Introduction
With the following privacy policy we would like to inform you about which types of personal data (hereinafter also referred to as “data”) we process for what purposes and to what extent The privacy policy applies to all processing of personal data carried out by us, both within the framework the provision of our services as well as in particular on our web pages, in mobile applications as well as within external online presence, such as our social media profiles (collectively referred to as “online offer”).
The terms used are not gender specific.
As of: 5 October 2019
Contents
introduction
Responsible
Overview of the processing
Relevant legal bases
Safety measures
Data processing in third countries
Use of cookies
Commercial and business services
contact
Presence in social networks
Deletion of data
Modification and update of the privacy policy
Rights of data subjects
definitions
Responsible
Auberge Darlajdoud
Said Oukherbouch
Ksar Tafraout Sidi Ali Rissani
Tafraout Sidi Ali, 52475
Morocco
E-mail address: dar_lajdoud@yahoo.com
Telephone: 00212732392
Imprint: https://auberge-darlajdoud.com/impressum
Overview of the processing
The following summary summarizes the types of data processed and the purposes of their processing and refers to the individuals concerned.
Types of processed data
Inventory data (e.g., names, addresses).
Contact information (e.g., e-mail, phone numbers).
Meta / communication data (e.g., device information, IP addresses).
Categories of affected persons
Business and contractor.
Interested persons.
Communication partner.
Users (e.g., website visitors, online service users).
Purposes of processing
Contact requests and communication.
Relevant legal bases
In the following, we share the legal basis of the General Data Protection Regulation (DSGVO), on the basis of which we process the personal data. Please note that in addition to the provisions of the GDPR, the national data protection regulations may apply in your home or country of residence.
Consent (Article 6 (1) (1) (a) GDPR) – The data subject has consented to the processing of personal data relating to him for a specific purpose or several specific purposes.
Performance of the contract and pre-contractual inquiries (Article 6 (1) sentence 1 (b) GDPR) – The processing is necessary for the performance of a contract of which the data subject is a party or for the performance of pre-contractual measures, at the request of the data subject respectively.
Legal obligation (Article 6 (1) sentence 1 (c) GDPR) – The processing is necessary to fulfill a legal obligation to which the person responsible is subject.
Legitimate interests (Article 6 (1) (1) (f) of the GDPR) – Processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject protecting personal security Data require, outweigh.
Safety measures
We will take appropriate technical and organizational measures in accordance with the law, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, the different likelihoods of occurrence and the extent to which the rights and freedoms of individuals are threatened to ensure a level of protection appropriate to the risk.
Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling the physical and electronic access to the data as well as their access, input, transfer, availability and segregation. We have also set up procedures to ensure the enjoyment of data subject rights, the erasure of data and responses to the threat to data. Furthermore, we consider the protection of personal data already in the development or selection of hardware, software and procedures according to the principle of data protection, through technology design and privacy-friendly default settings.
Reduction of the IP address: If it is possible for us or if the storage of the IP address is not necessary, we shorten or shorten your IP address. In the case of the shortening of the IP address, also referred to as “IP masking”, the last octet, ie the last two numbers of an IP address, is deleted (the IP address in this context is an Internet connection through the online Access provider individually assigned identifier). With the shortening of the IP address, the identification of a
Person by their IP address prevented or made much more difficult.
SSL encryption (https): In order to protect your data transmitted via our online offer, we use SSL encryption. You will recognize such encrypted connections with the prefix https: // in the address bar of your browser.
Data processing in third countries
If we process data in a third country (ie, outside the European Union (EU), the European Economic Area (EEA)) or processing in the context of the use of third party services or the disclosure or transfer of data to other persons, entities or companies takes place, this is done only in accordance with the legal requirements.
Except as expressly provided or provided by contract or by law, we process or disclose the data only in third countries with a recognized level of privacy, including those certified under the Privacy Shield, or on the basis of specific warranties, such as limited liability. contractual obligation by so-called standard protection clauses of the EU Commission, the existence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the European Commission: https://ec.europa.eu/info/law/law- topic / data-protection / international-dimension-data-protection_en).
Use of cookies
“Cookies” are small files that are stored on users’ devices Cookies can be used to store various information, such as the language settings on a website, the login status, a shopping cart or the location where a video is viewed was, belong.
Cookies are generally also used when the interests of a user or his behavior (for example, viewing specific content, use of functions, etc.) are stored on individual websites in a user profile. Such profiles serve to provide users with e.g. View content that matches your potential interests. This method is also referred to as “tracking,” that is, tracking the potential interests of users. The term “cookies” also includes other technologies that perform the same functions as cookies (for example, when user information is stored using pseudonymous online identifiers, also known as “user IDs”).
If we use cookies or “tracking” technologies, we will inform you separately in our privacy policy.
Information about legal bases: On which legal basis we process your personal data with the help of cookies, depends on whether we ask you for a consent. If this is the case and you consent to the use of cookies, the legal basis for the processing of your data is the informed consent. Otherwise, the data processed by means of cookies will be processed on the basis of our legitimate interests (for example, in the course of a business operation of our online offer and its improvement) or, if the use of cookies is required, in order to fulfill our contractual obligations.
General information on withdrawal and opposition (opt-out): Regardless of whether the processing is based on a consent or legal permission, you always have the option to revoke a given consent or to object to the processing of your data by cookie technologies ( collectively referred to as “opt-out”).
You may initially declare your disagreement through the settings of your browser, for example by disabling the use of cookies (which may also limit the functionality of our online offer).
An objection to the use of cookies for online marketing purposes can also be made through a variety of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU page http : //www.youronlinechoices.com/ or generally explained on http://optout.aboutads.info.
Processing of cookie data on the basis of a consent: Before we process or process data within the scope of the use of cookies, we ask the users for an always revocable consent. Before consent has been given, cookies may be used that are necessary for the operation of our online offer. Their use is based on our interest and the interest of the users in the expected functionality of our online offer.
Types of data processed: usage data (e.g., websites visited, interest in content, access times), meta / communication data (e.g., device information, IP addresses).
Affected Persons: Users (e.g., website visitors, online service users).
Legal basis: Consent (Art.
6 para. 1 sentence 1 lit. a DSGVO), entitled interests (Article 6 (1) sentence 1 (f) of the DSGVO).
Commercial and business services
We process data of our contract and business partners, e.g. Customers and prospects (collectively referred to as “contractors”) in the context of contractual and comparable legal relationships and related measures and in the context of communication with the contractors (or pre-contractual), for example, to answer inquiries.
We process this data in order to fulfill our contractual obligations, to safeguard our rights and for the purposes of the administrative tasks associated with this information as well as the entrepreneurial organization. Within the scope of the applicable law, we only pass on the data of the contracting parties to third parties insofar as this is necessary for the aforementioned purposes or for the fulfillment of legal obligations or with the consent of the contracting parties (eg to participating telecommunications, transport and other auxiliary services as well as subcontractors , Banks, tax and legal advisers, payment service providers or tax authorities). About other forms of processing, e.g. For purposes of marketing, the contracting parties are informed in the context of this privacy policy.
What data is required for the above purposes, we inform the contractors or in the context of data collection, e.g. in online forms, by special markings (for example colors) or symbols (for example asterisks or the like), or in person with.
We delete the data after expiration of legal warranty and comparable obligations, ie, basically after expiration of 4 years, unless the data are stored in a customer account, eg, as long as they have to be kept for legal reasons of archiving (eg for Tax purposes usually 10 years). Data that has been disclosed to us as part of an order by the contractor, we delete according to the specifications of the contract, in principle after the end of the contract.
Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and privacy notices of the respective third-party providers or platforms apply in the relationship between the users and the providers.
Further information on commercial services: We process the data of our customers as well as clients (hereinafter referred to uniformly as “customers”) in order to select, purchase or commission the services or works as well as their related activities as well as their payment and delivery To allow execution or provision.
The required information is marked as such within the scope of the order, order or comparable contract conclusion and includes the information required for the provision of services and billing as well as contact information in order to be able to hold any consultations.
Processed data types: inventory data (e.g., names, addresses), payment data (e.g., bank details, bills, payment history), contact information (e.g., e-mail, telephone numbers), contract data (e.g., subject matter, term, customer category).
Affected persons: prospective customers, business and contractual partners.
Purposes of processing: contractual services and services, contact requests and communications, office and organizational procedures, administration and response to inquiries.
Legal basis: fulfillment of the contract and pre-contractual inquiries (Article 6 (1) sentence 1 (b) GDPR), legal obligation (Article 6 (1) sentence 1 (c) GDPR), legitimate interests (Article 6 para. 1 sentence 1 lit. DSGVO).
Contact
When contacting us (for example via contact form, e-mail, telephone or via social media), the details of the requesting persons are processed to the extent necessary to answer the contact requests and any requested action.
Responding to the contact requests in the context of contractual or pre-contractual relationships is to fulfill our contractual obligations or to answer (pre) contractual requests and otherwise on the basis of legitimate interests in answering the requests.
Processed data types: inventory data (e.g., names, addresses), contact data (e.g., e-mail, telephone numbers), content data (e.g., text input, photographs, videos).
Affected persons: Communication partners.
Purposes of processing: contact requests and communication.
Legal basis: Performance of the contract and pre-contractual inquiries (Article 6 (1) sentence 1 (b) GDPR), entitled interests (Article 6 (1) (1) (f) of the DSGVO).
Presence in social networks
We maintain online presence within social networks to communicate with or provide information about our users.
We point out that data of the users outside the area of the European Union can be processed. This Kings
risks arise for users because, e.g. the enforcement of user rights could be made more difficult. With respect to US providers that are certified under the Privacy Shield or offer comparable guarantees of a secure level of data protection, we point out that they are committed to respecting EU privacy standards.
Furthermore, the data of the users within social networks is usually processed for market research and advertising purposes. Thus, e.g. Based on the user behavior and the resulting interests of users usage profiles are created. The usage profiles may in turn be used to e.g. To place advertisements inside and outside the networks that are allegedly in the interests of users. For these purposes, cookies are usually stored on the computers of the users, in which the user behavior and the interests of the users are stored. Furthermore, in the usage profiles, data can also be stored independently of the devices used by the users (in particular if the users are members of the respective platforms and are logged in to them).
For a detailed description of the respective forms of processing and the possibilities of opting out (opt-out), we refer to the privacy statements and information provided by the operators of the respective networks.
Also in the case of requests for information and the assertion of data subject rights, we point out that these can be claimed most effectively from the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, then you can contact us.
Processed data types: inventory data (eg names, addresses), contact data (eg e-mail, telephone numbers), content data (eg text input, photographs, videos), usage data (eg visited websites, interest in content, access times), meta / communication data (eg Device information, IP addresses).
Affected Persons: Users (e.g., website visitors, online service users).
Purposes of processing: contact requests and communication, tracking (e.g., interest / behavioral profiling, use of cookies), remarketing, reach measurement (e.g., access statistics, recurring visitor detection).
Legal basis: legitimate interests (Article 6 (1) sentence 1 (f) of the DSGVO).
Deployed services and service providers:
Facebook: social network; Service Providers: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland, Parent Companies: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Privacy Shield (ensuring privacy levels when processing data in the US): https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active; Opt-Out: Advertisement Settings: https://www.facebook.com/settings?tab=ads; Additional information on data protection: Agreement on joint processing of personal data on Facebook pages: https://www.facebook.com/legal/terms/page_controller_addendum, Privacy policy for Facebook pages: https://www.facebook.com/legal/ terms / information_about_page_insights_data.
Deletion of data
The data processed by us will be deleted in accordance with legal requirements as soon as their consent for processing is revoked or other authorizations cease to exist (for example, if the purpose of the processing of this data has ceased to apply or if they are not necessary for the purpose).
Unless the data is deleted because it is necessary for other and legitimate purposes, its processing is limited to these purposes. That is, the data is locked and not processed for other purposes. This applies, for example for data that must be retained for commercial or tax law reasons or that is required to be stored in order to assert, exercise or defend legal claims or to protect the rights of another natural or legal person.
Further information on the deletion of personal data may also be provided in the context of the individual data protection notices of this privacy policy.
Modification and update of the privacy policy
We ask you to regularly inform yourself about the content of our privacy policy. We will adjust the Privacy Policy as soon as the changes to the data processing we make require it. We will notify you as soon as the changes require your participation (eg consent) or other individual notification.
Rights of data subjects
You are entitled to different rights under DSGVO
in particular from Articles 15 to 18 and 21 DS-GVO:
Right to object: You have the right at any time, for reasons that arise from your particular situation, against the processing of personal data relating to you which, on the basis of Art. 6 para. 1 lit. e or f DSGVO takes an objection; this also applies to profiling based on these provisions. If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.
Withdrawal with consent: You have the right to revoke granted consent at any time.
Right to information: You have the right to request a confirmation as to whether the data in question is being processed and for information about this data as well as for further information and copying of the data in accordance with legal requirements.
Right to correction: You have the right to demand the completion of the data concerning you or the correction of the incorrect data concerning you in accordance with the legal requirements.
Right to deletion and limitation of processing: You have the right, in accordance with the statutory provisions, to demand that data relating to you be deleted immediately or, alternatively, to demand a restriction of the processing of data in accordance with the statutory provisions.
Right to Data Portability: You have the right to receive data relating to you that you have provided to us in accordance with the legal requirements in a structured, common and machine-readable format or to request their transmission to another person in charge.
Complaint to the supervisory authority: You also have the right, in accordance with the legal requirements, to a supervisory authority, in particular in the Member State of your usual place of residence, employment or the place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.
definitions
This section provides an overview of the terminology used in this Privacy Policy. Many of the terms are taken from the law and defined above all in Art. 4 GDPR. The legal definitions are binding. The following explanations, on the other hand, are intended above all to aid understanding. The terms are sorted alphabetically.
Personal data: “Personal data” means any information relating to an identified or identifiable natural person (hereinafter the “data subject”); a natural person is regarded as identifiable, which can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, to an identification number, to location data, to an online identifier (eg cookie) or to one or more special features, are the expression of the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
Reach measurement: Reach measurement (also referred to as web analytics) is used to evaluate the visitor flows of an online offer and can determine the behavior or interests of the visitors to certain information, such as information. Content of web pages. With the help of range analysis, website owners can e.g. Recognize at what time visitors visit their website and what content they are interested in. Thereby they can e.g. to better tailor the contents of the website to the needs of its visitors. For purposes of reach analysis, pseudonymous cookies and web beacons are often used to detect returning visitors for more accurate analysis of how to use an online offer.
Remarketing: “remarketing” or “retargeting” is used when e.g. For advertising purposes, it is noted for which products a user has been interested in a web page in order to provide the user on other web pages with these products, e.g. in advertisements, to remember.
Tracking: “Tracking” is when the behavior of users across multiple online offers can be traced.As a rule, with regard to the online offers used behavior and interest information stored in cookies or servers of the providers of tracking technologies (so-called profiling). This information can then be used, for example, to show users advertisements that are likely to match their interests.
Responsible: The “person responsible” is the natural or legal person, authority, institution or other body, alone or in concert with others about the purpose e and means of processing personal data.
Processing: “Processing” means any process performed with or without the aid of automated procedures or any such process associated with personal data. The term covers a wide range and covers practically every handling of data, be it collection, evaluation, storage, transfer or deletion.
Created with Datenschutz-Generator.de von Dr. jur. Thomas Schwenke