Privacy policy

General information on the purposes of data processing

The operation of our services is subject to ongoing technical and organizational development. Against this background, it is not possible to describe every detail of data processing conclusively in this privacy policy. The purpose of this policy is therefore to provide you with a transparent overview of how and for what purposes we process personal data in connection with the use of our services.

We process personal data primarily in order to provide, operate and safeguard our services and to ensure smooth and secure operations. This includes, in particular, organizational, technical and security-related processing activities.

In addition, we process personal data where this is necessary to safeguard our legitimate interests, provided that no overriding interests or fundamental rights of the data subjects prevail. This includes, in particular, measures to ensure IT and operational security, to prevent misuse and fraud, to ensure the stability and availability of our systems, and to carry out error analysis and optimization.

In certain cases, we are also legally obliged to process or disclose personal data, for example due to statutory retention obligations under commercial or tax law or in order to comply with official or judicial orders.

We generally limit the processing of personal data to what is necessary for the respective purposes and do not evaluate or use data beyond what is required for these purposes.

To protect personal data, we implement appropriate technical and organizational measures to safeguard such data against unauthorized access, loss, manipulation or unlawful disclosure. In doing so, we follow recognized security standards and regularly adapt our measures to the current state of the art.

§ 2 Responsibility for data processing

We are the responsible party within the meaning of the General Data Protection Regulation (GDPR) for the processing of personal data in connection with the use of our services and offerings.

This means that we decide which personal data are processed, for what purposes the processing takes place, and how the processing is carried out from a technical and organizational perspective.

Our users do not provide their own content within systems controlled by them and do not determine or control the processing of personal data themselves. Accordingly, no processing of personal data is carried out on behalf of our users.

Where we engage external service providers to support the provision of our services, such providers process personal data solely on our behalf and in accordance with our instructions. We ensure through appropriate contractual arrangements that these service providers also comply with the applicable data protection requirements.

§ 3 Categories of personal data

In connection with the use of our services, we process different categories of personal data, depending on the specific context of use. These categories include in particular:

Contact data: this includes information such as name, email address, telephone number or comparable contact details, insofar as such data are provided in the course of an inquiry, reservation or other communication with us.

Usage and booking-related data: this includes information that arises in connection with the use of our services, such as details regarding booked services, times of use, or organizational processes.

Video and image recordings: Video and image recordings may be created in connection with the use of our services. Such recordings are used in particular for documenting the user experience and for making corresponding content available to users.

Technical and device-related data: when using our website or digital services, certain technical information is processed automatically, such as IP address, device and browser information, operating system, access times, and comparable technical log data.

Communication data: if you contact us, we process the content of your communications as well as the related metadata (e.g. time and type of communication).

We generally process only such personal data as are necessary for the respective purposes. Processing of special categories of personal data within the meaning of Article 9 of the GDPR (in particular data concerning health, biometric or genetic data, information relating to religious or philosophical beliefs, political opinions, trade union membership or sexual orientation) does not take place, unless explicitly stated otherwise.

§ 4 Purposes of processing

We process personal data exclusively for specified, explicit and legitimate purposes. Depending on the specific context of use, processing is carried out in particular for the following purposes:

• Organization, execution and documentation of the use of our services.
• Communication with users, responding to inquiries and interaction in connection with our services.
• Creation, storage and provision of video and image recordings for the purpose of documenting the user experience.
• Ensuring the technical functionality, stability and security of our systems, as well as protection against misuse and unauthorized access.
• Detection of malfunctions, analysis of errors and continuous improvement of our services.
• Compliance with statutory retention, documentation and disclosure obligations.

Personal data are not processed for purposes other than those stated above.

§ 5 Legal bases for processing

The processing of personal data is carried out in accordance with the General Data Protection Regulation (GDPR), Regulation (EU) 2016/679, applicable since 25.05.2018.

Where processing is based on consent, such consent may be withdrawn at any time with effect for the future. The lawfulness of processing carried out prior to the withdrawal remains unaffected. Further information on the rights of data subjects, including the right to withdraw consent, is set out in §§ 7, 11 and 12 of this Privacy Policy.

§ 6 Storage period and deletion

We process and store personal data only for as long as this is necessary for the respective purposes or as long as we are legally obliged to retain such data.

Personal data is deleted once the purpose of the processing no longer applies, unless statutory retention obligations prevent deletion. In such cases, the data will be deleted after the expiry of the applicable statutory retention period.

Where processing is based on consent, the relevant personal data will be deleted upon withdrawal of consent, provided that no other legal basis for further processing exists.

Data that is stored in backup systems for technical reasons will be deleted in accordance with regular backup cycles and will not be actively processed in the meantime.

§ 7 Rights of data subjects

Data subjects have the following rights at any time in accordance with the applicable data protection laws:

• The right to free information about the personal data processed by us, including information about the purposes of processing, the categories of personal data processed, and the recipients or categories of recipients.
• The right to rectification of inaccurate personal data without undue delay and the right to completion of incomplete personal data.
• The right to erasure of personal data, provided that the statutory requirements are met and no statutory retention obligations prevent such erasure.
• The right to restriction of the processing of personal data, provided that the statutory requirements are fulfilled.
• The right to receive personal data that is processed on the basis of consent or for the performance of a contract in a structured, commonly used and machine-readable format, or to request the transfer of such data to another controller, insofar as this is technically feasible.
• The right to object at any time, on grounds relating to the particular situation of the data subject, to the processing of personal data insofar as such processing is based on legitimate interests.
• The right to withdraw consent to the processing of personal data at any time with effect for the future. The lawfulness of the processing carried out prior to the withdrawal remains unaffected.
• The right to lodge a complaint with a competent supervisory authority, in particular in the Member State of the data subject's habitual residence, place of work, or the place of the alleged infringement.
• To exercise these rights, data subjects may contact us at any time.

§ 8 Recipients of data and data transfers

The processing of personal data generally takes place within the European Union (EU) or the European Economic Area (EEA). Personal data will only be transferred to recipients in third countries if such transfer is permitted under applicable data protection law.

Where necessary, personal data may be transferred to the following recipients or categories of recipients:

• internal departments, insofar as this is required for the provision of our services,
• external service providers who support us in the operation of our systems or in the provision of our services and who act as data processors,
• public authorities or governmental bodies, insofar as we are legally obliged to do so.

External service providers are engaged exclusively on the basis of contractual arrangements and process personal data solely in accordance with our instructions and in compliance with the applicable data protection regulations.

If, in individual cases, personal data is transferred to countries outside the EU or the EEA, such transfer will only take place if an adequate level of data protection has been determined for the respective third country or if appropriate safeguards within the meaning of the GDPR are in place.

Appropriate safeguards include, in particular, standard contractual clauses approved by the European Commission as well as, where necessary, additional technical and organisational measures to ensure an adequate level of protection for personal data.

No further transfer of personal data to third parties takes place unless the data subject has expressly consented or a legal basis permits or requires such transfer.

§ 9 Technical and organisational measures

We implement appropriate technical and organisational measures to protect personal data against loss, destruction, unauthorised access, unlawful disclosure, alteration, or any other form of unlawful processing.

These measures take into account the state of the art, the nature, scope, context, and purposes of the processing, as well as the varying likelihood and severity of risks to the rights and freedoms of data subjects.

The measures implemented include, in particular, access restrictions, authorisation concepts, measures to ensure the confidentiality, integrity, and availability of data, as well as organisational safeguards to ensure that persons involved in the processing of personal data are adequately informed and bound by confidentiality obligations.

The technical and organisational measures are reviewed regularly and adapted as necessary to current legal, technical, and organisational requirements.

§ 10 Video and image recordings

Video and image recordings may be created in connection with the use of our services. Such recordings are used exclusively for the intended purposes, in particular for documenting the user experience and for making corresponding content available to users.

No further analysis or use of the recordings takes place. The recordings are not used for advertising purposes (e.g. publication on websites or on social media) unless separate consent has been given.

Video and image recordings are stored only for a limited period and in compliance with applicable data protection regulations. Once the relevant purpose no longer applies or the defined retention period has expired, the recordings are deleted unless statutory retention obligations require continued storage.

§ 11 Cookies

Our website uses cookies and similar technologies to ensure the technical functionality of our services, to improve user experience, and to provide certain features.

Cookies are small text files stored on your device. They do not cause any damage and do not contain viruses. Some cookies are technically necessary to ensure the proper functioning of the website. Other cookies are used to analyze the use of our website and to optimize our services.

The storage of cookies and access to information on your device takes place on the basis of Section 25 of the German Telecommunications-Telemedia Data Protection Act (TTDSG). Where consent is required, processing will only take place on the basis of your prior consent. Technically necessary cookies are used on the basis of statutory permissions.

When you first visit our website, you will be asked via a consent tool to provide your consent for the use of non-essential cookies. You may adjust or withdraw your consent at any time with effect for the future.

§ 12 Web Analytics

Provided you have given your consent, we use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables us to analyze the use of our website and to continuously improve our services. In this context, information about user behavior, interactions on the website, and technical data may be processed.

We only process your data based on your consent. The data collected through Google Analytics may be transferred to Google's servers and processed there, including in countries outside the European Union.

Where this is the case, the transfer is based on appropriate safeguards within the meaning of the GDPR, in particular through the use of the European Commission's standard contractual clauses.

If you would like to learn more about how Google processes data, you can find further information at:
https://policies.google.com/privacy

§ 13 Withdrawal of consent to data processing

In addition to the rights set out in § 7, the following applies: certain processing activities are carried out solely on the basis of your explicit consent. You may withdraw any consent you have given at any time with effect for the future.

The withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.

§ 14 Right to object to the processing of personal data

In addition to the general data subject rights set out in § 7, data subjects have the right to object at any time to the processing of personal data where such processing is based on legitimate interests.

If an objection is raised, we will no longer process the personal data concerned unless there are compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or the processing serves the establishment, exercise, or defence of legal claims.

Where personal data is processed for the purposes of direct marketing, data subjects may object to such processing at any time. In this case, the personal data will no longer be processed for these purposes.

§ 15 Right to lodge a complaint with the competent supervisory authority

Without prejudice to any other administrative or judicial remedies, data subjects have the right to lodge a complaint with a competent data protection supervisory authority.

The right to lodge a complaint exists in particular with the supervisory authority of the Member State of the data subject's habitual residence, place of work, or the place of the alleged infringement, where the data subject considers that the processing of personal data relating to them infringes the General Data Protection Regulation (GDPR).

§ 16 Responsible controller

The responsible controller within the meaning of the General Data Protection Regulation (GDPR) is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

The responsible controller for the processing of personal data on this website is:


Managing director:
33824 Werther

Telefon: 05203
E-Mail: werther@another-world.com

§ 17 Data Protection Officer

The appointed Data Protection Officer of is:

E-Mail: werther@another-world.com
Telefon: 05203

The Data Protection Officer is available to answer any questions regarding the processing of your personal data and the exercise of your data protection rights.