Data protection information for business partners
We hereby inform you about the processing of your personal data by the Landhotel Naunheimer Mühle and your rights to which you are entitled in this context.
1) Responsible for data processing is this
Landhotel Naunheimer Mühle
mill 2
35884 Wetzlar-Naunheim
phone 06441 – 93530
You can reach the data protection officer by post at the address given above with the addition “data protection officer” or by e-mail (info@naunheimer-muehle.de)
2) Categories of data, purposes and legal basis of processing
We process your personal data that we receive from you or third parties in the context of business relationships. This is usually contact data (name, address, telephone number and e-mail address) and – insofar as this is necessary in the context of business transactions – bank and payment (transaction) data (bank, account details, purpose of use, credit card information if necessary).
We process your personal data exclusively within the framework of the legal provisions, in particular in compliance with the provisions of the General Data Protection Regulation (“GDPR”) and the EU Data Protection Adjustment and Implementation Act (“BDSG new”).
We process your personal data based on the legal bases and purposes described below
– the contract initiation, contract implementation and termination of contractual relationships (Article 6 Paragraph 1b GDPR), e.g. fulfillment of a contract (e.g. delivery and provision of a service and payment processing), general communication with business partners, e.g. answering inquiries about services and products, contract negotiations, etc.;
– on the basis of granted consent (Art.6 Paragraph 1a GDPR), e.g. sending newsletters or information letters, participation in marketing campaigns or surveys, etc.;
– Due to legal requirements (Art.6 Paragraph 1c GDPR), e.g. to fulfill commercial or tax retention obligations, to fulfill reporting or information obligations to authorities, etc.;
– due to a legitimate interest (Art.6 Paragraph 1f GDPR); E.g. IT security measures or measures to ensure proper business operations, to protect domiciliary rights, to ensure compliance requirements, etc.
3) Recipients or categories of recipients of personal data
We transmit your personal data to authorities/public bodies if this is required by overriding legal provisions.
We use external service providers as processors for various business transactions within the meaning of Art.28 GDPR a. Order processing contracts have been concluded with these service providers to ensure the protection of your personal data. Unsolicited data will not be processed and will not be saved.
4) Duration of storage
As a rule, personal data is deleted after the legal (mainly commercial and tax law) retention periods have expired. If the personal data are not affected by the legal storage obligations, they will be deleted when they are no longer required for the purposes described in Section 2 above.
5) Rights of data subjects
You have the right to receive information about your personal data stored by us, to have incorrectly stored personal data corrected or – if relevant – to change or revoke your consent to data processing at any time without giving reasons with effect for the future, to have the processing of your personal data restricted with effect for the future, to object to the processing of your personal data with effect for the future or to request the deletion of your personal data. Under the conditions specified in Art. 20 GDPR, you are entitled to receive the personal data relating to you that has been stored in a structured, common and machine-readable format and to transmit this data to another person responsible without hindrance from us.
In addition, you can contact the data protection officer named under Section 1. In order to avoid any cases of misuse, we can demand that inquiries are provided with a handwritten signature or that the inquirer legitimizes himself in some other way.
You have the right to lodge a complaint with the data protection supervisory authority. The authority responsible for us is the data protection officer of the state of Hesse.