Villa Blum - Imprint


Haller Straße 12 · D-74638 Waldenburg

  • reservation by telephone:
  • +49 (0) 79 42 / 94 37-0

Data Protection

1. General Information
The following information provides a simple overview of what happens to your personal information when you visit our website and hotel. Personal data refers to all data that identifies you as a person. Detailed information on data protection can be found in our privacy policy listed under this text.

Note to the responsible office
The responsible office for data processing on this website is:
Villa Blum, Hotel Garni
Owner: Regina Philipps
Haller Straße 12
D-74638 Waldenburg

Phone +49 (0) 79 42·94 37-0
Fax +49 (0) 79 42 ·94 37-27 
Responsible body is the physical or legal person who, alone or together with others, decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).

How do we collect your data? 
Your data will be collected in such a way as indicated by you. For example, this may be data that you enter in a contact form or communicate to us in writing or verbally. 
Other data is collected automatically when visiting the website through our IT systems. These are mainly technical data (e.g. Internet browser, operating system or time of the page request). The collection of this data is carried out automatically as soon as you enter our website.


What do we use your data for? 
Part of the data is collected to ensure a flawless provision of the website. Other data can be used to analyse your user behaviour.


What rights do you have regarding your data? 
At any time you have the right to receive free information about the origin, recipient and purpose of your stored personal data. You also have the right to request the correction, blocking or deletion of this data. For further information on data protection, please feel free to contact the address given in the imprint or our data protection officer at any time. Furthermore, you have a right of appeal to the competent supervisory authority. 


2. General information and mandatory information

Data protection
The providers of these pages take the protection of your personal data very seriously. We treat your personal data confidentially in accordance with the statutory data protection regulations and with this privacy policy.
If you use this website and our services in the hotel, different kinds of personal data are collected. Personal information refers to information that identifies you as a person. This Privacy Policy explains what information we collect and what it is used for. It also explains how and for what purpose this happens. 
We remind you that the transmission of data over the Internet (e.g. when communicating by e-mail) might entail security gaps. A full protection of the data from access by third parties is not possible.


Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke an existing consent at any time. An informal message by e-mail is sufficient. The legality of the data processing carried out until the moment of revocation remains unaffected by the revocation.

Right of appeal to the competent supervisory authority
In the case of data protection infringements, the person concerned has the right of appeal to the competent supervisory authority. The competent supervisory authority for data protection issues is the state data protection officer of the federal state (Bundesland) in which our company is based. A list of data protection officers and their contact details can be found under the following link:

Right to Data Portability
You have the right to be provided with the data that we process on the basis of your consent or in fulfilment of a contract, in itself or to forward them to a third party in a standard, machine-readable format. If you require the direct transfer of data to another person in charge, this will only be done as far as technically feasible.

SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as a site operator, this site uses a SSL or TLS encryption. You can recognize an encrypted connection by changing the address line of the browser from "http://" to "https://" and by the lock symbol in your browser line.
If the SSL or TLS encryption is enabled, the data you submit to us cannot be read by third parties.


Information, blocking, deletion
To the extent permitted by the legal provisions, you have the right to receive free information on your stored personal data, on their origin and recipient and on the purpose of the data processing and, if necessary, a right to correct, block or delete this data. For this purpose and for further questions on the subject of personal data, feel free to contact the address given in the imprint or contact our data protection officer. 

Opposition to advertising e-mails
We hereby object to the use of contacting data published within the imprint for sending unsolicited advertising or information material. The providers of these pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example through spam e-mails.

Links to external websites
Our website may contain links to the websites of third parties. Please note that we are not responsible for the collection, use, care, transmission or disclosure of data and information by such third parties. If you provide information about websites of third parties and use those websites, the privacy policies and terms of use of each site apply. It is advisable to read the privacy statements of visited websites before entering any personal information.
We also work with an Internet service provider to provide Internet access to our guests. Your use of the Internet Services is subject to the terms of service and privacy policy of the external Internet service provider. You may access these terms and conditions through the links on the Service Login page or by visiting the Internet Service Provider Web site.


3. Data collection on our website

The internet pages partly use so-called cookies. Cookies do not harm your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and stored by your browser.
Most of the cookies we use are so-called "session cookies". They are automatically deleted after your visit. Other cookies remain stored on your device until you delete them. These cookies allow us to recognize your browser the next time you visit.
You can set your browser in such a way that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.
Cookies that are required to carry out the electronic communication process or to provide certain functions that you wish to use (e.g. shopping cart function) are processed on the basis of Art. 6 para. 1 lit. f GDPR saved. The website provider has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. If other cookies (e.g. cookies for the analysis of your surfing behaviour) are stored, they will be treated separately in this privacy policy.

Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of server request
- IP address
A merge of this data with other data sources will not be done.
The basis for data processing is Art. 6 para. 1 lit. b GDPR, which allows the processing of data to fulfil a contract or pre-contractual measures.

Contact form
If you send us inquiries via the contact form, your details received from the inquiry form, including the contact details you provided there, will be stored in order to process the request and in case of follow-up questions. We will not share this information without your consent.
The processing of the data entered into the contact form is therefore exclusively based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. An informal message by e-mail is sufficient. The legality of the data processing operations carried out until the moment of revocation remains unaffected by the revocation.
The data entered by you in the contact form remain with us until you ask us for deletion, revoke your consent to the storage or the purpose for the data storage is omitted (e.g. after completion of your request). Mandatory statutory provisions - especially retention periods - remain unaffected.

Processing of data (customer and contract data)
We collect, process and use personal data only insofar as they are necessary for the establishment, content-related design or modification of the legal relationship (inventory data). This is done on the basis of Art. 6 para. 1 lit. b GDPR, which allows the processing of data to fulfil a contract or pre-contractual measures. We collect, process and use personal data on the utilisation of our website (usage data) only insofar as this is necessary in order to enable or charge the user for the use of the service.
The collected customer data will be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.

Data transfer upon conclusion of the contract for services and digital content
We only transfer personal data to third parties if this is necessary in the course of the contract, for example to the bank responsible for processing the payment.
A further transmission of the data does not take place or only takes place if you have expressly consented to the transmission. A transfer of your data to third parties without explicit consent, such as for advertising purposes, does not occur.
The basis for data processing is Art. 6 para. 1 lit. b GDPR, which allows the processing of data to fulfil a contract or pre-contractual measures.


4. Plugins and tools
Google Web Fonts
This site uses so-called web fonts, provided by Google, for the uniform representation of fonts. When entering a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
To do this, the browser you use must connect to Google servers. As a result, Google learns that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a consistent and attractive presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
If your browser does not support web fonts, a default font will be used by your computer.
More information about Google Web Fonts can be found at in the privacy policy of

Google Maps
This site uses the map service provided by Google Maps via an API. Provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
To use the features of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the US and stored there. The provider of this site has no influence on this data transfer.
The use of Google Maps is in the interest of an attractive presentation of our online offers and an easy searchability of the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
For more information on how to handle user data, please refer to the Google Privacy Policy:

Google reCAPTCHA
We use "Google reCAPTCHA" (hereafter "reCAPTCHA") on our websites. Provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google").
With reCAPTCHA it should be checked whether the data on our websites (e.g. in a contact form) is entered by a human or by an automated program. For this, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis will be forwarded to Google.
The reCAPTCHA analysis operate in the background. Site visitors are not told that an analysis is taking place.
The data processing is based on Art. 6 para. 1 lit. f GDPR. The website provider has a legitimate interest in protecting its web sites from abusive automated spying and SPAM.
For more information about Google reCAPTCHA and Google's privacy policy, please visit the following links:


5. Hotel Data Collection We reserve the right to collect personal information at every point of contact and interaction with guests, as well as in the management of all areas of our business. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
This personal information may include: Your contact details; information about your reservation, your stay or your visit to the hotel; buying and receiving products or services; personal data such as nationality, passport number and place and date of issue; dates; payment information such as the number of your payment card and other card information, as well as identifying information and other billing details; preferences of guests; and preferred communication paths; information about vehicles that will bring you to our hotel; and other types of information that you provide to us or that we receive from you.
In addition, we reserve the right to ask for detailed information from fellow travellers, including names.
In addition, we may collect additional personal information in certain cases, such as:

  • Data collection in the hotel : We collect additional personally identifiable information when registering / checking in to our hotel, including information that we must collect in accordance with local laws. In addition, under certain circumstances we use video surveillance systems and other security measures in our hotel that can capture or record images of guests and visitors in public areas.  

We may also collect personal information in connection with on-site services, such as spa treatments, restaurant visits and taxi bookings.

Personal data of minors
We never knowingly collect personal data from persons under the age of 18 years. As a parent or guardian, prevent your children from sending personal information without your permission.

Storage of personal data
We store your personal data for the time necessary for the fulfilment of the purposes prescribed here, unless a longer period of time is provided for or permitted by the legislator.
We will delete your personal information as early as possible and in a way that it cannot be recovered or reconstructed.
If the personal data is in paper form, it will be destroyed in a secure manner, e.g. by shredding or burning the paper documents or otherwise, and when stored in electronic form, the personal data is destroyed by technical means to ensure that the information cannot be recovered or reconstructed at a later time.


6. Changes to the Privacy Policy
We reserve the right to change our privacy practices and this policy to adapt it to changes in relevant laws or regulations or to better serve your needs. Possible changes to our privacy practices will be announced accordingly. Please note the current version date of the privacy policy.


Latest version: 24 May 2018