Privacy Policy

Your Data with Us: Collection, Use, and Protection

We are pleased about your visit to our website and your interest in our company.

Klinik und Hotel St. Wolfgang takes the protection of personal data very seriously. For this reason, we would like to inform you about which data and information we store and how we use it.

I. Data Controller for Personal Data Processing

Klinik und Hotel St. Wolfgang
Ludwigpromenade 6
94086 Bad Griesbach-Therme
Phone: +49 (0) 8532 980-0
Email: badgriesbach@asklepios.com 
Represented by the Managing Director: Frank Tamm, Johann Bachmeyer

II. Data Protection Officer

You can contact our Data Protection Officer at:
Rainer Aigner
aigner business solutions GmbH
Goldener Steig 42
94116 Hutthurm
Phone: +49 (0) 8505 919270
Email: info@aigner-business-solutions.com 

III. General Information on Processing Personal Data When Visiting Our Website

1. Processing of Personal Data
Personal data refers to all information relating to an identified or identifiable natural person (hereinafter “data subject”), such as name, address, email address, or IP address.

The processing of personal data on our website is based on the following legal grounds:

·         Consent (Art. 6 para. 1 lit. a GDPR)
Example: consent via cookie banner

·         For the conclusion or performance of a contract (Art. 6 para. 1 lit. b GDPR)
Example: providing personal data during online booking

·         Legitimate interests of our company (Art. 6 para. 1 lit. f GDPR)
Example: IP address

We will explain which personal data we specifically collect and process, on what legal basis, and how long we store it in the relevant section of this privacy policy.

2. Duration of Data Storage
We store your data as long as it is necessary for the respective processing purpose. Please note that many retention periods require the continued storage of data, especially for commercial or tax law obligations. If no further storage obligations exist, data will be routinely deleted once the purpose is fulfilled.

3. Data Transmission
We may use commissioned service providers for certain functions of our offer or use your data for advertising purposes, provided you have consented to this processing.

Data transfer to service providers occurs within the framework of order processing agreements according to Art. 28 GDPR. These providers have been carefully selected, are bound by our instructions, and are regularly monitored:

·         Hosting service providers

·         Web analytics providers

In some cases, we transfer your data in the context of order processing to providers in third countries. As a suitable guarantee for the lawfulness of data transfer, we have concluded appropriate order processing contracts and EU standard contractual clauses according to Art. 46 para. 2 lit. c GDPR with the processors.

 

IV. Provision of the Website

When using the website for informational purposes—that is, if you do not register or send us information in any other way—we only collect the personal data that your browser transmits to our server and that are technically necessary for us to display our website and ensure its stability and security:

·         IP address

·         Date and time of the request

·         Time zone difference to Greenwich Mean Time (GMT)

·         Content of the request (specific page)

·         Access status/HTTP status code

·         Amount of data transmitted

·         Website from which the request originates

·         Browser

·         Operating system and its interface

·         Language and version of the browser software

There is no personal evaluation of the data, even if it may, under certain circumstances, allow identification. If we analyze the data, it is done in anonymized form with the purpose of improving the attractiveness, content, and functionalities of our website.

Where data is shared with external service providers (web hosts), we ensure through technical and organizational measures that data protection regulations are observed.

The processing of the data is carried out in accordance with Art. 6 para. 1 lit. f GDPR based on our legitimate interests in improving our online presence, such as security, functionality, and stability of our website.

V. Security and Data Integrity

This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as inquiries you send to us as the site operator. You can recognize an encrypted connection by the fact that the address bar of your browser changes from "http://" to "https://" and by the padlock symbol in your browser's address bar. When SSL encryption is activated, the data you transmit to us cannot be read by third parties.

VI. Contact Form and Contact via Email and Phone

If you send us inquiries via the contact form, your details from the form, including the contact information you provide there, will be stored by us for processing your request and in case of follow-up questions.

The processing of data entered into the contact form is based solely on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. A simple message via email to us is sufficient. The legality of data processing operations carried out before the revocation remains unaffected.

The data you enter in the contact form will be stored until you request us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been fully processed). Mandatory legal provisions—especially retention periods—remain unaffected.

Inquiry via Email and Phone

When you contact us via email or phone, your inquiry, including all personal data derived from it (name, request), will be stored and processed by us for the purpose of handling your concern.

This data processing is based on Art. 6 para. 1 lit. b GDPR if your inquiry relates to the fulfillment of a contract or is necessary for pre-contractual measures. In all other cases, processing is based on your consent (Art. 6 para. 1 lit. a GDPR) and/or our legitimate interests (Art. 6 para. 1 lit. f GDPR), as we have a legitimate interest in effectively processing inquiries addressed to us.

VII. Cookies

Our website uses cookies. Cookies are small text files stored on your device that allow certain information to be passed to the entity setting the cookie (in this case, us). Cookies cannot execute programs or transmit viruses to your computer. Their purpose is to make the online offering more user-friendly and efficient overall.

Cookies can be classified into technically necessary and technically non-essential cookies.

1. Technically necessary cookies

This website uses the following types of technically necessary cookies, which are essential for the operation and functionality of the website:

Transient Cookies
Transient cookies are automatically deleted when you close your browser. These include session cookies in particular. These store a session ID that can assign various requests from your browser to the same session. This allows your device to be recognized when you return to our website.

Persistent Cookies
Persistent cookies are automatically deleted after a predetermined period, which can vary depending on the cookie. You can delete these cookies at any time via the security settings of your browser.

You can configure your browser settings according to your preferences, for example, to reject third-party cookies or all cookies. Please note that you may not be able to use all features of this website if you do so.

The legal basis for setting this type of cookie is our legitimate interest (Art. 6 para. 1 lit. f GDPR).

2. Technically non-essential cookies

With your consent (Art. 6 para. 1 lit. a GDPR), we also use technically non-essential cookies. These cookies help make our offering more user-friendly, effective, and secure.

These cookies allow us to analyze how our website is used. This enables us to tailor the website's content to the needs of our visitors.

If you have given your consent via the cookie banner, you can withdraw it at any time without providing reasons through the cookie banner.

An overview of the cookies used on our website can be found under the "Cookies" section on our website.

VIII. Tracking

1. Google Analytics

We use the tracking tool Google Analytics from Google Ireland Limited on our website.

Google Analytics primarily collects and systematically evaluates user interactions on our website using cookies. When individual pages of our site are accessed, the following data is stored:

Three bytes of the IP address of the user's system (anonymized IP address)
The accessed web page
The referring page (referrer)
The subpages accessed from the original page
Duration of the visit
Frequency of page visits
Type of browser used
Language settings of the device and operating system used
The software is configured to ensure that IP addresses are not stored in full; the last octet of the IP address is masked (e.g., 192.268.79.***). This makes it impossible to associate the shortened IP address with the user’s device.

The legal basis for processing your personal data is your consent pursuant to Art. 6 para. 1 lit. a GDPR. You may withdraw your consent at any time.

The processing of users' personal data using Google Analytics enables us to analyze user behavior. The data helps us understand how different components of our website are used, enabling us to continually improve our website and its usability.

The data collected via tracking is deleted once it is no longer needed for recording purposes.

If the user does not provide consent for marketing cookies via the cookie banner, no cookies from Google Analytics or other marketing tools will be set.

Third-party information:

Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.
Terms of Use: http://www.google.com/analytics/terms/de.html
Privacy overview: http://www.google.com/intl/de/analytics/learn/privacy.html
Privacy Policy: http://www.google.de/intl/de/policies/privacy

As Google is based in the U.S., data transfers to the U.S. cannot be ruled out. However, Google is certified under the Data Privacy Framework, which ensures an adequate level of data protection in the U.S. Further information about certification: https://www.dataprivacyframework.gov/s; current status of Google: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active

IX. Other Tools and Plug-Ins

e-ventis Voucher Shop

This site offers a voucher shop by e-ventis. The provider is e-ventis GmbH, Neudorf 20, 94481 Grafenau.

To use the e-ventis voucher shop and process orders, it is necessary to store your IP address, browser information (name, version), website, user's operating system, screen resolution, language settings of the browser or operating system, and the data you enter. When you place and submit an order, this data is usually transferred to and stored on an e-ventis server. The provider of this website has no influence on this data transmission.

Using the voucher shop serves the convenient and efficient provision of vouchers and represents a legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.

Payment transactions via common payment methods take place exclusively via an encrypted SSL or TLS connection. An encrypted connection is indicated by the change in the browser’s address bar from "http://" to "https://" and the lock icon in your browser bar.

With encrypted communication, your payment data cannot be read by third parties.

More information about how e-ventis handles user data can be found in their privacy policy: https://www.e-ventis.de/de/kontakt/datenschutz/datenschutz.html

Google Tag Manager

We use Google Tag Manager. Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking and analytics tools into our website. The tool itself does not create user profiles, store cookies, or perform its own analyses. It merely facilitates the deployment of tools. However, Google Tag Manager does process your IP address, which may be transmitted to Google’s parent company in the United States.

The use of Google Tag Manager is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the efficient integration and management of various tools.

Where consent is requested, processing is based solely on Art. 6 para. 1 lit. a GDPR; consent can be withdrawn at any time.

More information: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/

Google Maps

This website uses the map service Google Maps. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

To use Google Maps features, it is necessary to store your IP address. This information is typically transferred to and stored on a Google server in the USA. The website provider has no control over this data transfer. When Google Maps is enabled, Google may use Google Web Fonts to ensure consistent font presentation. Your browser will load these web fonts into its cache to correctly display text and fonts.

The use of Google Maps is in the interest of providing an appealing online experience and helping users locate the places specified on our website. Processing is based exclusively on your consent pursuant to Art. 6 para. 1 lit. a GDPR. You may withdraw your consent at any time.

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. Details can be found here:
https://privacy.google.com/businesses/gdprcontrollerterms/
https://privacy.google.com/businesses/gdprcontrollerterms/sccs/

More information about handling user data: https://policies.google.com/privacy?hl=en

Facebook

Our website includes a plugin from the social network Facebook. The provider is Meta Platforms Inc., 1 Hacker Way, Menlo Park, California 94025, USA.

When you click on the Facebook logo, a direct connection is established to Facebook servers via the plugin, and your browser redirects you to our Facebook page. Facebook is informed that you have visited our site using your IP address.

We have no influence over the data collected and processed by Facebook, nor are we aware of the full scope of data collection, its purpose, or retention period. For more details on Facebook’s data practices, your rights, and privacy settings, please see their privacy policy: http://de-de.facebook.com/policy.php

To prevent Facebook from linking your visit to our site with your Facebook account, log out of Facebook before visiting. In Germany, IP addresses are anonymized immediately after collection. By activating the plugin, your personal data may be transmitted to the plugin provider and stored there (including in the USA).

The legal basis for using the plugin is Art. 6 para. 1 lit. f GDPR.

HolidayCheck

This site integrates content from HolidayCheck to display reviews. The provider is HolidayCheck AG, Bahnweg 8, CH-8598 Bottighofen, Switzerland.

To use the HolidayCheck widget, your IP address must be stored. This information is transferred to and stored on a server operated by HolidayCheck. The website provider has no control over this data transmission.

Clicking the “Rate Now” button opens a popup. If you submit a review, the information is transmitted to HolidayCheck servers and stored.

The use of the HolidayCheck widget serves the presentation of our hotel and the ability for users to leave reviews, which is a legitimate interest under Art. 6 para. 1 lit. f GDPR.

More information on HolidayCheck's privacy policy:
https://www.holidaycheck.de/datenschutz

Webfonts

This site uses web fonts provided by Monotype GmbH (fonts.com or fast.fonts.net), Horexstraße 30, 61352 Bad Homburg, for uniform font display. When a page is loaded, your browser loads the required web fonts into its cache to display texts and fonts properly.

To do this, your browser connects to fonts.com servers, informing them that your IP address accessed our website. The use of Fonts.com web fonts is in the interest of a consistent and attractive online appearance and constitutes a legitimate interest under Art. 6 para. 1 lit. f GDPR.

If your browser does not support web fonts, a standard font from your computer is used.

More info:
https://www.fonts.com/info/legal
https://www.fonts.com/info/legal/privacy/
https://www.monotype.com/legal/privacy-policy/

X. Newsletter

If you wish to subscribe to the newsletter offered on our website, we require your email address as well as information that allows us to verify that you are the owner of the provided email address and that you consent to receiving the newsletter. No further data is collected or only on a voluntary basis. We use this data solely for sending the requested information and do not share it with third parties.

The processing of the data entered in the newsletter subscription form is based exclusively on your consent in accordance with Art. 6 (1) lit. a GDPR. You may revoke your consent to the storage of your data, email address, and their use for newsletter distribution at any time. Each newsletter contains a link that allows you to unsubscribe. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you provide for the purpose of receiving the newsletter will be stored by us until you revoke your consent and will be deleted from the mailing list after you unsubscribe or once the purpose no longer applies. We reserve the right to delete or block email addresses from our distribution list at our own discretion within the scope of our legitimate interest pursuant to Art. 6 (1) lit. f GDPR.

After you unsubscribe from the newsletter, your email address may be stored in a blacklist by us or the newsletter service provider to prevent future mailings. The data in the blacklist will only be used for this purpose and not combined with other data. This is both in your interest and our interest in complying with legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6 (1) lit. f GDPR). Blacklist storage is not limited in time. You may object to the storage if your interests outweigh our legitimate interests.

XI. Your Rights

Below is an overview of the data subject rights granted to you under applicable data protection law with respect to the processing of your personal data:

The right under Art. 15 GDPR to request information about your personal data processed by us. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the intended storage duration, the existence of a right to rectification, erasure, restriction of processing or objection, the right to lodge a complaint, the source of your data if not collected by us, and the existence of automated decision-making including profiling and, where appropriate, meaningful information about the details involved.
The right under Art. 16 GDPR to request without delay the correction of incorrect or the completion of your personal data stored by us.
The right under Art. 17 GDPR to request the deletion of your personal data stored by us, unless processing is necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims.
The right under Art. 18 GDPR to request the restriction of processing your personal data where the accuracy of the data is contested by you, the processing is unlawful, but you oppose the erasure and we no longer need the data, but you require it for the establishment, exercise or defense of legal claims, or you have objected to processing pursuant to Art. 21 GDPR.
The right under Art. 20 GDPR to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request the transmission to another controller.
The right to withdraw consent granted pursuant to Art. 7 (3) GDPR: You have the right to withdraw your consent to data processing at any time with effect for the future. Upon withdrawal, we will delete the affected data immediately, provided no other legal basis for processing exists without consent. The withdrawal of consent does not affect the legality of processing carried out based on the consent before its withdrawal.
The right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR. Generally, you can contact the supervisory authority of the federal state of our registered office or your usual place of residence or employment.

XII. Objection to the Processing of Your Data

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 (1) sentence 1 lit. f GDPR, you have the right under Art. 21 GDPR to object to the processing of your personal data, provided there are reasons arising from your particular situation.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling, to the extent that it is related to such direct marketing. If you object, your personal data will no longer be used for direct marketing purposes (objection pursuant to Art. 21 (2) GDPR).

To exercise your right of objection, simply send an email to: badgriesbach@asklepios.com 

XIII. Objection to Advertising Emails

As part of our legal obligation to provide an imprint, we are required to publish our contact information. These may be used by third parties to send unsolicited advertising and information. We hereby object to any unauthorized sending of advertising material of any kind. We expressly reserve the right to take legal action against the unsolicited sending of advertising material. This particularly applies to spam emails, spam letters, and spam faxes. We point out that unauthorized transmission of advertising material may violate competition law, civil law, and criminal law. In particular, spam emails and faxes can lead to high claims for damages if they interfere with business operations by overloading mailboxes or fax machines.

XIV. Changes to Our Privacy Policy

We reserve the right to update this privacy policy as necessary to comply with current legal requirements or to reflect changes in our services, e.g., the introduction of new services. The new privacy policy will apply to your next visit.

XV. Privacy Information – Social Media

We operate business accounts on Facebook, Instagram, LinkedIn, and Xing. When you visit our social media pages, you can interact with our posts, comment on them, and send us messages. Your visit to our social media profiles initiates a variety of data processing operations involving your personal data. We would like to inform you of your rights in relation to the processing of your personal data.

You are not required to provide us with your personal data. However, it may be necessary for certain features of our social media profiles. We process your data for customer-oriented corporate presentation, effective external communication, and to interact with users of our social media profiles. These data transfers and processing operations are based on your voluntary use of the platforms in accordance with Art. 6 (1) lit. a and Art. 49 (1) lit. a GDPR.

When you contact us via one of our social media channels, the data you provide will only be used to respond to your inquiry. The legal basis for this processing is Art. 6 (1) lit. a GDPR – your consent to contact us via the respective social media platform; possibly Art. 6 (1) lit. b GDPR in the case of contract initiation or execution; §26 BDSG for employment-related contact; and Art. 6 (1) lit. f GDPR where a legitimate interest in effective public relations exists.

Please note that platform operators use web tracking and profiling systems that create extensive user profiles. We have no control over these systems. Your personal data will be collected, used, and stored not only by us but also by the operators of the social media platforms, even if you do not have an account with the respective platform. For details on the data collection, storage, and use by the social media platforms, please refer to their privacy policies:

• Facebook: https://de-de.facebook.com/privacy/explanation
• Instagram: https://privacycenter.instagram.com/policy/
• Xing: https://privacy.xing.com/de/datenschutzerklaerung
• LinkedIn: https://de.linkedin.com/legal/privacy-policy 

Note on Data Transfers to Third Countries
The providers of LinkedIn, Facebook, and Instagram are based in the USA. This means all your data may be transferred to an insecure third country without a data protection level comparable to the EU. Xing is headquartered in Germany, but according to the provider, data may still be transferred to insecure third countries when using the platform.

The data transfer is based on your consent pursuant to Art. 6 (1) lit. a and Art. 49 (1) lit. a GDPR, unless the provider is certified under the EU-US Data Privacy Framework.

Last updated: June 2025