Data protectionback

Data protection declaration

This privacy policy clarifies users about the nature, scope and purpose of the collection and use of personal data by the responsible provider, the SORAT Hotel Verwaltungs GmbH. Current status of this privacy policy is May 2018.

I. Name and address of the responsible body

The responsible within the meaning of the general data protection regulation and other national data protection laws of the member states as well as other data protection regulations is the:

II. Name and contact details of the data protection supervisor

The designated privacy officer is:

III. General information about data processing

1. Scope of processing of personal data

In principle, we process personal data of our users only to the extent necessary to provide a functioning website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent can not be obtained for reasons of fact and the processing of the data is permitted by law.

2. Legal basis for processing of personal data

Insofar as we obtain the consent of the data subject for processing of personal data, article 6 (1) (a) EU general data protection regulation [GDPR] constitutes the legal basis. In the processing of personal data necessary for the performance of a contract of which the data subject is a party, article 6 (1) (b) GDPR constitutes the legal basis. This also applies to processing operations required to carry out pre-contractual actions. Insofar as the processing of personal data is required to fulfill a legal obligation that is subject to our company, articel 6 (1) (c) GDPR constitutes the legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, article 6 (1) (d) GDPR constitutes the legal basis. If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, article 6 (1) (f) GDPR constitutes the legal basis for processing.

3. Data deletion and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage is deleted. In addition, such storage may be provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.

IV. Website providing and creating log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer. The following data is collected here:

  • Information about the browser type and version
  • Operating system of the user
  • Internet service provider of the user
  • IP address of the user
  • Date and time of access
  • Websites from which the system of the user reaches our website
  • Website accessed by the user's system through our website
  • Volume of data transferred when calling up our website

The log files contain IP addresses or other data that allow an assignment to a user. This could be the case, for example, if the link to the website from which the user accesses the website or the link to the website to which the user is switching contains personal data. The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.

2. Legal basis for data processing

Legal basis for the temporary storage of data and log files is Article 6 (1) (f) GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. To do this, the user's IP address must be kept for the duration of the session. Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. The purposes mentioned also include our legitimate interests in data processing within the meaning of Article 6 (1) (f) GDPR.

4. Duration of data storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of collecting the data for providing the website, this is the case when the respective session is completed. In the case of storing the data in log files, this is the case after no more than seven days. An additional storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

5. Opposition and disposal possibility

Data capture for providing the website and the storage of the data in log files is essential for the operation of the website. There is consequently no contradiction on the part of the user.

V. Use of cookies

1. Description and scope of data processing

We use cookies on our website. Cookies are text files that are stored in the internet browser or in the internet browser on the computer system of the user. If a user calls up a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is reopened. We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser be identified even after a page break. The following data is stored and transmitted in the cookies:

  • Information cookie note
  • Screen resolution
  • Log-in information

2. Legal basis for data processing

Article 6 (1) (f) GDPR provides the legal basis for the processing of personal data by deploying cookies. The legal basis for the processing of personal data by using technically necessary cookies is article 6 (1) (f) GDPR. The legal basis for the processing of personal data by using cookies for analysis purposes is the consent of the user article 6 (1) (f) GDPR.

3. Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some features of our website can not be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page break. We require cookies for the following applications:

  • Information cookie note
  • Screen resolution
  • Log-in information

The user data collected through technically necessary cookies will not be used to create user profiles. For these purposes, our legitimate interest in the processing of personal data pursuant to article 6 (1) (f) GDPR.

4. Duration of data storage, opposition and disposal possibility

Cookies are stored on the computer of the user and transmitted by the computer of the user to our side. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may lead to impaired functionality of the website, either fully or in part.

VI. Email contact

1. Description and scope of data processing

On our website, there is an e-mail address which can be used to contact us electronically. If a user uses this option, In this case, the user's personal data which is transferred with the email is stored. This data includes:

  • Information about the browser type and version
  • Operating system of the user
  • IP address of the user
  • Date and time of access

Data is not disclosed to third parties in this regard insofar as it is unnecessary for direct processing of the request. The data is only used for processing the conversation.

2. Legal basis for data processing

The legal basis for data processing, provided that the user has given their consent to this effect, is article 6 (1) (a) GDPR. The legal basis for processing data transferred in the course of sending an email is article 6 (1) (f) GDPR. If you have contacted us by e-mail with the aim of concluding a contract, article 6 (1) (b) GDPR forms an additional legal basis.

3. Purpose of data processing

We process personal data from the e-mail for the purpose of processing contact and there is a required legitimate interest in data processing. The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our IT systems.

4. Duration of data storage

The data shall be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the situation concerned has been conclusively clarified and the user has no further interest. Furthermore, following personal data is stored at the time of the sending process:

  • Information about the browser type and version
  • Operating system of the user
  • IP address of the user
  • Date and time of access

The personal data will be deleted after a period of seven days.

5. Opposition and disposal possibility

You have the opportunity to revoke your consent to the processing of your personal data at any time. If you contact us by e-mail, you may object to the storage of your personal data at any time. In such a case, the conversation can not continue. If you would like to revoke your consent to data processing either in whole or in part, please send this revocation to the SORAT Hotel Verwaltungs GmbH, contact data provided above. The use of your above rights is free of charge for you. All personal data stored during the course of contact is deleted in this case.

6. Transferring personal data to third parties

In order to be able to make your reservations and orders and to offer you, as a guest and visitor high service standards and quality of service, we will pass on your data to the Brandner restaurant at SORAT Insel-Hotel Regensburg. Any further disclosure of your personal data to third parties will not take place, unless you have expressly consented to a transfer of personal data separately or we have reasonable grounds that oblige us to do so by court order or by law. Your data will not be sold, rented or otherwise made available to third parties. Transfers of personal data to state institutions and authorities are only possible within the framework of mandatory national legislation.

VII. Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited [Google], a company registered and operated under Irish law with registration number 368047 and located at Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses so-called cookies. These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. Google Analytics cookies are stored based on article 6 (1) (f) GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its website. Following data is being transmitted:

  • Information about the browser type and version
  • Operating system of the user
  • Referrer URL - previously visited page
  • IP address of the user
  • Date and time of access

IP anonymization: We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google. You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website [incl. your IP address] from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: Google tool. You can prevent the collection of your data by Google Analytics by clicking on the following link: Disable Google Analytics. An opt-out cookie will be set to prevent your data from being collected on future visits to this site. For more information about how Google Analytics handles user data, see Google's privacy policy: Google support or Google settings or Google developers. We have entered into an agreement with Google for the outsourcing of our data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics. For more information, please refer to the Google privacy policy.

VIII. Social media plugin and button

Some content on our pages may be shared in privacy-friendly ways on social networks like Facebook, Twitter or Google+. On these pages, we use the so-called Shariff solution and avoid the use of so-called social media plugins. The Shariff solution is an approach that establishes direct contact between the networks and users only when the user actively clicks on one of these buttons with links to one of the social networks. An automatic transfer of user data to the operators of these platforms does not take place through this link. If the user is logged in to one of the social networks, when using the social media button of Facebook, Google+ and Twitter, an information window appears in which the user can confirm the text before submitting. By using the Shariff solution, the contents of this site can be shared on social networks without complete surfing profiles being created by the network operators.

1. Twitter

By clicking on the Twitter button, after logging into your account, this website will be linked to your Twitter account and made known to other users. This data is also transmitted to Twitter. Please note that as the provider of this website, we are not aware of the content of the transmitted data and their use by Twitter. For more information, please refer to the Twitter privacy policy, Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Your privacy settings are changeable to your Twitter account under settings.

2. Facebook

By clicking on the Facebook button, after logging in with your Facebook account, a connection is established between your browser and the Facebook server. Then you can link contents of our website with your profile on Facebook. We point out that we as the provider of this website are not aware of the content of the data transmitted and their use by Facebook. For more information, see the Facebook privacy statement, Facebook Inc. Privacy Statement, 1 Hacker Way, Menlo Park, California 94025, USA.

3. Google Maps

Our website uses Google Maps API to visually present geographical information. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When using Google Maps, Google also collects, processes and uses data about the use of the maps functions by visitors on that website. For more information about processing of data by Google read Google privacy policy. There you can also change your settings in the privacy center, so that you can manage and protect your data. Here are more ways to manage your own data related to Google products: Google support. It is possible to deactivate the Google Maps service and thus prevent the transfer of your data to Google by deactivating JavaScript in your browser. However, in this case you will be unable to use the map view.

4. Integration of third parties links

Our website contains links to third party websites on which contents we have no influence. If you follow a link to any of these websites, you browse outside our website. Due to this fact we cannot take guarantee for the foreign contents. Please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. Please check the individual policies before you submit any information to those websites. Upon notification of violations, we will immediately remove such links.

IX. Images

The entire image material is protected by copyright. The SORAT Hotels have unlimited or simple rights of use for the published images. When using non-SORAT image material, a clear source information is provided. The SORAT Hotels are exempted from any claims of third parties in the context of the use of external images. SORAT Hotels assumes no liability for external images. By posting external images, the source statement guarantees that the SORAT Hotels can freely dispose of the images and that it is free of third-party rights and that imitated persons consent to the publication without any compensation being payable. The source statement exempts the SORAT Hotels in this respect from all claims of third parties, which make this in terms of the images set to the SORAT hotels. Unless otherwise indicated, all image rights of the images displayed on this website are owned by SORAT Hotels. SORAT's own images may only be used for editorial purposes by journalists and SORAT contractors. Graphical changes are not allowed except to crop the main subject.

X. Rights of the data subject

If personal data is processed by you, you are a victim within the meaning of the GDPR and you have the following rights to the person responsible:

1. Right of access by the data subject

You may ask the person responsible to confirm if personal data concerning you is processed by us. If such processing is available, you can request information from the person responsible about the following information:

  1. the purposes for which the personal data are processed;
  2. the categories of personal data that are processed;
  3. the recipients or categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;
  4. the planned duration of storage of your personal data or, if specific information is not possible, the criteria used to determine that period;
  5. the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability;
  6. the right to lodge a complaint with a supervisory authority;
  7. all available information on the source of the data if the personal data are not collected from the data subject;
  8. the existence of automated decision-making, including profiling, referred to in article 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information whether your personal data be transferred to a third country or an international organization. In this case of transfers, you may request to be informed of the appropriate guarantees referred to article 46 GDPR.

2. Right to rectification

As data subject you shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you; or or where interested therein, integration of the data. The correction shall be carried out without delay by the person responsible.

3. Right to restriction of processing

You have the right to obtain from the controller restriction of processing where one of the following applies:

  1. the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
  2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  3. the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
  4. the data subject has objected to processing pursuant to article 21 (1) GDPR peding the verification whether the legitimate grounds of the controller override those of the data subject.

Where processing has been restricted under the conditions above, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. If you a data subject who has obtained restriction of processing pursuant under the conditions above you will be informed by the controller before the restriction of processing is lifted.

4. Right to erasure

a] Erase obligation

As data subject you shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  1. your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  2. you withdraw consent on which the processing is based according to point (a) of article 6 (1) GDPR, or point (a) of article 9 (2) GDPR, and where there is no other legal ground for the processing.
  3. you object to the processing pursuant to article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to article 21 (2) GDPR.
  4. the personal data have been unlawfully processed.
  5. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
  6. the personal data have been collected in relation to the offer of information society services referred to article 8 (1) GDPR.

b] Information to third parties

Where the controller has made the personal data public and is obliged pursuant to article 17 paragraph 1 GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c] Exceptions

The obligation of erase shall not apply to the extent that processing is necessary:

  1. for exercising the right of freedom of expression and information;
  2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the area of public health in accordance with points (h) and (i) of article 9 (2) as well as article 9 (3) GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with article 89 (1) GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  5. for the establishment, exercise or defence of legal claims.

5. Notification obligation

Have you obtained the right of rectification, deletion or limitation of the processing to the controller, the controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with article 16 GDPR, article 17 (1) GDPR and article 18 GDPR to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.

6. Right to data portability

You have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

  1. the processing is based on consent pursuant to point (a) of article 6 (1) GDPR or point (a) of article 9 (2) GDPR or on a contract pursuant to point (b) of Article 6 (1) GDPR; and
  2. the processing is carried out by automated means.

In exercising the right to data portability you have the right that your personal data is transmitted directly from one controller to another, where technically feasible. Freedoms and rights of other persons may not be affected. The right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of article 6 (1) GDPR, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8. Right of withdraw the data protection declaration of consent

You have the right to revoke your data protection declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

9. Automated individual decision-making including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. That not apply if the decision:

  1. is necessary for entering into, or performance of, a contract between the data subject and a data controller;
  2. is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
  3. is based on the data subject’s explicit consent.

However, decisions shall not be based on special categories of personal data referred to in article 9 (1) GDPR, unless point (a) or (g) of article 9 (2) GDPR applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place. In the cases referred to in points [1] and [3], the data controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10. Right of appeal to the supervisory authority

Irrespective of the rights above and the possibility of asserting another administrative or legal redress, you also have the possibility at any time of asserting your right to complain to a supervisory authority, in particular, in the member state of your place of domicile, of your place of work or of the location of the alleged infringement if you are of the view that the processing of personal data affecting you infringes legal data protection regulations, within the meaning of article 77 GDPR.

XI. Online dispute resolution

The European Commission established an internet platform for the online settlement of disputes, the so-called OS platform. The OS platform is intended as a point of departure for the out-of-court settlement of disputes concerning contractual obligations arising from online purchase contracts. The OS platform is available under the following link: ec.europa.eu.

Contact back

Reserve your table by calling number + 49 (0) 941 / 810 40 or send an email to regensburg@sorat-hotels.com. We look forward to welcome you.

Keep in touch with us!

Contact   Imprint   Data protection   Deutsch   
Switch to desktop version
Cookies make everything better. Also websites. That's why we use cookies. By continuing to use our website, you agree to its use. Details are available in our privacy policy.