Privacy Policy - Apartmani Ćosić

1. An Overview of Data Protection

General Information

The following information will provide you with an easy to navigate overview of what will happen with your personal data when you visit this website. The term “personal data” comprises all data that can be used to personally identify you. For detailed information about the subject matter of data protection, please consult our Data Protection Declaration, which we have included beneath this copy.

Data Recording on This Website

Who is the responsible party for the recording of data on this website (i.e. the “controller”)?

The data on this website is processed by the operator of the website, whose contact information is available under section “Information about the responsible party (referred to as the “controller” in the GDPR)” in this Privacy Policy.

How do we record your data?

We collect your data as a result of your sharing of your data with us. This may, for instance, be information you enter into our contact form.

Other data shall be recorded by our IT systems automatically or after you consent to its recording during your website visit. This data comprises primarily technical information (e.g. web browser, operating system or time the site was accessed). This information is recorded automatically when you access this website.

What are the purposes we use your data for?

A portion of the information is generated to guarantee the error-free provision of the website. Other data may be used to analyze your user patterns. If contracts can be concluded or initiated via the website, the transmitted data will also be processed for contract offers, orders, or other order inquiries.

What rights do you have as far as your information is concerned?

You have the right to receive information about the source, recipients, and purposes of your archived personal data at any time without having to pay a fee for such disclosures. You also have the right to demand that your data are rectified or eradicated. If you have consented to data processing, you have the option to revoke this consent at any time, which shall affect all future data processing.

Moreover, you have the right to demand that the processing of your data be restricted under certain circumstances. Furthermore, you have the right to log a complaint with the competent supervising agency.

Please do not hesitate to contact us at any time if you have questions about this or any other data protection-related issues.

Analysis Tools and Tools Provided by Third Parties

There is a possibility that your browsing patterns will be statistically analyzed when you visit this website. Such analyses are performed primarily with what we refer to as analysis programs.

For detailed information about these analysis programs, please consult our Data Protection Declaration below.

2. Hosting

We are hosting the content of our website at the following provider:

External Hosting

This website is hosted by an external service provider (host). Personal data collected on this website are stored on the servers of the host. These may include, but are not limited to, IP addresses, contact requests, metadata and communications, contract information, contact information, names, web page access, and other data generated through a website.

The host is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of secure, fast and efficient provision of our online services by a professional provider (Art. 6 para. 1 lit. f GDPR). If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

Our host will only process your data to the extent necessary to fulfil its performance obligations and to follow our instructions with respect to such data.

We are using the following host:

Hostinger.com
WordPress.com

Data Processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

3. General Information and Mandatory Information

Data Protection

The operators of this website and its pages take the protection of your personal data very seriously. Hence, we handle your personal data as confidential information and in compliance with the statutory data protection regulations and this Data Protection Declaration.

Whenever you use this website, a variety of personal information will be collected. Personal data comprises data that can be used to personally identify you. This Data Protection Declaration explains which data we collect as well as the purposes we use this data for. It also explains how, and for which purpose the information is collected.

We herewith advise you that the transmission of data via the Internet (i.e., through e-mail communications) may be prone to security gaps. It is not possible to completely protect data against third-party access.

Information About the Responsible Party (Controller in the GDPR)

The data processing controller on this website is:

Marjan Cosic
Neckartal Str. 70
64760 Oberzent
Telefon: +49 176 49971214
E-Mail: m.cosic@hotmail.de

The controller is the natural person or legal entity that single-handedly or jointly with others makes decisions as to the purposes of and resources for the processing of personal data (e.g., names, e-mail addresses, etc.).

Storage Duration

Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for which it was collected no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial law retention periods); in the latter case, the deletion will take place after these reasons cease to apply.

Legal Basis for Data Processing

If you have consented to data processing, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, if special categories of data are processed. In the case of explicit consent to the transfer of personal data to third countries, data processing is also based on Art. 49 para. 1 lit. a GDPR.

If you have consented to the storage of cookies or access to information in your device (e.g., via fingerprinting), processing is also based on § 25 para. 1 TTDSG. Consent can be revoked at any time.

If your data is required for the fulfillment of a contract or pre-contractual measures, we process it on the basis of Art. 6 para. 1 lit. b GDPR. If necessary for a legal obligation, on Art. 6 para. 1 lit. c GDPR. Otherwise, processing may occur on the basis of our legitimate interest per Art. 6 para. 1 lit. f GDPR.

Recipients of Personal Data

We cooperate with various external parties. Data may be transferred if required for contract fulfillment, legal obligations, legitimate interests (Art. 6 para. 1 lit. f GDPR), or other lawful bases. When using processors, we do so under valid data processing agreements.

Information on Data Transfer to the USA

We use tools from companies in the United States or other non-EU countries. If active, personal data may be transferred and processed outside the EU. These countries may not ensure EU-equivalent data protection. U.S. companies may be compelled to share data with security agencies, and data subjects may not have legal recourse.

Revocation of Your Consent to Data Processing

You can revoke any consent given at any time. This does not affect data processing lawfully done before the revocation.

Right to Object to Data Collection in Special Cases; Direct Advertising (Art. 21 GDPR)

IN THE EVENT THAT DATA ARE PROCESSED ON THE BASIS OF ART. 6 PARA. 1 LIT. (E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA BASED ON GROUNDS ARISING FROM YOUR UNIQUE SITUATION.

This also applies to profiling. We will no longer process your data unless compelling legitimate grounds exist or for the defense of legal claims (Art. 21 para. 1 GDPR).

IF YOUR DATA IS USED FOR DIRECT ADVERTISING, YOU MAY OBJECT AT ANY TIME. THIS ALSO APPLIES TO PROFILING RELATED TO SUCH ADVERTISING.

If you object, your data will no longer be used for direct advertising (Art. 21 para. 2 GDPR).

Right to Log a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in your place of residence, work, or where the infringement occurred. This right applies regardless of any other legal remedies.

Right to Data Portability

You have the right to receive data we process automatically based on your consent or for contract fulfillment in a machine-readable format or request transmission to another controller, if technically feasible.

Information, Rectification, and Eradication of Data

Within statutory limits, you may request information about your stored personal data, its origin, recipients, and purpose. You also have the right to request correction or deletion. Feel free to contact us anytime for more information.

Right to Demand Processing Restrictions

You have the right to demand restrictions on processing under certain conditions:

You contest the accuracy of your data — we will restrict processing while verifying.
The processing is unlawful, but you prefer restriction over deletion.
We no longer need the data, but you need it for legal claims.
You have objected under Art. 21 para. 1 GDPR, and we are assessing whose interests prevail.

If processing is restricted, such data will only be processed (excluding storage) with your consent or for legal claims, the protection of others, or public interest of the EU or its member states.

SSL and/or TLS Encryption

For security reasons and to protect confidential content (e.g., orders or inquiries), this site uses SSL or TLS encryption. An encrypted connection shows as “https://” in the browser and a lock icon.

If encryption is active, third parties cannot read the transmitted data.

Rejection of Unsolicited Emails

We object to the use of contact details published as part of our Site Notice for unsolicited advertising. We reserve the right to take legal action in the case of unsolicited advertising (e.g., spam emails).

4. Recording of Data on This Website

Cookies

Our website uses "cookies" — small data files that are stored on your device and do not cause any harm. Cookies may be temporary (session cookies) or persistent (permanent cookies). Session cookies are deleted automatically when you leave the website. Permanent cookies remain on your device until you delete them manually or your browser removes them automatically.

Cookies can be set either by us (first-party cookies) or by third parties (third-party cookies). Third-party cookies enable features or services provided by external companies (e.g., payment processing).

Cookies serve various purposes. Some are technically essential for the website to function correctly (e.g., the shopping cart or media display). Others help analyze user behavior or serve marketing purposes.

Essential cookies required for electronic communication, for functions explicitly requested by you, or for website optimization (such as audience analytics), are stored in accordance with Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the reliable and optimized delivery of services. Where consent for cookies or similar technologies (such as device fingerprinting) is explicitly obtained, the legal basis is Art. 6(1)(a) GDPR and § 25(1) TTDSG. You may revoke your consent at any time.

You can configure your browser to notify you about cookie placement, allow cookies on a case-by-case basis, block cookies entirely, or delete cookies automatically when you close the browser. Please note that disabling cookies may impair the functionality of some parts of this website.

Details on the specific cookies and third-party services used can be found later in this privacy policy.

Contact Form

When you contact us via the website’s contact form, the information you provide—including any contact details—will be stored and used to process your inquiry and any follow-up questions. We do not share this data without your consent.

The processing of your data is based on Art. 6(1)(b) GDPR if your request relates to the execution of a contract or pre-contractual measures. In other cases, it is based on our legitimate interest in efficiently responding to inquiries (Art. 6(1)(f) GDPR), or on your consent (Art. 6(1)(a) GDPR), if such consent has been given. You may revoke your consent at any time.

We will store the data you provide in the contact form until you request its deletion, revoke your consent, or the purpose for the storage no longer applies (e.g., after your inquiry has been resolved). Mandatory legal provisions—particularly retention periods—remain unaffected.

Contact via E-Mail, Telephone, or Fax

If you contact us by e-mail, phone, or fax, your inquiry, including all personal data involved (e.g., name, request details), will be stored and processed by us in order to handle your request. We will not share your data without your consent.

Data is processed in accordance with Art. 6(1)(b) GDPR if your request relates to contract execution or pre-contractual measures. In all other cases, processing is based on our legitimate interest in efficiently managing inquiries (Art. 6(1)(f) GDPR) or your consent (Art. 6(1)(a) GDPR), if it has been given. You may revoke your consent at any time.

We will retain the data you submit until you ask us to delete it, revoke your consent, or the purpose for storing it no longer exists. Statutory legal obligations—especially retention requirements—remain unaffected.

5. Social Media on This Website

Social Media Elements with Shariff

We use social media plugins on this website (e.g., Facebook, Twitter, Instagram, Pinterest, XING, LinkedIn, Tumblr). These elements are recognizable by the respective social media logos.

To protect your data, we use the “Shariff” solution. This method prevents personal data from being transferred to social media providers as soon as you enter our site. A direct connection to the provider’s server will only be established once you activate the plugin by clicking the respective button, indicating your consent.

Upon activation, the provider receives information such as your IP address and the fact that you visited our site. If you are logged into your social media account, the visit may be linked to your user account.

Activating the plugin is considered consent under Art. 6(1)(a) GDPR and § 25(1) TTDSG. You can revoke your consent at any time. This service helps fulfill legal requirements, with the legal basis being Art. 6(1)(c) GDPR.

Facebook

We have integrated elements of Facebook provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Facebook may transfer data to the USA and other third-party countries.

Once the plugin is activated, Facebook receives information including your IP address and your visit to our website. If you click the Like button while logged into your Facebook account, content may be linked to your profile. We do not have access to the data transferred or how Facebook uses it.

You can view more details on Facebook plugins here: https://developers.facebook.com/docs/plugins/

Facebook’s privacy policy: https://de-de.facebook.com/privacy/explanation

Data sharing is based on Standard Contractual Clauses (SCC):
EU Data Transfer Addendum,
Facebook Help,
Privacy Policy.

We and Meta Platforms Ireland Limited are joint controllers for data collection and forwarding under Art. 26 GDPR. This applies only to the initial collection and forwarding. The full agreement can be read here:
https://www.facebook.com/legal/controller_addendum.

Facebook is responsible for user rights (e.g., data access requests). If you contact us, we are obliged to forward the request to Facebook.

Instagram

This website includes Instagram features provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

Once activated, a direct connection is made to Instagram’s servers and they receive data such as your IP and visit to our site. If logged into Instagram, clicking the Instagram button may link this visit to your account.

We do not have access to the content or use of the transferred data. Instagram’s privacy policy:
https://instagram.com/about/legal/privacy/

If consent is given, processing is based on Art. 6(1)(a) GDPR and § 25 TTDSG. You may revoke this at any time. If no consent is given, data is processed based on our legitimate interest in promoting visibility.

We and Meta Platforms Ireland Limited are joint controllers for the initial collection and forwarding of data (Art. 26 GDPR). You can read the joint controller agreement here:
https://www.facebook.com/legal/controller_addendum

Standard Contractual Clauses apply to data transfers to the US:
EU SCCs,
Instagram Help,
Facebook Help.

6. Plugins and Tools

Google Maps

This site uses the Google Maps service. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

To use Google Maps features, your IP address must be stored. This data is typically transferred to a Google server in the USA. We have no control over this data transfer. When Google Maps is activated, Google may also load Google Web Fonts to display text and fonts uniformly. Your browser will load these fonts into its cache.

Using Google Maps is based on our legitimate interest in providing a visually appealing online presence and helping users locate places shown on the website (Art. 6 para. 1 lit. f GDPR). If consent has been requested, data processing is based exclusively on Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG (regarding cookies or device access). Consent may be revoked at any time.

Data transfer to the USA is based on Standard Contractual Clauses (SCC) of the EU Commission:
GDPR Controller Terms,
SCCs.

Google’s privacy policy: https://policies.google.com/privacy?hl=de

Our Social Media Appearances

This privacy policy applies to our presence on:

Facebook – Apartmani Cosic

Data Processing Through Social Networks

We maintain publicly accessible profiles in social networks. When you visit these profiles, your user behavior may be analyzed. If you’re logged into your social media account, your visit can be linked directly to your user account.

Even without being logged in, data such as your IP address or stored cookies may be used to create user profiles and show you personalized content or advertising across platforms and devices.

Please note, additional data processing may occur depending on the platform and provider. Refer to their privacy policies for complete details.

Legal Basis

Our social media presence is intended to provide the broadest online visibility and interaction with users. This is a legitimate interest as defined in Art. 6 para. 1 lit. f GDPR. Some processing actions may also rely on Art. 6 para. 1 lit. a GDPR (consent), depending on the platform.

Responsibility and Assertion of Rights

When you visit our profiles (e.g., on Facebook), we share responsibility with the platform provider for the data processing. You may exercise your rights (e.g., access, deletion, data portability) either through us or the platform operator.

Please note, however, that we have limited control over the processing activities conducted by social platforms.

Storage Time

We delete any data collected directly through our social profiles as soon as the purpose no longer applies, or if you request deletion or withdraw consent. Stored cookies remain until deleted manually. Legal retention periods remain unaffected.

For data storage policies of each social platform, consult their respective privacy statements.

Individual Social Networks

Facebook

We have a Facebook profile. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Meta may transfer your data to the USA and other third countries.

You can manage your advertising preferences here:
Facebook Ad Settings

Data transfers are based on the EU Standard Contractual Clauses (SCC):
EU Data Transfer Addendum,
Facebook Help Center

Facebook’s privacy policy: https://www.facebook.com/about/privacy/

Source: e-recht24.de