Privacy Policy for the Facebook Fan Page

As of February 2023

Table of contents

  1. Privacy Policy for the Facebook Fan Page

The primary controller (Facebook)

Meta Platforms Ireland Ltd.
4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland

Additional controller

Sonnenhotels GmbH
Nordhäuser Str. 1, 38667 Bad Harzburg, Deutschland

Data Protection Officer of the additional controller (Sonnenhotels GmbH)

DataCo GmbH
Sandstr. 33, 80335 München, Deutschland
|

1. Joint controllers for the processing of personal data

The purposes and means of processing personal data when you visit our Facebook page https://www.facebook.com/Sonnenhotels ("Facebook page") are determined jointly, within the meaning of Art. 26 of the EU General Data Protection Regulation (GDPR), by Sonnenhotels GmbH, Nordhäuser Str. 1, 38667 Bad Harzburg, Deutschland ("Sonnenhotels GmbH")

and Meta Platforms Ireland Ltd. ("Facebook"). This results from the fact that Sonnenhotels GmbH, as the operator of the Facebook page, by setting up such a page, gives Facebook the possibility of placing cookies on the computer or any other device of the person visiting the Facebook page ("visitor"), regardless of whether the visitor has a Facebook account.

Within the scope of this joint controllership, Facebook assumes primary responsibility under the GDPR for the processing of Insights data and fulfils all obligations under the GDPR with regard to the processing of Insights data (including Articles 12 and 13 GDPR, Articles 15 to 22 GDPR and Articles 32 to 34 GDPR). In addition, Facebook makes the essence of this Page Insights addendum available to data subjects (you can find the corresponding "Page Insights Controller Addendum" here: https://www.facebook.com/legal/terms/page_controller_addendum).

Below you will find a description of how personal data is handled by Sonnenhotels GmbH and Facebook when you visit the Facebook page. However, since Sonnenhotels GmbH generally, or to a large extent, has no influence on the data collected by Facebook and its processing by Facebook, we are currently unable to provide conclusive information on the purpose and scope of the processing of your data by Facebook. We will, however, monitor further developments in this regard and adapt this privacy policy accordingly where necessary.

Please note that you use this Facebook page and its functions at your own responsibility. This applies in particular to the use of the interactive functions (in particular commenting, sharing, rating).

2. Name and address of the joint controllers

a) The primary controller is:

Facebook

Meta Platforms Ireland Ltd.

4 Grand Canal Square

Grand Canal Harbour

Dublin 2 Ireland

b) The additional controller is:

Sonnenhotels GmbH

Nordhäuser Str. 1

38667 Bad Harzburg

Deutschland

Tel.: 05321685540

Email: info@sonnenhotels.de

Website: www.sonnenhotels.de

3. How to contact the Data Protection Officer of the primary controller Facebook

You can contact the Data Protection Officer of the primary controller Facebook via the following link:

https://www.facebook.com/help/contact/540977946302970

4. Name and address of the Data Protection Officer of the additional controller

You can reach the Data Protection Officer of the additional controller Sonnenhotels GmbH referred to in 2.b) at:

DataCo GmbH

Sandstr. 33

80335 München

Deutschland

+49 89 7400 45840

www.dataguard.de

5. Legal basis for the processing of personal data

Where the consent of the data subject is obtained for processing operations involving personal data, Art. 6 (1) sentence 1 lit. a of the GDPR serves as the legal basis for the processing of personal data.

For the processing of personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) sentence 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

Where the processing of personal data is necessary for compliance with a legal obligation to which Sonnenhotels GmbH or Facebook is subject, Art. 6 (1) sentence 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person make the processing of personal data necessary, Art. 6 (1) sentence 1 lit. d GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of Sonnenhotels GmbH, Facebook or a third party, and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 (1) sentence 1 lit. f GDPR serves as the legal basis for the processing.

6. Right to object and to removal

Visitors may withdraw their consent to the processing of their personal data at any time (see also the rights of data subjects). If a visitor contacts us by e-mail, they may object to the storage of their personal data at any time.

The collection of data for the provision of the Facebook page and the storage of the data in log files is strictly necessary for the operation of the Facebook page. Consequently, there is no possibility for the visitor to object in this respect.

7. Rights of data subjects

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controllers:

the right to information about the data stored about you by Sonnenhotels GmbH or Facebook;

the right to rectification, erasure or restriction of the processing of your personal data;

the right to object to processing carried out in the legitimate interest of Sonnenhotels GmbH or Facebook, in the public interest or for profiling purposes, unless Sonnenhotels GmbH or Facebook can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims;

the right to data portability;

the right to lodge a complaint with a supervisory authority;

the right to withdraw, at any time and with effect for the future, any consent you have given to the collection, processing and use of your personal data.

If you wish to exercise your rights, you may address your request to either Sonnenhotels GmbH or Facebook. For this purpose, you can use, for example, the contact details listed above. If you contact us, we will forward your request to Facebook insofar as it concerns questions regarding the processing of Insights data. Facebook will respond to requests in accordance with the obligations incumbent upon us under the Page Insights addendum.

1. Purpose of data processing

Sonnenhotels GmbH maintains online presences within social networks in order to communicate with the interested parties and users active there and to inform them about our products, events and news.

When you access our Facebook page (regardless of whether you are logged into your Facebook account or not), your browser transmits certain data to the web server operated by Facebook for technical reasons. In addition, Facebook uses so-called "cookies". Cookies are small text files that are stored in the memory of your device via your browser. Cookies set by Facebook are intended, among other things, to enable Sonnenhotels GmbH, as the operator of the Facebook page, to receive statistics that Facebook compiles on the basis of visits to this page, for the purpose of managing the marketing of our activities.

2. Description and scope of data processing

As the operator of the Facebook page, Sonnenhotels GmbH can use the Facebook Page Insights function, which Facebook provides to us free of charge as a non-negotiable part of the usage relationship, to obtain anonymised statistical data concerning the visitors to our Facebook page. This data is collected by means of the cookies set by Facebook, each of which contains a unique user code that Facebook stores on the visitor's device. The user code, which can be linked to the registration data of users registered with Facebook, is collected and processed when the Facebook page is accessed.

In particular, the fan page operator may receive demographic data provided by Facebook about its target audience – and thereby the processing of this data – including, among other things, trends in terms of age, gender, relationship status and occupational situation, information about the lifestyle and interests of its target audience and information about the purchases and online purchasing behaviour of the visitors to its page, the categories of goods or services that interest them most, as well as geographical data informing the operator where to run special promotions or organise events, and in general enabling it to tailor its information offering as precisely as possible.

Although the visitor statistics compiled by Facebook are transmitted to Sonnenhotels GmbH as operator of the Facebook page exclusively in anonymised form, the compilation of these statistics is based on the prior collection – by means of the cookies set by Facebook on the visitors' devices – and processing of the personal data of these visitors for these statistical purposes. Further information on Facebook Page Insights can be found at:

https://de-de.facebook.com/legal/terms/information_about_page_insights_data

https://de-de.facebook.com/help/pages/insights

Data relating to the Facebook groups linked to our Facebook page is also provided in this way. Due to the constant development of Facebook, the availability and presentation of the data changes, so for further details we refer to the Facebook privacy information mentioned in the previous paragraph and below under "PROCESSING OF PERSONAL DATA BY FACEBOOK".

We use this data, which is available in aggregated form, to make our posts and activities on our Facebook page more attractive to users. For example, we use the distributions by age and gender to adapt how we address our audience, and the users' preferred visiting times to optimise the scheduling of our posts. Information about the types of devices used by visitors helps us to adapt the visual design of our posts accordingly. In accordance with the Facebook Terms of Service, to which every user has agreed when creating a Facebook profile, we can identify the subscribers and fans of the page and view their profiles and other information they have shared.

In addition to this automatically collected anonymised data, we also process the data that you have voluntarily provided to us, for example in comments on posts or when contacting us.

If you click on the link https://www.sonnenhotels.de/datenschutz/ (you are currently on this page), which is posted on the Facebook fan page of Sonnenhotels GmbH, you will be taken to a subpage of the Sonnenhotels GmbH website. Personal data is also processed on this page. The privacy policy applicable to these pages can be found here: https://www.sonnenhotels.de/datenschutz/

3. Data erasure and storage period

Personal data is erased or blocked as soon as the purpose of its storage no longer applies. Storage may also continue to be necessary if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which Sonnenhotels GmbH is subject. Data will also be blocked or erased when a storage period prescribed by the aforementioned standards expires, unless further storage of the data is necessary for the conclusion or performance of a contract.

The manner in which Facebook uses the data from visits to Facebook pages for its own purposes, the extent to which activities on the Facebook page are attributed to individual users, how long Facebook stores this data and whether data from a visit to the Facebook page is passed on to third parties is not conclusively and clearly stated by Facebook and is not fully known to us. We will, however, monitor further developments in this regard and adapt this privacy policy accordingly where necessary. The following information is based on information made publicly available by Facebook regarding the processing of personal data when using the Facebook products.

1. Purpose of data processing

According to its own statements, Facebook processes visitors' personal data for the following purposes:

  • providing, personalising and improving the Facebook products;
  • providing measurements, analytics and other Facebook services;
  • promoting safety, integrity and security;
  • communicating with Facebook users;
  • research and innovation for social good.

Further information on the purposes of data processing by Facebook can be found in the Facebook Data Policy: https://de-de.facebook.com/policy.php

Further details on Facebook's legitimate interests with regard to the processing of personal data can be found here: https://de-de.facebook.com/about/privacy/legal_bases

When you access our Facebook page (regardless of whether you are logged into your Facebook account or not), your browser transmits certain data to the web server operated by Facebook for technical reasons. In addition, Facebook uses "cookies". Facebook uses cookies, among other things, to provide Sonnenhotels GmbH, as the operator of the Facebook page, with statistics for the purpose of managing the marketing of our activities. Further information on the use of cookies by Facebook can be found in the Facebook Cookies Policy: https://de-de.facebook.com/policies/cookies/

2. Description and scope of data processing

a) What kinds of information does Facebook process?

In order to provide the Facebook products, it is necessary for Facebook to process information about visitors. The types of information collected by Facebook depend on how the visitor uses the Facebook products. The following information may be processed by Facebook:

Things done and provided by visitors and others, such as information about how the visitor uses the Facebook products, information about transactions carried out on Facebook products, or information about the people, pages, accounts, hashtags and groups the visitor is connected with.

Device information, such as device attributes, identifiers, network and connections, and cookie data.

Information from partners, whereby advertisers, app developers and publishers can send information to Facebook via the Facebook Business Tools they use, including the social plugins (such as the "Like" button), Facebook Login or the Facebook pixel. These partners provide Facebook with information about the visitor's activities off Facebook.

In addition, Facebook uses cookies that are set on the visitor's device when the Facebook page is accessed, regardless of whether the visitor is logged into their Facebook account or not. Facebook also processes the information stored in the cookies when a person visits the Facebook services, services provided by other members of the Facebook group of companies, and services provided by other companies that use the Facebook services. Furthermore, other parties such as Facebook partners and other third parties may use cookies on the Facebook services in order to provide services to Facebook or to the businesses that advertise on Facebook. Further information on the use of cookies by Facebook can be found in the Facebook Cookies Policy: https://de-de.facebook.com/policies/cookies/

When a Facebook page is accessed, the IP address assigned to your device is transmitted to Facebook. According to Facebook, this IP address is anonymised (in the case of "German" IP addresses) and deleted after 90 days. Facebook also stores information about its users' devices (in particular as part of the "login notification" function); this may enable Facebook to match IP addresses to individual users.

If you wish to avoid this, you should log out of Facebook or deactivate the "stay logged in" function, delete the cookies present on your device, and close and restart your browser. In this way, Facebook information through which you can be directly identified is deleted. This allows you to use our Facebook page without your Facebook identifier being disclosed. If you access interactive functions of the page (Like, comment, share, messages, etc.), a Facebook login screen will appear. After logging in, you will again be identifiable to Facebook as a specific user.

Information on how to manage or delete the information held about you can be found on the following Facebook support pages: https://de-de.facebook.com/about/privacy.

Further information on the types of information Facebook processes can be found in the Facebook Data Policy: https://de-de.facebook.com/policy.php

b) How is the information processed by Facebook shared with others?

Facebook works with third-party partners who help Facebook provide and improve its products or who use Facebook Business Tools to grow their businesses. Information may be shared by Facebook with the following third-party partners:

  • partners who use Facebook's analytics services;
  • advertisers;
  • measurement partners;
  • partners offering goods and services in Facebook products;
  • vendors and service providers;
  • researchers and academics;
  • law enforcement or other enforcement authorities, or in response to legal requests.

Further information on the data Facebook may share with third-party partners can be found in the Facebook Data Policy: https://de-de.facebook.com/policy.php

c) How does Facebook process and transfer data as part of its global services?

Facebook shares information globally, both internally between the Facebook companies and externally with its partners and with the people and organisations around the world with whom the visitor connects and shares content. In doing so, data may also be transferred to and processed in the USA or other third countries that do not provide an adequate level of data protection. In this respect, Facebook uses standard data protection clauses approved by the European Commission or relies on the adequacy decisions issued by the European Commission with regard to certain countries.

Further information on data transfers by Facebook can be found in the Facebook Data Policy: https://de-de.facebook.com/policy.php

3. Data erasure and storage period

Facebook stores data until it is no longer needed to provide its services and Facebook products, or until the user's Facebook account is deleted, whichever comes first. This is a case-by-case determination and depends on factors such as the nature of the data, why it is collected and processed, and the relevant legal or operational retention needs.

Further information on data erasure and storage periods can be found in the Facebook Data Policy: https://de-de.facebook.com/policy.php

Further information on the storage period of cookies set by Facebook can be found in the Facebook Cookies Policy: https://de-de.facebook.com/policies/cookies/

This privacy policy was created with the support of DataGuard.