Privacy policy

I. Name and address of the responsible person

The controller within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

MADISON Hotel GmbH

Schaarsteinweg 4

20459 Hamburg

Germany

Tel.:  +49 40 37666 0

E-Mail: info@madisonhotel.de

Website: www.madisonhotel.de

Responsible for web content:

Thomas Kleinertz, Managing Director

Tel.:  +49 40 37666 0

E-Mail: t.kleinertz@madisonhotel.de

II. Name and address of the data protection officer

The data protection officer of the controller is:

TÜV Informationstechnik GmbH

IT Security - Business Security & Privacy

Office for Data Protection

Herr Sukru Sezgin

Am TÜV 1

45307 Essen

Phone 0201 - 8999-899

Fax 0201 - 8999-666

E-Mail: dsb@madisonhotel.de

III. General information on data processing

1. Scope of processing of personal data

We generally only collect and use our users' personal data to the extent that this is necessary to provide a functional website and our content and services. The collection and use of our users' personal data generally only occurs with the user's consent. An exception applies in cases where prior consent cannot be obtained for actual reasons and the processing of the data is permitted by law.

2. Legal basis for the processing of personal data

If we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data. If personal data is necessary to fulfill a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. If the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis. If processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 (1) (f) GDPR serves as the legal basis for processing.

3. Data deletion and storage period

The personal data of the data subject will be deleted or blocked as soon as the purpose for which they were stored no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or fulfillment of a contract.

IV. Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system automatically records data and information from the computer system of the accessing computer.

The following data is collected:

· Information about the browser type and version used

· The user's operating system

· The user's Internet service provider

· The IP address of the user (IP address of the requesting computer) is immediately anonymized so that a personal reference can no longer be established

· Date and time of access

· Websites from which the user's system accesses our website

The data is also stored in the log files of our system. This does not affect the user's IP addresses or other data that enable the data to be assigned to a user. This data is not stored together with other personal data of the user.

 2. Legal basis for data processing

The legal basis for the temporary storage of data is Art. 6 Para. 1 lit. f GDPR.

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session. These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 (1) (f) GDPR.

 4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. If the data is collected to provide the website, this is the case when the respective session has ended.

 5. Possibility of objection and removal

The collection of data to provide the website and the storage of data in log files is essential for the operation of the website. Consequently, the user has no option to object.

Information about hellohotel hosting:

Amazon Web Services (AWS) Germany GmbH
Krausenstr. 38
10117 Berlin
Germany

The servers used for data storage by Amazon Web Services are located within the territory of the Federal Republic of Germany in Frankfurt/Main and are subject to the data protection laws of both national and European legislators. Amazon Web Services also processes your data in accordance with the applicable legal provisions. The privacy policy of Amazon Web Services can be accessed at the following link: https://aws.amazon.com/de/privacy/

V. Use of cookies

 1. Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user visits a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is visited again. We use cookies to make our website more user-friendly. Some elements of our website require that the browser that is visiting the website can be identified even after a page change.

The following data is stored and transmitted in the cookies:

· Language settings

· Items in a shopping cart

We also use cookies on our website that enable us to analyse the surfing behaviour of users. In this way, the following data can be transmitted:

· Search terms entered

· Frequency of page views

The user data collected in this way is pseudonymized using technical precautions. It is therefore no longer possible to assign the data to the user who accessed the site. The data is not stored together with other personal data of the user.

Furthermore, so-called tracking pixels are used when sending the MADISON Hotel GmbH newsletter. A tracking pixel is a miniature graphic that is embedded in marketing emails that are sent in HTML format to enable log file recording and log file analysis. This enables a statistical evaluation of the success or failure of online marketing campaigns to be carried out. The embedded tracking pixel can be used to determine whether an email has been opened by a data subject.

 2. Targeting

Our websites use cookie technology to collect data to optimize our advertising and the entire online offering. This data is not used to identify you personally, but is used solely for a pseudonymous evaluation of the use of the homepage. Your data will never be merged with the personal data stored by us. With this technology, we can present you with advertising and/or special offers and services whose content is based on the information obtained from the clickstream analysis (for example, advertising that is geared towards the fact that only sports shoes have been viewed in the last few days). Our goal is to make our online offering as attractive as possible for you and to present you with advertising that corresponds to your areas of interest.

a. Third-Party-Cookies

We use a number of advertising partners to help make the Internet offering and the websites more interesting for you. Therefore, when you visit the websites, cookies from partner companies are also stored on your hard drive. These are temporary/permanent cookies that are automatically deleted after the specified time. These temporary or permanent cookies (lifetime 14 days to 10 years) are stored on your hard drive and delete themselves automatically after the specified time. The cookies from our partner companies also only contain pseudonymous, usually anonymous data. This includes, for example, data about which products you have viewed, whether something was purchased, which products were searched for, etc. Some of our advertising partners also collect information beyond the websites about which pages you have previously visited or which products you were interested in, for example, in order to be able to show you the advertising that best matches your interests. This pseudonymous data is never merged with your personal data. Its sole purpose is to enable our advertising partners to address you with advertising that might actually be of interest to you.

b. Re-Targeting

Our websites use so-called retargeting technologies. We use these technologies to make the Internet offering more interesting for you. This technology makes it possible to target Internet users who have already shown an interest in our shop and our products with advertising on our partners' websites. We are convinced that the display of personalized, interest-based advertising is generally more interesting for Internet users than advertising that has no such personal connection. The display of these advertisements on our partners' websites is based on cookie technology and an analysis of previous usage behavior. This form of advertising is completely pseudonymous. No usage profiles are merged with your personal data. By using our site, you consent to the use of so-called cookies and thus to the collection, storage and use of usage data from you. Furthermore, your data is stored in cookies beyond the end of the browser session and can be called up again, for example, the next time you visit the website. You can revoke this consent at any time with effect for the future by refusing to accept cookies in your browser settings.

 3. How can you prevent cookies from being stored?

Depending on the browser you use, you can set it so that cookies are only accepted if you agree to this. If you only want to accept the cookies we use and not the cookies of our service providers and partners, you can select the "Block third-party cookies" setting in your browser. The help function in the menu bar of your web browser will usually show you how to reject new cookies and deactivate those you have already received. You can find detailed information on how to make the settings in the browser you use at the following link. We recommend that you always log off completely when you have finished using shared computers that are set to accept cookies and Flash cookies.

 4. Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 (1) (f) GDPR.

 5. Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after changing pages.

We need cookies for the following applications:

· Shopping cart

· Adoption of language settings

· Remembering search terms

The user data collected by technically necessary cookies is not used to create user profiles. The analysis cookies are used to improve the quality of our website and its content. The analysis cookies tell us how the website is used and enable us to continuously optimize our offering. Our legitimate interest in processing personal data in accordance with Art. 6 (1) (f) GDPR also lies in these purposes.

 6. Duration of storage, possibility of objection and removal

Cookies are stored on the user's computer and transmitted from there to our site. Therefore, you as the user have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to fully use all of the website's functions.

VI. Newsletter



1. Description and scope of data processing

On our website you have the option of subscribing to a free newsletter. When you register for the newsletter, the data from the input mask is transmitted to us.

· Title, first name, last name

· E-Mail-Address

In addition, the following data is collected during registration:

· IP address of the accessing computer

· Date and time of registration

Your consent will be obtained for the processing of the data during the registration process and reference will be made to this privacy policy. The data will only be used to send the newsletter. The newsletter is sent by the company Cendyn. Cendyn “Cendyn” is a provider of a cloud-based technology platform (CRM and sales platform) from the US provider Central Dynamics, LLC, a Delaware limited liability company, 980 N Federal Hwy, 2nd Floor Boca Raton, FL 33432 USA. Cendyn’s privacy policy can be found at the following link: Cendyn privacy notice

The email addresses of our newsletter recipients, as well as their other data described in this notice, are stored on Cendyn's servers in the USA. Cendyn uses this information to send and evaluate the newsletter on our behalf. Furthermore, according to its own information, Cendyn can use this data to optimize or improve its own services, e.g. to technically optimize the sending and presentation of the newsletter or for commercial purposes in order to determine which countries the recipients come from. However, Cendyn does not use the data of our newsletter recipients to write to them directly or to pass it on to third parties.

2. Legal basis for data processing

The legal basis for the processing of data after the user has registered for the newsletter is Art. 6 (1) (a) GDPR, provided that the user has given his or her consent.

3. Purpose of data processing

The purpose of collecting the user's email address is to deliver the newsletter. The collection of other personal data during the registration process serves to prevent misuse of the services or the email address used.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user's email address is therefore stored as long as the newsletter subscription is active. The other personal data collected during the registration process is usually deleted after a period of seven days.

5. Possibility of objection and removal

The user can cancel the newsletter subscription at any time. For this purpose, there is a corresponding link in every newsletter. This also makes it possible to revoke the consent to the storage of the personal data collected during the registration process.

VII. Contact form and email contact



1. Description and scope of data processing

There is a contact form on our website that can be used to contact us electronically. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored.

These data are:

· Salutation

· Name

· E-Mail-Address

· Country of origin

At the time the message is sent, the following data is also stored:

· The user's IP address

· Date and time of registration

Your consent to the processing of the data is obtained during the sending process and reference is made to this privacy policy. Alternatively, you can contact us using the email address provided. In this case, the user's personal data transmitted with the email will be stored. In this context, the data will not be passed on to third parties. The data will only be used to process the conversation.

2. Legal basis for data processing

The legal basis for processing the data if the user has given their consent is Art. 6 (1) (a) GDPR. The legal basis for processing the data transmitted when sending an email is Art. 6 (1) (f) GDPR. If the email contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR.

3. Purpose of data processing

The processing of personal data from the input mask serves us solely to process the contact. In the case of contact via email, this also represents the necessary legitimate interest in processing the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those that were sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. The additional personal data collected during the sending process is deleted after a period of seven days at the latest.

5. Possibility of objection and removal

The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. The revocation of consent and the objection to storage can be made at any time by email to news@madisonhotel.de. In this case, all personal data that was stored in the course of contact will be deleted.

VIII. Reservations

The data that you enter for the purpose of making a hotel or restaurant reservation on our website is transmitted to us unencrypted (via https). This data, the type and extent of which are determined from the corresponding input mask of the online booking engine we use, is collected, processed and used exclusively to establish, implement and process the contractual relationship established with the reservation.

We process the following data in accordance with Art. 6 Paragraph 1 Letter b of GDPR for the purpose of fulfilling the contract:

· Salutation (of all travelers)

· First name, last name (of all travelers)

· Address details (sending of invoice and travel documents)

· Date of birth/age of all travelers

· Telephone number of the main traveler/contact person (for short-term contact in case of changes)

· E-mail address (sending summary of booking data)

· Credit card details in case of payment by credit card

· Bank details in case of payment by SEPA direct debit

As part of the online reservation, you will automatically be forwarded to the online booking system of our carefully selected cooperation partner HotelNetSolutions GmbH, who makes the reservation for us. This partner is obliged to comply with data protection regulations. We will send you your booking confirmation to the email address you provided. In addition to the booking confirmation, you will also receive other emails from us in connection with your booking that are tailored to your trip and contain advertising content for our own, similar products. You can object to this mailing at any time by sending an email to news@madisonhotel.de without incurring any costs other than the transmission costs according to the basic rates. After receiving your objection, we will stop sending emails immediately. If necessary, personal data will be passed on to the companies involved in processing this contract, e.g. credit institutions for payment processing. The data required to fulfill the contract will be deleted no later than six months after the contract has ended and will only be kept for any queries. The data will not be deleted if there are still outstanding claims after the contract has ended and are to be collected. If statutory retention periods exist, the data concerned will be archived for the duration of these periods.

IX. Online Application

If you apply online for the jobs we advertise, we will only collect the data that is required to process your application at MADISON Hotel GmbH. This includes title, first name, last name, application documents and, for contact purposes, email or telephone number. However, providing your telephone number and email address is voluntary. There are no negative consequences for not providing this data. However, not providing a telephone number for a telephone interview can make communication more difficult.

Your personal information and data are collected, stored and used only for the intended purpose with the utmost care and integrity. The provisions of the EU General Data Protection Regulation are observed.

You agree to the processing and transmission of your data solely for the application process. Data processing is carried out on the basis of Section 26 of the Federal Data Protection Act (BDSG). You assure that the information you provide is true. You are also aware that providing false information can lead to the termination of a possible employment relationship. We will delete your information after the application process has ended and the statutory retention periods have expired after 6 months if your application is unfortunately unsuccessful. For our online application process, we work with the HOTELCAREER portal of YOURCAREERGROUP GmbH, Kaiserswerther Straße 282, 40474 Düsseldorf, which supports us in the context of order processing in accordance with strict instructions. If you create a profile on www.hotelcareer.de and apply to other companies, YOURCAREERGROUP GmbH is responsible for data processing. Please therefore also note the data protection regulations there. We will delete your information after the application process has ended and the statutory retention periods have expired after 6 months if your application is unfortunately unsuccessful.

X. Transfer of your data to third parties

In order to make our website as pleasant and convenient as possible for you as a user, we occasionally use the services of external service providers. Below you have the opportunity to find out about the data protection regulations regarding the application and use of the services and functions used in order to be able to exercise your rights with the service providers if necessary.

1. Goolge Analytics

Google Analytics is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help Google analyze how users use our website. The information collected through the cookie on your use of our website (including your IP address) is generally transferred to a Google server in the USA and stored there. Please note that Google Analytics has been extended on our websites to include the code "gat._anonymizeIp();;" to ensure that IP addresses are recorded anonymously (so-called IP masking). At our request, Google will therefore only record your IP address in abbreviated form, which ensures anonymization and does not allow any conclusions to be drawn about your identity. If IP anonymization is activated on our websites, your IP address will be abbreviated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information to evaluate your use of our websites, to compile reports on website activity for us, and to provide us with other services relating to website activity and the Internet. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. Google will only transfer this data to third parties if required by law or as part of order data processing. Under no circumstances will Google combine your data with other data collected by Google. By using this website, you consent to the processing of data about you by Google, the manner of data processing described above, and the stated purpose. You can prevent cookies from being saved by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all of the functions of our website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of this website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link. You can find more information about Google Analytics and data protection at http://tools.google.com/dlpage/gaoptout?hl=de .

2. Google Plugin

We use Google functions on our website. The social network is offered by Google Inc., which is based in the USA, CA 94043, 1600 Amphitheatre Parkway, Mountain View. Google enables you to publish content globally using its button. You are also offered personalized content from Google and partner providers. Google saves your rating ( 1) for content and information from websites that you clicked on when giving 1. Your 1 rating can be displayed with your profile name and photo in other Google services. Google records your 1 activities in total. This recording serves to optimize and personalize the Google offering for you. To use the Google platform, you create a globally visible profile under a name of your choice. The chosen name is also used for other Google services. Anyone who knows your email address can access your Google profile this way. Google uses the data collected in accordance with its data protection provisions, among other things, to create statistics that are passed on to partner companies or used in other ways. Details on the use of data and the privacy policy can be viewed at http://www.google.de. The link also contains information on individual data protection settings on Google .

3. Google-AdWords

This website uses the online advertising program “Google AdWords” and, as part of this, conversion tracking. The cookie for conversion tracking is set when a user clicks on an ad placed by Google. These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, we and Google can recognize that the user clicked on the ad and was redirected to this page. Each Google AdWords customer receives a different cookie. Cookies cannot therefore be tracked across the websites of AdWords customers. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. Users who do not wish to participate in tracking can easily deactivate the Google Conversion Tracking cookie via their Internet browser under user settings. These users will not be included in the conversion tracking statistics. Find out more about Google's privacy policy.

4. Google Maps

Our websites use Google Maps to display maps and create directions. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using this website, you agree to the collection, processing and use of the data automatically collected and the data you enter by Google, one of its representatives, or third parties. The terms of use for Google Maps can be found at Terms of Use for Google Maps. You can find detailed information in the privacy center at google.com: Transparency and Choices and Privacy Policy.

5. Social Plugins

Our website uses social plugins (“plugins”) from various social networks. With the help of these plugins, you can, for example, share content or recommend products. If these plugins are activated, your browser establishes a direct connection to the servers of the respective social network as soon as you access a web page on our website. The content of the plugin is transmitted directly from the social network to your browser, which integrates it into the website. By integrating the plugins, the social network receives the information that you have accessed the corresponding page on our website. If you are logged in to the social network, it can assign the visit to your account. If you interact with the plugins, for example by clicking the Facebook “Like” button or leaving a comment, the corresponding information is transmitted directly from your browser to the social network and stored there. The purpose and scope of the data collection and the further processing and use of the data by social networks, as well as your rights and setting options to protect your privacy, can be found in the data protection information of the respective networks or websites. You will find the links to these below. Even if you are not logged in to the social networks, websites with active social plugins can send data to the networks. An active plugin sets a cookie with an identifier each time the website is accessed. Since your browser sends this cookie without asking each time you connect to a network server, the network could in principle use it to create a profile of which websites the user associated with the identifier has accessed. And it would then also be entirely possible to assign this identifier to a person later - for example when logging in to the social network later.

We use the following plugins on our websites:

· Facebook

· Instagram

· Tripadvisor

If you do not want social networks to collect data about you via active plugins, you can either simply deactivate the social plugins with a click on our websites or select the "Block third-party cookies" function in your browser settings. The browser will then not send any cookies to the server for embedded content from other providers. With this setting, however, other cross-page functions may no longer work in addition to the plugins.

a) Facebook

We use plug-ins from the social network facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). The link to Facebook's privacy policy can be found here: Facebook's privacy policy.

b) Instagram

We use social plugins ("plugins") from Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). The plugins are marked with an Instagram logo, for example in the form of an "Instagram camera". If you are logged in to Instagram, Instagram can directly assign your visit to our website to your Instagram account. The purpose and scope of data collection and the further processing and use of the data by Instagram, as well as your rights and setting options to protect your privacy, can be found in Instagram's privacy policy.

c) Tripadvisor

We use plugins from the tripadvisor.de network, which is operated by TripAdvisor LLC, 400 1st Avenue, Needham, MA 02494 USA (“Tripadvisor”). The link to Tripadvisor’s privacy policy can be found here: Tripadvisor privacy policy

6. YouTube

Our website uses plug-ins from the YouTube site operated by Google. The site is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit one of our pages equipped with a YouTube plug-in, a connection is established to the YouTube servers. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account. You can find more information about how user data is handled in YouTube's privacy policy.

7. Hotjar

To improve the user experience on our website, we use the software Hotjar (http://www.hotjar.com, 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe). Using Hotjar, we can measure and evaluate user behavior (mouse movements, clicks, scroll height, etc.) on our websites. For this purpose, Hotjar uses cookies on users' devices and can store user data such as browser information, operating system, time spent on the site, etc. in an anonymized form. You can prevent this data processing by Hotjar by deactivating the use of cookies in the settings of your web browser and deleting cookies that are already active. You can find out more about data processing by Hotjar here: Hotjar privacy policy.

8. Google Tag Manager by Google

Our website uses Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags through one interface. The Tag Manager tool itself (which implements the tags) is a cookieless domain and does not collect any personal data. The tool triggers other tags, which may collect data. Google Tag Manager does not access this data. If deactivation has been made at the domain or cookie level, this will remain in place for all tracking tags implemented with Google Tag Manager.

9. Double Click by Google

Doubleclick by Google is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Doubleclick by Google uses cookies to show you advertisements that are relevant to you. A pseudonymous identification number (ID) is assigned to your browser to check which advertisements were displayed in your browser and which advertisements were accessed. The cookies do not contain any personal information. The use of DoubleClick cookies only enables Google and its partner websites to display advertisements based on previous visits to our or other websites on the Internet. The information generated by the cookies is transferred by Google to a server in the USA for evaluation and stored there. Google may also transfer this information to third parties if this is required by law or if third parties process this data on Google's behalf.

10. Omniture Adobe Analytics

This website uses Adobe Analytics, a web analysis service provided by Adobe Systems Software Ireland Limited ("Adobe"). Adobe Analytics uses "cookies", text files saved on your computer, to help the website analyze how users use the site. The IP address sent by your browser as part of Adobe Analytics will not be merged with other Adobe data. You can prevent cookies from being saved by selecting the appropriate settings on your browser.

11. TrustYou

This website integrates a TrustYou widget for displaying reviews. The provider is TrustYou GmbH, Munich Center of Technology, Agnes-Pockels-Bogen 1, 80992 Munich, Germany. To use the functions of the TrustYou widget, it is necessary to save your IP address. This information is usually transferred to a TrustYou server in Germany and stored there. The provider of this site has no influence on this data transfer. The TrustYou widget is used in the interest of presenting the reviews of our hotel submitted on TrustYou and to be able to offer the option of writing a review on TrustYou. This represents a legitimate interest within the meaning of Art. 6 Paragraph 1 Letter f of GDPR. You can find more information about how TrustYou handles user data in TrustYou's privacy policy.

12. Dialogshift

This website uses the communication services of DialogShift GmbH, Torstr. 201, 10115 Berlin. These include a chat application, email communication and telephone communication. The applications process and store data for the purpose of web analysis, to operate the communication services and to answer inquiries. To operate the chat function, the chat texts are saved and a cookie with a unique ID is set - this is used to recognize you as a customer. In email and telephone communication, the communication content is also temporarily saved to ensure efficient processing of your inquiries. A cookie is a small text file that is stored locally in the cache on your device. With the help of this cookie, our application recognizes the device and can call up past chat logs. This cookie is saved for 90 days since the last use. You can deactivate the storage of cookies in your browser settings. However, the chat function cannot be executed without the use of cookies. The possible disclosure of, for example, a name, email address or a telephone number is voluntary and with the consent to temporarily use and store this data for the purpose of establishing contact until the end of the contact. This personal data is deleted after 90 days. When using the Journey Messaging Service, your contact details can also be used to send travel-related information (such as check-in information), provided you have consented to this. The legal basis for data processing is Art. 6 Para. 1 lit. a GDPR, Section 25 Para. 1 TTDSG based on your consent. DialogShift offers further information on the collection and use of data as well as your rights and options for protecting your privacy at https://www.dialogshift.com/datenschutz.

XI. Rights of the data subject

According to Section 13 Paragraph 7 of the Telemedia Act in conjunction with Section 34 of the Federal Data Protection Act, you have the unrestricted right to free information about your data stored by us and, in accordance with Section 35 of the Federal Data Protection Act, the right to delete or block inadmissible data or the right to correct incorrect data. Upon request, we will be happy to inform you in writing whether and which personal data we have stored about you. As far as possible, we will take appropriate measures to update or correct your data stored with us at short notice. Please send all requests for information, requests for information or objections to data processing directly to our data protection officer by email, stating your full postal address. If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

1. Right to information

You can request confirmation from the controller as to whether personal data concerning you are being processed by us.

If such processing takes place, you can request the following information from the controller:

the purposes for which the personal data are processed;

the categories of personal data being processed;

the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;

the planned duration for which the personal data concerning you will be stored or, if specific information is not possible, the criteria used to determine that period;

the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;

· the existence of a right to lodge a complaint with a supervisory authority;

· all available information as to their origin, if the personal data are not collected from the data subject;

the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) GDPR and – at least in those cases – meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organization. In this context, you can request to be informed of the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer.

2. Right to rectification

You have the right to request rectification and/or completion from the controller if the personal data concerning you that are processed are incorrect or incomplete. The controller must carry out the rectification immediately.

3. Right to restriction of processing

You can request the restriction of the processing of personal data concerning you under the following conditions:

if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;

the processing is unlawful and you oppose the erasure of the personal data and request the restriction of the use of the personal data instead;

the controller no longer needs the personal data for the purposes of processing, but you require them to assert, exercise or defend legal claims, or

· if you have objected to processing pursuant to Art. 21 Para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your reasons.

If the processing of personal data concerning you has been restricted, these data may - with the exception of storage - only be processed with your consent or for the establishment, exercise or defence of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. If the restriction of processing has been restricted in accordance with the above-mentioned requirements, you will be informed by the controller before the restriction is lifted.

4. Right to erasure

a) Obligation to delete

You may request that the controller delete the personal data concerning you immediately, and the controller is obliged to delete this data immediately if one of the following reasons applies:

The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.

You withdraw your consent on which the processing is based according to Art. 6 Para. 1 lit. a or Art. 9 Para. 2 lit. a GDPR, and there is no other legal basis for the processing.

You object to the processing pursuant to Art. 21 Para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Art. 21 Para. 2 GDPR.

· The personal data concerning you have been processed unlawfully.

The erasure of personal data concerning you is necessary to fulfil a legal obligation under Union or Member State law to which the controller is subject.

The personal data concerning you were collected in relation to information society services offered in accordance with Art. 8 (1) GDPR.

b) Information to third parties

If the controller has made the personal data concerning you public and is obliged to erase them pursuant to Art. 17 Para. 1 GDPR, the controller shall take appropriate measures, including technical ones, taking into account the available technology and the implementation costs, to inform data controllers which process the personal data that you, as the data subject, have requested the erasure by them of all links to these personal data or of copies or replications of these personal data.

c) Exceptions

The right to erasure does not exist if the processing is necessary

to exercise the right to freedom of expression and information;

to fulfill a legal obligation which requires processing by Union or Member State law to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;

· for reasons of public interest in the area of public health pursuant to Art. 9 (2)(h) and (i) and Art. 9 (3) GDPR;

· for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) GDPR, insofar as the right referred to in section a) is likely to make the achievement of the objectives of this processing impossible or seriously compromises it, or

· to assert, exercise or defend legal claims.

5. Right to information

If you have asserted your right to rectification, erasure or restriction of processing vis-à-vis the responsible party, this party is obliged to inform all recipients to whom the personal data concerning you was disclosed of said rectification, erasure or restriction of processing, unless doing so should prove impossible or involve disproportionate expenditure. You have the right to be informed by the responsible party of these recipients.

6. Right to data portability

You have the right to receive the personal data concerning you that you have made available to the controller in a structured, common and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was made available, provided that (1) the processing is based on consent in accordance with Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR or on a contract in accordance with Art. 6 Para. 1 lit. b GDPR and (2) the processing is carried out using automated procedures. In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be impaired by this. The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right of objection

You have the right to object at any time to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) (e) or (f) GDPR, for reasons related to your particular situation; this also applies to profiling based on these provisions. The controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If the personal data concerning you is processed in order to conduct direct advertising, you have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling insofar as it is related to such direct advertising. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. In connection with the use of information society services, you have the option of exercising your right of objection by means of automated procedures that use technical specifications, notwithstanding Directive 2002/58/EC.

8. Right to revoke the declaration of consent under data protection law

You have the right to revoke your consent to data protection at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

9. Automated decision-making in individual cases, including profiling

You have the right not to be subjected to a decision based solely on automated processing – including profiling – that produces legal effects concerning you or similarly significantly affects you.

This does not apply if the decision

· is necessary for the conclusion or performance of a contract between you and the controller,

· is permitted by Union or Member State law to which the controller is subject, and this law contains appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, or

· with your explicit consent. However, these decisions must not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2)(a) or (g) applies and appropriate measures to protect your rights and freedoms as well as your legitimate interests have been taken.

In the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard the rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR. The supervisory authority to which the complaint was submitted shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

XII. Other information

To the extent that parts of the website are offered in languages other than German, this is solely a service for our customers, interested parties and employees who do not speak German.

Status of our privacy policy: February 2025