Icon Telefon Icon E-Mail
La Villa Logo

Privacy policy

Data protection declaration of LA VILLA am Starnberger See / EKT GmbH
This data protection declaration describes the data protection procedure of LA VILLA / EKT GmbH with regard to the personal data collected about you.
The protection of your privacy is important to us.
We would therefore like to provide you with the necessary information below:

I.

Name and contact details of the data controller and the company data protection officer
This data protection information applies to data processing by
1. controller: LA VILLA / EKT GmbH, hereinafter referred to as LA VILLA
LA VILLA am Starnberger See / EKT GmbH,
Ferdinand-von-Miller-Str. 39-41, 82343 Niederpöcking,
Tel. 08151-77060
Fax 08151-7706-99
E-mail: info(at)lavilla.de
Homepage: www.lavilla.de
2. the company data protection officer can be contacted by post, telephone and in person at the address given in Section I. No. 1. and: E-mail: margarete.schultes@lavilla.de.

II.

Definitions of terms

The data protection declaration is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for everyone. LA VILLA would like to explain personal data to you by way of example.
Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, date of birth, address, telephone number, e-mail address or other specific characteristics which express the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

III.

Collection and storage of personal data and the nature and purpose of its use.

1. visit to the website
When you visit the website, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file.
The following information is collected without any action on your part and stored until it is automatically deleted
IP address of the requesting device
Date and time of access
Name and URL of the retrieved file
Website from which the access is made (referrer URL)
Browser used and, if applicable, the operating system of your computer and the name of your access provider
The aforementioned data is processed by us for the following purposes
Establishing a smooth connection to the website
Creation of a comfortable use of our website
Evaluation of system security and stability and
for further administrative purposes
Art. 6 para. 1 sentence 1 lit. f GDPR is the legal basis for this data processing. Our legitimate interest follows the purposes for data collection listed above.
Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person.
We also use cookies and analysis services when you visit our website. Please refer to the following paragraphs for more detailed explanations.
Cookies are therefore stored on your computer when you visit our website. Cookies are small text files that are stored on your hard disk and assigned to the browser you are using and through which certain information flows to the body that sets the cookie, in this case us. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the website more user-friendly and effective overall.
2. registration with contact form
When using our registration form for your questions of any kind, we offer you the opportunity to contact us using the form provided on our website.
It is necessary to provide a valid e-mail address, telephone number and your name.
We need to know who the inquiry is from so that we can answer it. You can provide all other information voluntarily.
Art. 6 para. 1 sentence 1 lit. a GDPR is the legal basis for data processing for the purpose of contacting you. The basis for this is your voluntary consent on the contact form.
The data collected in this process is stored in the Typo3 backend. This ensures that we can access this data even if there is a fault with the mail server.
3. newsletter
If you have expressly consented to Art. 6 para. 1 sentence 1 lit. a GDPR, we may use your email for our regular newsletter mailing. The newsletter is not sent via bulk mailings. This means that no one sees the other.
To receive a newsletter, it is sufficient to provide your e-mail address. Optionally, we ask you to enter your name so that we can address you personally in the newsletter. You can unsubscribe from our newsletter at any time. You can unsubscribe via a link at the end of each newsletter. LA VILLA sends a notice of withdrawal of consent with every e-mail. You can also send your unsubscribe request at any time to the following address: info@lavilla.de.
With the following information we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described.
The content of the newsletter is: We only send newsletters, emails and other electronic notifications with advertising information (hereinafter "newsletter") with the consent of the recipient or legal permission. If the contents of the newsletter are specifically described when registering for the newsletter, they are decisive for the user's consent. Otherwise, our newsletters contain information about our services and us.
Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registering, you will receive an email asking you to confirm your registration. This confirmation is necessary so that no-one can register with other people's e-mail addresses. Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address. Changes to your data stored with the mailing service provider are also logged.
Registration data: To register for the newsletter, it is sufficient to enter your e-mail address. Optionally, we ask you to provide your name so that we can address you personally in the newsletter.
The newsletter and the performance measurement associated with it are sent on the basis of the recipient's consent in accordance with Art. 6 para. 1 sentence 1 lit. a, Art. 7 GDPR in conjunction with Section 7 para. 2 no. 3 UWG or on the basis of the legal permission in accordance with Section 7 para. 3 UWG.
The logging of the registration process is based on our legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR. We are interested in using a user-friendly and secure newsletter system that serves both our business interests and the expectations of users and also allows us to prove consent.
You can unsubscribe from our newsletter at any time, i.e. revoke your consent. You will find a link to unsubscribe from the newsletter at the end of each newsletter. We may store the unsubscribed e-mail addresses for up to three years on the basis of our legitimate interests before deleting them in order to be able to prove that consent was previously given. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time.
4. contact via telephone / fax
When you make a telephone call or send a fax, the data from your terminal device is automatically stored on our server until the contract is concluded and duly processed, taking into account the retention periods.
Otherwise they will be deleted automatically.
5. personal hotel visits
We collect personal data when you visit our hotels or use on-site services, e.g. restaurant. We also collect personal data if you take part in events or competitions that we organize or if you provide your personal data as part of an event.

IV.

Forwarding of personal data

Personal data will not be transferred to third parties for purposes other than those listed below. We only pass on your personal data to third parties in the following cases or when using the various analysis tools, which are listed individually, it is also described what the analysis does and what happens to the data, and how you as the consumer can object to this.

Your personal data will only be passed on to third parties if you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the disclosure of your personal data.
there is a legal obligation pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR and
this is legally permissible and Art. 6 para. 1 sentence 1 lit. b GDPR is required for the proper processing of contractual relationships with you.

 

V.

Cookies

We use cookies on our website. These are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your end device, as they do not contain any viruses, Trojans or other malware. Information is stored in the cookies that results in each case in connection with the specifically configured end device. This does not mean that we obtain direct knowledge of your identity.
This website uses the following types of cookies, the scope and function of which are explained below:
Transient cookies are automatically deleted when you close the browser. These include session cookies in particular. These store a so-called session ID - yes or no - deleted or not - with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close the browser.
Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser.
You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. We would like to point out that you may not be able to use all the functions of this website.
The user's ID is saved as soon as the user has clicked on "Agree" on the notice. This means that the notice will not be displayed again the next time the user visits the website. The cookie notice only appears again as soon as the user deletes their cookies in the browser.
On the one hand, the use of cookies serves to make the use of our website more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted when you leave our site.
In addition, we use temporary cookies for user-friendliness, which are stored for a specified period of time. They are stored for 365 days. When you visit our website again, it automatically recognizes that you have already visited us and which entries and settings you have made so that you do not have to enter them again.
In addition, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. With these cookies, we can automatically recognize that you have already visited us when you visit our site again. These cookies are automatically deleted after a defined period of time. They are stored for 365 days.
The data processed by cookies are necessary for the purposes mentioned to protect our legitimate interests and those of third parties in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
Most browsers accept cookies automatically. You are free to configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, completely deactivating cookies could mean that you cannot use our website to its full extent.

VI.

Analysis tools

1. about tracking tools
The tracking measures listed below and used by us are carried out on the legal basis of Art. 6 para. 1 sentence 1 lit. f GDPR. With these tracking measures, we want to ensure a needs-based design and continuous optimization of our website. At the same time, we use these tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision.
The respective data processing purposes and categories can be found in the corresponding tracking tools.
2nd tool: Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc (https://www.google.com/intl/de/ about/), (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), hereinafter referred to as Google, for the purpose of designing and continuously optimizing our pages to meet your needs. In this context, pseudonymized user profiles are created and cookies are used. The information generated by the cookie about the use of this website such as
Browser type/version
Operating system used
Referrer URL (the previously visited page)
Host name of the accessing computer (IP address)
Time of the server request
are transmitted to a Google server in the USA and stored there.
However, if IP anonymization is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage for the purposes of market research and the needs-based design of this website. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf.
The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. The IP addresses are anonymized so that an assignment is not possible (IP masking).
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the browser add-on available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this link. An opt-out cookie will be set to prevent the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
This website uses Google Analytics with the extension "_anonymizeIp()". This means that IP addresses are further processed in abbreviated form, so that they cannot be linked to a specific person. If the data collected about you is personally identifiable, it will be excluded immediately and the personal data will be deleted immediately.
We use Google Analytics to analyze and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 para. 1 sentence 1 lit. f GDPR. Further information on data protection in connection with Google Analytics can be found in the Google Analytics help section (https://support.google.com/analytica/answer/6004245?hl=de).
Information from the third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: www.google.com/analytics/terms/de.html, overview of data protection: www.google.com/intl/de/analytics/learn/privacy.html, as well as the privacy policy: http://www.google.de/intl/de/policies/privacy.
3rd tool: Crazyegg (click tracking)

We use the web analysis service "Crazy Egg" from Crazy Egg Inc, 16220 Ridgeview Lane, La Mirada, CA, 90638 USA, on our website to collect statistical data about the use of our website. With the help of Crazy Egg Inc. technologies, visitor information is collected and transmitted to the Crazy Egg Inc. servers. The technology enables the activities of the user during the visit to our website to be collected, analyzed and visualized. For example, we can use a "heat map" to recognize which areas of our website are visited and clicked on the most. For this purpose, so-called "cookies", text files that are stored on your computer and that enable an analysis of your use of the website, are transmitted to Crazy Egg Inc. You can object to the collection and storage of data by Crazy Egg Inc. by making certain settings in your browser. You can find instructions on Crazy Egg at https://www.crazyegg.com/opt-out.
The purpose and scope of the data collection and the further processing and use of the data by Crazy Egg as well as your rights in this regard and setting options to protect your privacy can be found in the data protection information of Crazy Inc. at https://www.crazyegg.com/privacy.
4th tool: Google Tag Manager
This website uses Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags via an interface. The Tag Manager tool itself (which implements the tags) is a cookie-free domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If deactivation has been carried out at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.
In the event that other analysis tools are used, we will update our website immediately.
If you have any questions about our analysis tools, you can contact us at any time.
We are also happy to receive further suggestions and criticism in writing.

VII.

Social media plug-ins/links

Social plug-ins / links
In accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, we use social plug-ins or links to social networks on our website, as listed below. This serves to make us better known.
Our legitimate interest is the underlying advertising purpose within the meaning of the General Data Protection Regulation. Responsibility for data protection-compliant operation must be guaranteed by the respective provider. We integrate these plug-ins and links using the so-called two-click method in order to protect visitors to our website in the best possible way. These are only links. Once via icons and once via a news extension (but this is currently hidden). The following channels are linked via icons: Google+, Pinterest, Xing, Youtube, Facebook & Instagram. No SOCIAL MEDIA PLUGINS are used - therefore no two-click method is applied. However, if plugins are used in the future, the two-click method will be applied. Currently, all social media channels are only linked to the website via links. Only YouTube is also integrated via videos. This applies to the following paragraphs.
We currently use the following social media plug-ins / links:
1. Facebook
Social media links from Facebook are used on our website to make their use more personal. We use the "LIKE" or "SHARE" button for this purpose. This is an offer from Facebook.
We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the providers of the links. You can recognize the provider of the link by the marking on the box above its initial letter or the logo. We give you the opportunity to communicate directly with the provider via the link. Only if you click on the marked field and thereby activate it will the provider receive the information that you have accessed the corresponding website of our online offer, even if you are not logged in to Facebook. This information, including your IP address, is transmitted directly from your browser to a Facebook server in the USA and stored there.
If you are logged in to Facebook, Facebook can assign your visit to our website directly to your Facebook account. If you interact with the link, the corresponding information is also published directly to a Facebook server and displayed to your Facebook friends.
In the case of Facebook, according to the respective providers in Germany, the IP address is anonymized immediately after collection. By activating the link, your personal data is therefore transmitted to the respective link provider and stored there (for US providers in the USA). Since the link provider collects data in particular via cookies, we recommend that you delete all cookies via your browser's security settings before clicking on the grayed-out box.
We have no influence on the data collected and data processing procedures, nor are we aware of the full extent of the data collection, the purposes of the processing or the storage periods. We also have no information on the deletion of the data collected by the link to the provider.
Facebook stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective link provider to exercise this right.
By linking, we offer you the opportunity to interact with the social networks and other users so that we can improve our offering and make it more interesting for you as a user.
The legal basis for the use of the plug-ins is Art. 6 para. 1 sentence 1 lit. f GDPR.
We recommend that you log out regularly after using a social network, but especially before activating the button, as this will prevent you from being assigned to your profile with the plug-in/link provider.
Further information on the purpose and scope of data collection and its processing by the plug-in/link provider can be found in the data protection declarations of these providers provided below. There you will also find further information on your rights in this regard and setting options to protect your privacy.
Addresses of the respective plug-in/link provider and URL with their data protection notices:
Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA; www.facebook.com/policy.php; further information on data collection: www.facebook.com/help/186325668085084, www.facebook.com/about/privacy/your-info-on-other and www.facebook.com/about/privacy/your-info. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Google Inc, 1600 Amphitheater Parkway, Mountainview, California 94043, USA; www.google.com/policies/privacy/partners/. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
2. integration of Google Maps
We use the Google Maps service on this website. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently.
When you visit the website, Google receives the information that you have accessed the corresponding subpage of our website. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or customising its website.
Such an evaluation is carried out in particular (even for users who are not logged in) to provide customised advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
Further information on the purpose and scope of data collection and its processing by the link provider can be found in the provider's privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy: www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Google Inc, 1600 Amphitheater Parkway, Mountainview, California 94043, USA.
3. google+
Google + is a social network that was founded in 2011 as a competitor to Facebook.
Further information on the purpose and scope of data collection and its processing by the link provider can be found in the provider's privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy: www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Google Inc, 1600 Amphitheater Parkway, Mountainview, California 94043, USA.
4. instagram
The data controller has integrated components of the Instagram service on this website. Instagram is a service that qualifies as an audiovisual platform and allows users to share photos and videos and also to redistribute such data in other social networks.
The operating company of the Instagram services is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.
With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which an Instagram component (Insta button) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to the download of a display of the corresponding Instagram component of Instagram.
During the course of this technical procedure, Instagram is made aware of which specific sub-page of our website is visited by the data subject.
If the data subject is logged in at the same time on Instagram, Instagram recognises with each call-up to our website by the data subject and for the entire duration of their stay on our Internet site, which specific sub-page of our Internet page was visited by the data subject. This information is collected by the Instagram component and assigned by Instagram to the respective Instagram account of the data subject. If the data subject clicks on one of the Instagram buttons integrated on our website, the data and information transmitted with it is assigned to the personal Instagram user account of the data subject and stored and processed by Instagram.
Instagram always receives information via the Instagram component that the data subject has visited our website if the data subject is logged in to Instagram at the same time as accessing our website; this takes place regardless of whether the data subject clicks on the Instagram component or not.
If the data subject does not want this information to be transmitted to Instagram in this way, they can prevent the transmission by logging out of their Instagram account before accessing our website.
Further information and the applicable data protection provisions of Instagram may be retrieved under help.instagram.com/155833707900388 and www.instagram.com/about/legal/privacy/.
5. pinterest
We use the social network Pinterest, Pinterest, Inc, 808 Brannan St, San Francisco, CA 94103, USA (hereinafter referred to as "Pinterest").
By clicking the "Pin it" button, Pinterest receives the information that you have accessed the corresponding page of our website. If you are logged in to Pinterest, Pinterest can assign the visit to your Pinterest account. The data transmitted by clicking the "Pin it" button is stored by Pinterest in the USA. If you do not agree to this, you must log out of your Pinterest account before clicking the "Pin it" button.
The scope and purpose of the data collection and the further processing and use of the data by Pinterest as well as your corresponding rights and design rights to protect your privacy can be found in Pinterest's data protection information at: http://pinterest.com/about/privacy/
6 Xing,
We would like to inform you here about the processing of personal data via the XING link function.
The "XING link" is used on this website. When you access this website, your browser establishes a short-term connection to the servers of XING AG ("XING"), with which the "XING share button" functions (in particular the calculation/display of the counter value) are provided. XING does not store any personal data about you when you access this website. In particular, XING does not store any IP addresses. There is also no evaluation of your usage behaviour via the use of cookies in connection with the "XING Share Button". The current data protection information on the "XING Share Button" and additional information can be found on this website:
https://www.xing.com/app/share?op=data_protection. Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy.
7. integration of YouTube videos
We have integrated YouTube videos into our online offering, which are stored on www.YouTube.com and can be played directly from our website.
The term "all integrated in "extended data protection mode" means that no data about you as a user is transferred to YouTube if you do not play the videos. Only when you play the videos will the data mentioned in paragraph 2 be transmitted.
We have no influence on this data transmission.
When you visit the website, YouTube receives the information that you have accessed the corresponding subpage of our website. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your YouTube profile, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or customising its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide customised advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.
Further information on the purpose and scope of data collection and its processing by YouTube can be found in the privacy policy. There you will also find further information on your rights and setting options to protect your privacy: www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

VIII.

  Rights concerned

You have the following rights with regard to your personal data:
1. right to information Art. 15 GDPR
Any person affected by the processing of personal data has the right granted by the European legislator of directives and regulations to obtain from the controller free information about the personal data stored about them and a copy of this information at any time. Furthermore, the European legislator has granted the data subject access to the following information:
the purposes of processing
the categories of personal data that are processed
the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
the existence of the right to lodge a complaint with a supervisory authority
if the personal data are not collected from the data subject: All available information about the origin of the data
the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Furthermore, the data subject has a right to information as to whether personal data has been transferred to a third country or to an international organisation.
If this is the case, the data subject also has the right to obtain information about the appropriate guarantees in connection with the transfer.
If a data subject wishes to avail himself of this right of access, he or she may, at any time, contact any employee of the controller.
2. right to rectification Art. 15 GDPR
Any person affected by the processing of personal data has the right granted by the European legislator of directives and regulations to demand the immediate correction of incorrect personal data concerning them.
Furthermore, taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
If a data subject wishes to exercise this right to rectification, he or she may, at any time, contact any employee of the controller.
3. right to erasure (right to be forgotten) Art. 17 GDPR
Any person affected by the processing of personal data has the right, granted by the European legislator, to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies and insofar as the processing is not necessary
The personal data have been collected or otherwise processed for such purposes for which they are no longer necessary.
The data subject withdraws consent on which the processing is based according to point (a) of Article 6(1) GDPR, or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.
The data subject objects to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 (2) GDPR.
The personal data have been processed unlawfully.
The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
The personal data was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.
If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data, he or she may, at any time, contact any employee of the controller. The employee will ensure that the request for erasure is complied with immediately.
If the personal data has been made public by LA VILLA and our company as the controller is obliged to erase the personal data pursuant to Article 17(1) GDPR, LA VILLA shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform other controllers processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required. An employees of the LA VILLA will arrange the necessary measures in individual cases.
4. right to restriction of processing Art. 18 GDPR
Each data subject shall have the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies:
The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
The data subject has objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by LA VILLA, he or she may at any time contact any employee of the controller. The employee of the LA VILLA will arrange the restriction of the processing.
5. right to data portability Art 20 GDPR
Any person affected by the processing of personal data has the right, granted by the European legislator, to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. He or she also has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, in exercising his or her right to data portability pursuant to Art. 20(1) GDPR, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.
In order to assert the right to data portability, the data subject may at any time contact any employee of the LA VILLA.
6. right to withdraw consent under data protection law Art. 7 para. 3 GDPR
Any person affected by the processing of personal data has the right granted by the European legislator of directives and regulations to revoke consent to the processing of personal data at any time.
If the data subject wishes to exercise the right to withdraw the consent, he or she may, at any time, contact any employee of the controller.
7. right to lodge a complaint with a supervisory authority Art. 77 GDPR
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78.

IX.

Right to object

Users of this website may exercise their right to object to the processing of their personal data at any time.
If you would like a correction, blocking, deletion or information about the personal data stored about you or have questions regarding the collection, processing or use of your personal data or would like to revoke your consent, please contact our employees as follows or info@lavilla.de.

X.

Our data security

LA VILLA uses the widespread SSL procedure.
In conjunction with the highest level of encryption supported by your browser.
SSL procedure = secure socket layer
As a rule, this is a 265-bit encryption.
If your browser supports 265-bit encryption, LA VILLA uses 128-bit v 3 technology.
You can recognise whether an individual page of the LA VILLA website is transmitted in encrypted form by the closed display of the key or the lock-minus symbol in the lower status bar of your browser.
We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties.

LA VILLA continuously improves data security in line with ongoing technological developments.

XI.

Updates and changes to this privacy policy

This LA VILLA privacy policy is currently valid and was last updated in May 2018.
It may become necessary to amend this privacy policy due to further development of our website and offers or due to changes in legal and official requirements, in particular the GDPR.
The current privacy policy can be viewed and downloaded at any time at
www.lavilla.de/datenschutz/ and printed out at any time.
We welcome your criticism and questions as well as suggestions and concerns regarding this privacy policy and our homepage, in particular data protection, at any time and ask you to contact the company data protection officer immediately in writing.
We will get back to you immediately.
LA VILLA am Starnberger See
Exklusive Klausur- und Tagungsstätten GmbH
Ferdinand-von-Miller-Straße 39-41
82343 Niederpöcking
Telephone: +49 8151 77060
Fax: +49 8151 770699
E-mail: info@lavilla.de