Data Privacy Statement

Data Privacy Statement

The protection of your data is important to us. We will therefore only process your data within the limits of current data privacy laws and protect them using the latest technology. More information about the processing of your personal data and your rights in accordance with data privacy laws is provided below. You will find further information about the processing of your customer data at https://www.rosenpark.com/en/data-privacy-statement.

 

Hotel & Residenz Rosenpark GmbH 
Anneliese Pohl Allee 7-17 
35037 Marburg, Deutschland
Telefon +49 6421 6005-0 
Email: info@rosenpark.com

You can also contact our data protection officer at the address provided above, citing the reference "Data Protection Officer" or at datenschutz@vilavitahotels.com.

2.1.   Data processed and their origin

We mainly process personal data that we have received or collected from the data subjects as part of the booking process or obtained from enquiries made via our website. Moreover, we also process personal data obtained from publicly accessible sources (e.g. the press, the Internet), in as far as this is required and permitted for marketing or customer service purposes. We also process personal data lawfully forwarded to us by other companies in the VILA VITA group (VILA VITA HOTEL and TOURISTIK GmbH, Hotel und Residenz Rosenpark GmbH, VILA VITA Marburg GmbH, VILA VITA Gastronomie- und Handelsgesellschaft mbH, Congresszentrum Marburg GmbH & Co. KG) or by third parties (e.g. information about criminal offences).

The personal data processed by us within this context consist of personal particulars (name, address and other contact data, date and place of birth, nationality), medical data relevant to the person's stay with us (e.g. severe disabilities or dietary requirements) and identification data (e.g. identity card data). In addition, data resulting from your orders placed with us may be collected (e.g. payment order), as well as data resulting from meeting our contractual obligations (e.g. accommodation agreement) and other data comparable to the categories mentioned.

2.2.   Relevant legal basis for data processing

Where the legal basis is not explicitly mentioned in this Data Privacy Notice, the following legal basis applies. Where we have obtained your consent to data processing, Article 6 Paragraph 1 (a) and Article 7 of the GDPR serve as a legal basis for data processing. Where data processing takes place in order to provide our services and comply with contractual requirements, as well as to answer enquiries, Article 6 Paragraph 1 (b) of the GDPR will be the legal basis for data processing. Where data processing takes place in fulfilment of a legal obligation, Article 6 Paragraph 1 (c) of the GDPR is the legal basis. Examples are the fulfilment of the specifications of the Federal Registration Act (Bundesmeldegesetz), commercial archiving periods or to meet tax (archiving) obligations.

The companies of the VILA VITA Group are obliged to adhere to EU data privacy regulations and to take appropriate steps to ensure data security when exchanging data with each other, as per their Inter-Group Agreement. In addition, the Inter-Group Agreement mainly deals with the fact that the companies of the VILA VITA Group cooperate and mutually exchange data equally with regard to advertising and marketing, in the process adhering to data subjects' rights (their rights as data subjects, right to information, etc.) and the fact that VILA VITA Marburg GmbH, with its registered offices in Marburg, is primarily responsible for these tasks.

Where processing personal data is required to protect the legitimate interests of our company or a third party, we make use of Article 6 Paragraph 1 (f) of the GDPR as a legal basis. Legitimate interests particularly include the guarantee of IT security and IT operation, the institution of any legal claims and representation in legal disputes, advertising and marketing for the services and products provided by the VILA VITA Group, business management actions and the development of products and services, the prevention and detection of criminal offences, video monitoring to ensure adherence to house regulations and to collect evidence in the event of burglary or theft (also see Section 4 of the Federal Data Protection Act, [Bundesdatenschutzgesetz]), activities to ensure the safety of buildings and installations (e.g. access control), activities to implement house regulations as well as market and opinion surveys carried out by the aforementioned parties, where there has been no objection to direct marketing.

2.3. Your rights

You have the right to

  • access in accordance with Article 15 of the GDPR
  • rectification in accordance with Article 16 of the GDPR
  • erasure in accordance with Article 17 of the GDPR
  • restriction of processing in accordance with Article 18 of the GDPR
  • data portability in accordance with Article 20 of the GDPR

The restrictions of Sections 34 and 35 of the GDPR apply to the rights to access and erasure. In addition, in accordance with Section 77 of the GDPR you have the right to submit a complaint to a data protection supervisory authority in accordance with Section 19 of the Federal Data Protection Act.

Any consent you grant us with regard to processing personal data may be withdrawn by you at any time with effect for the future.

2.4.  Storage period

Where not otherwise stated in this Data Privacy Notice, personal data will only be stored for as long as necessary to fulfil the relevant purpose, or our contractual or legal obligations. We are subject to various storage and documentation obligations. These particularly result from the Commercial Code (Handelsgesetzbuch), the Fiscal Code (Abgabenordnung) and the Money-Laundering Act (Geldwäschegesetz). The periods stipulated in these cases may be up to 10 years.

2.5.  Transfer of personal data

Where we forward personal data to other persons or companies, this will only take place on the basis of your consent, a legal permit, a legal obligation (e.g. to public offices and institutions such as supervisory or financial authorities) or on the basis of an agreement on order processing in terms of Article 28 of the GDPR. Other recipient categories may be found in this Data Privacy Notice.

2.6.   Transfer of data to third countries

Processing of personal data outside the European Economic Area will only take place where a third country has been confirmed by the European Commission as having appropriate data privacy laws according to Articles 44 et seqq. of the GDPR or other appropriate guarantees regarding the protection of personal data.

2.7.   Automatic decision-making

Some of your data will be automatically processed in order to evaluate certain personal aspects (profiling), for marketing and advertising purposes and to send you personalised advertisements by e-mail or post.

Legal and regulatory provisions for combating money laundering, the financing of terrorism and financial crime are also binding for us. Data analysis will also be carried out within this context.

Some of our websites permit you to subscribe to a free newsletter. Written subscription is also possible at some of our outlets. We use this newsletter to inform you about the VILA VITA Group and its products and services. If you would like to receive this newsletter, we require you to provide us with a valid e-mail address and information that allows us to verify that you are the owner of the e-mail address you have provided or that its owner agrees to receive the newsletter. No other data will be collected. These data will only be used to send the newsletters and will not be forwarded to any third parties outside the VILA VITA Group. When you subscribe to the newsletter, we will store the date of your application and your IP address if you should subscribe via a website. This storage will only be for the purposes of providing evidence in the event that a third party should make fraudulent use of an e-mail address and subscribe to the newsletter without the knowledge of the authorised person. However, we will only statistically evaluate reading behaviour to the extent that it can be determined whether the recipient has opened the newsletter and clicked on the links. This is a function that we only use to verify user activities and to be able to implement appropriate optimisations. The newsletter also contains a so-called "web beacon", a file that is downloaded from our server when opening the newsletter. Your consent to store the data, the e-mail address and its use to forward the newsletter can be withdrawn at any time. Such withdrawal can take place via a link in the newsletters themselves, on the website or by notifying the aforementioned contact persons.

In connection with the processing of orders and bookings, we transmit personal data to service providers who support us in processing them. This applies in particular to providers of credit card billing services, insofar as the data transfer is necessary for processing the payment. In this respect, we work together with the company SIX Payment Services (Germany) GmbH, Global Data Protection Support, Langenhorner Chaussee 92-94, 22415 Hamburg, Germany. The company's data protection regulations can be viewed at https://www.six-payment-services.com/de/home.html. The legal basis for data processing is Art. 6 Par. 1 lit. b DSGVO.

We reserve the right to amend this Data Privacy Notice with future effect.

1.1.  Cookies

Our websites make use of cookies. These are small data packages that are stored on the customer's terminal device. In addition to so-called session cookies, which are automatically deleted as soon as you log out or close the browser, so-called permanent cookies that recognise a repeat user are also used. These cookies are automatically deleted after a specified period.

It is possible to object to the placement of cookies at any time by changing your Internet browser settings. You can delete cookies already placed at any time. When you deactivate cookies, it is possible that not all our website functions will be fully utilisable. The legal basis for setting a cookie is to protect the aforementioned legitimate interests according to Article 6 Paragraph 1 (f) of the GDPR.

1.2.   Collection of general data and compilation of protocol data

When you call up our website, general data and information are automatically collected and stored in a server protocol. The following data may be collected:

  • Information about the browser type and version
  • Information about the user's operating system
  • Information about the user's service provider
  • The Internet protocol address (IP address) of the user or the calling system
  • Date and time of access
  • The website via which you reached us (referrer URL)
  • Websites called up via our website by the user's system

Processing of these data is used to provide our websites, to guarantee the functionality of our IT systems and to optimise our website. Such data and information are always anonymously collected and are statistically evaluated by us with the aim of ensuring data privacy and data security. In these cases the log file data are always stored separately from other personal data we may have collected and are generally not forwarded to third parties. These data are automatically deleted on expiry of the specified period. The legal basis for temporary processing of the data is to protect the aforementioned legitimate interests according to Article 6 Paragraph 1 (f) of the GDPR.

1.3.   Contact form and e-mail contact

Some of our websites provide a contact form and an e-mail address that enables you to contact us electronically, for example to make a booking. When you use one of these channels to contact us, the personal data you forward to us will be automatically stored. Storage and further processing of these data only serves the purpose of processing your contact request and subsequently making contact with you. They will never be forwarded to third parties outside the VILA VITA Group. The data forwarded by you will be deleted once the process is complete, provided that their deletion is not subject to any contractual or statutory storage periods. In such a case, the data for which storage is required will be deleted once the storage period expires. The legal basis for processing these data is Article 6 Paragraph 1 (f) of the GDPR.

1.4.   Use of Google Analytics

Some of our websites use the analysis tool Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Web analysis involves the collection and evaluation of information about the behaviour of website users. This would include information about the website from which you reached us, the website sections you accessed and the length of time for which you viewed such sections. Cookies are used for this purpose. Cookies are text files that are placed and stored on a computer system via an Internet browser. The information collected by the cookie is transmitted to a server of Google Inc. in the USA. In addition to website use information, this also includes your IP address. However, we use Google Analytics with the supplement "AnonymizeIP". This means that your IP address will be truncated and anonymised by Google if you call up our website within a member state of the European Union or in other countries that are signatory states of the Agreement on the European Economic Area. The IP address transmitted will also not be combined with other Google data. The purpose of such data processing is to evaluate visitor flows and the use of the website by visitors. We have commissioned Google to compile online reports for us in this regard. We make use of the information thus collected to optimise our website.  The legal basis for data processing is Section 15 Paragraph 3 of the Telemedia Act or Article 6 Paragraph 1 (f) of the GDPR. The aforementioned purposes are legitimate interests. The valid data privacy conditions and terms and conditions of Google Analytics may be found at https://www.google.com/analytics/terms/us.html and https://policies.google.com.

You can prevent the placement of cookies by our website at any time by making an appropriate setting in the Internet browser, thus permanently objecting to the placement of cookies. In addition, cookies already placed by Google can be deleted at any time via an Internet browser or other software program.

Furthermore you have the option of objecting to and preventing the collection of the data created by the cookie and related to the use of this website, as well as the processing of these data by Google. To do this, you must download and install a browser add-on. You will find the download here: https://tools.google.com/dlpage/gaoptout. The add-on prevents your data from being collected and processed in future.

1.5.   Use of Google marketing services

Some of our websites use the marketing and remarketing services of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. The Google marketing services (including Google Adwords, Google Conversion Tracking, Google Optimize and Google Double Click) allow us to show more targeted advertisements for and on our website in order to present users with advertisements that are potentially in line with their interests.

When our and other websites using Google marketing services are called up, Google executes a code, incorporating so-called (re)marketing tags into the website. They are used to place a cookie on the user device (comparable technologies may be used instead of cookies), with the cookies being placed by various domains (including google.com, doubleclick.net, etc.) This file contains information about the websites the user has visited, the content he was interested in and the products he has clicked on. It also tracks technical information about the browser and operating system, referring websites, the duration of the visit and other information about how the online services are used. The user's IP address is recorded, but is truncated within the member states of the European Union or in other signatory states of the Agreement on the European Economic Area and will only be transferred to a Google server in the USA in full and truncated there in exceptional cases. The IP address is not combined with user data within other Google products.

The information above may also be combined with such information from other sources by Google. If the user subsequently visits other websites, he may be shown targeted advertising in accordance with his interests. User data are processed in pseudonymised form as part of Google's marketing services, i.e. without storing and processing the name or e-mail address of the users. This does not apply if a user explicitly permits Google to process the data without pseudonymisation. The information collected about the user by Google's marketing services is transmitted to Google and stored on Google's servers in the USA.

The Google marketing services we use also include the online advertising software Google AdWords. Each AdWords customer receives a so-called conversion cookie. The information obtained with the aid of cookies is used to compile conversion statistics for AdWords customers who have decided to make use of conversion tracking. AdWords customers are informed of the total number of users who have clicked on their advertisement and been transferred to a website equipped with a conversion tracking tag. However, they do not receive any information with which they could personally identify users.

The legal basis for data processing is Section 15 Paragraph 3 of the Telemedia Act or Article 6 Paragraph 1 (f) of the GDPR. The aforementioned purposes are legitimate interests.  The valid data privacy conditions and terms and conditions of Google Marketing Services may be found at https://policies.google.com/technologies/ads.

You can prevent the placement of cookies by our website at any time by making an appropriate setting in the Internet browser, thus permanently objecting to the placement of cookies. In addition, cookies already placed by Google can be deleted at any time via an Internet browser or other software program.

If you wish to object to targeted advertising by Google Marketing Services, you can make use of the options provided by Google at http://www.google.com/ads/preferences.

1.6.  Incorporation of third-party services and content (social plug-ins, etc.)

Some of our websites make use of the services and content of third-party providers. This particularly applies to so-called "social plug-ins", videos or fonts. This only takes place on the basis of our legitimate interest (Article 6 Paragraph 1 (f) of the GDPR) in the provision and dissemination of our content, in analysis, in optimisation and in the operation of our website. Our websites may thus incorporate the services and content of the following third-party providers:

  • Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (when personal data is processed, if a data subject lives outside the USA or Canada, then the controller is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
  • Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA
  • YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA
  • XING AG, Gänsemarkt 43 – 20354 Hamburg – Germany
  • Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA
  • Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
  • LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA (for data privacy matters outside the USA: LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland)
  • Pinterest Inc., 808 Brannan St, San Francisco, CA 94103, USA

Where a website makes use of social plug-ins, we make use of the "Shariff" solution to protect your data. This means that social plug-ins will only be incorporated into our website as graphics. There will thus be no direct link to the website of the plug-in provider. When you click on an image, you will be taken directly to the relevant provider. Your data will only be forwarded to the provider at this stage. If you do not click on the image, no data will be exchanged with the providers of the incorporated social plug-ins. Additional information about the use of your data may be found in the terms and conditions and data privacy notices of the relevant providers. Information and advice about the Shariff solution used by us may be found here: http://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html

Further data privacy information, and advice about the social plug-ins used by us, as well as the services of third-party providers:

Some of our websites make use of the social plug-ins and components of the social network Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If the data subject lives outside the USA or Canada, the controller is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

When you make use of Facebook plug-ins, your web browser establishes a direct link to the Facebook servers. The content of the plug-in is sent directly from Facebook to your browser and is integrated into the website by the browser. We thus have no influence on the range of data collected by Facebook with the aid of this plug-in and thus also no information about the data collected by Facebook. However, Facebook can find out that you have visited our website from your IP address when you make use of the plug-in. This is particularly the case if you are logged into your Facebook profile. Moreover, if you click on the Facebook "Like" button, you will link content from our website to your Facebook profile, allowing Facebook to assign your visit to our website to you. The same applies to other Facebook plug-ins we use.

An overview of all Facebook plug-ins may be found at https://developers.facebook.com/docs/plugins. You will find the Facebook data privacy policy at https://facebook.com/about/privacy/. This will provide you with additional information about the collection, processing and use of personal data by Facebook and the settings options offered by Facebook to protect your personal data.

2.2.   Data privacy information for Google+1 button

Some of our websites use the Google+1 button of the social network Google+. This component is provided and operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ("Google").

When you make use of the Google+1 button, your web browser establishes a direct link to the Google servers. The content of the plug-in is sent directly from Google to your browser and is integrated into the website by the browser. We thus have no influence on the range of data collected by Google with the aid of this plug-in and thus also no information about the data collected by Google. However, Google can find out that you have visited our website from your IP address when you make use of the plug-in. This is particularly the case if you are logged into Google+ with your Google+ profile. Moreover, if you click on the Google+1 button, you will link content from our website to your Google+ profile, allowing Google to assign your visit to our website to you. More detailed information about the Google+ button and the use of your data by Google may be found at https://developers.google.com/+/web/buttons-policy.

2.3.   Data privacy information for YouTube videos

Videos from the YouTube Internet portal have been embedded into some of our websites. These videos are made available by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (YouTube). YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043- 1351, USA.

When you call up a website that incorporates a YouTube component or when you play an embedded video, your web browser establishes a direct link to the YouTube servers. The content is streamed directly to your browser by YouTube or downloaded and played. We have no influence on the range of data collected by YouTube during this process and thus also no information about the data collected by YouTube. However, YouTube can find out that you have visited our website from your IP address when you download the video. This is particularly the case if you are logged into YouTube with your YouTube profile. More detailed information about data privacy and the use of your data by YouTube may be found at https://www.google.de/intl/policies/privacy/.

2.4.   Data privacy information for Instagram components

Some of our websites make use of plug-ins of the social network Instagram, e.g. the Insta button. These components are provided and operated by Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA (Instagram).

When you make use of Instagram plug-ins, such as the Insta button, your web browser establishes a direct link to the Instagram servers. The content of the plug-in is sent directly from Instagram to your browser and is integrated into the website by the browser. We thus have no influence on the range of data collected by Instagram with the aid of this plug-in and thus also no information about the data collected by Instagram. However, Instagram can find out that you have visited our website from your IP address when you make use of the plug-in. This is particularly the case if you are logged into Instagram with your Instagram profile. Moreover, if you click on the Insta button, you will link content from our website to your Instagram profile, allowing Instagram to assign your visit to our website to you. More detailed information about the Insta button and other plug-ins of this provider, as well as the use of your data by Instagram, may be downloaded from https://help.instagram.com/155833707900388 and  https://www.instagram.com/about/legal/privacy.

2.5.   Data privacy information for LinkedIn plug-ins

Some of our websites use the LinkedIn plug-in of the social network LinkedIn. This component is provided and operated by the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, United States (LinkedIn). LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible for data privacy matters outside the USA.

When you make use of the LinkedIn button, your web browser establishes a direct link to the LinkedIn servers. The content of the plug-in is sent directly from LinkedIn to your browser and is integrated into the website by the browser. We thus have no influence on the range of data collected by LinkedIn with the aid of this plug-in and thus also no information about the data collected by LinkedIn. However, LinkedIn can find out that you have visited our website from your IP address when you make use of the plug-in. This is particularly the case if you are logged into LinkedIn with your LinkedIn profile. Moreover, if you click on the LinkedIn button, you will link content from our website to your LinkedIn profile, allowing LinkedIn to assign your visit to our website to you. More detailed information about the LinkedIn button and other plug-ins of this provider, as well as the use of your data by LinkedIn, may be downloaded from https://www.linkedin.com/legal/privacy-policy and https://www.linkedin.com/legal/cookie-policy.

2.6.   Data privacy information for Twitter

Some of our websites make use of plug-ins and components of the microblogging service Twitter. These components are provided and operated by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (Twitter).

When you make use of the Twitter button or Twitter components, your web browser establishes a direct link to the Twitter servers. The content of the plug-in or the component is sent directly from Twitter to your browser and is integrated into the website by the browser. We thus have no influence on the range of data collected by Twitter with the aid of this plug-in and thus also no information about the data collected by Twitter. However, Twitter can find out that you have visited our website from your IP address when you make use of the plug-in. This is particularly the case if you are logged into Twitter with your Twitter profile. By clicking on the Twitter button, you will link content from our website with your Twitter profile or transmit data and information to Twitter or other users of Twitter, with Twitter and other Twitter users being able to assign the visit to our website to you. More detailed information about the Twitter button and other plug-ins of this provider, as well as the use of your data by Twitter, may be downloaded from https://twitter.com/privacy and https://about.twitter.com/resources/buttons.

2.7.   Data privacy information for the Xing Share button

Some of our websites use the Share button of the social network Xing. This component is provided and operated by XING SE, Dammtorstraße 30, 20354 Hamburg, Germany (Xing).

When you make use of the Share button, your web browser establishes a direct link to the Xing servers. The content of the plug-in or the component is sent directly from Xing to your browser and is integrated into the website by the browser. We thus have no influence on the range of data collected by Xing with the aid of this plug-in and thus also no information about the data collected by Xing. However, Xing can find out that you have visited our website from your IP address when you make use of the plug-in. This is particularly the case if you are logged into Xing with your Xing profile. Moreover, if you click on the Xing button, you will link content from our website to your Xing profile or transmit data and information to Xing, allowing Xing to assign your visit to our website to you. More detailed information about the Xing button and other plug-ins of this provider and the use of your data by LinkedIn can be downloaded from https://www.xing.com/privacy and https://www.xing.com/app/share?op=data protection.

2.8.   Data privacy information for Google Maps and Google Fonts

Some of our websites make use of the map service "Google Maps" and the fonts of the "Google Webfonts" service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We use the Google Maps API for the visual depiction and incorporation of geographical information on some websites. When Google Maps is used, Google also processes data about the use of the map functions. In addition, we use the font libraries of Google Webfonts. During this process, font libraries are transferred to the cache of your browser. If your browser settings do not permit this or if your browser does not support the fonts, written content is shown in a standard font. In order to transfer the font libraries to your cache, a connection to the service provider is automatically established.

Further information about data processing by Google may be found here: https://www.google.com/policies/privacy/.

2.9.   Data privacy information for Pinterest components

Some of our websites use the plug-ins and components of the social network Pinterest. These components are provided and operated by Pinterest Inc., 808 Brannan St, San Francisco, CA 94103, USA.

When you make use of the Pin it button or Pinterest components, your web browser establishes a direct link to the Pinterest servers. The content of the plug-in or the component is sent directly from Pinterest to your browser and is integrated into the website by the browser. We thus have no influence on the range of data collected by Pinterest with the aid of this plug-in and thus also no information about the data collected by Pinterest. However, Pinterest can find out that you have visited our website from your IP address when you make use of the plug-in. This is particularly the case if you are logged into Pinterest with your Pinterest profile. By clicking on the Pin it button, you will link content from our website with your Pinterest profile or transmit data and information to Pinterest or other users of Pinterest, with Pinterest and other Pinterest users being able to assign the visit to our website to you. More detailed information about the Pin it button and other plug-ins of this provider and the use of your data by Pinterest can be downloaded from: http://pinterest.com/about/privacy/.

Additional Data Protection Statement for Employees

Additional Data Protection Statement for Applicants

Personal data regularly processed by us are: Name, name affixes, (private) address, contact details (telephone, mobile phone number, email address), date and place of birth, age, gender, nationality, marital status, number of children, tax data, bank details, personnel number, contract data (e.g. salary information, working hours, allowances, lump sums, years of employment, entry and exit dates), pension insurance and tax identification number, time recording data (incl. Social security data, control data, payroll data, information on capital-forming benefits, training and qualification data, information on legal guardians for underage employees, travel expense accounting data, driver's logs, data on personnel planning and control, access control data, inventory information, data on company integration management, event participation data, information on authorisations and powers, pictures, if applicable, and the log data arising from the use of the IT systems. In certain cases, special categories of personal data such as health data may also be processed.

In the context of your employment, you must provide the personal data that is necessary for the establishment, implementation and termination of the employment relationship and the fulfilment of the associated contractual obligations, or which we are legally obliged to collect. Without this data, we will generally not be able to carry out the employment relationship with you.

We obtain personal data directly from you (e.g. during the recruitment process or during employment). In certain constellations, your personal data will also be collected from other bodies due to legal regulations. This includes, in particular, event-related queries of tax-relevant information from the relevant tax office and information on periods of incapacity for work from the relevant health insurance fund. In addition, we may have received data from third parties (e.g. job placement agencies). In addition, we process personal data that we have permissibly obtained from publicly accessible sources (e.g. professional networks).

Based on your consent pursuant to Art. 6 para. 1 a) DSGVO, Art. 7 DS-GVO in conjunction with. § 26 para. 2 BDSG-neu, we process your data for the purpose of the external presentation of the company (e.g. images on company websites), in internal IT-supported communication systems (e.g. portrait images as avatars in internal communication platforms or mail clients).

For the fulfilment of contractual obligations according to Art. 6 para. 1 b) DSGVO in conjunction with.  § Section 26 (1) BDSG-neu, we process your data for the purpose of establishing, implementing and terminating the employment contract concluded with you, in particular for time recording and time management and payroll and travel expense accounting (including the calculation and deduction of social security contributions). In addition, collective agreements (group, general and local works agreements as well as collective bargaining agreements) can be used in accordance with Art. 88 Para. 1 DS-GVO in conjunction with Art. 26 Para. 4 BDSG. § Section 26 (4) BDSG-neu can be used as a data protection permission provision.

Due to legal requirements according to Art. 6 para. 1 c) DSGVO, we process your data for the fulfilment of various legal obligations: in particular for the preparation of commercial and tax law proofs according to § 257 HGB, § 147 AO and § 41 para. 1 EStG, processing of data on wage tax according to § 39b EStG, working time accounts according to § 7d para. 1 sentence 1 SGB V as well as documentation of overtime according to § 16 para. 2 ArbZG and occupational health precautions according to § 11 ArbSchG, recording obligations within the framework of the Minimum Wage Act according to § 17 MiLoG, on risk assessment according to § 5 ArbSchG, documentation of residence permits within the framework of § 18 AufenthG.

In addition, due to the European anti-terror regulations 2580/2001 and 881/2002, we may be obliged to check your data against the so-called "EU terror lists" in order to ensure that no funds or other economic resources are made available for terrorist purposes.

Within the framework of a balancing of interests to safeguard the legitimate interests of the controller or a third party in accordance with Art. 6 (1) f) DSGVO, we process your data for the purposes of personnel planning, administration, development, management and support as well as personnel controlling, internal communication, e.g. for the provision of address books, organisation and implementation of internal events and mandatory training courses, the provision and use of IT systems and IT-supported communication facilities (telephony, e-mail, chats, video conferences), scheduling, the inventory of IT systems and software provided, the protection of the legitimate interests of third parties (e.g. public bodies), the processing of personal data and the processing of personal data. e.g. public authorities), the prevention and investigation of criminal offences pursuant to Section 26 (1) sentence 2 BDSG-neu and the guarantee of IT security (including access, entry and input control) and IT operations.

Further information on special categories of personal data:

Insofar as special categories of personal data are processed pursuant to Art. 9 (1) DS-GVO, this serves the exercise of rights or the fulfilment of legal obligations arising from labour law, social security law and social protection within the framework of the employment relationship (e.g. disclosure of health data to the health insurance fund, recording of severe disability due to additional leave and determination of the severe disability levy). This is done on the basis of Art. 9 para. 2 b) DS-GVO in conjunction with. § 26 para. 3 BDSG-neu. In addition, the processing of health data for the assessment of your ability to work pursuant to Art. 9 para. 2 h) in conjunction with. § Section 22 (1) b) BDSG-new.

In addition, the processing of special categories of personal data may be based on consent pursuant to Art. 9 para. 2 a) DS-GVO in conjunction with. § Section 26 (2) BDSG-neu (e.g. occupational health management).

Should we wish to process your personal data for a purpose not mentioned above, we will inform you in advance.

Recipients of data within our company are employees, specialist departments, works council or representatives of the severely disabled who require them for the processing of the above-mentioned purposes. Within the VILA VITA group of companies, your data will be transferred to certain companies if they perform data processing tasks centrally for the companies affiliated in the group (e.g. payroll accounting, support and processing of the company pension scheme, disposal of files).

In addition, the order processors we use in accordance with Art. 28 DSGVO as well as other service providers may receive data.

In certain cases, we also disclose data to public bodies and institutions (e.g. supervisory authorities, financial authorities, tax authorities, social insurance institutions, registries) as well as to creditors and creditors' representatives, third-party debtors in the event of wage and salary garnishments, insolvency administrators in the event of private insolvency, to bodies in order to be able to pay out capital-forming benefits and to bodies in order to be able to guarantee claims from the company pension scheme.

Data is only passed on if legal regulations permit or require the passing on of data, you have consented to the passing on of data or we are authorised to pass on data for other reasons. 

Personal data will only be stored by us for as long as is necessary to fulfil the respective purposes or to fulfil our contractual or legal obligations. We are subject to various storage and documentation obligations. These result from the German Commercial Code (HGB), the German Fiscal Code (AO), the German Money Laundering Act (GwG) and the German Income Tax Act (EStG). The storage periods are then up to ten years. In addition, personal data may be stored for the time during which claims can be asserted against us (statutory limitation period of three or up to thirty years).

Personal data is only processed outside the European Economic Area (EEA) if an adequate level of data protection has been confirmed in the third country in accordance with Art. 44 et seq. DSGVO has been confirmed by the EU Commission or other appropriate guarantees for the protection of personal data are in place.

You have the right

to information according to Art. 15 DSGVO,
to correction according to Art. 16 DSGVO,
to deletion according to Art. 17 DSGVO,
to restriction of processing according to Art. 18 DSGVO and
to data portability according to Art. 20 DSGVO.

The restrictions of §§ 34 and 35 BDSG apply to the rights to information and to deletion. In addition, you have the right to lodge a complaint with a data protection supervisory authority pursuant to Art. 77 DSGVO in accordance with Art. 19 BDSG.

You can revoke your consent to the processing of personal data at any time with effect for the future.

We use automated decision-making processes in certain areas. However, a fully automated decision in individual cases does not take place. Should this be the case in the future, we will inform you about this separately.

Information on the right to object in accordance with Article 21 of the EU General Data Protection Regulation (GDPR)

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) DSGVO (data processing in the public interest) and Article 6(1)(f) DSGVO (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Article 4 No. 4 of the General Data Protection Regulation.

In the event of an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. The objection can be made form-free to the address mentioned under 1.

V12, 10.01.2019

VILA VITA Marburg GmbH
Anneliese Pohl Allee 17 | D-35037 Marburg
Telephone: +49 (0) 6421 / 6005 0
Fax: +49 (0) 6421 / 6005 693
E-mail: info(at)vilavitamarburg.de 

You can reach our data protection officer at the above address with the addition "data protection officer" or at: datenschutz(at)vilavitamarburg.de. 

What personal data do we process?

First of all, we process the data that you have sent us in connection with your application. 

For what purposes do we use this data?

We use this data to carry out the application process. In particular, to check your suitability for the position for which you have applied or, if applicable, other vacancies in our company. 

Should we conclude an employment contract with you, we will also store data from your application in our personnel information system.  

What is the legal basis for data processing?

The legal basis for processing your personal data is Section 26 of the Federal Data Protection Act (BDSG). This legal basis allows us to process the data required for the decision on the establishment of an employment relationship. Should data be required for legal prosecution after completion of the application process, this data processing is based on legitimate interests according to Art. 6 (1) lit. f) DSGVO. Our legitimate interest in further processing is then the assertion or defence of claims. 

How long do we store the data?

Application data is deleted 6 months after completion of the application process, unless you have expressly consented to longer storage. 

To whom do we pass on data?

In principle, only persons who need this data to carry out the application process will have access to your data. This includes employees of the personnel department. They will view and process your application as soon as they receive it. In addition, department heads for the vacant position will have access to your application data. 

Where is the data processed?

Application data is generally processed in data centres within the Federal Republic of Germany or the European Economic Area (EEA). Should data be processed outside the EEA, this will only be done insofar as an adequate level of data protection is guaranteed in the third country in accordance with Art. 44 et seq. DSGVO has been confirmed by the EU Commission or other appropriate guarantees for the protection of personal data are in place.

What are my rights?

You have the right

 to information according to Art. 15 DSGVO, 
to correction according to Art. 16 DSGVO, 
to deletion according to Art. 17 DSGVO,
to restriction of processing according to Art. 18 DSG-VO and 
to data portability according to Art. 20 DSGVO.
The restrictions of §§ 34 and 35 BDSG apply to the rights to information and to deletion. In addition, you have the right to lodge a complaint with a data protection supervisory authority pursuant to Art. 77 DSGVO in accordance with Art. 19 BDSG.

Furthermore, you have a right to object to processing within the framework of the legal requirements.

Is there an automated individual case decision?

There is no automated individual case decision-making in connection with your application. 

Data protection information VV pages, V12 As of 10.01.2019

This website uses cookies
We use cookies to personalize content and ads, to provide social media features, and to analyze traffic to our site. We also share information about your use of our website with our social media, advertising and analytics partners. Our partners may aggregate this information with other information that you have provided to them or that you have collected as part of your use of the services., To learn more, please check our Privacy Policy.