing of your data. If you have any questions regarding data processing by Concardis or if you wish to exercise your aforementioned rights, you can contact the data protection officer at the indicated address or by e-mail to Datenschutzbeauftragter@concardis.com.
Furthermore, you have the right to complain to a supervisory authority. We hereby point out that the provision of payment data is neither legally nor contractually required. If you do not want to provide your payment details, you can use another payment method.
- External fonts from Google Inc., https://fonts.google.com/ („Google Fonts“). Google Fonts are integrated by sending a server request to Google (usually in the USA).
- Maps of the service "Google Maps" of the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
- Videos of the service "YouTube" of the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
- LinkedIn: The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time one of our pages containing LinkedIn functions is displayed, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our website with your IP address. If you click on the "Recommend button" of LinkedIn and are logged into your account at LinkedIn, it is possible for LinkedIn to assign your visit to our website to you and your user account. Please note that as the provider of the pages, we have no knowledge of the content of the transmitted data or their use by LinkedIn.
- The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Each time one of our pages containing LinkedIn functions is displayed, a connection to LinkedIn servers is established. As far as we are aware, no personal data are stored in the process. In particular, no IP addresses are stored, and the usage behaviour is not evaluated.
- Web analytics and optimisation using the service Hotjar (third-party provider Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe). With the help of Hotjar, we can track movements on the websites on which Hotjar is used (so-called "heat maps"). For example, it is possible to see how far users scroll and which buttons users click on and how often. Furthermore, technical data such as the selected language, system, screen resolution and browser type are recorded. At least temporarily during the visit to our website, profiles of users can be created. Furthermore, it is also possible to collect feedback directly from the users of the website with the help of Hotjar. In this way, we collect valuable information to make our websites even faster and more customer-friendly.
19. Your rights as a user
(1) Users have the right to receive information about the personal data that we have stored about them upon request and free of charge.
(2) With regard to this request for information, we take the liberty of stating that the right formulated in Art. 15 GDPR to request information about the data processed by you as the data subject is a highly personal right. Accordingly, we are required to obtain and document proof of your identity. In particular, this is intended to ensure that only you as the data subject receive information about your data. In this way, you help us to prevent abuse of the right to information.
(3) Upon receipt of your proof of identity, we will promptly comply with your request. The legal deadline of Art. 12 GDPR of one month for the provision of information only starts as of the receipt of a valid proof of identity.
(4) In addition, users have the right to rectification of inaccurate data, restriction of processing and erasure of their personal data, where applicable, to assert their rights to data portability and, in the event of the presumption of unlawful data processing, to lodge a complaint with the competent supervisory authority.
(5) Users can also revoke their consent, in principle with effect for the future.
20. Erasure of data
(1) The data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations. If the user's data are not deleted because they are required for other, legally permissible purposes, their processing will be restricted. I.e. the data are blocked and not processed for other purposes. This applies, for example, to user data that must be retained for reasons of commercial or tax law.
(2) According to the legal requirements, they will be stored for 6 years in accordance with art. 257 (1) HGB (German Commercial Code) commercial books, inventories, opening balances, annual statements, commercial letters, accounting vouchers, etc.), for 10 years in accordance with art. 147 (1) AO [German Fiscal Code] (books, records, management reports, accounting vouchers, commercial and business letters, for taxation relevant documents etc.)
21. Right of objection
Users may object to the future processing of their personal data in accordance with the legal requirements at any time. In particular, the user may object to the processing for purposes of direct advertising.
(1) Liability for contents
The contents of our pages were created with the greatest care. However, we cannot assume any liability for the correctness, completeness and topicality of the contents. As a service provider, we are responsible for our own content on these pages in accordance with the general law. However, service providers are not obligated to monitor third-party information transmitted or stored by them or to investigate circumstances that indicate illegal activity. Obligations to remove or block the use of information according to the general law remain unaffected. However, liability in this regard is only possible as of the time of knowledge of a specific infringement. If we become aware of any such infringements, we will remove the relevant content immediately.
(2) Liability for links
Our website contains links to external websites of third parties, on whose contents we have no influence. Therefore, we cannot grant any guarantee for these unfamiliar contents. The respective provider or operator of the linked sites is always responsible for their contents. The linked pages were checked for possible legal violations at the time of linking. At the time of linking, we could not identify any illegal contents. However, permanent monitoring of the contents of the linked pages is not reasonable without concrete evidence of a violation of the law. If we become aware of any such infringements, we will remove the relevant links immediately.