top of page
Bildschirmfoto 2021-11-29 um 22.14.47.jpg
Privacy policy

Table of Contents

1. Objective, responsible body and reference to the minimum age and group of persons concerned

2. Notes on the content of the website

3. Data security

4. Your rights with regard to data protection according to GDPR

5. Basic information on data processing

6. Log files: terminology, legal bases and legitimate interests 

7. Cookies. Terminology, right of objection and legal basis as well as legitimate interests 

8. Hosting

9. Integration of services and content from third parties

10. Links to social media or links to websites of other providers

11. Contacting us 

12. Online booking

13. Changes to the privacy policy


1. Objective, responsible body and reference to the minimum age and group of persons concerned

1.1. This data protection declaration clarifies the type, scope and purpose of the processing (including collection, processing and use as well as obtaining consent) of personal data within our online offer and the associated websites, functions and content (hereinafter jointly referred to as "online offer") or "Website"). The data protection declaration applies regardless of the domains, systems, platforms and devices used (e.g. desktop or mobile) on which the online offer is carried out.

With regard to the terms used, such as "processing" or "person responsible", we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).


1.2. The provider of the online offer and the body responsible for data protection law is:

Hofgut Maisenburg

Markus Stoll (owner)

Maisenburg 1

72534 Hayingen

Phone: +49 (0) 172 8752651

Fax: +49 (0) 7386 97903


(hereinafter referred to as "provider", "we" or "us"). For the contact options, we refer to our imprint.

1.3. We would like to point out that the minimum age of users for the consent of this data protection declaration is 16 years, provided that the individual states of the European Union do not lower the age limit to 13 years.  


1.4. The term “user” includes everyone  Visitors, users and customers of our online offer. The terms used, such as "user", are to be understood as gender-neutral.


2. Notes on the content of the website

2.1. The free and freely accessible content of this website was created with the greatest possible care. However, the provider of this website does not guarantee the correctness and topicality of the free and freely accessible journalistic advice and news provided. 

Contributions marked by name reflect the opinion of the respective author and not always the opinion of the operator.

2.2. This website contains links to websites of third parties ("external links"). These websites are the responsibility of the respective operators. When the external links were first established, the provider checked the third-party content for any legal violations. At the time, no legal violations were apparent. The provider has no influence on the current and future design and content of the linked pages. The setting of external links does not mean that the provider adopts the content behind the reference or link as his own. 

A constant control of the external links is not reasonable for the provider without concrete evidence of legal violations. However, if we become aware of legal violations, such external links will be deleted immediately.

2.3. The content published on this website is subject to German copyright and ancillary copyright law. Any use not permitted by German copyright and ancillary copyright law requires the prior written consent of the provider or the respective rights holder. This applies in particular to the duplication, editing, translation, storage, processing or reproduction of content in databases or other electronic media and systems. Contents and rights of third parties are marked as such. The unauthorized duplication or distribution of individual content or complete pages is not permitted and is punishable by law. Only the production of copies and downloads for personal, private and non-commercial use is permitted.

The presentation of this website in external frames is only permitted with written permission.

The use of the contact details in the imprint for commercial advertising is expressly not desired, unless the provider has given his prior written consent or a business relationship already exists. The provider and all persons named on this website hereby object to any commercial use and disclosure of their data.

3. Data security

3.1. The security procedure (SSL-Secure Sockets Layer) used for our website corresponds to the usual state of the art and is also used by banks, for example, for data protection in online banking.  


3.2. We also use suitable technical and organizational security measures to protect your personal data stored by us against manipulation, partial or complete loss and against unauthorized access by third parties. We strive to continuously improve our security measures in line with technological developments.  


3.3. All of our data processing employees are bound to secrecy. When you access our server, your IP address (Internet protocol address), the type of request, protocol type and access status are stored for the purpose of data security. Furthermore, the date and time of the requested data, the size and name of the file as well as information about the website from which you found us and the description of the type of web browser version used, including the operating system, are recorded and saved. An evaluation, with the exception of statistical purposes in anonymous form, does not take place.


4. Your rights with regard to data protection according to GDPR

If your personal data is processed, you have the following rights:

4.1. Right to withdraw consent:

4.1.1. In accordance with Art. 7 Paragraph 3 GDPR, you have the right to revoke your consent at any time.  

4.1.2. Withdrawing consent does not mean that the data processing carried out on the basis of the consent up to the point in time of the withdrawal becomes ineffective.  


4.2. Right to information:  

4.2.1. In accordance with Art. 20 GDPR, you have the right to request information from us about data relating to you and its transmission in a commonly used electronic form, as well as a copy of this data.

4.2.2. A written and signed request to our postal address is required for information about personal data.  


4.3. Right to rectification:

4.3.1. In accordance with Art. 16 GDPR, you have the right to request us to correct incorrect or incomplete data concerning you - also by means of a supplementary declaration.

4.3.2. For the correction of personal data only an oral communication is required.


4.4. Right to erasure:

4.4.1. In accordance with Art. 17 and 18 GDPR, you have the right to request that we delete your own data if: the storage of the data is no longer necessary the user has revoked their consent to data processing the data has been processed unlawfully there is a legal obligation to delete under EU or national law

4.4.2. However, the right of users to resolve their own data does not apply if: freedom of expression and information predominate the data storage serves to fulfill a legal obligation the public interest in the area of public health prevails Archival, scientific and historical research purposes oppose this the storage is necessary for the establishment, exercise or defense of legal claims

4.4.3. A written and signed request to our postal address is required for the deletion of personal data.


4.5. Right to object

4.5.1. Under the conditions of Art. 21 Paragraph 1 GDPR, you can object to the processing of your data for reasons that arise from your particular situation.  

4.5.2. If you exercise your right to object, we will stop processing the data concerned. However, we reserve the right to further processing if we can demonstrate compelling legitimate reasons for the processing that outweigh your interests, fundamental rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

4.5.3. If your personal data are processed by us in order to operate direct mail, you have the right to object at any time to the processing of your personal data for the purpose of such advertising. If you make use of your right of objection, we will stop processing the data concerned for direct marketing purposes.


4.6. Right to complain to a supervisory authority

4.6.1. Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged violation, if you are of the opinion that the processing of your personal data is against violates the GDPR.

4.6.2. The supervisory authority to which the complaint was lodged informs the complainant about the status and the results of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 GDPR.


5. Basic information on data processing

5.1. We process personal data of users only in compliance with the relevant data protection regulations in accordance with the principles of data economy and data avoidance. This means that the user data is only processed if there is legal permission, in particular if the data is required or required by law to provide our contractual services and online services, or if consent has been given. In doing so, we expressly refrain from collecting customer data from which racial and ethnic origin, political opinions, religious or ideological convictions or union membership or sexual orientation emerge.


5.2. Types of processed data are:  

5.2.1. Inventory data such as names, addresses

5.2.2. Contact details such as, e-mail, telephone numbers

5.2.3. Content data such as text input, photographs, videos

5.2.4. Usage data such as websites visited, interest in content, access times

5.2.5. Meta / communication data such as device information, IP addresses

In addition, we process contract data such as the subject matter of the contract, term, customer category, and payment data, such as bank details, payment history, from our customers, interested parties and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.  


5.3. The duration of the storage of personal data is based on the respective statutory retention period (e.g. commercial and tax retention periods). After the period has expired, the relevant data is routinely deleted, provided that it is no longer required to fulfill or initiate a contract and / or we have no legitimate interest in further storage.


6. Log files: terminology, legal bases and legitimate interests

6.1. Terminology: 

Each time a website / application is accessed, information is sent to the server of our website / application by the respective internet browser of your respective end device and temporarily stored in log files. The data records saved in this process contain the following data, which are saved until they are automatically deleted:  

a. Date and time of access,  

b. Name of the page called up,  

c. IP address of the requesting device,  

d. Referrer URL (URL of origin from which you came to our website),  

e. the amount of data transferred and loading time, product and  

f. version information of the browser used and the name of your access provider.


6.2. Legal basis:

The legal basis for processing the IP address is Article 6 Paragraph 1 Letter f) GDPR.


6.3. Legitimate interests:

Our legitimate interest arises from:

a. Ensuring a smooth connection,

b. Ensuring comfortable use of our website / application,

c. Evaluation of system security and stability.

A direct conclusion about your identity is not possible based on the information and we will not draw it either.

The data is saved and automatically deleted after the aforementioned purposes have been achieved. The standard deadlines for deletion are based on the criterion of necessity.

7. Cookies. Terminology, right of objection and legal basis as well as legitimate interests

7.1. Terminology

"Cookies" are small files that are stored on your device, such as a computer, laptop, tablet or similar, when you visit a website. Various information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after their visit to an online offer. Cookies do not cause any damage to your device and do not contain any viruses, Trojans or other malware.

7.1.1. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online offer and closes his browser. Such a cookie can, for example, store the contents of a shopping cart in an online shop or a login status.

7.1.2. Cookies are referred to as "permanent" or "persistent" and remain stored even after the browser is closed. For example, the login status can be saved if you visit it after several days. Such a cookie can also store your interests, which are used for range measurement or marketing purposes.

7.1.3. Cookies from providers other than the person responsible for operating the online offer are offered as “third-party cookies” (otherwise, if they are only their cookies, they are referred to as “first-party cookies”).


7.2. Right to object:

You can set up your browser so that it does not store our cookies on your device. The help function in the menu bar of most web browsers explains how you can prevent your browser from accepting new cookies, how you let your browser notify you when you receive a new cookie or how you can delete all cookies that have already been received and for can block all others. 

However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.


7.3. Legal basis:

We use cookies on various pages to make visiting our website attractive and to enable the use of certain functions as well as to statistically record the use of our website. If these cookies and / or the information they contain are personal data, the legal basis for data processing is Art. 6 Paragraph 1 Letter f) GDPR.


7.4. Legitimate interests:

Optimizing our website is to be regarded as justified within the meaning of the aforementioned regulation.


8. Hosting

8.1. The hosting services we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating this online offer.


8.2. We or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data from customers, interested parties and visitors to this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer in accordance with Art. 6 Para. 1 letter f GDPR in conjunction with Art. 28 GDPR (conclusion of an order processing contract).


9. Integration of services and content from third parties

9.1. It can happen that content or services from third-party providers, such as city maps or fonts from other websites, are integrated into our online offer. The integration of content from third-party providers always requires that the third-party providers perceive the IP address of the user, since they would not be able to send the content to the user's browser without the IP address. The IP address is therefore required to display this content. Furthermore, the providers of third-party content can set their own cookies and process user data for their own purposes. In doing so, user profiles can be created from the processed data. We will use this content as sparingly and avoiding data as possible and choose reliable third-party providers with regard to data security.


9.2. The following illustration provides an overview of third-party providers and their content, along with links to their data protection declarations, which contain further information on the processing of data and, in some cases already mentioned here, options for objection (so-called opt-out):

9.2.1. - External fonts from Google, Inc., ("Google Fonts"). The integration of Google Fonts takes place via a server call to Google (usually in the USA). Data protection declaration:, Opt-Out:

9.2.2. - Maps of the "Google Maps" service provided by the third-party provider Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Data protection declaration:, Opt-Out:


10. Links to social media or links to websites of other providers

10.1. Our website links to so-called social media (here: Facebook and Instagram) in order to make our company better known. . The legal basis for this link can be seen in Article 6 Paragraph 1 Letter f). The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of the GDPR. Responsibility for the data protection-compliant operation is to be guaranteed by the respective provider.  


10.2. The buttons on the links are designed in such a way that a connection between your PC and the respective network is only established when you click on the link. You will be connected directly to the respective server of the selected social medium. The respective operator is responsible for data protection in the social media networks.


11. Contacting us 

11.1. If you contact us, e.g. via the contact form, e-mail, telephone, fax or post, we will process the personal data that you have voluntarily provided to us in this context for the sole purpose of being in contact with you contact and answer your request.  


11.2. The legal basis for this data processing is Art. 6 Paragraph 1 Letter a), Art. 6 Paragraph 1 Letter b), Art. 6 Paragraph 1 Letter c) GDPR and Art. 6 Paragraph 1 Letter f) GDPR.


11.3. The above-mentioned personal data can be stored in a customer relationship management system (“CRM system”) or a comparable request organization.


12. Online booking

12.1. Data processing when booking online

12.1.1. With the help of the company Lohospo GmbH, Amb Bishofskreuz 1, 79114 Freiburg i, Br embedded us.  The data that you must provide there, such as your first and last name, telephone number and date of entry and exit, are required for the conclusion and implementation of an accommodation contract including the establishment of a "black board" that you only have access to.  

12.1.2. The legal basis for processing your data is Art. 6 Para. 1 Letters a) and b) GDPR. In order to process your e-mail address in the event of a binding order via our website, we are also obliged to send an electronic order confirmation due to legal requirements in the German Civil Code (Article 6 Paragraph 1 Letter c) GDPR).

12.1.3. The booking data entered on our website are stored centrally in a booking system provided by Lohospo. As hosts, we are notified of your booking by email and can access your booking data via our own access to the booking system. We are responsible for the processing of your data on our website under data protection law. However, Lohospo is responsible under data protection law for the processing of your data on the aforementioned booking system. To assert your rights against Lohospo, please contact or another contact option given in the Lohospo GmbH imprint.  

12.1.4. We store the data collected for the execution of the contract for the duration of the contract and until the expiry of the statutory or possible contractual warranty and guarantee rights. After this period has expired, we keep the information of the contractual relationship required under commercial and tax law for the periods specified by law. For this period, the data will only be processed again in the event of a review by the tax authorities.


12.2. Data processing upon payment

12.2.1. We process your payment data for the purpose of payment processing. Depending on the type of payment, we will forward your payment information to third parties (e.g. to your credit card provider for credit card payments).  

12.2.2. The legal basis for this data processing is Art. 6 Paragraph 1 Letter a), Art. 6 Paragraph 1 Letter b), GDPR and Art. 6 Paragraph 1 Letter f) GDPR.  


12.3. Transmission of data on outstanding receivables to debt collection service providers

12.3.1. If you do not pay open invoices / installments despite repeated reminders, we can transfer the data required to carry out a collection to a collection service provider for the purpose of fiduciary collection. Alternatively, we can sell the outstanding receivables to a debt collection service provider. He then becomes the owner of the claim and asserts the claims in his own name.

12.3.2. The legal basis for the transmission of data in the context of fiduciary collection is Art. 6 Paragraph 1 Letter b) GDPR; the transmission of the data in the context of the sale of receivables takes place on the basis of Art. 6 Paragraph 1 Letter f) GDPR.


13. Changes to the privacy policy

13.1. We reserve the right to change the data protection declaration in order to adapt it to changed legal situations or to changes in the service and data processing. However, this only applies to declarations on data processing. If the consent of the user is required or components of the data protection declaration contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the user.

13.2. The users are asked to inform themselves regularly about the content of the data protection declaration

bottom of page