Privacy policy - General Privacy Policy
General Privacy Policy

Data protection information

according to Art. 13, 14 of the EU General Data Protection Regulation

Dear Sirs and Madames,

Data protection is an important concern of Schlossbräu Mariakirchen GmbH & Co. KG. Therefore, the handling of personal data of our business partners is conducted in compliance with legal data protection regulations. This privacy policy is addressed to our guests and customers as well as contacts with customers, suppliers, service providers, cooperation partners, partner companies and other business partners and public authorities.

Please also note that for the processing of your personal data via our website a separate information is stored on the website.

Responsible in the sense of the EU data protection regulation is:

Schlossbräu Mariakirchen GmbH & Co. KG
Bahnhofstraße 29
94424 Arnstorf, Germany
Phone: +49 8723 9787-10
Fax: +49 8723 9787-190

You can reach our data protection officer by post or electronically using the following contact data:

Schlossbräu Mariakirchen GmbH & Co. KG
Bahnhofstraße 29
94424 Arnstorf, Germany
Phone: +49 8723 9787-10
Fax: +49 8723 9787-190

We collect, process and use personal data when you provide us with this data (eg by telephone, electronic or written transmission, by handing over a business card, by registering on the website, by contact requests, by booking or reservation), if your employer or client informs us of your contact details (eg if you are referred to us as a contact person or if a service is booked or reserved for you), if we receive your inquiries or bookings electronically from our sales partners and we are entitled to the collection, use and processing by receiving your consent or on the basis of a legal regulation.

Personal data are all information relating to an identified or identifiable natural person (hereinafter referred to as "data subject").

Personal data is for example:

Last name, first name, home address, date of birth, telephone number, e-mail address, if necessary bank details, if necessary credit card data, data on the services you use and any other information you provide us in the course of the business relationship that is relevant for an optimal business partner and customer care.

The above-mentioned personal data are processed for the following purposes:

  • Initiation, planning, execution and administration of the business relationship
  • Processing inquiries and bookings to justify and fulfil the contract with you and for related contacting
  • Processing of services and orders
  • Provision of additional services
  • Compliance with legal requirements (for example, tax and commercial retention requirements, reporting obligations) or existing obligations to carry out compliance screenings (to prevent white-collar crime or money laundering), and notifications in accordance with the German Federal Registration Act.
  • Sending newsletters if you have explicitly consented

The processing of personal data is necessary to achieve the above purposes, including the execution of the (contractual) business relationship with the customer. Legal basis for data processing is - unless otherwise stated - Article 6 (1) (b), and (c) of the General Data Protection Regulation or your expressly granted consent (Article 6 (1) (a) of the General Data Protection Regulation).

We also process your above-mentioned information in order to safeguard our legitimate interests or the legitimate interests of a third party, unless your personal interests prevail (Article 6 (1) (f) of the General Data Protection Regulation). For example, we have an interest in defending or enforcing our legal and economic claims, protecting ourselves against economic, financial or legal risks, marketing ourselves, satisfying you as a customer, and maintaining a long-term and close business relationship with you.

The data processing takes place for the following purposes:

  • settling litigation, enforcing existing contracts and asserting, exercising and defending legal claims
  • To maintain and protect the security of our products and services, and our websites and computer systems, to prevent and detect security risks, fraud or other criminal or intentional acts
  • Providing advertising and information about our hotels, restaurants, services and products
  • Conduct customer surveys to measure satisfaction
  • Checking the creditworthiness and hedging the risks of default

Direct marketing based on our legitimate interest

In some cases, we process your legitimately collected personal data for the purposes of promotional communication on the basis of our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. In this context, our legitimate interest is non-harassing direct advertising and your rights and freedoms are not to be regarded as predominant in comparison.

If we send you advertising via electronic mail (e-mail), we will only use e-mail addresses that we have collected in the context of a sale of goods or services, will only send direct advertising for our own similar goods or services and will only use your e-mail address as long as you have not objected to the sending of direct marketing. To exercise your right of objection in accordance with Article 21 (2) GDPR and § 7 of the  German Fair Trade Practices Act (UWG) with regard to a specific advertisement sent at regular intervals (newsletter), please click on the unsubscribe link provided in each mailing. If you wish to object to all forms of direct marketing in accordance with Art. 21 (2) GDPR, § 7 UWG (German Fair Trade Practices Act), please contact the responsible body (controller). If we send you direct advertising by post on the basis of our legitimate interest, we will use your data for this purpose until you have objected to this form of direct advertising.

We have a digital guest folder (Code2Order) in use that will make your stay even more comfortable. This system allows you to place different orders online, use services and receive information. If you make use of this offer, we process your personal data. First, it involves the data processing required to provide you with the selected service. The legal basis for this depends on the service selected - Article 6 (1) (b), and (c) of the General Data Protection Regulation or your expressly granted consent (Article 6 (1) (a) of the General Data Protection Regulation).On the other hand, the processing of your data is required to operate the digital guest folder.

If you have opted for PayLink (concardis GmbH Helfmann-Park 7, 65760 Eschborn, Germany, phone: +49 69 7922-0, fax: +49 69 7922-4500, as the method of payment, we will use your specified contact details in order to send you the PayLink. As soon as you press this, you will be redirected to this portal and you will have the opportunity to enter your data. The processing of your data and the transfer of your data to this company to process your payment is required for the fulfillment of our contractual relationship in accordance with Art. 6 para. 1 lit. b GDPR.

You are under no obligation, either by law or by contract, to provide us with your information in the manner described herein. You are also welcome to use any other payment method offered by us.

The data you provide to us or transmitted to us by third parties will be kept confidential. Your personal data will not be sold to third parties or otherwise marketed by us.

In principle, the data will not be made available to third parties for use, unless you have given your consent or we are legally entitled and / or obliged to disclose this data.

We transfer personal information to courts, tax authorities, regulators to the extent permitted by law and as required by applicable law, to enforce, exercise, or defend applicable law and lawful claims. However, we take all measures to ensure suitable and appropriate safeguards for the protection of your personal information.

Your personal data will be forwarded to the following companies and organizations for the above purposes:

  • IT service providers who provide us with infrastructure or applications or maintain their proper operation
  • Business partners and third parties as part of our service provision, e.g. if you have ordered us to arrange various services for you
  • Distribution partners and cooperation partners

Transmission to US recipients will only be made if the purpose requires it and the US company is certified under the EU / US Privacy Shield ( This ensures that your data will also be processed in compliance with data protection regulations in the USA (adequacy decision of the European Commission dated 12.07.2016, Ref. C (2016) 4176 final, OJ L 207/1 of 01.08.2016).

Submission to other third countries only takes place if a sufficient level of data protection is ensured. This may be the case through adequacy decisions by the European Commission, or be achieved through the agreement of EU standard contractual clauses.

Insofar as no explicit retention period is specified in the survey (eg as part of a declaration of consent), the personal data are deleted insofar as these are no longer required to fulfill the purpose of the storage, unless there are statutory retention requirements (eg commercial and taxation retention requirements) against a deletion.

Rights of the affected data subjects: right to information, correction, deletion or restriction of your personal data, right to object and right to data transferability

Upon request, we will inform you in writing in accordance with applicable law whether and which personal data about you are stored with us. If you are registered with us as a user, you have the option of viewing your personal data, changing it or deleting it if necessary.

If in spite of our efforts for data security and data correctness wrong information are stored, we will correct these to your respective requirement.

In addition, you have the right to demand that we restrict the processing of personal data.

You have the right to object at any time to the processing of your personal data on the basis of legitimate interests pursuant to Art. 6 paragraph (1) lit. (f) GDPR. We will then no longer process the personal data unless we can prove compelling reasons worthy of protection which outweigh the interests, rights and freedoms of the data subject. In the case of processing for direct marketing purposes, you have an unlimited right of objection, so that we will stop processing in any case if you have objected.

You have the right to request the deletion of your personal data, provided that statutory retention periods do not conflict. We will delete your information if we no longer need it for the purpose for which we collected and processed it, or if you revoke your consent and there is no other legal basis for the further processing of your data. In addition, we will delete your data if the processing has been unlawful for reasons unknown to us or if you object to the processing and there are no legitimate interests for processing. A deletion of your data takes place internally even if we are legally obliged to do so. All links, copies and replications of your personal data should be deleted.

If you have consented to the processing of your personal data, you have the right at any time to withdraw your consent with effect for the future. The revocation of consent does not make data processing illegal in the past.

You are free to submit your data to us. However, these data are required for the further conclusion of the contract or to answer your inquiries. If you do not want to disclose your data, the contract can not be concluded or your requests can not be answered. The provision of the data is required for the conclusion of the contract.

You also have the right to complain to the relevant regulatory authority about the processing of data by our company.

The data protection authority responsible for our company is:

The data protection authority responsible for our company is:

State Office for Data Protection Supervision, Promenade 27 (Schloss), 91522 Ansbach, Germany


If you have any questions about the processing of your personal data by Schlossbräu Mariakirchen GmbH & Co. KG, you can contact our responsible data protection officer at the above-mentioned contact details.