This Website uses Cookies
We use required cookies on our website. This is information that enables essential technical functions, such as filling out forms or language settings. These cookies are necessary to display the site and to use it correctly. With the confirmation you agree to this process. Click on "Save" to accept the cookies. For the setting of further cookies, e.g. B. for social media, you consent separately.

Privacy policy  Imprint

MENU

Ein hauch Italienisches Lebensgefühl vor den Toren Heidelbergs

Instagram Facebook LinkedIn Gastfreund
BOOK ROOM BOOK MEETING WELLNESS VERWÖHNPAKETE VOUCHER SHOP EVENT REQUEST BOOK A TABLE
Telefonische Reservierung +49 6224 - 8292-0

Privacy Policy

Privacy policy

1 General Information

This privacy policy is intended to inform you about the collection of personal data when using our online service. Personal data here means all data that can be personally related to you, e.g. name, address, e-mail addresses, IP address and user behavior.

1.1 Controller

Villa Toskana, Marion Schreiber e.K.,
Hamburger Str. 4 – 10
69181 Leimen
+49 (0) 6224 - 82920 (Telefon)
+49 (0) 6224 - 829211 (Fax)
info@hotel-villa-toskana.de (E-Mail)

is the Controller within the meaning of Art. 4 No. 7 of the EU General Data Protection Regulation (GDPR).

You can reach our data protection officer by e-mail at dsb@hotel-villa-toskana.de or our postal address Hotel Villa Toskana - Marion Schreiber e.K., Datenschutzbeauftragter, Hamburger Str. 4 - 10, 69181 Leimen.

1.2 Contact by E-Mail

If you contact us by e-mail, it is necessary to store the data you provide (your e-mail address, if applicable your name, address, telephone number) in order to process your request. We delete the data accruing in this context and stored by us after the storage is no longer necessary for this purpose. If, in addition, there are legal storage obligations, we restrict their processing.

1.3 Subprocessing; Joint Controllership

For individual functions of this website it is necessary to resort to service providers (subprocessors). We have concluded agreements with each of these service providers on subprocessing. We inform you about the individual service providers and processes in detail below.

Insofar as Joint Controllership is exercised with a service provider instead of subprocessing, this will be marked accordingly.

Personal data will not be passed on to third parties without your consent unless this is required by law.

1.4 Promotional Use

If we wish to use your data for advertising purposes, we will inform you in detail below about the respective processes and, if necessary, obtain your consent for this.

2 Rights oft he data subject; Supervisory authority

With regard to the processing of personal data concerning you, you have the following rights vis-à-vis us, in particular

  • the right to information and access to personal data,
  • the right to rectification and erasure,
  • the right to restriction of processing
  • the right to object to processing and
  • the right to data portability.

In addition, you have the right to complain to the competent data protection supervisory authority about the processing of your personal data by us.

The supervisory authority responsible for us is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg, Königstrasse 10a in 70173 Stuttgart.

3 Duration of the processing of personal data

The duration of the storage of personal data depends on the legal basis, the purpose of processing and any applicable statutory retention periods.

If the processing is based on your consent pursuant to Art. 6 para. 1 lit. a) GDPR, the data will be processed until the consent is withdrawn by the data subject.

If the processing is based on the fulfillment of a contract or pre-contractual inquiries pursuant to Art. 6 para. 1 lit. b) GDPR, this data will be deleted after expiry of the statutory retention obligations, provided that it is no longer required for the fulfillment or initiation of a contract and/or we can no longer demonstrate a legitimate interest in the continued processing.

If the processing is based on the protection of our legitimate interests pursuant to Art. 6 para 1 lit. f) GDPR, the data will be processed until the respective data subject exercises his or her right to object pursuant to Art. 21 para 1 GDPR and no compelling legitimate grounds for the continued processing, which override the interests, rights and freedoms of the data subject, can be demonstrated by us.

Otherwise, personal data will be deleted if they are no longer necessary for the purposes for which they were collected or otherwise processed.

4 Data collected when visiting our website; Hosting

In the case of purely informational use of our website, i.e. if you do not send us any data via a form or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server.

So if you just want to view our website, we collect the following data, which are technically necessary for us to display our website to you and to ensure stability and security:

Data transmitted to us by your browser (log files)

  • IP address
  • Date and time of the request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Amount of data transferred in each case
  • Website from which the request comes
  • browser
  • Operating system and its interface
  • Language and version of the browser software.

The legal basis for the processing is Art. 6 para. 1 lit. f) GDPR and is carried out to protect our legitimate interest to display our website to you and to ensure stability and security

5 Cookies & Tracking

So-called transient cookies or persistent cookies are used.

Transient cookies are automatically deleted when you close the browser. These include in particular session cookies. In these, a so-called session ID is stored, with which various requests of the browser can be assigned to the common session. Session cookies are deleted when you log out or close the browser.

Persistent cookies remain on your device and allow us to recognize your browser on your next visit. These cookies are automatically deleted after a certain duration, which varies depending on the cookie. You can find the duration of the respective cookie storage in the overview of the cookie settings of your web browser.

You can delete the cookies set by us yourself at any time in the security settings of your browser or configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. We would like to point out that you may then not be able to use all functions of this website.

5.1 Technically necessary cookies

These cookies are used to display the website correctly or to be able to offer basic functions such as the booking portal.

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f) GDPR and is carried out to protect our legitimate interest in the best possible functionality of our website and a customer-friendly and effective design of your page visit.

5.2 Cookies and other tracking technologies for statistical and marketing purposes

When you access our website, you will be shown our so-called Consent Tool. Here you will be informed about the use of cookies and other tracking technologies for statistical and marketing purposes on our website. You can find more detailed information on the individual services below in this privacy policy.

Via the settings in our Consent Tool, you have the option of consenting to the use of cookies and other tracking technologies that require your consent or to visit the website only by setting the technically necessary cookies. The corresponding cookies or tracking technologies for analysis and marketing purposes are only used if you have consented to their use.

The legal basis for the processing of personal data using statistics and marketing cookies is Art. 6 para. 1 lit. a) GDPR (consent).

6 Bookings & Orders; Customer Account

If you make bookings or orders via our website, we process your personal data provided during the ordering process to ensure the payment, processing and execution of your order. For the payment processing we use payment service providers and for the delivery of your order we may use shipping companies as service providers. The data required in each case for the booking, ordering and payment process are marked accordingly.

You can voluntarily create a customer account in our booking portal. By doing so, we save your data for later bookings and orders. The data you provide will be stored revocably. You can delete your customer account and the data stored therein by informing us at the contact details listed under the responsible party.

The legal basis for the processing is Art. 6 para. 1 lit. b) GDPR (contract performance and pre-contractual inquiries).

7 Payment service provider

Within the framework of our online store, we offer our customers efficient and secure payment options. For the processing of payments we use the following payment service providers.

Depending on the payment method selected by you, we transmit the data required for payment processing to the respective payment provider or you use your own customer account with the selected payment provider for payment or you transmit the data yourself to the payment service provider.

The legal basis for the processing is Art. 6 para. 1 lit. b) GDPR (contract performance and pre-contractual inquiries).

The data protection notices of the respective payment service providers apply to the payment transactions.

American Express: American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Deutschland; Privacy policy: https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html

Diners Club: DC Bank AG, Lassallestraße 3,1020 Wien, Österreich; Privacy policy: https://www.dinersclub.de/datenschutz

Klarna (Sofortüberweisung / Kauf auf Rechnung): Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Schweden; Privacy policy: https://www.klarna.com/de/datenschutz

Mastercard: Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgien; Privacy policy: https://www.mastercard.de/de-de/datenschutz.html

PayPal: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

Visa: Visa Europe Services Inc., Zweigniederlassung London, 1 Sheldon Square, London W2 6TT, GB; Privacy policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html

8 Google Remarketing

For marketing purposes, we use the remarketing function of the service provider Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

This is a procedure with which we would like to address you again, for example on other websites. Through this application, our advertisements can be displayed to you during your further internet use after visiting our website. This is done, among other things, by means of cookies stored in your browser, via which your usage behavior when visiting various websites is recorded and evaluated by Google. In this way, Google can determine your previous visit to our website. Google does not combine the data collected while remarketing with your personal data, which may be stored by Google. Google Remarketing uses pseudonymization.

The legal basis for the data processing is Art. 6 para. 1 lit. a) GDPR (consent).

The use of the Remarketing function is dependent on your consent via our Consent Tool.

Transfers to third countries are possible. So-called standard contractual clauses pursuant to Art. 46 GDPR have been concluded as suitable guarantees.

More information about data processing by Google: http://www.google.de/intl/de/policies/privacy

You can disable the use of cookies by Google by installing the plug-in provided under the following link:
https://www.google.com/settings/ads/plugin

You can find more information about Google services at
https://policies.google.com/
https://policies.google.com/technologies/ads

9 Facebook Remarketing ("Custom Audiences" / Facebook Pixel)

For marketing purposes, we use the remarketing function "Custom Audiences" / Facebook Pixel of the service provider Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").

This is a procedure with which we would like to address you again, for example in the context of the use of Facebook or other websites also using the procedure, via interest-based advertisements ("Facebook Ads").

The legal basis for the processing of your data is Art. 6 para. 1 lit. a) GDPR (consent).

The use of the Remarketing function is dependent on your consent via our Consent Tool.

Transfers to third countries are possible. So-called standard contractual clauses pursuant to Art. 46 GDPR have been concluded as suitable guarantees.

There is a case of joint processing with Facebook pursuant to Art. 26 GDPR. The agreement concluded for this purpose and more detailed information on the joint processing of personal data with the Facebook Pixel (and other Facebook business tools) can be found here: https://www.facebook.com/legal/controller_addendum

You can find more information on data processing by Facebook at https://www.facebook.com/about/privacy

Users who have a Facebook account can deactivate the "Facebook Custom Audiences" function for this account at https://www.facebook.com/settings/?tabs=ads#.

Users without a Facebook account can also deactivate the "Facebook Custom Audiences" function via the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org.

10 Google Analytics

For statistical and web analysis purposes, we use the Google Analytics service of the service provider Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

The statistics and web analysis serves to evaluate the flow of visitors to our website and can record behavior, interests or demographic information about the visitors, such as age or gender as pseudonymous values. In doing so, we use the IP masking function, whereby your IP address is pseudonymized.

On our behalf, Google will use the information generated by the cookie (e.g. IP address of the accessing computer, time of access, referrer URL and information on the browser and operating system used) to evaluate your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. In this context, pseudonymous usage profiles are created and, if necessary, stored in cookies. With the evaluation we would like to optimize our website and our offer.

The legal basis for the use of Google Analytics is Art. 6 para. 1 p. 1 lit. a) GDPR (consent).

The use of the remarketing function is dependent on your consent via our Consent Tool.

Transfers to third countries are possible. So-called standard contractual clauses pursuant to Art. 46 GDPR have been concluded as suitable guarantees.

More information on data processing by Google: http://www.google.de/intl/de/policies/privacy

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de

You can find more information about Google services at
https://policies.google.com/
https://policies.google.com/technologies/ads

11 Google Fonts

To display fonts on our website and in our newsletter, we integrate the fonts of the service provider Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

Here, the user's data is used solely for the purpose of displaying the fonts in the user's browser. The integration is based on our legitimate interests in a technically secure, maintenance-free and efficient display of fonts on our website.

More information on data processing by Google: http://www.google.de/intl/de/policies/privacy
You can find more information about Google services at
https://policies.google.com/
https://policies.google.com/technologies/ads

12 Newsletter

You can subscribe to our newsletter to receive regular information about our offers.

For the dispatch of newsletters, we use the service provider rapidmail GmbH, Wentzingerstraße, 21, 79106 Freiburg, Germany ("rapidmail").

Among other things, rapidmail is used to organize and analyze the dispatch of newsletters. The data entered by you for the purpose of receiving the newsletter is stored on rapidmail's servers in Germany. Depending on the font used to design the respective newsletter, a connection to external servers such as Google Fonts takes place.

For the subscription to our newsletter, we use the so-called double opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your respective IP addresses used and times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.

The only mandatory data for sending the newsletter is your e-mail address. The provision of any further, separately marked data is voluntary and will be used to address you personally. After your confirmation, we store your e-mail address for the purpose of sending you the newsletter.

You can withdraw your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in every newsletter e-mail or by sending an e-mail to info@hotel-villa-toskana.de.

We would like to point out that we evaluate your user behavior when sending the newsletter. For this evaluation, the emails sent contain a so-called tracking pixel, which connects to the servers of our service provider when the email is opened. Such tracking is not possible if you have deactivated the display of images in e-mail messages by default in your e-mail program. In this case, the newsletter will not be fully displayed to you and you may not be able to use all of its features. If you display the images manually, the tracking mentioned above will take place.

Furthermore, with the help of our service provider, we can determine whether and which links in the newsletter message are clicked. All links in the e-mail are so-called tracking links, which can be used to count your clicks.

You can object to this tracking at any time by clicking on the separate link provided in each email or by informing us via another contact channel.

The legal basis for the data processing is Art. 6 para. 1 lit. a) GDPR (consent).

Privacy Policy: https://www.rapidmail.de/datensicherheit

More about the analysis functions of rapidmail: https://www.rapidmail.de/wissen-und-hilfe

13 Contact Forms

You can send us an electronic message via the contact form embedded on our website.

To process your message, we need your e-mail address and, if contact via other communication channels is desired, details of this. Accordingly, we request this data in our contact form. Further details are voluntary and serve to make contacting you more user-friendly.

Via the contact form, we offer you the opportunity to conveniently contact us and send us inquiries about our offer.

The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR (contract performance and pre-contractual inquiries).

14 Objection against the processing of your data or withdrawal of consent

If you have given your consent to the processing of your data, you may withdraw this consent at any time. If you express such a withdrawal to us, this will affect the permissibility of the processing of your personal data.

If we base the processing of your personal data on the balance of interests pursuant to Art. 6 para 1 lit. f) GDPR, you may object to the processing. This is particularly the case if the processing is not necessary for the performance of a contract with you. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. If the objection is justified, we will examine the merits of the case and either discontinue or adjust the data processing or show you our compelling legitimate grounds based on which we will continue the processing.

Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us of your advertising objection using the contact details provided under Responsible party.

Newsletter

Sign up for our newsletter and take advantage of exclusive offers!