Privacy Statement

The hotel Vorfelder places great value on protecting your personal data. We treat your personal data strictly confidential by complying with the applicable statutory requirements. This data protection declaration explains our handling of your personal data as well as your other usage data which we receive from you.


Responsible Office

Hotel Vorfelder
Bahnhofstraße 28
69190 Walldorf
Phone +49 (0)6227 6990
Fax +49 (0)6227 30541


External data protection officer

aubex GmbH
1. Industriestraße 28
68766 Hockenheim
Phone +49 (0)605 2323290


Personal data

Personal data is individual information about personal or factual circumstances of a certain or specifiable natural person. This includes information such as your name, your address, your telephone number and your date of birth. We collect, process or use your personal data only for the purpose for which you provided this data to us. Your personal data provided to us will not be forwarded to third parties without your permission, with the exception of cases in which we are obligated to release this data based on mandatory statutory provisions.


Usage-oriented data

Every web server automatically registers the access to websites. When visiting our homepage our web server will temporarily save every access in a log file (Server-Logfiles). The following data will be recorded and saved until the automatic deletion.

  • IP-address of the requesting computer
  • date and time of access
  • name and URL of accessed file
  • volume of data transmitted
  • notification whether file access was successful
  • identification data of used browser and operating system
  • website from which access was obtained
  • name of your internet access provider

The processing of this data allows for the use of the website (connection setup) and provides system security, technical administration of the network infrastructure, as well as optimization of internet services.

Our webserver is configured by default so that all log files are automatically deleted every 14 days. However, we reserve the right to occasionally extend the storage time (manually) or individual IP addresses (manually or automatically) if this is deemed necessary for justifiable security reasons.

Recipient of data is our webhosting provider. Transmission of data to a third country will not take place. The basis for data processing is article 6 paragraph 1 lit. b DSGVO (General Data Protection Regulation) which allows for the processing of data in order to fulfil a contract or pre-contract measures.


Contents and services of third party providers

The offer on our website may also include contents and services provided by other providers supplementing our offer. Examples for such offers are maps from Google-Maps, YouTube-Videos or third party graphic displays. Calling up the third party services requires the transmission of your IP address. This enables these providers to seize and store your IP address. We make every effort to only offer third party providers who will use the IP address solely to deliver the contents. However, we have no influence on which third party provider may possibly store the IP address.

This storage could serve e.g. statistical purposes. If we obtain knowledge of such storage processes by third party providers we will immediately inform our users of this fact. In this respect please observe the special data protection declaration with reference to individual third party providers and service providers which we use on our website.

Please find further information:








Our website uses a SSL-encryption when transmitting any confidential or personal contents of our users. For instance, this encryption is activated when processing payments as well as enquiries sent to us via our website. Please pay attention that you have activated the SSL-encryption when processing the respective activities.

The use of the encryption is easily recognized: the display in your browser line will change from

„http://“ to "https://". Data encrypted via SSL is not readable by third parties. Transmit your confidential information only if the SSL-encryption is activated. In case of doubt please contact us.


Gift card shop – contact forms

You can get in touch with the gift card shop using the contact form we have provided. In this case the user’s personal data transmitted on the form will be stored. The data on this form will not be forwarded to third parties, but will instead be used solely in order to process the conversation.

The legal basis for the processing of personal data transmitted when a contact request is set is point (f) of Art. 6(1) GDPR. If the email contact is intended to facilitate the conclusion of a contract, such as the purchase of a gift card, point (b) of Art. 6(1) GDPR also applies for the processing.

The data will be erased as soon as they are no longer necessary for achievement of the purpose for which they were collected. For the personal data that were sent on the form, this will be the case when the relevant conversation with the user has come to an end. The conversation is ended if the circumstances permit the conclusion that the circumstances concerned have been decisively clarified. If you send us an enquiry when making contact, we will store your details, including the contact details you provided, so that we can respond to your enquiry and any subsequent questions you may have.

We will only use the data for the purposes set out above and store them for the statutory retention period. Any further use of the data from the contact form will only be in anonymised form for statistical purposes (e.g. number of enquiries, success rate of the enquiries, etc.).


Application process

You can apply for a job through our website. If you do so, we will collect and process your application documents by electronic means for the purposes of dealing with your application. The applicable legal basis for this processing is point (a) of Art. 6(1) GDPR in conjunction with point (b) of Art. 6(1) GDPR for the decision whether to establish an employment relationship.

The data needed for the purposes of the application process include your personal data with contact information as well as a description of your training, work experience and skills. You also have the opportunity to send us documents such as certificates or letters.

If an employment contract is concluded following the application process, we will store the data you provided with your application in your personnel file for the purposes of the employment relationship. The legal basis for this processing is likewise (point (b) of Art. 6(1) GDPR.

If your application is no longer under consideration, we will erase the data sent to us upon conclusion of the application process. Exceptions may arise from statutory provisions, such as the German General Equal Treatment Act (Allgemeine Gleichbehandlungsgesetz, AGG), which specify a longer storage period of up to six months or the end of any legal proceedings. In this case the legal basis is point (f) of Art. 6(1) GDPR. Our legitimate interest lies in legal defence.

If you expressly consent to a longer storage period for your data or to being added to a database of applicants or prospects, the data will continue to be processed on the basis of your consent and stored for a period of 12 months.

The legal basis is then point (a) of Art. 6(1) GDPR. However, you can of course withdraw your consent at any time with effect for the future pursuant to Art. 7(3) GDPR by informing us accordingly.



You have the option of registering on our website for our newsletter. We only send newsletters and emails with promotional information with the express consent of the recipient or statutory permission. Our newsletters carry information about products, news, events and special offers.

To register for the newsletter, you need to give us your email address. We also ask for your first name and surname, but you do not have to give them to us. These details will only be used to personalise the newsletter. We also process the following information (personal data) from you:

  • Email address
  • Date and time
  • IP address
  • Action type
  • Action meta data

In order to be able to keep a legally compliant record of consent and proof of subscription, we hold the following data on any registration, amendment, confirmation and subscription to the newsletter for each user profile that is generated with an email address confirmed using the double opt-in procedure:

  • Date and time
  • IP address
  • Online identifiers

Your consent will be obtained for the processing of data as part of the online registration process and reference will be made to this Data Privacy Statement The online registration process for our newsletter uses a double opt-in procedure, i.e. after registering online you will be sent a confirmation email asking you to confirm your registration. The procedure is necessary so that no one can register using email addresses of third parties.

Should you register for our newsletter in another way (e.g. in prize draws, guest questionnaires, etc.), you will not be sent a confirmation email. Your signature confirms that you wish to receive a newsletter.

Newsletters are sent through Newsletter2Go GmbH, Köpenicker Str. 126, 10179 Berlin (delivery service provider). The email addresses of our recipients and the above data will be stored on the servers of the delivery service provider. Newsletter2Go GmbH, Köpenicker Str. 126, 10179 Berlin uses this information to send out and to analyse the newsletters within the scope of commissioned data processing pursuant to Art. 28 GDPR.

Newsletter2Go is a German certified provider selected in accordance with the requirements of the General Data Protection Regulation and the German Data Protection Act (Bundesdatenschutzgesetz, BDSG).

Further information can be found here:

You can at any time withdraw consent given to the storage of your data and email address and their use for sending the newsletter, such as through the “Unsubscribe” link in the newsletter.

We analyse the success and reach of our newsletter (campaigns) with the help of the delivery service provider. We particularly analyse whether you open a newsletter and how else you use the newsletter, for instance. To that end the newsletters contain what is known as a web beacon, i.e. a pixel-sized file that is retrieved from the server of the delivery service provider when the newsletter is opened. In this retrieval technical information is collected about the browser and your system, as well as your IP address and the time of retrieval. The purpose of this collection is to enable technical improvements to the service. In addition, data are collected in order to determine whether and when the newsletters were opened and what links were clicked on.

The legal basis for the processing of personal data that is required for the technical delivery of the newsletter to you and for the processing of the cookie and measurement data is your consent pursuant to point (a) of Art. 6(1) GDPR. The legal basis for the processing of the other personal data is our legitimate interest pursuant to point (f) of Art. 6(1) GDPR. We have a legitimate interest in being able to prove the consent you have given.

You can cancel the newsletter at any time, i.e. withdraw your consent to receiving it. This can be done by clicking on the “Unsubscribe” link at the end of each newsletter.


Use of Google Analytics

On our website we use the web tracking service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 (hereinafter Google Analytics). For web tracking Google Analytics uses cookies that are stored on your computer and enable the use of our website and your browsing behaviour to be analysed (known as tracking). We conduct this analysis on the basis of the Google Analytics tracking service in order to constantly optimise our internet presence and make it more easily available. Data obtained through your use of our website, in particular your anonymised IP address and your user activities, will be sent to servers of Google LLC and processed and stored outside the European Union, e.g. in the USA.

Your IP address will be anonymised by Google Analytics prior to transmission if IP anonymisation is enabled within the Google Analytics tracking code. This website uses a Google Analytics tracking code that has been expanded by the operator “gat._anonymizeIp()” so that IP addresses can only be recorded anonymously (known as IP masking).

The legal basis for the processing of personal data is point (a) of Art. 6(1) GDPR if you have registered with Google, and point (f) of Art. 6(1) GDPR if you have not registered with Google.

Where processing is performed on the basis of point (f) of Art. 6(1) GDPR, the website operator's legitimate interest consists in receiving anonymised information about the website visitors and using this information in order to optimise and improve the website.

Google will use this information on our behalf in order to evaluate your visit to this website in anonymised form, to compile reports on the website activities and to provide additional services to us in connection with the use of the website and the internet. The IP address transmitted by your browser as part of Google Analytics is not associated with other Google LLC data.

Google will store the data of relevance for the provision of web tracking for as long as necessary in order to provide the requested web service. Data will be collected and stored in anonymised form. Should it nevertheless be possible to trace data to a particular person, the data will be erased at once unless they are subject to statutory duties of retention. Data will always be erased when the statutory retention period has expired.

You can prevent the recording and forwarding of your personal data (in particular your IP address) to Google and the processing of these data by Google by disabling the execution of script codes in your browser, installing a script blocker in your browser (available from or, for instance), or enabling the “Do Not Track” setting of your browser. You can also prevent Google from recording the data relating to your use of the website (including your IP address) that are generated by the Google cookie and from processing these data by downloading and installing the browser plug-in available from The security and data privacy policies of Google Analytics can be found at


Google Maps

On our website we use Google Maps to display our location and to generate directions. This is a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter just “Google”. Having been certified under the EU-US Privacy Shield, Google guarantees that the data protection regulations of the EU will also be applied in the processing of data in the USA. If you call up the Google Maps component integrated into our website, Google will save a cookie on your device through your internet browser. To display our location and generate directions, your user settings and data will be processed. We cannot exclude the possibility that Google will use servers in the USA to do so.

The legal basis is point (f) of Art. 6(1) GDPR. Our legitimate interest lies in the optimisation of the functionality of our website. The link to Google that is thereby created enables Google to determine which website your enquiry was sent from and which IP address the directions are to be sent to.

If you do not consent to this processing, you can prevent the installation of cookies by making the corresponding settings in your internet browser. For details of how to do this, please refer to “Cookies”.

Google Maps and of the information acquired through Google Maps are used in accordance with the Google terms of use and the terms and conditions for Google Maps

Further information can be found at


Booking rooms in the Hotel Vorfelder

You can make bookings for the Hotel Vorfelder. This will take you to the online booking tool DIRS21 (hereinafter “OBT”) of TourOnline AG, Borsigstraße 26, 73249 Wernau, Germany (, hereinafter “TOAG”). TOAG processes the data within the OBT as controller. Information and policies on data protection can be found in the data privacy statement of TOAG for the OBT, which you can at any time access from the OBT or view at

The OBT will only collect, process and use personal data to the extent expressly permitted in the pertinent data protection regulations or where the effective consent of the data subject has been obtained.

TOAG will only collect, process and use personal data (e.g. name, address, billing address, payment method, arrival and departure information, etc.) if you yourself gave them to OBT, e.g. for the performance of a contract, and this is done with your express consent. Your personal data will be erased following the end of any contractual relationship. This does not apply for personal data for which statutory retention periods must be observed. TOAG will block these personal data. Further information about the data privacy statement of TOAG can be found at

Personal data will only be forwarded to internal bodies (e.g. hotel service staff) and commissioned data processors in compliance with Art. 28 GDPR. Data will otherwise only be transmitted if this is necessary for the performance of the contract.

Neither quotations nor bookings can be made in the absence of details. These will be processed on the basis of point (b) of Art. 6(1) GDPR for the performance of a contract or in order to take steps prior to entering into a contract.

Under section 30 of the Federal Registration Act (Bundesmeldegesetz, BMG), places offering accommodation, especially hotels, are obliged to collect the following data from guests on the day of their arrival and to have the registration form signed by the guest:

  • Date of arrival and anticipated departure
  • Surname, forenames, date of birth, nationality, address
  • Number of travelling companions and their nationality in the cases set out in section 29 (2) sentences 2 and 3 BMG, serial number of the valid and recognised passport or replacement travel document in the case of foreign persons
  • Any further data required for the collection of tourist and spa taxes

The BMG obliges us to collect, process and forward these data. The legal basis for the processing is point (c) of Art. 6(1) GDPR.

We will erase these data or restrict their processing as soon as this is allowed under the provisions of the BMG, you have not given us any further consent (point (a) of Art. 6(1) GDPR) and we have no other legitimate interest in their continued processing.

Mandatory provisions of commercial and tax law oblige us to retain your address, payment and order data for a period of ten years. We will restrict the processing of these data two years after the end of the contract and reduce processing to the minimum required to comply with existing statutory obligations.



Hotel Vorfelder uses the platform and services of Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland, and operates a Facebook fan page.

We operate this page in order to draw attention to our products and services and to get in contact with you as a visitor. Please note that you yourself are responsible for you use of this Facebook page and its functions. This particularly applies for your use of the interactive functions (e.g. commenting, sharing, rating). Again, our legitimate interest pursuant to point (f) of Art. 6(1) GDPR lies in the processing of your data for the purposes of providing contemporary means of information and interaction for our visitors.

According to a judgment of the European Court of Justice (ECJ), operators of a Facebook page share responsibility with Facebook for the processing of personal data. Facebook processes personal data for the following purposes:

  • Market research
  • Creation of user profiles
  • Advertising and analysis

When you visit our Facebook page, Facebook records your IP address and other information available on your PC in the form of cookies. This information is used in order to provide us, as the operator of the Facebook page, with statistical data about how our Facebook page is used. Facebook provides further information via the following link:

You can make the relevant objection settings here:

The data about you that are collected in this regard will be processed by Facebook Ltd. and may to that end be transferred to countries outside the European Union. Which information Facebook receives and how it is used are explained in general form in Facebook’s data use policies. They also contain information about how to contact Facebook and the setting options for advertisements. The data use policies can be accessed via the following links: and

As the page operator, we can retrieve what are known as “insights”, which are statistical data generated and provided by Facebook. The relevant types of data include in particular:

  • Page activities, post interactions, shared content
  • Total number of page accesses, “like” details
  • Video views
  • Clicks on route planners, clicks on telephone numbers

For further information, please refer to Facebook’s privacy statement. We would like to make it clear that we have no influence on how these data are generated and presented. We use the statistical analyses provided by Facebook in order to optimise the timing of our posts and refine the way we address our users.

As the provider of the information service, we will not collect or process any other personal data from your use of our service unless we expressly advise you of this in a personal communication.

Should you wish to assert your rights (e.g. your right of access or erasure), we recommend that you contact Facebook directly. You can, of course, contact us if you require any assistance in doing so or have any other questions. You can contact us using the following email address: datenschutz(at) If you do not want to have your data processed any longer, then please use the “I don’t like this page any more” button.


Your rights

You have the right to demand confirmation from the controller as to whether personal data concerning you are processed. If this is the case, you have the right to access these personal data and the information set out in detail in Art. 15 GDPR.

You have the right to require the controller to rectify without undue delay incorrect personal data concerning you and where appropriate to complete incomplete personal data (Art. 16 GDPR).

You have the right to require the controller to erase personal data concerning you without undue delay if one of the reasons itemised in Art. 17 GDPR applies, e.g. if the data are no longer necessary for the purposes pursued (right to erasure).

You also have the right to require the controller to restrict processing if one of the requirements itemised in Art. 18 GDPR is met, e.g. if you have objected to the processing, pending verification by the controller.

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is carried out on the basis of point (e) or point (f) of Art. 6(1) GDPR. The controller will no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims (Art. 21 GDPR).

Where the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.

Notwithstanding any other remedy in administrative law or through the courts, every data subject has the right to lodge a complaint with a supervisory authority if they believe that the processing of the personal data concerning them infringes the GDPR (Art. 77 GDPR). The data subject can exercise this right with a supervisory authority in the Member State of their habitual residence, place of work or place of the alleged infringement. In Baden-Württemberg the competent supervisory authority is:

Federal state officer for the privacy imprint and freedon of information Baden-Württemberg

Postfach 10 29 32, 70025 Stuttgart

Königstraße 10a, 70173 Stuttgart

Phone +49 (0)711 6155410
Fax  +49 (0)711 61554115
E-Mail poststelle(at)



You can contact us at the address indicated in the Legal Notice at any time for more information on this or any other issues relating to data privacy. Alternatively, you can contact our Data Protection Coordinator if you wish to assert your rights (datenschutz(at)


German General Equal Treatment Act (AGG)

We make every effort to use gender-neutral terms. Where this is not possible, gender-specific differentiation is waived in order to improve legibility. Accordingly, the terms used on this site should be assumed to represent both genders.

© 2024 Vorfelder - Hotel & Restaurant Walldorf - Webdesign: Werbeagentur zeitlos