1. data protection at a glance

General information

The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is any data that can be used to identify you personally. Detailed information on the subject of data protection can be found in our privacy policy below.

Data collection on our website

LION Verwaltungs GmbH is responsible for data processing on this website. The contact details can be found in section 3 of this declaration.

On the one hand, your data is collected when you provide it to us (e.g. via contact form or booking). Other data is collected automatically by our IT systems when you visit the website (e.g. technical data such as browser, operating system, time the page was accessed).

Some of the data is collected to ensure that the website is provided without errors. Other data can be used to analyze user behavior.

Your rights

You have the right to free information about the origin, recipient and purpose of your stored personal data at any time. You also have the right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR) and data portability (Art. 20 GDPR). If you have given your consent to data processing, you can revoke it at any time for the future. You also have the right to lodge a complaint with the competent supervisory authority.

Analysis tools and tools from third-party providers

When you visit our website, your surfing behavior may be statistically evaluated. This is mainly done using analysis programs (e.g. Google Analytics). The analysis of your surfing behavior is usually anonymous. The surfing behavior cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. Details can be found in the following sections.

2. hosting

Mittwald

This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster’s servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data.

Host: Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp, Germany

Mittwald is used on the basis of Art. 6 para. 1 lit. f GDPR (legitimate interest in the reliable operation of the website). There is a contract for order processing (AVV) in accordance with Art. 28 GDPR.

3 General notes and mandatory information

Responsible body

The controller responsible for data processing on this website is:

LION Verwaltungs GmbH

Hotel Restaurant CARALEON

Halbinselstraße 70, 88142 Wasserburg (Lake Constance)

Managing Director: Dr. Mario Löwenstein

Phone: +49 8382 9800

E-mail: info@caraleon.de

Kempten Local Court HRB 14110 | VAT ID: DE316910892

Data Protection Officer

We are not legally obliged to appoint a data protection officer. If you have any questions regarding data protection, please contact the above-mentioned controller directly.

Rights of data subjects

You have the following rights vis-à-vis us with regard to your personal data:

• Right to information (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object to the processing (Art. 21 GDPR)

To exercise your rights, please contact: info@caraleon.de

Revocation of your consent

Many data processing operations are only possible with your express consent. You can withdraw your consent at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right of appeal

In the event of violations of the GDPR, you have the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority for Baden-Württemberg is

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg (LfDI BW)

P.O. Box 10 29 32, 70025 Stuttgart

Phone: +49 711 615541-0 | E-Mail: poststelle@lfdi.bwl.de

Website: www.baden-wuerttemberg.datenschutz.de

SSL/TLS encryption

This site uses SSL or TLS encryption for security reasons. You can recognize an encrypted connection by the “https://” in the address bar and the lock symbol in the browser.

4. data collection on this website

Cookies and consent management (compliance)

Our website uses cookies. We use the consent manager Complianz to obtain and document your consent for non-essential cookies and tracking tools. Complianz stores your cookie consent locally in your browser.

Provider: Complianz B.V., Kalmarweg 14-5, 9723 JG Groningen, The Netherlands. Further information: complianz.io. Legal basis for the operation of the Consent Manager: Art. 6 para. 1 lit. c GDPR (legal obligation to provide documented consent).

Server log files

The website provider automatically collects and stores information in server log files (browser type, operating system, referrer URL, host name, time of server request, IP address). This data is not merged with other data sources. Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in secure operation). Storage period: 7 days, then automatic deletion.

Contact form

If you send us inquiries via the contact form, your details, including the contact details you provide, will be stored by us for the purpose of processing the inquiry and for further enquiries. We will not pass on this data without your consent. Legal basis: Art. 6 para. 1 lit. b GDPR (pre-contractual measures). Storage period: Until your request has been fully processed, thereafter up to 10 years in accordance with tax regulations.

Online booking (MEWS)

We use the Mews Systems system (Mews Systems B.V., Amsteldijk 166, 1079 LH Amsterdam, The Netherlands) to process room bookings. When you make a booking, you will be forwarded to the MEWS server. The data entered there (name, address, payment data, travel data) will be processed for the purpose of processing the contract. There is an order processing contract with MEWS in accordance with Art. 28 GDPR. Legal basis: Art. 6 para. 1 lit. b GDPR. Storage period: Booking data is stored for up to 10 years in accordance with the statutory retention obligations.

5. analysis tools

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies to analyze website usage. The information generated by cookies is usually transferred to a Google server in the USA and stored there.

We only use Google Analytics with activated IP anonymization (anonymizeIp). Your IP address is shortened by Google within the EU/EEA before it is transmitted to the USA.

The data transfer to the USA is based on the EU standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR. Legal basis: Your consent pursuant to Art. 6 para. 1 lit. a GDPR (via the cookie banner). You can revoke your consent at any time via the cookie manager on our website. Storage period: 14 months.

You can also prevent the storage of cookies by setting your browser accordingly or by installing a browser add-on: tools.google.com/dlpage/gaoptout

6th Newsletter

CleverReach

We use the CleverReach service (CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany) to send our newsletter. CleverReach is a service with which the newsletter dispatch can be organized and analyzed.

If you would like to subscribe to the newsletter, we need your e-mail address and confirmation that you agree to receive it (double opt-in procedure). There is an order processing contract with CleverReach in accordance with Art. 28 GDPR.

Legal basis: Your consent pursuant to Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time via the “Unsubscribe” link in the newsletter. Storage period: Your data will be deleted as soon as you unsubscribe from the newsletter.

7. reservation services

OpenTable

We use the OpenTable service (OpenTable International Ltd., 1 Montgomery Street, Suite 700, San Francisco, CA 94104, USA) for table reservations in the restaurant.

If you make a table reservation via OpenTable, your details (name, email address, telephone number, reservation details) will be transferred to OpenTable and processed there. The data transfer to the USA takes place on the basis of the EU standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR.

Legal basis: Art. 6 para. 1 lit. b GDPR (fulfillment of contract). Privacy policy of OpenTable: www.opentable.com/legal/privacy-policy. Storage period: in accordance with the statutory retention obligations, up to 10 years.

8. plugins and tools

Google Maps

This site uses Google Maps (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). The use of Google Maps requires the storage of your IP address and may lead to transmission to Google servers in the USA.

Google Maps is only loaded via our cookie banner after you have given your express consent (two-click solution). The data transfer to the USA takes place on the basis of the EU standard contractual clauses (Art. 46 para. 2 lit. c GDPR). Legal basis: Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time via the Cookie Manager.

Google Fonts (locally hosted)

This site uses Google Fonts for the uniform display of fonts. These are installed locally on our server at Mittwald. There is no connection to Google servers.

AI chatbot (AI Engine / OpenAI)

We use an AI-supported chatbot on our website based on AI Engine, which uses technology from OpenAI (OpenAI OpCo, LLC, 3180 18th Street, San Francisco, CA 94110, USA).

When you use the chatbot, your input is transmitted to OpenAI servers in the USA. The data transfer takes place on the basis of the EU standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR. Please do not enter any sensitive personal data (such as credit card numbers or health data) in the chat.

Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in efficient customer communication). Storage period: Chat histories are automatically deleted after 30 days.

WordPress and Elementor

This website is based on WordPress and uses the page builder Elementor. For correct display, connections to the provider’s servers may be established. Further information: wordpress.org/about/privacy/ and elementor.com/privacy-policy/

9. social media

Instagram (embedded feed)

An Instagram feed is integrated on this website (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). When loading the page, connections to Instagram servers are established if you have consented to this.

The Instagram feed will only be loaded via our cookie banner after you have given your express consent. If you are logged into your Instagram account, Instagram can assign the page visit to your profile. Data may be transferred to the USA (standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR).

Legal basis: Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time via the Cookie Manager. Meta privacy policy: privacycenter.facebook.com

Status: February 2026