PRIVACY POLICY
1. Name and contact details of the data controller
This data protection information applies to data processing by:
Responsible person:
Stockmann3
ADDRESS: Harvestehuder Weg 7,
20148, Hamburg
Germany
Telephone: +33680864109
E-mail: info@villa-monaco.fr
For further information about us, please refer to the imprint.
2. General definitions
In accordance with the model of Art. 4 GDPR, this privacy policy is based on the following definitions:
"Personal data" (Art. 4 No. 1 GDPR) means any information relating to an identified or identifiable natural person ("data subject"). A person is identifiable if they can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier, location data or information relating to their physical, physiological, genetic, mental, economic, cultural or social identity. Identifiability can also be achieved by linking such information or other additional knowledge. The origin, form or embodiment of the information is irrelevant (photos, video or audio recordings can also contain personal data).
"Processing" (Art. 4 No. 2 GDPR) means any operation which is performed on personal data, whether or not by automated means (i.e. using technical specifications). This includes, in particular, the collection (i.e. acquisition), recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data, or alteration of the purposes for which they were originally processed.
"Controller" (Art. 4 No. 7 GDPR) means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
"Third party" (Art. 4 No. 10 GDPR) means any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or processor, are authorized to process the personal data; this also includes other legal entities belonging to the group.
"Processor" (Art. 4 No. 8 GDPR) is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller, in particular in accordance with the controller's instructions (e.g. IT service provider). In terms of data protection law, a processor is in particular not a third party.
"Consent" (Art. 4 No. 11 GDPR) of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
3. Legal bases for data processing
In principle, any processing of personal data is prohibited by law and is only permitted if the data processing falls under one of the following justifications:
Art. 6 para. 1 sentence 1 lit. a GDPR ("consent"): If the data subject has voluntarily, in an informed and unambiguous manner, by means of a statement or other unambiguous affirmative act, indicated that they consent to the processing of their personal data for one or more specific purposes;
Art. 6 para. 1 sentence 1 lit. b GDPR: If the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
Art. 6 para. 1 sentence 1 lit. c GDPR: If processing is necessary for compliance with a legal obligation to which the controller is subject (e.g. a legal obligation to retain data);
Art. 6 para. 1 sentence 1 lit. d GDPR: If the processing is necessary to protect the vital interests of the data subject or another natural person;
Art. 6 para. 1 sentence 1 lit. e GDPR: If the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or
Art. 6 para. 1 sentence 1 lit. f GDPR ("Legitimate interests"): If the processing is necessary for the purposes of the legitimate (in particular legal or economic) interests pursued by the controller or by a third party, except where such interests are overridden by the interests or rights of the data subject (in particular where the data subject is a minor).
The storage of information in the end user's terminal equipment or access to information that is already stored in the terminal equipment is only permitted if it is covered by one of the following justifications:
§ 25 para. 1 TDDDG: If the end user has consented on the basis of clear and comprehensive information. Consent must be given in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR;
§ 25 para. 2 no. 1 TDDDG: If the sole purpose is the transmission of a message via a public telecommunications network or
§ 25 para. 2 no. 2 TDDDG: If the storage or access is absolutely necessary so that the provider of a telemedia service can provide a telemedia service expressly requested by the user.
For the processing operations we carry out, we indicate the applicable legal basis in each case below. Processing may also be based on several legal bases.
4. Duration of data storage and data deletion
For the processing operations carried out by us, we indicate below how long the data is stored by us and when it is deleted or blocked. Unless an explicit storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage no longer applies. Your data will only be stored on our servers in Germany, subject to any disclosure in accordance with the provisions of sections 8 and 9.
However, data may be stored beyond the specified period in the event of an (impending) legal dispute with you or other legal proceedings or if storage is provided for by statutory provisions to which we are subject as the controller (e.g. § 257 HGB, § 147 AO). If the storage period prescribed by the statutory provisions expires, the personal data will be blocked or erased unless further storage by us is necessary and there is a legal basis for this.
5. Collection and storage of personal data and the nature and purpose of their use
a) When visiting the website
When you visit our website https://villa-monaco.fr/ the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without any action on your part and stored until it is automatically deleted:
· IP address of the requesting computer, without the possibility of personal reference
· Date and time of access,
· Name and URL of the retrieved file,
· Website from which the access is made (referrer URL),
· the browser used and, if applicable, the operating system of your computer and the name of your access provider.
· Amount of data transferred
· Message as to whether the call was successful (access status/http status code)
· GMT time zone difference
We process the aforementioned data for the following purposes:
· Ensuring a smooth connection to the website,
· To ensure a comfortable use of our website,
· Evaluation of system security and stability and
· for further administrative purposes.
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. a GDPR (consent) or Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interest). Our legitimate interest follows from the data collection purposes listed above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person.
We also use cookies when you visit our website. You can find more detailed explanations on this in section 6 of this privacy policy and in our cookie policy:
(link to the cookie policy)
b) When using our contact form
For questions of any kind, we offer you the opportunity to contact us via a form provided on the website. It is necessary to provide a valid e-mail address, the reason and your name so that we know who sent the enquiry and can answer it. Further information can be provided voluntarily.
Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your voluntarily given consent.
The personal data collected by us for the use of the contact form will be automatically deleted after your enquiry has been dealt with.
c) Other
If the processing of the data requires the storage of information in your terminal equipment or access to information that is already stored in the terminal equipment, § 25 para 1, para 2 TDDDG is the legal basis for this.
6. Cookies
We use cookies on our websites. Cookies are small text files that are assigned to the browser you are using and stored on your hard drive by means of a characteristic character string and through which certain information flows to the location that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer and therefore cannot cause any damage. They serve to make the website more user-friendly and effective overall, i.e. more pleasant for you.
Cookies can contain data that makes it possible to recognize the device used. In some cases, however, cookies only contain information on certain settings that are not personally identifiable. However, cookies cannot directly identify a user.
A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. In terms of their function, a distinction is made between cookies:
· Technical cookies: These are strictly necessary to move around the website, use basic functions and ensure the security of the website; they do not collect information about you for marketing purposes or store which websites you have visited;
· Performance cookies: These collect information about how you use our website, which pages you visit and, for example, whether errors occur when using the website; they do not collect any information that could identify you - all information collected is anonymous and is only used to improve our website and to find out what interests our users;
· Advertising cookies, targeting cookies: These are used to offer the website user customized advertising on the website or offers from third parties and to measure the effectiveness of these offers; advertising and targeting cookies are stored for a maximum of 13 months;
· Sharing cookies: These are used to improve the interactivity of the website with other services (e.g. social networks); sharing cookies are stored for a maximum of 13 months.
The legal basis for cookies that are absolutely necessary in order to provide you with the expressly requested service is § 25 Para. 2 No. 2 TDDDG. Any use of cookies that is not absolutely technically necessary for this purpose constitutes data processing that is only permitted with your express and active consent in accordance with § 25 para. 1 TDDDG in conjunction with Art. 6 para. 1 sentence 1 lit. a GDPR. This applies in particular to the use of performance, advertising, targeting or sharing cookies. In addition, we only pass on your personal data processed by cookies to third parties if you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
The data processed by cookies are necessary for the purposes mentioned to protect our legitimate interests and those of third parties in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, completely deactivating cookies may mean that you cannot use all the functions of our website.
You can find more information about which cookies we use and how you can manage your cookie settings and deactivate certain types of tracking in our cookie policy (link to cookie policy).
7. Use of analysis toolS
a) Tracking tools
The tracking measures listed below and used by us are carried out on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR. With the tracking measures used, we want to ensure a needs-based design and the continuous optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you.
The respective data processing purposes and data categories can be found in the corresponding tracking tools.
b) Google Analytics
We use Google Analytics for the purpose of demand-oriented design and continuous optimization of our website. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. In this context, pseudonymized user profiles are created and cookies are used to recognize returning visitors and count them as such, as well as to find out how often our website has been accessed by different users. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. The information is used to analyze the use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage for the purposes of market research and the needs-based design of this website. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymized so that they cannot be assigned (IP masking).
The following information is tracked with your prior consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR and has the following storage period:
_ga Helps us to count how many people visit our website if they have already visited it. Storage period 2 years
_gid Helps us to count how many people visit our website if they have already visited it. Storage period 1 day
We would like to point out that you can also revoke the consent you have given us.
You can also prevent the installation of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de ).
As an alternative to the browser add-on, especially for browsers on mobile devices, you can prevent Google Analytics from collecting data (https://support.google.com/analytics/answer/181881?hl=de ). An opt-out cookie will be set to prevent the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
Further information on data protection in connection with Google Analytics can be found in the Google Analytics help center (https://support.google.com/analytics/answer/6004245?hl=de) .
8. Cooperation with processors
As with any large company, we also use external domestic and foreign service providers to process our business transactions (e.g. for IT, logistics, telecommunications, sales and marketing). These service providers only act in accordance with our instructions and are contractually obliged to comply with data protection regulations within the meaning of Art. 28 GDPR.
9. Requirements for the transfer of personal data to third countries
As part of our business relationships, your personal data may be passed on or disclosed to third-party companies. These may also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing takes place exclusively to fulfil contractual and business obligations and to maintain your business relationship with us (legal basis is Art. 6 para. 1 lit. b or lit. f in each case in conjunction with Art. 44 et seq. GDPR). We will inform you about the respective details of the transfer at the relevant points below.
The European Commission certifies that some third countries have a level of data protection comparable to the EEA standard by means of so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en ). However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed. This is possible via binding corporate rules, standard contractual clauses of the European Commission for the protection of personal data pursuant to Art. 46 para. 1, 2 lit. c GDPR (the standard contractual clauses of 2021 are available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D0915&locale-en ), certificates or recognized codes of conduct.
10. Integration of social media components and plugins
We use social plug-ins from the social networks Instagram, Facebook, X (formerly Twitter), Pinterest, FlickR and LinkedIn on our website on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR in order to make us better known or to refer to our profiles there. The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of the GDPR. Responsibility for data protection-compliant operation must be guaranteed by the respective provider. If the social plugins are integrated on the website, we will obtain your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
a) Instagram
Our website also uses so-called social plugins ("plugins") from Instagram, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. ("Instagram") is operated. The plugins are labelled with an Instagram logo, for example in the form of an "Instagram camera".
When you access a page on our website that contains such a plugin, your browser establishes a direct connection to Instagram's servers. The content of the plugin is transmitted by Instagram directly to your browser and integrated into the page. Through this integration, Instagram receives the information that your browser has accessed the corresponding page of our website, even if you do not have an Instagram profile or are not currently logged in to Instagram.
This information (including your IP address) is transmitted from your browser directly to an Instagram server in the USA and stored there. The data transfer to the USA is based on the standard contractual clauses of the EU Commission, which can be viewed at https://www.facebook.com/legal/EU_data_transfer_addendum , https://privacycenter.instagram.com/policy/ and https://de-de.facebook.com/help/566994660333381 . If you are logged in to Instagram, Instagram can directly associate your visit to our website with your Instagram account. If you interact with the plugins, for example by clicking the "Instagram" button, this information is also transmitted directly to an Instagram server and stored there. The information is also published on your Instagram account and displayed to your contacts there.
If you do not want Instagram to assign the data collected via our website directly to your Instagram account, you must log out of Instagram before visiting our website.
Further information on how your data is handled can be found at https://help.instagram.com/155833707900388 and https://privacycenter.instagram.com/policy/
b) LinkedIn
We have also integrated components of the website www.linkedin.com on our website. LinkedIn is operated outside the USA by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter: "LinkedIn"). LinkedIn is a social network especially for business contacts.
You can recognize the LinkedIn plugins by the buttons with the LinkedIn logo or by the designation "in". This is an offer from LinkedIn.
By accessing pages of this website on which LinkedIn plugins have been integrated, your browser establishes a direct connection with the LinkedIn servers. The content of the plugin is transmitted by LinkedIn directly to your browser, which integrates it into the website. By integrating the plugins, LinkedIn receives the information that your browser has accessed the corresponding page of our website.
If you are logged in to LinkedIn with your own profile, LinkedIn can assign your visit to our website, the subpages you visit and the duration of your visit directly to your LinkedIn account. This takes place regardless of whether you use a LinkedIn button. If you interact with the plugins, for example by clicking the "Share" button, the corresponding information is also transmitted directly to a LinkedIn server and stored there. Depending on your settings, the information may also be published on linkedin.com and displayed to your contacts. The data transfer to the USA is based on the standard contractual clauses of the EU Commission, which can be viewed at https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs .
If you do not want LinkedIn to associate the data collected via our website with your LinkedIn account, you must log out of LinkedIn before visiting our website. The applicable data protection provisions of LinkedIn, including the option of deactivating cookies from LinkedIn, can be found in LinkedIn's privacy policy, available at https://www.linkedin.com/legal/privacy-policy?
LinkedIn also uses advertising cookies. You can find out how to deactivate these at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out .
c) Facebook
On our website, we also refer to the social network Facebook, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). The plugins are labelled with a Facebook logo or the addition "Social plugin from Facebook" or "Facebook Social Plugin". An overview of the Facebook plugins and their appearance can be found here: https://developers.facebook.com/docs/plugins .
When you visit a page on our website that contains such a plugin, your browser establishes a direct connection with the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser, which integrates it into the website.
By integrating the plugins, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not currently logged in to Facebook. This information (including your IP address) is transmitted directly from your browser to a Facebook server in the USA and stored there.
If you are logged in to Facebook, Facebook can directly associate your visit to our website with your Facebook account. If you interact with the plugins, for example by clicking the "LIKE" or "SHARE" button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends.
Facebook may use this information for the purposes of advertising, market research and customizing Facebook pages. For this purpose, Facebook creates usage, interest and relationship profiles, e.g. to analyze your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services associated with the use of Facebook.
If you do not want Facebook to assign the data collected via our website to your Facebook account, you must log out of Facebook before visiting our website.
The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights in this regard and setting options to protect your privacy can be found in Facebook's data protection information https://www.facebook.com/about/privacy/ .
d) X (formerly Twitter)
We also use the social media plugin from X (formerly Twitter) on our website, which is operated by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland. This is a social network. The network is labelled with an "X" or with the familiar "bird" logo.
The purpose and scope of the data collection and the further processing and use of the data by X as well as your rights in this regard and setting options to protect your privacy can be found in X's data protection information https://x.com/de/privacy .
Twitter Inc. has committed to the principles of the EU-US Data Privacy Framework. You can find more information on this at: https://www.dataprivacyframework.gov/s/
e) Pinterest
We also use buttons or widgets on our website from Pinterest, which is operated by Pinterest Europe Limited, 2nd Floor, Palmerston House, Fenian Street, Dublin 2, Ireland. It is a social network that allows you to share photos, comment, favorite and curate posts, send messages and subscribe to profiles. The network is labelled with a "P".
The purpose and scope of the data collection and the further processing and use of the data by Pinterest as well as your rights in this regard and setting options to protect your privacy can be found in Pinterest's data protection information https://policy.pinterest.com/de/privacy-policy and https://help.pinterest.com/de/article/review-personal-data-options
f) FlickR
We also use buttons or widgets from FlickR on our website, which is operated by FlickR Inc, 67 E Evelyn Ave 200, Mountain View, CA 94041, USA. It is a platform that allows you to share photos, comment, favorite, send messages and subscribe to profiles. The network is labelled with "two dots".
The purpose and scope of the data collection and the further processing and use of the data by FlickR as well as your rights in this regard and setting options to protect your privacy can be found in the data protection information https://www.flickr.com/help/privacy
g) YouTube
We also use YouTube buttons on our website, which is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This is a video platform. The network is labelled with the "Play" symbol.
The purpose and scope of the data collection and the further processing and use of the data by YouTube as well as your rights in this regard and setting options for protecting your privacy can be found in the data protection information https://policies.google.com/privacy , https://support.google.com/youtube/answer/10364219?hl=de and https://www.youtube.com/intl/ALL_de/howyoutubeworks/user-settings/privacy/.
11. No automated decision-making (including profiling)
We do not intend to use personal data collected from you for automated decision-making (including profiling).
12. Rights of data subjects
You have the right:
· to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
· in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;
· to demand the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
· in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
· in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller;
· in accordance with Art. 7 para. 3 GDPR, to revoke your consent once given to us at any time. The consequence of this is that we may no longer continue the data processing that was based on this consent in the future and
· to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office.
Responsible data protection supervisory authority:
The Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Str. 22, 20459 Hamburg
Telephone: (040) 428 54 - 4040 (Hamburg Telephone Service)
E-mail: mailbox@datenschutz.hamburg.de
Link to the homepage https://datenschutz-hamburg.de/
13. Right of objection
If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation.
If you wish to exercise your right of cancellation or objection, simply send an e-mail to INFO@VILLA-MONACO.FR
14. Data security
We use the widespread SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser when you visit our website. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can recognize whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.
We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
15. Topicality and amendment of this data protection declaration
This privacy policy is currently valid and was last updated in September 2024. Due to the further development of our website or due to changes in legal or official requirements, it may become necessary to amend this privacy policy. The current privacy policy can be viewed at any time on the website at https://www.xy.de/datenschutz and printed out at any timE.