1. Privacy at a Glance

General Notes

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally. Detailed information on the subject of data protection can be found in our privacy policy listed under this text.

Data Collection on This Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find the contact details in the section “Notice to the Responsible Entity” in this privacy policy.

How do we collect your data?

Your data is collected in part by you providing it to us. This could be data you enter into a contact form, for example. Other data is collected automatically or with your consent when you visit the website through our IT systems. This primarily includes technical data (e.g., internet browser, operating system, or time of page access). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Some of the data is collected to ensure a flawless provision of the website. Other data may be used to analyze your user behavior. If contracts can be concluded or initiated via the website, the transmitted data will also be processed for contractual offers, orders, or other inquiries.

What rights do you have regarding your data?

You have the right at any time to obtain free information about the origin, recipients, and purpose of your stored personal data. You also have the right to request correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. Furthermore, you have the right to request the restriction of processing your personal data under certain circumstances. In addition, you have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time regarding this and other questions on the subject of data protection.

Analysis Tools and Third-Party Tools

When visiting this website, your surfing behavior may be statistically evaluated. This is done primarily with so-called analysis programs. Detailed information about these analysis programs can be found in the following privacy policy.

2. Hosting

We host the content of our website with the following provider: All-Inkl Provider is ALL-INKL.COM – Neue Medien Münnich, owner René Münnich, Hauptstraße 68, 02742 Friedersdorf (hereinafter All-Inkl). Details can be found in All-Inkl’s privacy policy: https://all-inkl.com/datenschutzinformationen/.

The use of All-Inkl is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in a reliable presentation of our website. If consent was requested, the processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG, provided that consent includes storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of TDDDG. Consent can be revoked at any time.

3. General Information and Mandatory Information

Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with legal data protection regulations and this privacy policy. When you use this website, various personal data is collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and how we use it. It also explains how and for what purpose this happens.

We point out that data transmission over the Internet (e.g., communication via email) may have security gaps. A complete protection of the data from access by third parties is not possible.

Notice to the Responsible Entity

The responsible entity for data processing on this website is:

Boopshotel.com
Phone: +357 99 015841
Email: info@boopshotel.com

The responsible entity is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Storage Duration

As long as no specific storage duration is mentioned in this privacy policy, your personal data will remain with us until the purpose for data processing ceases to apply. If you assert a justified deletion request or revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, deletion will occur after these reasons cease to apply.

General Notes on Legal Bases for Data Processing on This Website

If you have consented to data processing, we process your personal data based on Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR if special categories of data are processed pursuant to Art. 9 (1) GDPR. In the case of explicit consent for the transfer of personal data to third countries, data processing also takes place based on Art. 49 (1) lit. a GDPR. If you have consented to the storage of cookies or access to information on your device (e.g., via device fingerprinting), data processing additionally occurs based on § 25 (1) TDDDG. Consent can be revoked at any time. If your data is necessary for contract fulfillment or for carrying out pre-contractual measures, we process your data based on Art. 6 (1) lit. b GDPR. Furthermore, we process your data if it is necessary for compliance with a legal obligation based on Art. 6 (1) lit. c GDPR. Data processing may also occur based on our legitimate interest under Art. 6 (1) lit. f GDPR. The respective legal bases relevant in each specific case will be informed in the following paragraphs of this privacy policy.

Recipients of Personal Data

As part of our business activities, we collaborate with various external entities. This may require transferring personal data to these external entities. We only disclose personal data to external entities if it is necessary for contract fulfillment, if we are legally obliged to do so (e.g., transfer of data to tax authorities), if we have a legitimate interest under Art. 6 (1) lit. f GDPR in passing on the information, or if another legal basis allows for the transfer of data. When using processors, we only pass on personal data of our customers based on a valid contract for processing orders. In the case of joint processing, a contract for joint processing will be concluded.

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your explicit consent. You can revoke any consent you have given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to Object to Data Collection in Special Cases and Against Direct Advertising (Art. 21 GDPR)

IF THE DATA PROCESSING IS BASED ON ART. 6 (1) LIT. E OR F GDPR, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RELEVANT LEGAL BASIS FOR WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING IS FOR THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS (OBJECTION UNDER ART. 21 (1) GDPR).

IF YOUR PERSONAL DATA ARE PROCESSED FOR THE PURPOSE OF DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT RELATED TO SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR THE PURPOSE OF DIRECT ADVERTISING (OBJECTION UNDER ART. 21 (2) GDPR).

Right to Lodge a Complaint with the Competent Supervisory Authority

In case of violations of the GDPR, those affected have a right to lodge a complaint with a supervisory authority, particularly in the member state of their habitual residence, place of work or place of the alleged violation. The right to complain exists without prejudice to other administrative or judicial remedies.

Right to Data Portability

You have the right to receive data that we process automatically based on your consent or in fulfillment of a contract from us or a third party in a structured, commonly used and machine-readable format. If you request the direct transfer of the data to another controller, this will only occur insofar as it is technically feasible.

Information, Correction and Deletion

You have the right at any time within the framework of applicable legal provisions to obtain free information about your stored personal data, its origin and recipients and the purpose of data processing and possibly a right to correction or deletion of this data. You may contact us at any time regarding this and other questions concerning personal data.

Right to Restrict Processing

You have the right to request restriction of processing your personal data. You can contact us at any time regarding this matter. The right to restrict processing exists in the following cases:

• If you dispute the accuracy of your personal data stored by us, we usually need time to verify this.
• If processing of your personal data is unlawful, you may request restriction instead of deletion.
• If we no longer need your personal data but you need it for asserting, exercising or defending legal claims, you have the right to request restriction instead of deletion.
• If you have lodged an objection under Art. 21 (1) GDPR, a weighing of interests between yours and ours must take place.

If it is not yet clear whose interests prevail, you have the right to request restriction of processing your personal data.

If you have restricted processing of your personal data, these data – apart from their storage – may only be processed with your consent or for asserting, exercising or defending legal claims or for protecting the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state.

SSL and TLS Encryption

This site uses SSL and TLS encryption for security reasons and to protect the transmission of confidential content such as orders or inquiries that you send us as site operators. You can recognize an encrypted connection by the fact that the address line of your browser changes from “http://” to “https://” and by the lock symbol in your browser line.

When SSL or TLS encryption is activated, the data you transmit cannot be read by third parties.

4. Data Collection on This Website

Cookies

Our internet pages use so-called “cookies.” Cookies are small packages of data that do not harm your end device. They are either temporarily stored for the duration of a session (session cookies) or permanently (persistent cookies) stored on your end device. Session cookies are automatically deleted after your visit ends. Persistent cookies remain stored on your end device until you delete them yourself or until an automatic deletion occurs through your web browser.

Cookies can come from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable integration of certain services from third-party companies within web pages (e.g., cookies for processing payment services). Cookies serve various functions; many cookies are technically necessary because certain website functions would not work without them (e.g., shopping cart function or display of videos). Other cookies may be used for evaluating user behavior or for advertising purposes.

Cookies necessary for conducting electronic communication processes, providing certain functions desired by you (e.g., shopping cart function) or optimizing the website (e.g., cookies for measuring web audience) are stored based on Art. 6 (1) lit. f GDPR unless another legal basis is stated.

The website operator has a legitimate interest in storing necessary cookies for technically flawless and optimized provision of its services. If consent was requested for storing cookies and comparable recognition technologies, processing occurs exclusively on basis of this consent (Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG); consent can be revoked at any time.

You can set your browser to inform you about setting cookies and only allow cookies in individual cases, exclude acceptance of cookies for specific cases or generally as well as activate automatic deletion of cookies when closing your browser. Disabling cookies may limit functionality of this website.

Which cookies and services are used on this website can be found in this privacy policy.

Contact Form

If you send us inquiries via contact form, your information from request form including contact details provided there will be stored by us for processing inquiries and in case follow-up questions arise. We do not share this data without your consent.

Processing these data occurs based on Art. 6 (1) lit. b GDPR if your inquiry relates to fulfillment of a contract or is necessary for pre-contractual measures. In all other cases, processing is based on our legitimate interest in effectively addressing inquiries directed to us (Art. 6 (1) lit. f GDPR) or based on your consent (Art. 6 (1) lit. a GDPR) if it was requested; consent can be revoked at any time.

The information provided by you in contact form remains with us until you request deletion, revoke your consent for storage or until purpose for storing data ceases to apply (e.g., after completing processing your inquiry). Mandatory legal provisions – especially retention periods – remain unaffected.

Inquiry via Email, Phone or Fax

If you contact us via email, phone or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for processing your concern. We do not share this data without your consent.

Processing these data occurs based on Art. 6 (1) lit. b GDPR if your inquiry relates to fulfillment of a contract or is necessary for pre-contractual measures.

In all other cases, processing is based on our legitimate interest in effectively addressing inquiries directed to us (Art. 6 (1) lit. f GDPR) or based on your consent (Art. 6 (1) lit. a GDPR) if it was requested; consent can be revoked at any time.

The information sent by you via inquiries remains with us until you request deletion, revoke consent for storage or until purpose for storing ceases to apply (e.g., after completing processing your concern). Mandatory legal provisions – especially statutory retention periods – remain unaffected.

5. Social Media

Facebook

This website integrates elements from the social network Facebook. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. However, according to Facebook’s statement, the collected data is also transferred to the USA and other third countries.

An overview of Facebook Social Media elements can be found here: https://developers.facebook.com/docs/plugins/?locale=en_EN.

When the social media element is active, a direct connection between your device and Facebook’s server is established. Facebook receives information that you visited this website with your IP address. If you click on the Facebook „Like Button“ while logged into your Facebook account, you can link content from this website to your Facebook profile.

This allows Facebook to associate your visit to this website with your user account. We point out that as providers of these pages we have no knowledge about content transmitted as well as their use by Facebook. For more information please refer to Facebook’s privacy policy: https://de-de.facebook.com/privacy/explanation.

The use of this service is based on your consent according to Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.

As far as personal data are collected and forwarded to Facebook using tools described hereon our website, we are jointly responsible with Meta Platforms Ireland Limited for this data processing under Art. 26 GDPR. Joint responsibility is limited exclusively to collection and forwarding of those data to Facebook. The subsequent processing after forwarding by Facebook is not part of joint responsibility. The obligations we share have been recorded in an agreement regarding joint processing. The text of that agreement can be found here: https://www.facebook.com/legal/controller_addendum. According to this agreement we are responsible for providing privacy information when using Facebook tools and ensuring secure implementation of tools on our website. Facebook is responsible for datasecurity regarding Facebook products. Rights concerning affected parties (e.g., requests for information) regarding processed data at Facebook can be asserted directly at Facebook. If you assert affected rights at our company we are obliged to forward these requests to Facebook.

Data transfer to USA is based on standard contractual clauses from EU Commission. Details can be found here:

• https://www.facebook.com/legal/EU_data_transfer_addendum
• https://de-de.facebook.com/help/566994660333381
• https://www.facebook.com/policy.php

The company has certification under “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between European Union and USA intended to ensure compliance with European Data Protection standards when processing in USA. Every company certified under DPF commits itself to adhere these standards. Further information can be obtained from provider under following link: https://www.dataprivacyframework.gov/participant/4452.

Instagram

This website integrates functions from Instagram service offered by Meta Platforms Ireland Limited. When social media element is active a direct connection between your device and Instagram server will be established. Instagram thus receives information about your visit on this website by you. If you are logged into your Instagram account you can link content from this website with your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit on this website with your user account. We point out that as providers we have no knowledge about content transmitted as well as their use by Instagram. The use of this service is based on your consent in accordance with Art. 6 (1) lit.a GDPR and § 25 Abs(1) TDDDG. Consent can be revoked at any time.

As far as personal data are collected using tools described hereon our website and forwarded to Facebook or Instagram respectively we are jointly responsible with Meta Platforms Ireland Limited for such processing under Art.(26 )GDPR. Joint responsibility relates exclusively to collection and forwarding those personal data respectively to Facebook or Instagram. Subsequent processing performed by Facebook or Instagram does not fall under joint responsibility. Obligations we jointly share have been recorded in an agreement regarding joint processing. The text thereof can be found at https://www.facebook.com/legal/controller_addendum. Accordingly we are responsible for providing privacy information when using Facebook- or Instagram tools and ensuring their implementation securely concerning Data Protection Law . For datasecurity regarding products from Facebook respectively Instagram ,Facebook bears responsibility. Rights concerning affected parties(e.g.requests for information )regarding processed information at Facebook respectively Instagram can be asserted directly at Facebook. If affected rights regarding us are claimed ,we must forward those requests towards Facebook . Data transfer into USA will happen according standard contractual clauses from EU Commission. Details can be found here:

• https://www.facebook.com/legal/EU_data_transfer_addendum
• https://privacycenter.instagram.com/policy/
• https://de-de.facebook.com/help/566994660333381

For further details please refer also to Instagram´s privacy policy: https://privacycenter.instagram.com/policy/.

The company has certification under “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between European Union and USA intended to ensure compliance with European Data Protection standards when processing in USA. Every company certified under DPF commits itself to adhere these standards . Further information can be obtained from provider under following link: https://www.dataprivacyframework.gov/participant/4452.

6 Newsletter

Newsletter Data

If you would like to receive newsletters offered on our website we need an email address along with information allowing us verify that you are owner thereof and agree with receiving newsletters.Further details will only be collected voluntarily . This information will exclusively used send requested information out ,and not passed onto third parties .

Processing entered into newsletter registration form occurs exclusively based upon consent received(Art .6 Abs .1 lit .a DSGVO). Consent granted storing email address ,and its usage sending newsletters may revoked anytime ,for instance via “unsubscribe” link within newsletter . Lawfulness already performed processes remains unaffected by revocation.

Data provided by yourself intending receive newsletter will kept until unsubscribe form newsletter respectively newsletter service provider .Once unsubscribed from newsletter ,data will deleted from mailing list after purpose ceases exist .We reserve right delete email addresses from our newsletter distribution list per discretion within framework legitimate interests according art .6 Abs .1 lit .f DSGVO .

Data stored previously intended other purposes remains unaffected .

After unsubscribing from newsletter distribution list ,your email address may kept upon blacklist unless preventing future mailings deemed necessary .Data contained therein solely used that purpose ,and merged with others .This serves both interests compliance legal provisions during mailing newsletters(based upon legitimate interest pursuant art .6 Abs .1 lit.f DSGVO ).Retention period within blacklist has no time limit .You may object against retention unless interests outweigh ours .

Newsletter Sending To Existing Customers

If you order goods/services from us whilst providing email address ,this may subsequently used sending newsletters unless beforehand informed about it . In such case newsletter only contains direct advertising own similar goods/services .Sending such newsletter may cancelled anytime ,with appropriate link included each newsletter .

Legal basis sending newsletters hereof falls under Art .6 Abs .1 lit .f DSGVO combined §7 Abs .3 UWG .

After unsubscribing from newsletter distribution list ,your email address may kept upon blacklist preventing future mailings towards yourself.Datas contained therein solely used that purpose ,and merged neither others .This serves both interests compliance legal provisions during mailing newsletters(based upon legitimate interest pursuant art .6 Abs .1 lit.f DSGVO ).Retention period within blacklist has no time limit .You may object against retention unless interests outweigh ours .

7 Plugins und Tools

YouTube with Enhanced Privacy

This site incorporates videos from YouTube service operated by Google Ireland Limited (“Google”), Gordon House Barrow Street Dublin 4 Ireland . When visiting one page embedding youtube connection shall established servers youtube indicating which pages being visited . When logged into youtube account allows linking surf behavior directly back identified profile .Can prevent doing so logging out youtube account .

We utilize youtube enhanced privacy mode , whereby videos played back won’t personalize surfing experience according statements received google .Ads displayed through enhanced privacy mode aren’t personalized either ,and cookies won’t set instead local storage elements saved browser which similar cookies contain personal identifying info utilized recognize users again . Details regarding enhanced privacy mode available here : https://support.google.com/youtube/answer/171780.

After activating youtube video additional processes involving further analysis may triggered which lie beyond our influence .

Using youtube serves purpose providing attractive presentation online offers representing legitimate interest according art .6 Abs .1 lit.f DSGVO . If appropriate consents were requested processing takes place solely according art .6 Abs .1 lit.a DSGVO combined §25 Abs .1 TDDDG if consent includes storage cookies/access info devices users(e.g.device fingerprinting). Consent may revoked anytime .

More information about privacy policies at youtube see their privacy policy : https://policies.google.com/privacy?hl=de.

The company has certification under „EU-US Data Privacy Framework“ (DPF). The DPF is an agreement between European Union and USA intended to ensure compliance with European Data Protection standards when processing in USA. Every company certified under DPF commits itself to adhere these standards . Further information can be obtained from provider under following link : https://www.dataprivacyframework.gov/participant/5780.

Google Fonts (Local Hosting)

This site uses Google Fonts provided uniform representation fonts installed locally no connection occurs servers google . Further information about google fonts see : https://developers.google.com/fonts/faq, and google’s privacy policy : https://policies.google.com/privacy?hl=de.

Google Maps

This site uses Google Maps service provider Google Ireland Limited (“Google”), Gordon House Barrow Street Dublin 4 Ireland . By means service allows embedding maps material onto our website .

To utilize functions google maps necessary store ip address usually transferred server google usa where stored without influence provider page . When activating google maps google may utilize google fonts ensuring consistent display font styles required . When accessing google maps browser loads needed web fonts cache correctly displays texts fonts .

Using google maps serves purpose providing attractive presentation online offers easy find locations specified websites representing legitimate interest per art .6 abs .1 lit.f gdpr . If appropriate consents were requested processing takes place solely according art .6 abs .1 lit.a gdpr combined §25 abs .1 tdddg if consent includes storage cookies/access info devices users(e.g.device fingerprinting). Consent may revoked anytime .

Data transfers usa rely upon standard contractual clauses eu commission . Details available here :

• https://privacy.google.com/businesses/gdprcontrollerterms/
• https://privacy.google.com/businesses/gdprcontrollerterms/sccs/

More information handling user-data find within google’s privacy policy : https://policies.google.com/privacy?hl=de.

The company has certification under „EU-US Data Privacy Framework“ (DPF). The DPF is an agreement between European Union and USA intended to ensure compliance with European Data Protection standards when processing in USA. Every company certified under DPF commits itself to adhere these standards . Further information can be obtained from provider under following link : https://www.dataprivacyframework.gov/participant/5780.

Google reCAPTCHA

We use „Google reCAPTCHA“ („reCAPTCHA“) on this site operated by Google Ireland Limited („Google“), Gordon House Barrow Street Dublin 4 Ireland .

With reCAPTCHA aims verify whether input entered within website(e.g.contact form )was made human rather than automated program . For analyzing reCAPTCHA observes behavior visitor examining various features triggered automatically once visitor enters site . For analysis reCAPTCHA evaluates multiple pieces info(e.g.ip address dwell duration visitor site mouse movements made by user).Data gathered during analysis transferred google .

reCAPTCHA analyses run entirely background visitors not made aware analysis taking place .

Storage analysis takes place per art .6 abs .1 lit.f gdpr operator has legitimate interest protecting web offerings against abusive automated spying spam .If appropriate consents were requested processing takes place solely according art .6 abs .1 lit.a gdpr combined §25 abs .1 tdddg if consent includes storage cookies/access info devices users(e.g.device fingerprinting). Consent may revoked anytime .

Further details regarding google reCAPTCHA refer google’s privacy terms conditions located here : https://policies.google.com/privacy?hl=de, https://policies.google.com/terms?hl=de.

The company has certification under „EU-US Data Privacy Framework“ (DPF). The DPF is an agreement between European Union and USA intended to ensure compliance with European Data Protection standards when processing in USA. Every company certified under DPF commits itself to adhere these standards . Further information can be obtained from provider under following link : https://www.dataprivacyframework.gov/participant/5780.