Thank you for visiting our website. Compliance with the data protection regulations has a special significance for us. The purpose of this privacy policy is to inform you, as the user of our offers and this website, about the nature, scope and purpose of the processing of personal data and the rights that exist for you, insofar as you are regarded as the person concerned in the sense of Art. 4 No. 1 of the General Data Protection Regulation.

1. Responsible body

This website and services are operated by:

Hotel Am Bühl GmbH
Am Bühl 1

08309 Eibenstock

Tel.: +49 (0) 37752-560

Fax: +49 (0) 37752-56888
Email: kontakt[at]

2. General

The website has been designed to not collect more data from you than is strictly necessary. Basically, it is possible to visit our website without providing personal data. Only when you choose to take certain services to complete (for example, the use of contact forms) the processing of personal data required. In doing so, we always take care to process your personal data only in accordance with a legal basis or your consent. We comply with the provisions of the General Data Protection Regulation (GDPR), which has been in effect since 25 May 2018, and the respectively applicable national regulations, such as the Federal Data Protection Act, the Telemedia Act or other more specific data protection laws.

For all data protection questions and notifications, please contact our data protection officer at the e-mail address datenschutz[at] or by post letter at the address of the Hotel Am Bühl mentioned above.

3. Purpose and legal basis of the processing of personal data

We process your personal data always earmarked.

In summary, we process your personal data for the following purposes:

a)  In order to be able to handle your request with contact inquiries (for example e-mail address, first name, last name).

b)  To be able to send you an offer according to your request (telephone, e-mail, contact form).

c)  For the technical implementation of our website and to provide you with our information on this website (for example IP address, cookies, browser information).

d)  To send individual vouchers to our special services and news about our services.

e)  For sending advertisements and up-to-date information about our services and news about our services (for example name, e-mail address).

f)  To be able to conclude and execute contracts for our services offered (for example online bookings and payments).

g)  For individual care during your visit to our house (information on allergies, nutritional needs, mobility restrictions, or something similar).

h)  To be able to present comments from our guestbook. (for example name, e-mail address) .

i)  To accept and process an application from you on one of our job offers.

The concrete purposes are described for the processing described here (for example contact form, web analysis, online booking and others).

As regards the legal basis for the processing of your personal data:

Personal data for the establishment, execution and completion of our service offering (contract management) are required, we work on the legal basis of Art. 6 para. 1 lit. b GDPR. As far as we seek consent for the processing of your personal data from you, consent forms under Art. 6 para. 1 lit. a GDPR the legal basis for data processing. Data processing is also permitted if we process your data in order to safeguard our legitimate interests and do not outweigh your interests or fundamental rights and fundamental freedoms with regard to the processing of personal data. If we use external service providers within the framework of order processing, processing is based on the legal basis of Art. 28 GDPR.

4. Collected and processed personal data

Within the scope of our web offer we collect and process certain personal data of you. On the one hand, the data that is processed concretely is revealed by the data that you must enter when filling in forms on the website (for example contact form or order form) and, secondly, we inform you about the processed data on the processing operations described here. In summary, we collect and process the following information about you through our website:

General contact:

  • Title*, name, first name*, company, address, zip code, city, country, phone, fax, e-mail
  • content of the message

Entry in our guestbook:

  • Name, first name*, e-mail*, city, country
  • content of the message

Event requests:

  • Title*, name, first name*, company, department, title, Street*, zip code*, City*, country*, phone, e-mail, website
  • Event details: type, name, time frame*, number of participants per group room *, seating*
  • Hotel rooms: Dates, how many rooms, details
  • E-mail adress* for desired advertising / service offers with consent
  • Your message

Voucher shipping:

  • Title, name, first name, company name, street + house number, zip code + town, Country , Email, if necessary further address

Online reservation:

  • Title, name, first name*, e-mail*, phone*, company, street, house number* ,zip code*, town*, country*
  • Other guests: Title*, name, first name*

We will only collect and process your data for the purposes stated in this privacy policy. Any use exceeding the stated purpose requires your express consent. The same applies to the transfer and transfer of your data to third parties.

5. Collection of personal data when visiting our website

In the case of merely informative use of the website, ie if you do not register or otherwise provide us with information, we will only collect the personal data that your browser transmits to our server. If you want to look at our website, we collect the following data that are technically necessary for us to show you our website and to ensure the stability and security (legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):

  • IP address
  • date and time of the request
  • time Zone Difference to Greenwich Mean Time (GMT)
  • content of the requirement (concrete page)
  • access Status / HTTP status code
  • each transmitted amount of data
  • website from which the request comes
  • browser
  • operating system and its interface
  • language and version of the browser software.

In addition to the aforementioned data, cookies are stored on your computer when you use our website. Further information can be found under "Cookies" in this privacy policy.

6. Consent

In part, when you visit our website, we collect certain personal data for which we require your consent. This happens, for example, when you send us a message via our forms.


By using our available forms, you consent to the collection and use of personal information provided by you as described in this Privacy Policy. You can revoke this consent at any time with effect for the future by making a corresponding declaration to us. We point out, however, that use of our service without your consent is no longer possible. For your revocation, please use the above contact ways (please tell us in this case your name, e-mail and postal address).

7. Integration of services from other providers

Our website uses content, services and services of other providers. These are, for example, services for the statistical evaluation of the use and visit of our website, or for the integration of videos from video platforms, such as YouTube. For this data to be accessed and displayed in the user's browser, the transmission of the user's IP address to this third-party provider is absolutely necessary.

Although we make every effort to use only third-party providers who only need the IP address to deliver content or even work with anonymized IP addresses, we have no control over whether the IP address may be stored. Information on the third-party providers used can be found below in this privacy policy.

8. Cookies

On our website information is collected and stored by the use of so-called browser cookies. Cookies are small text files that are stored on your data carrier and that store certain settings and data for exchange with our system via your browser. A cookie usually contains the name of the domain from which the cookie data was sent, as well as information about the age of the cookie and an alphanumeric identifier.

Cookies allow our systems to recognize the user's device and make any presets available immediately. As soon as a user accesses the platform, a cookie is transmitted to the hard disk of the user's computer. Cookies help us improve our website and offer you a better and more personalized service. They enable us to recognize your computer or your (mobile) device when you return to our website and thereby:

  • Save information about your favorite activities on the website, thus tailoring our website to your individual interests.
  • Speed up the processing of your requests.

We work with third party services that help us to make the website and website more interesting to you. Therefore, when you visit the website and cookies from these partner companies (third-party) are stored on your hard drive. These are cookies that automatically delete after the given time.

You will find a list of our cookies at the bottom of this page or at this link.

If you do not wish to use browser cookies, you can set your browser so that the storage of cookies is not accepted. Please note that in this case you may only be able to use our website with restrictions or not at all. If you only want to accept our own cookies, but not the cookies of our service providers and partners, you can choose the setting in your browser "block third-party cookies". We assume no responsibility for the use of third party cookies.

9. Contact (contact form, inquiry form etc.)

You can contact us via e- mail, telephone or via our contact form (request form). In this case, we will store the personal data you provide to process your request and to contact you to process your request. Insofar as we request information via our contact form, we have marked the mandatory fields required for making contact accordingly (Asterisk*). The voluntary information serves to concretize your request and to improve the handling of your request. The requested data will be transmitted to us on a purely voluntary basis.

Depending on the nature of the request, the legal basis for this processing is Article 6 (1) lit. b GDPR for inquiries that you yourself submit as part of a pre-contractual action or Art. 6 para. 1 sent. 1 lit. f GDPR, if your request is of a different kind. The legitimate interest follows from the under. 3 a.) Purposes. If personal information is requested, we do not need for the fulfilment of a contract or to protect the legitimate interests that processing takes place on the basis of an opinion of you consent according to Art. 6 para. 1 lit. a GDPR (for example if you want information about our current news or additional services).

10. Comments in the guest book on the website

Hotel Am Bühl offers users the opportunity to leave individual comments in a guestbook on the website of the data controller. A guestbook is a portal that is kept on a website, usually publicly visible, in which one or more people can post articles or write down thoughts.

If an affected person leaves a comment in the guestbook published on this website, not only the comments left by the person concerned, but also information on the time of the commentary input and the username (pseudonym) chosen by the person concerned are saved and published. Furthermore, the IP address assigned by the Internet Service Provider of the person concerned is also logged. This storage of the IP address takes place for security reasons and in the event that the data subject violates the rights of third parties or posts unlawful contents by submitting a comment. Therefore, the storage of this personal data is 6 paragraph on the basis of Art.. 1 lit. f GDPR . The legitimate interest the controller is due to the fact that this could possibly exculpate in case of an infringement. There is no disclosure of this personal data to third parties, unless such disclosure is not required by law or the legal defense of the controller.

 11. Privacy policy for the registration form

In the registration form we process data on the following legal basis:

  • Section "Private Address": Data processing pursuant to § 30 BMG with retention period of one year.
  • Section "Private address" / "Billing address": Data processing based on Art. 6 (1) lit. b u. c GDPR with storage period for 10 years according to § 147 AO and § 257 HGB.
  • Section "Data Protection Consent to Voluntary Information": Data processing based on Art. 6 (1). a GDPR with storage period until the revocation of consent.

12. Voucher orders

If you want to order in our webshop, it is necessary for the conclusion of the contract, that you provide your personal data, which we need for the processing of your order. Mandatory information necessary for the execution of the contracts is marked separately, further details are voluntary. We process the data provided by you to process your order. For this we can pass on your payment data to our house bank.

Due to commercial and tax regulations, we are obliged to save your address, payment and order data for a period of ten years.

To prevent unauthorized access by third parties to your personal data, in particular financial data, the order process is encrypted using TLS technology.

Personal data, which are absolutely necessary for the delivery of the goods or contract execution, are passed on to service providers commissioned by us. These are the following categories of service providers:

  1. Payment processing - ConCardis
  2. postal service

The processing of the above-mentioned personal data for the purposes specified here is made on the legal basis of Art. 6, para. 1 lit. b GDPR.

13. PayPal

The controller has integrated components from PayPal on this website. PayPal is an online payment service provider. Payments are made through so-called PayPal accounts, which are virtual private or business accounts. In addition, PayPal has the ability to process virtual payments through credit cards if a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there is no classic account number. PayPal makes it possible to initiate online payments to third parties or to receive payments. PayPal also takes on trustee functions and offers buyer protection services.

The European operating company of PayPal, the PayPal (Europe) S.à.rl. & Cie. SCA, 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If the data subject selects "PayPal" as a payment option during the order process in our online shop, data of the data subject will be automatically transmitted to PayPal. The transfer of data to PayPal made on the basis of Art. 6 para. 1 lit. a GDPR (consent) and Art. 6, para. 1 lit. b GDPR (Processing to fulfill a contract). A revocation of your already given consent is possible at any time. Past data processing operations remain in effect when revoked.

The personal data sent to PayPal are usually first name, last name, address, email address, IP address, telephone number, mobile phone number or other data required for payment processing. For the execution of the purchase contract, also such personal data are necessary, which are in connection with the respective order.

The purpose of the transmission of the data is payment processing and fraud prevention. The controller will provide PayPal with personally identifiable information, in particular if there is a legitimate interest in the transfer. The personal data exchanged between PayPal and the controller may be transferred by PayPal to credit reporting agencies. This transmission aims at the identity and credit check.

PayPal may disclose personal information to affiliates and service providers or subcontractors, to the extent necessary to fulfill its contractual obligations or to process the data on behalf of.

The data subject has the option to revoke the consent to the handling of personal data against PayPal at any time. A revocation has no effect on personal data which must be processed, used or transmitted for (contractual) payment processing.  

PayPal's applicable privacy policy is available at

14. Online bookings

If you want to book your stay with us Online, it is necessary for the conclusion of the contract that you provide the personal information that we require to process your reservation (see point 4). Mandatory information necessary for the execution of the contracts is marked separately, further details are voluntary. The legal basis for this processing is Art. 6 para. 1 lit. b GDPR for postings that you yourself submit as part of a pre-contractual action.

The information you provide we use to process your order over the hotelservice-software the Busy Rooms GmbH / FlexxBooker. Because the Hotel Am Bühl itself is the operator of this software, your data will not be passed on to third parties.

If you book your stay with us via other online booking portals and tour operators, we will, as described in this privacy policy, also comply with the requirements of the GDPR and the Federal Data Protection Act. Further information can be found in the privacy policy of our partners.

15. Application process

On our website, we publish vacancies that you can apply for by email. If you decide to apply for a job vacancy, we will process the personal data you provide and submit to us solely for the purpose of conducting the application process.

In the event of a cancellation, we will delete your data as soon as a legally required retention period of 6 months has expired. The period begins with the dispatch of the cancellation. If you have expressly consented to the further use of your data for a subsequent address - with regard to potentially interesting sites - we will continue to keep your data in accordance with our consent. We do not pass on your personal data to third parties outside of the concrete application process without your express consent or without legal basis.

For the assessment of an application we need in the application process no information on the so-called "special categories of personal data". This information may include racial and ethnic origin (including your photo), political opinions, religious beliefs or beliefs, as well as genetic data, biometric data to uniquely identify a natural person, health or sex life data, or the sex life sexual orientation of a natural person. We strongly recommend that you do not provide any information about the aforementioned data in your stored data. If the data provided by you contains such information, we can process your application only if you provide us with explicit consent to store these special categories of personal data. We would have to obtain this consent separately from you, which would delay the application process.

Please note that applications that you send to us by e-mail will be transmitted unencrypted. In that regard, there is a risk that unauthorized persons can intercept and use this data.

Legal basis for the processing of your personal data in the context of the application process is § 26 para. 1 in connection with para. 2 BDSG.

16. Use of Matomo (formerly Piwik)

Our website uses the web analysis service Matomo. Matomo is an open source solution of the supplier InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand .

Matomo uses "Cookies." These are small text files that your web browser stores on your device and that allow analysis of the website's usage. By Cookie s information generated through the use of our website is stored on our server and processed. Before saving, your IP address will be anonymised. Cookies from Matomo remain on your device until you delete them. The setting of Matomo cookies is based on Art. 6 para. 1 let. f GDPR. As the operator of this website, we have a legitimate interest in the anonymous analysis of user behavior in order to optimize both our website and possibly also advertising. The setting of cookies through your web browser can be prevented. However, some features of our website may be restricted.

You can decide whether a unique web analytics cookie may be stored in your browser in order to allow the operator of the website to collect and analyze various statistical data.  
If you want to vote against it, click here or at the bottom of this Privacy Policy to place the Matomo deactivation cookie in your browser.

If you delete your cookies, so will the Matomo Opt -out cookie removed. If you visit our website again, the opt-out cookie is to be reset to prevent the storage and use of your data. Further information can be found at:

17. Using Google Maps

For the integration and presentation of map content our website uses the map service Google Maps. Provider of this service is the Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Viewing a Google Maps integrated map page will track your IP address. This information is usually transmitted to and stored on a Google server in the United States. Google will know your IP address, even if there is no user account you are logged in to. If you are logged into your user account, Google can assign your surfing behavior directly to your personal profile. By logging out beforehand you have the option of preventing this. The provider of this site has no influence on this data transfer.

The use of Google Maps takes place in the interest of an appealing presentation of our online offers and an easy findability of the places we specify on the website. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

For details on how to handle user information, please refer to the Google Privacy Policy:

18. Use of YouTube

For the integration and presentation of video content, our website uses plugins from the Google-powered YouTube page. Provider of the video portal is the YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.

When you visit a page with an integrated YouTube plug-in, it will connect to YouTube's servers. YouTube will find out which of our sites you've visited.

YouTube, can directly map your browsing behavior to your personal profile should you be logged into your YouTube account. By logging out beforehand you have the option to prevent this.

The use of YouTube is in the interest of an attractive presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

For details on how to handle user information, please refer to the YouTube Privacy Policy at

19. General information about our presence in social networks

In order to present our company in the best possible and st with you as a user, Ga or interested to communicate and to be able to inform you about our services offered, we rely on the presence in social networks. You can currently find us in the social network of Facebook:

The use of social networks involves the processing of data outside the European Union (EU) and the European Economic Area (EEA). An equivalent level of data protection, as existing in the EU, can not be guaranteed in all countries outside the EU.

In this context, there may be risks to you as a user if the data transmitted is processed in so-called third countries with an inappropriate level of data protection.

This complicates the enforcement of known user rights. In addition, it may happen that your data will not be processed in your interest, by the provider in the third country.

If US providers have certified under the Privacy Shield Agreement - an agreement on data protection between the US and the EU - these providers are required to comply with EU privacy standards.

The pursued processing purposes of the social networks are usually different from ours. Thus, for the most part, the data collected by you in social networks are processed for the purposes of market research, advertising and the creation of user profiles for personalized advertising (for example Facebook, Google, Instagram, etc.).

In order to realize this, cookies are used which capture the user behavior and allow the user to be profiled. In the case of Facebook, it also comes to creating a user profile of individuals, who entertain no registered account on facebook.

A concrete listing of the processing purposes of the user data can be found in the privacy policy of the respective provider. By making the appropriate settings in your user account, you can limit your profile formation, at least in moderation. For the exact procedure, please read the corresponding privacy policy of the respective provider.

Facebook Fanpage

When visiting our Facebook page, Facebook collects, among other things, your IP address and other information that exists in the form of cookies on your PC. This information is used to provide us as the operator of the Facebook pages statistical information on the use of the Facebook page. For more information, please contact Facebook at the following link:

By means of the transmitted statistical information, it is not possible for us to draw conclusions about individual users. We use them solely to respond to the interests of our users and to continually improve our online presence and ensure the quality of its online presence.

We only collect your information through our fanpage in order to realize a potential provision for communication and interaction with us. This survey usually includes your name, message content, comment content, and profile information you provide "publicly."

The processing of your personal data for our purposes mentioned above is based on our legitimate business and communicative interest in the offer of an information and communication channel according to Art. 6 para. 1 lit. f GDPR. If you, as a user, have given your consent to the data processing to the respective provider of the social network, the legal basis of the processing extends to Art. 6 para. 1 lit. a, Art. 7 GDPR.

Due to the fact that the actual data processing takes place by the provider of the social network, our access possibilities are limited to your data. Only the provider of the social network is legitimated for a complete access to your data. Due to this, only the provider can directly take appropriate measures to fulfill your user rights (request for information, deletion requests, objections, etc.) and implement them. The assertion of such rights is thus most effective directly to the respective provider.

If you still need help in this situation, feel free to contact us.

The "Page Controller Addendum" Facebook shows the rights and obligations to be respected with Facebook. These can be found at the following link:  

When a request for information, we will forward it to Facebook and ask the appropriate contact under: fill.

Opt-Out: and,

Privacy Shield:

20. Rights of the person concerned   

You have the right:

  • in accordance with Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can provide information on the processing purposes, the category of personal data, the categories of recipients to whom your data has been disclosed, the planned retention period, the right to rectification, deletion, limitation of processing or opposition, the existence of a The right to complain, the source of their data, if not collected from us, and the existence of automated decision-making including profiling and, where appropriate, meaningful information about their details; 
  • pursuant to Art. 16 GDPR, to demand the correction of incorrect or completed personal data stored by us immediately ; 
  • in accordance with Art. 17 GDPR, to demand the deletion of your personal data stored by us, except where the processing is for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims is required; 
  • in accordance with Art. 18 GDPR to demand the restriction of the processing of your personal data, as far as the accuracy of the data is disputed by you, the processing is unlawful, but you reject their deletion and we no longer need the data, but you to assert, exercise or defense of legal claims or you have objected to the processing according to Art. 21 GDPR;   
  • pursuant to Art. 20 GDPR to obtain your personal data provided to us in a structured, common and machine-readable format or to request the transfer to another person responsible (data portability)
  • pursuant to Art. 7 para. 3 GDPR your once granted consent to revoke against us at any time. As a result, we are no longer allowed to continue the data processing based on this consent for the future, and   
  • according to Art. 77 GDPR to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work or our company headquarters. 
  • right to

If your personal data on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR are processed, you have the right to file an objection against the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct mail. In the latter case, you have a general right of objection, which is implemented by us without specifying any particular situation.

If you would like to exercise your right of revocation or objection, please send an e-mail to kontakt[at]

21. Disclosure of your personal data to third parties   

The transfer of your personal data takes place in addition to the previously explained points as described here:

We regularly work with local partners to provide our personalized service. In the individual case, these are the “Badegärten Eibenstock” and “Kosmetik Katrin Bauer”

The following data is transmitted for this purpose:

  • Title*, last name, first name*, company, street, zip code, city, country, telephone, fax, e-mail
  • date of birth
  • voluntary health information or personal restrictions / wishes
  • room number
  • Arrival and departure date

Hotel Am Bühl will pass on your personal data to these partners solely for the purpose of providing the service. The partner to whom the data has been transmitted may process or use it only for the purpose for which it has been provided. Insofar as these partners act on our behalf, the processing is based on the legal basis of Art. 28 GDPR. Processing or use for other purposes only if the requirements of Art. 6 para. 1 lit . a and f GDPR allowed.

Our partners are legally and contractually obligated to observe the provisions of the GDPR and the Federal Data Protection Act and delete the data, if you so desire. Further information can be found in the privacy policy of our partners.

The website is hosted by an external service provider in Germany. In doing so, we ensure that data processing takes place only on servers within the EU. This is necessary for the operation of the website, as well as for the justification, the implementation and the execution of the existing contract of use and also without your consent.

In addition, further disclosure shall take place if we are entitled or obliged to transfer data due to statutory provisions and / or official or judicial orders. This may, in particular, be the provision of information for law enforcement purposes, security or enforcement of intellectual property rights.

In addition to the aforementioned circumstances, we will not transmit your data without your consent to third parties. In particular, we do not share personally identifiable information with any third country or international organization.

22. Data security

Unfortunately, the transmission of information over the Internet is never 100% secure, which is why we can not guarantee the security of the data transmitted to our website via the Internet.

However, we secure our website through technical and organizational measures against loss, destruction, access, modification or dissemination of your data by unauthorized persons.

In particular, your personal data is encrypted with us. We use the SSL / TLS (Secure Sockets Layer / Transport Layer Security) coding system. Our security measures are continuously improved in line with technological developments.

23. Storage period for personal data   

With regard to the storage period, we delete personal data as soon as their storage is no longer necessary for the fulfilment of the original purpose and there are no longer any statutory retention periods. The statutory retention periods ultimately form the criterion for the final duration of the storage of personal data. After the deadline, the corresponding data will be routinely deleted. If retention periods exist, processing is restricted by blocking the data.

24. References and links   

When accessing websites referred to in our website, you may again be asked for information such as name, address, e-mail address, browser properties, etc. This privacy policy does not govern the collection, transfer or handling of personal data by third parties.

Third party service providers may have different and separate terms in dealing with the collection, processing and use of personal data. It is therefore advised to check the websites of third parties before entering personal data about their practice for the handling of personal data.

25. Change of privacy policy   

We are constantly developing our website to provide you with an ever-improving service. We will always keep this privacy policy up-to-date and adjust it accordingly if and as far as it becomes necessary.

Of course, we will inform you in good time about any changes to this privacy policy. For example, we will do this by sending an e-mail to the e-mail address you have given us. In addition, if you require further consent from us to handle your data, we will, of course, ask you to do so before appropriate changes take effect.

You can access the latest version of our Privacy Policy at any time on the Internet at Privacy Policy.

26. Data Protection Officer

We have appointed a data protection officer.

Herr Philipp Herold

Tel.: +49 451 - 16 08 52 -21

E-Mail: datenschutz[at]

Data status: May 2019

Free translation - legally binding is the German language version

Hotel Am Bühl GmbH

Am Bühl 1, 08309 Eibenstock
Tel.:+49 37752 560