The operator of this website attaches great importance to the protection of the privacy of its website visitors - hereinafter referred to as users. The processing of all data provided to the operator occurs solely with strict adherence to the General Data Protection Regulation (EU GDPR) as well as all other data protection laws or regulations applicable in the EU member states. This especially applies to the processing of personal data.

Responsible for data processing
Responsible for processing under data protection regulations is:
Hotel Säntis München
Owner: Albert Fischer
Waldfriedhofstr. 9081377 München
Tel. +49 (0) 89/74 15 25-0
Fax: +49 (0) 89/74 15 25-55
E-Mail: info@hotel-saentis.com

Definitions
This privacy policy uses legal terms defined in Art. 4 GDPR. Personal data includes all information relating to an identifiable natural person (Art. 4 No. 1 GDPR). The term processing includes any kind of usage concerning personal data (Art. 4 No. 2 GDPR), i.e., from collection to destruction.

Data processing when accessing the website
This website is hosted by a German web host, adera-web: clever internet; Inh. Mathias Ebert, Marcel-Breuer-Straße 15, 80807 München. The web host is also required to comply with the EU GDPR and all other data protection laws or regulations applicable in the EU member states. The operator of this website has also concluded a data processing agreement with the web host. This agreement obliges the web host to protect the transmitted data, process it according to the data protection regulations on behalf of the operator of this website, and in particular not to pass it on to third parties. Further information about data processing by the web host can be found at https://www.adera.de/datenschutzerklaerung.html. With each website call, data is collected, which is stored in the server logs and the web application. The following usage data is collected: Internet Protocol address (IP address) of the user, date and time of access, the request, the response status (HTTP status code), URL of the website through which the access was made to the current website or file (referer), browser type and version, and the operating system of the user. The storage of the log files is carried out to ensure the functionality of the website and the shop application. Moreover, the data serves statistical evaluations to optimize the website in the interest of the user and to ensure the security and stability of the IT systems. The data processing is based on legitimate interests according to Art. 6 para. 1 sentence 1 f.) GDPR. The operator of this website guarantees that the data will not be merged with other data sources. The log files are stored separately from the personal data of users collected via form inputs. The deletion of log files occurs according to general principles (see "General Information on Data Deletion").

Data processing by cookies
This website uses so-called "cookies." Cookies are small text files that are stored on the operator's web server or on the user's platform (PC, tablet, smartphone, etc.) and contain data that allows the website to recognize and identify the user's internet browser. This website uses cookies that are stored on the user's platform for the duration of the website visit and are automatically deleted when the user closes the browser (so-called session cookies). In such a cookie, only a distinctive string of characters is stored, which allows for unique identification of the browser when re-accessing the site (so-called session ID). The use of cookies makes it easier for the user to use this website. The data processing is based on legitimate interests according to Art. 6 para. 1 sentence 1 f.) GDPR. The user can prevent or restrict the storage of cookies at any time through the appropriate settings of their internet browser. The operator points out that this option may restrict usability of the website.

Data processing through JavaScript libraries
This website uses JavaScript libraries from external providers. The use of JavaScript libraries enables the usability of individual functionalities of this website, which in turn makes it easier for the user to use this website. It cannot be excluded that personal data will be transmitted to external providers when calling the website. The data processing is based on legitimate interests according to Art. 6 para. 1 sentence 1 f.) GDPR. Users can prevent transmission by installing a JavaScript blocker such as the browser plugin "NoScript" (https://noscript.net/) or disabling JavaScript through browser settings. The operator points out that this option may restrict usability of the website.

Data processing in online booking
In connection with online bookings, this website uses functions of the booking system DIRS21. The provider is TourOnline AG, Borsigstr. 26, 73249 Wernau. The voucher system also uses so-called "cookies, which are stored on the user's platform. The user can prevent or restrict the storage of cookies at any time through the appropriate settings of their internet browser. The operator points out that this option may restrict usability of the ordering function. Further information about the booking system can be found at https://www.dirs21.de. When querying the form in connection with a voucher order, the following data is required in addition to the booking data: name, address, telephone number, and email address. Additionally, the date and time of dispatch as well as the data registered through website access (see "Data processing when accessing the website") are collected. This data, along with the voluntarily provided information, is stored solely for the purpose of processing the booking and fulfilling contractual obligations. Data will only be passed on to third parties when and to the extent necessary to fulfill the (pre-)contractual obligations of the operator or based on the legitimate interests of the operator in the economic and effective processing of the order and payment process. The data processing of the required data is based on Art. 6 para. 1 b.) and Art. 6 para. 1 f.) GDPR, in addition to Art. 6 para. 1 a.), 7 GDPR. The transfer of data to third parties occurs based on Art. 6 para. 1 b.) and Art. 6 para. 1 f.) GDPR. The deletion of data occurs according to general principles (see "General Information on Data Deletion").

Data processing via contact form
When users contact via the contact form, the following data is required: name, email address, and telephone number. Additionally, the date and time of dispatch as well as the data registered through website access (see "Data processing when accessing the website") are collected. The data will be processed solely for the purpose of handling the inquiry. The processing of the mandatory data is based on Art. 6 para. 1 sentence 1 b.) and Art. 6 para. 1 sentence 1 f.) GDPR, in addition to Art. 6 para. 1 sentence 1 a.), 7 GDPR. The deletion of the data occurs according to general principles (see "General Information on Data Deletion").

OpenStreetMap
This website uses map material from the "OpenStreetMap" project, a free project aimed at collecting freely usable geodata for use by anyone in a database. The project is operated by the OpenStreetMap Foundation, 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU (UK). The OpenStreetMap Foundation is also required to comply with the EU GDPR and all other data protection laws or regulations applicable in the EU member states. For using the map material, information about the use of the website, including the IP address, is forwarded to OpenStreetMap. The use of OpenStreetMap is carried out in the interest of an appealing representation of the website and to enable the editing functions. The data processing is based on legitimate interests according to Art. 6 para. 1 f.) and - when using the editing functions by users according to Art. 6 para. 1 a.), 7 GDPR. Further information about data processing can be found at https://wiki.openstreetmap.org/wiki/Privacy Policy.

Google Fonts
This website uses external fonts from Google Inc. ("Google Fonts"). The integration of the fonts is done through a server call to Google. The data processing is based on legitimate interests according to Art. 6 para. 1 sentence 1 f.) GDPR. The use of the above-mentioned service makes it easier for users to use this website and optimizes the presentation of the website. Google is certified under Privacy Shield (https://www.privacyshield.qov/participant?id=a2zt000000001 L5AAI), which guarantees compliance with the EU GDPR and all other data protection laws or regulations applicable in the EU member states. Further information about data processing can be found at https://www.gooqle.com/policies/.

General Information on Data Deletion
Personal data will generally be deleted immediately after fulfilling the purpose of retention, unless legal retention periods prescribe an extended retention (cf. §§ 257 para. 1 HGB: 6 years, 147 para. 1 AO: 10 years) or retention is necessary for evidential purposes. The proper deletion will be verified annually. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted.

Security measures of the operator
The operator takes measures according to Art. 32 GDPR, considering the state of the art, the implementation costs, and the nature, scope, circumstances, and purposes of data processing, as well as the varying likelihood and severity of risks to the rights and freedoms of data subjects, and continuously implements appropriate organizational, contractual, and technical measures to ensure that data protection regulations are complied with and that the data subject to data processing is protected against accidental or unlawful manipulation, loss, destruction, or unauthorized access. The operator has already considered the protection of personal data in the technical development and design of the website (Art. 25 GDPR). Security measures include, in particular, the encrypted transmission of data between the user's browser and the operator's server.

Rights of the user
The user has the right to request information at any time whether and which personal data of the user is processed (Art. 15 GDPR). Upon request, the user's personal data must be provided in a structured, commonly used, and machine-readable format (Art. 20 GDPR). Furthermore, the user has the right to correct inaccurate or complete incomplete personal data (Art. 16 GDPR) and - under the conditions of Art. 18 GDPR - the right to restrict processing as long as the processing is not necessary for exercising the right to freedom of expression and information, for fulfilling a legal obligation, for reasons of public interest, or for asserting, exercising or defending legal claims, the user can also request the deletion of his personal data (Art. 17 GDPR). Consents to data processing according to Art. 6 para. 1 sentence 1 a.), 7 GDPR can be revoked by the user at any time with effect for the future. If the data processing is based on the grounds of Art. 6 para. 1 sentence 1 f.) GDPR, the user may object to the data processing with effect for the future, unless the operator of this website can demonstrate compelling legitimate grounds for the processing that outweigh the interests, rights, and freedoms of the user, or the processing serves to assert, exercise, or defend legal claims of the operator of the website (Art. 21 GDPR). If the user believes that the processing of their personal data violates data protection regulations, they can file a complaint with the competent supervisory authority (Art. 77 GDPR). The supervisory authority responsible for the operator of this website is the Bavarian State Commissioner for Data Protection, Wagmüllerstraße 18, 80538 München.

Google Analytics
We also use the tool "Google Analytics" to collect data about your use of the website. Google Analytics collects, for example, how often the website is accessed, which pages are accessed during a visit, etc. We use the Google Analytics data solely to improve our website and services. Google Analytics collects the IP address assigned to you on the day of your visit to the website and not your name or other identifiable data. We do not combine the collected Google Analytics data with personal data. The possibilities of Google to use and disclose the data collected by Google Analytics about your visits to this website are subject to the terms of use of Google Analytics and Google's privacy policy.

- END OF THE PRIVACY POLICY -