DATA PROTECTION

for the website www.madisonhotel.de/en

Data protection is a confidential matter, and your trust is important to us. We respect your personal privacy. The protection of the lawful collection, processing and utilization of your personal data is a serious concern of ours. In order that you feel safe when visiting our website, we strictly observe the statutory regulations when processing your personal data and would to like to inform you about how we collect and use your data. We are committed to complying with the General Data Protection Regulation as well as with the nationally effective data protection legislation. Data protection is for us a company-wide topic with high priority and we only work together with partners who exhibit an equal level of data protection in their handling of data. We use your data only when you have given us your explicit consent, which was obtained for a contractual or pre-contractual measure or which the relevant laws and regulations pertaining to data processing permit or require. The following data protection information includes both the current valid national legal framework as well as the European General Data Protection Regulation which has been in force since May 25, 2018. References made to the legal basis of the General Data Protection Regulation are relevant starting from May 25, 2018. In no case do we sell your data or give it to unauthorized third parties. We are pleased to provide you with detailed information about how we handle your data in of our company. 

You can print or save this document by using the usual features of your browser. The following data protection declaration explains which data we collect on our website and which data we process and use.

I. Name and Address of the Responsible Data Collector

The responsible data collector in line with the General Data Protection Regulation and the other national data protection laws of the member states as well as other data protection regulations is: 

MADISON Hotel GmbH
Schaarsteinweg 4
20459 Hamburg
Germany
Tel.: +49 40 37666 0

E-Mail: info@madisonhotel.de
Website: www.madisonhotel.de/en

Responsible for website content:
Thomas Kleinertz, Managing Director
Tel.: +49 40 37666 0

E-Mail: t.kleinertz@madisonhotel.de  

II. Name and Address of the Data Protection Officer

The data protection officer of the responsible data collector is:
TÜV Informationstechnik GmbH
IT Security - Business Security & Privacy
Fachstelle für Datenschutz
Herr Peter Kattner
Langemarckstraße 20
45141 Essen
Tel.: 0201 - 8999-899
Fax: 0201 - 8999-666
E-Mail: dsb@madisonhotel.de   

For overview purposes, only the names of the individual sections are shown below. You can simply click on the names of the sections and their content with then be shown.    

III. General Information on Data Processing  
IV. Provision of the Website and Creation of Log Files
V. Use of Cookies
VI. Newsletter
VII. Contact Form and E-Mail Contact
VIII. Reservations  
IX. Online Applications
X. Disclosure of Your Data to Third Parties  
XI. Your Rights as the Person Concerned  
XII. Other Notes


III. General Information on Data Processing 

1. Scope of the Processing of Your Personal Data
We collect and use the personal data of our users fundamentally only in as far as it is necessary to ensure the operational functionality of our website, our content and our services. The collection and usage of the personal data of our users takes place after consent of the user. There is an exception in the case that obtaining prior permission is not possible due to factual reasons and the processing of the data is permitted by law.  

2. Legal Framework for the Processing of Personal Data
In as far as we have received permission from the person concerned to process his or her personal data, Art. 6 (1)(a) General Data Protection Regulation is the legal basis for the processing of personal data.  When processing personal data that is required for the fulfillment of a contract, of which the contract’s party is the person concerned, Art. 6 (1)(b) General Data Protection Regulation applies. This is also valid for processes required for the carrying out of pre-contractual measures. In as far as the processing of personal data is required by our company in order to comply with legal obligations, Art. 6 (1)(c) General Data Protection Regulation applies. In the case that it is necessary to process personal data in the vital interests of the concerned person or another natural person, Art. 6 (1)(d) General Data Protection Regulation applies. Is the data processing necessary to protect the legitimate interests of our company or that of a third party and do the interests, fundamental rights and freedoms of the concerned person not outweigh the former, Art. 6 (1)(f) General Data Protection Regulation is the legal basis for the data processing. 

3. Data Deletion and Storage Duration  
The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage no longer applies. The storing of data can further remain when this is required by European or national legislature in Union requirements, laws or other provisions. The blocking or deleting of data also takes places when a standard, mandatory storage period expires, unless there is the necessity for the further storage of the data for the conclusion or fulfillment of a contract.  

IV. Provision of the Website and Creation of Log Files 

1. Description and Scope of the Data Processing
Every time our website is accessed our system collects automated data and information from the computer system of the calling computer. The following data are collected: · Information about the type of browser and the version used · The operating system of the user · The internet service provider of the user · The IP address of the calling computer is immediately anonymized, so that it is not possible to establish a personal connection to the user · Date and time of access · The websites, from which the user’s system accessed our website   The data is also stored in the log files in our system. Not affected are the IP addresses of the user or other data that enable a personal connection to the user. Storage of these data together with personalized data does not take place. 

2. Legal Framework for Data Processing  
The legal framework for the temporary storage of data is Art. 6 (1)(f) General Data Protection Regulation. 

3. Purpose of the Data Processing  
The temporary storage of the IP address by the system is necessary in order to deliver the website to the user’s computer. For this reason, the IP address of the user must be stored for the duration of the session. In these purposes lie our legitimate interest in processing data according to Art. 6 (1)(f) General Data Protection Regulation. 

4. Duration of Storage  
The data will be deleted as soon as the purpose of their storage is no longer required. In the case that the data was stored to deliver the website, it will be deleted when the session is ended.  

5. Objection and Elimination Possibilities  
The collection of data for provision the website and the storage of log files is absolutely necessary for the operation of the website. There is, as a result, no possibility for the user to object. 

V. Use of Cookies

1. Description and Extent/Scope of Data Processing
Our website uses cookies. Cookies are text files that are stored in the internet browser or in the computer system of the user by the internet browser. When a user visits a website, a cookie can be saved in the operating system of the user. This cookie contains a characteristic string of text that enables a clear identification of the browser should the website be visited again.  We use cookies to make our website more user-friendly. Some elements of our website require the calling browser be identified again when switching between pages of our website. 

The following data is stored and transmitted in the cookies:
· Language settings
· Articles in a shopping cart   

Further, we use cookies on our website to be able to analyze the user’s surfing behavior. In so doing the following data can be transferred:  
· Entered search terms  
· Frequency of pages visited   

User data obtained in this way are pseudonymized through technical measures. As a result, an allocation of the data to the calling user is no longer possible. These data are not stored together with other personal data. 

Further so-called tracking pixels are used when sending out the newsletter of the MADISON Hotel GmbH. A tracking pixel is a miniature graphic that is embedded in marketing e-mails that are sent out in HTML format to enable a log file recording and log file analysis. As a result, a statistical analysis of the success or failure of an online marketing campaign can be carried out. With the aid of the embedded tracking pixel it can be detected whether or not a person concerned opened the e-mail.

2. Targeting  
In using cookie technology on our website, data for the optimization of our website and all our online offerings is collected. These data are not used to personally identify you, but to solely enable a pseudonymous evaluation of the usage of our homepage. Your data will at no time be brought together with your personalized data we have stored. With this technology we can present advertising and/or special offers and services to you, whose content is based on the information acquired from the click stream analysis, e.g. advertising based on the fact that in the last days only sport shoes were viewed. Our goal is to make our online offers as attractive as possible for you and to present you advertising that corresponds to your interests.

a. Third Party Cookies
We work together with come advertising partners that help us to make our internet offerings and our website more interesting for you. As a result, when you visit our website cookies from other partner companies are also saved on your hard drive. These are temporary and permanent cookies that are automatically deleted after a predetermined time. These temporary and permanent cookies (life span 14 days up to 10 years) are saved on your hard drive and delete after a predetermined time automatically. The cookies from our partner companies contain also only pseudonyms and often only anonymous data. These are, for example, data about the products you viewed, whether something was bought, which products were searched for, etc. This means some of our advertising partners also record information, beyond the websites, about the websites you visited before or, for example, the products you were interested in, in order to present you advertising that best correspond to your interests. These data will at no time be brought together with your personalized data. They have the sole purpose of enabling our advertising partners to approach you with advertising that could actually interest you.  

b. Re-Targeting  
To this end our webpages use so-called re-targeting technologies. We use these technologies to make our internet offerings more interesting for you. This technology makes it possible for us to address internet users, who are already interested in our shop and products, with advertising on the website of our partners. We are convinced that showing personalized, interest-based advertising is, in general, more interesting than such with no personal reference. Showing such advertising on the pages of our partners takes place on the basis of cookie technology and an analysis of the previous user behavior. This form of advertising is completely pseudonymous. No user profiles are brought together with personal data. In using our website, you agree that so-called cookies can be utilized and with them usage data be collected, stored and used. Further, your data will be stored in cookies after the browser session has ended and, for example, can be called on again during your next visit to the website. This consent can be revoked with effect to the future by refusing to accept cookies in your browser settings. 

3. How can you prevent the storage of cookies?  
Depending on the browser you use, you can change the settings such that cookies are only accepted when you give your consent. If you only want to accept our cookies but not the cookies from our service providers and partners, you can change the setting in your browser to “Block cookies from third parties”. In general, the navigation bar of your web browser shows you in the help feature when you refuse new cookies and can turn off those already stored. For detailed information about how you can change the settings in the browser you use, see following link. When using a shared computer with the settings to accept cookies and Flash cookies, we recommend that you always log out completely at the end of each session.  

4. Legal Framework for Data Processing
The legal basis for the processing of personal data when using cookies is Art. 6 (1)(f) General Data Protection Regulation. 

5. Purpose of the Data Processing  
The purpose of using cookies that are technologically necessary is to simplify the usage of websites for the user. Some functions of our internet site cannot be offered without the use of cookies. For these functions it is essential that the browser can again be recognized after changing pages.    

We require cookies for the following applications:
· Shopping cart
· Taking over the language settings  
· Remembering search terms   

The user data collected with cookies is not used to generate user profiles. The usage of analysis cookies is for the purpose of improving the quality of our website and its contents. In using analysis cookies, we learn how the website is used and are then able to optimize our offer.  In these purposes lie our legitimate interest in processing data according to Art. 6 (1)(f) General Data Protection Regulation. 

6. Duration of Storage, Objection and Disposal Possibilities  
Cookies are stored on the user’s computer and from there transmitted to our page. For this reason, you as a user have complete control over the usage of cookies. By changing the settings in your internet browser, you can deactivate or limit the transmission of cookies. Cookies can be deleted at any time. This can also be done automatically. Should cookies for our website be deactivated, it is possible that you cannot not fully use all functions of the website.  

VI. Newsletter

1. Description and Extent/Scope of Data Processing
You have the possibility to subscribe to a free newsletter on our website. 

The data entered in the input mask when subscribing to the newsletter are transmitted to us.
· Salutation, first and last name
· E-mail address   

Further, the following data is collected during registration:
· IP-address of the calling computer  
· Date and time of registration  

For the processing of the data your consent is obtained during the registration procedure and reference made to this Data Protection Policy. The data are used exclusively for sending out the newsletter.  The newsletter is sent out by two companies:    

a) Mailchimp  "MailChimp" is a newsletter distribution platform from the US supplier Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.   
b) Cendyn  “Cendyn”, is a provider of a cloud-based technology platform (CRM and distribution platform) of the US supplier Central Dynamics, LLC, a Delaware limited liability company, 980 N Federal Hwy, 2nd Floor Boca Raton, FL 33432 USA. You can find the data protection declaration from Cendyn under this link: Privacy Policy Cendyn.   

The e-mail addresses of our newsletter recipients, as well as their further data which was collected as described above, are stored on the servers of MailChimp and Cendyn in the USA. MailChimp and Cendyn use this information to send out and evaluate the newsletter in our account. Further, MailChimp and Cendyn can according to their own information use these data to optimize or improve their own services, e.g. for the technical optimization of the dispatching process and the displaying of the newsletter or for economic purposes, to determine from which countries the recipients come. However, MailChimp and Cendyn do not use the data of the newsletter recipients to contact them directly or give them to third parties.    

2. Legal Framework for Data Processing
The legal basis for the processing of data after registration to the newsletter by the user is after consent from the user Art. 6 (1)(a) General Data Protection Regulation. 

3. Purpose of the Data Processing
The collection of the e-mail address of the user is for delivering the newsletter.  The collection of other personal data during the registration procedure is to prevent the misuse of the services or the used e-mail address.   

4. Duration of Storage  
The data are deleted as soon as they are no longer needed for the purpose they were collected for. The e-mail addresses of the users are therefore stored as long as the subscription of the newsletter is active. The personal data further collected during the registration procedure are generally deleted after a period of seven days.  

5. Objection and Elimination Possibilities  
The subscription to the newsletter can be canceled at any time by the user. For this purpose, each letter contains a corresponding link. Hereby a objection to the consent of the storage of the personal data collected during the registration procedure is also made possible. 

VII. Contact Form and E-Mail Contact 

1. Description and Scope of Data Processing
A contact form is available on our website that can be used to electronically contact us. Should the user take advantage of this possibility, the data entered in the input mask is transmitted to us and stored.

These data are:
· Salutation
· Name
· E-mail address
· Country of origin   

At the time of transmission of the message the following data are stored:  
· The IP address of the user
· Date and time of registration  

Your consent will be obtained during the sending process and reference made to this Data Protection Policy for the processing of the data. Alternately, you can contact us by using the e-mail address provided. In this case the user’s personal data transmitted with the e-mail will be stored. In this context there is no transmission of data to third parties. The data are solely used for processing the conversation.  

2. Legal Framework for Data Processing  The legal basis for the processing of data after receiving the consent of the user is Art. 6 (1)(a) General Data Protection Regulation.   The legal basis for the processing of data, that are transmitted with an e-mail is Art. 6 (1)(f) General Data Protection Regulation. Should the objective of the e-mail contact be the conclusion of a contract, so is the further legal basis for the processing Art. 6 (1)(b) General Data Protection Regulation. 

3. Purpose of the Data Processing  
The processing of personal data from the input mask is used solely for the purpose of making contact. In case of contact per e-mail there is also a required and justified interest in the processing of the data. The processing of other personal data during the transmission process is to prevent the misuse of the contact form and to ensure the safety of our IT system. 

4. Duration of Storage  
The data are deleted as soon as they are no longer needed for the purpose they were collected for. For the personal data from the input mask of the contact form and for those that were sent via e-mail, this is the case when the respective conversation with the user comes to an end. The conversation comes to an end when it can be inferred from the circumstances, that the situation in question has been conclusively clarified. The personal data further collected during the transmission process are generally deleted after a period of seven days. 

6. Objection and Elimination Possibilities   
The user has the possibility to revoke his consent to the processing of personal data at any time. Should the user contact us via e-mail, he can object to the storage of his personal data at any time. In such a case the conversation will not be continued.  The revocation of consent and the objection to storage can be sent at any time via e-mail to: news@madisonhotel.de In this case all personal data that was stored in the course of establishing contact will be deleted.  

VIII. Reservations

The data you enter within the framework of our website for the purpose of carrying out a hotel or restaurant reservation are transmitted to us unencrypted (over https). These data, their type and scope which are determined by the online booking engine we employ, are collected, processed and used exclusively for the justification, implementation and processing of the contractual relationship required for the reservation.

We process the following data according to Art. 6 (1)(b) General Data Protection Regulation for the purpose of fulfilling the contract:   
· Salutation (of all travelers)
· First name, last name (of all travelers)
· Address details (for sending invoices and travel documents)
·  Date of birth / age of all travelers
·  Telephone number of the main traveler/contact person (for short-notice contact in case of changes)
·  E-mail address (for sending a summary of the booking details)
· Credit card details when paying with a credit card
·  Bank details when paying with SEPA direct debit 

Within the framework of the online reservation you will automatically be forwarded to the online booking system of our carefully chosen cooperation partner TRUST, who carries out the reservation for us. They are obligated to comply with to the data protection regulations. We send your reservation confirmation to your given e-mail address. Furthermore, you receive from us in connection with your reservation and in addition to your reservation confirmation, further e-mails related to your trip with advertising content for our own or similar products. You can object to these e-mails at any time without incurring costs other than the transmission costs at the basic rates by sending an e-mail to news@madisonhotel.de. After receiving your objection, we will immediately cease e-mail transmissions.   In case necessary, personal data will be forwarded to companies who are involved in the fulfillment of the contract e.g. financial institutions for the handling of payments. The data necessary to fulfill the contract will be deleted six months at the latest after the termination of the contract and only made available for further inquiries. The data will not be deleted should debts and claims still be open after the termination of the contract. In the case of legal retention periods we will archive the concerned data for the length of these periods.   

IX. Online Applications 

In the event you apply for one of the jobs we have advertised for, we fundamentally only store the data needed to process your application at MADISON Hotel GmbH. These are salutation, first name, last name, application documents and to contact you, e-mail or telephone number. Providing your telephone number and e-mail address is, however, voluntary. There are no negative consequences when not providing these data. However, not providing a telephone number can impede the communication for a telephone interview. Your person personal information and data will be collected and stored with upmost care and integrity and used only for their intended purpose. The regulations of the EU General Data Protection Regulation will be complied with.

You agree to the processing and transmitting of your data exclusively for the application process. The data processing takes place according to §26 of the German Federal Protection Act. You ensure that the information provided is true. You are also aware that incorrect information can lead to the termination of a possible employment relationship. Should your application, unfortunately, not be successful with us, we delete your data after termination of the application process and after the expiry of the legal storage periods of 6 months.

For our online application process, we work together with the portal HOTELCAREER of the YOURCAREERGROUP GmbH, Kaiserswerther Straße 282, 40474 Düsseldorf, who support us in the framework of job processing while strictly adhering to our instructions. Should you create a profile on www.hotelcareer.de and apply with other companies, YOURCAREERGROUP GmbH is responsible for your data processing. Please note their data protection policy. Should your application, unfortunately, not be successful with us, we delete your data after termination of the application process and after the expiry of the legal storage periods of 6 months.    

X. Disclosure of Your Data to Third Parties

To make our website as pleasant and comfortable as possible for you as a user, we occasionally employ the services of external service providers. Below you have the possibility to obtain information about their Data Protection Policies and how their services and functions are employed and used, and if necessary, also exercise your rights towards the service providers.   

1. Google Analytics
2. Google+
3. Google AdWords

4. Google Maps
5. Social Plugins
6. YouTube
7. Hotjar  
8. Google Tag Manager
9. Double Click
10. Omniture Adobe Analytics
11. TrustYou
  

1. Goolge Analytics
Google Analytics is a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses “cookies”, or text files that are stored on your computer and enables Google to analyze the usage of our offer. The information generated by the cookie about your use of the website (including your IP address) are generally transmitted to and stored by Google on servers in the United States. We point out that on our websites Google Analytics has been extended with the code “gat._anonymizeIp();;” to guarantee the anonymized recording of IP addresses (so-called IP masking). We have requested that Google only record your IP address in abbreviated form which guarantees anonymization and does not allow any conclusions as to your identity. In case of activation of the IP anonymization on our website, your IP address is abbreviated within the member states of the European Union and in other signatories of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and abbreviated there. Google will use the mentioned information to evaluate the usage of our websites and to compile reports about the website activity and to provide further services related to website and internet usage. The IP address transmitted by your browser within the scope of Google Analytics will not be amalgamated with other Google data. A transmission of this data by Google to third parties only takes place according to statutory regulations or in the context of commissioned data processing. In no way will Google amalgamate your data with other data collected by Google. In using this website, you agree to the processing of the data collected about you by Google in the previously described manner and for the designated purpose stated. You can prevent the storage of cookies by changing the settings in your browser software; we, however, point out that in this case you might not be able to make full use of all functions of our website. Further, you can prevent the collection of the data generated by the cookie and of the data obtained about your usage of this website (incl. you IP address) for Google as well as the processing of this data by Google by downloading and installing an available browser plugin under the following link. Further information about Google Analytics and data protection can be found under http://tools.google.com/dlpage/gaoptout?hl=de

2. Google+ Plugin
We use the features of Google+ on our websites. The social network is offered by Google Inc. located in the USA at 1600 Amphitheatre Parkway, Mountain View, 94043 CA. Google+ enables you to publish content globally using its button. Further, you will be offered personalized content from Google and its partners. Google saves your rating (+1) for content and information on websites on which you have clicked the +1 button. Your +1 rating can be shown with your profile name and your picture in other Google services. Google records your overall +1 activities. This recording is used to optimize and personalize Google’s offers for you. To use the Google+ platform create a globally visible profile under your chosen name. The chosen name is then used by other Google services. Whoever knows your e-mail address can get to your Google+ profile. Google uses the recorded data within the framework of its data protection policy to inter alia compile statistics, which once put together are forwarded to partner companies or are otherwise utilized. Details about how the data is used and the Data Protection Policy  can be found at http://www.google.de. Under this link you can also find instructions for the individual settings for data protection on Google+. 

3. Google AdWords
This website uses the online advertising program “Google AdWords” and in this context its conversion tracking. The cookie for conversion tracking is set, when the user clicks on an ad placed by Google. These cookies lose their validity after 30 days and are not used for personal identification. When a user visits certain pages of this website and the cookie has not yet expired, we and Google can see that the user clicked on the ad and was forwarded to this page. Every Google AdWords customer is assigned a different cookie. Cookies can, therefore, not be tacked back through the websites of AdWords customers. The information obtained with the help of conversion cookies is used to compile statistics for AdWords customers who have decided to use conversion tracking. The customers find out the total number of users who clicked on their ads and were forwarded to a page with a conversion tracking tag. They receive no information with which the user can be personally identified. Users who do not want to participate in tracking easily deactivate the cookie for Google Conversion Tracking in the settings of their internet browser. These users will not be included in the conversion tracking statistics. Find out more about Google’s Privacy Policy

4. Google Maps
Our websites use Google Maps to show maps and to generate route maps. Google Maps is run by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. In using this website, you agree to the collection, processing and usage of the data automatically collected and of the data you enter by Google, one of its representatives or a third party. You can find the terms of use under Terms of Use for Google Maps. You can also find extensive details at the Privacy Center of google.com 

5. Social Plugins
Our internet presence uses social plugin (“plugins”) from various social networks. With the help of these plugins you can, for example, share content or recommend products.  When these plugins are activated our server establishes a direct connection to the server of the respective social network as soon as you go to our website. The content of the plugin is directly transferred from the social network to your browser, which integrates it into the website. By integrating the plugin, the social network receives the information that you have visited the respective page of our website. If you are logged into the social network, it can allocate this visit to your account. When you interact with the plugin, for example click on the Facebook “Like” button or leave a comment, the respective information is transmitted from your browser directly to the social network and stored there. Please refer to the privacy policies of the respective social networks and/or their websites for the purpose and scope of the data collection and the further processing and usage of this data by the social networks as well as your rights concerning this matter and setting options to protect your privacy. You will find the corresponding links further below.     

Even if you are not registered with social networks, websites with activated social plugins can send data to these networks. Should a plugin be active, it will set a cookie with a unique identifier every time a site is visited. As your browser unsolicitedly sends this cookie with every connection to a network server, the network can principally create a profile about the websites the user with this identifier has visited. And then it would also be entirely possible, when the user decides to later to register with a social network, to allocate this identifier to a person.

We use the following plugins on our website:  
· Facebook
· Instagram
· Tripadvisor 

If you do not want social networks to use plugins to collect data about you, you can deactivate the social plugins with one click on our website or you can go to your browser settings and choose the feature “Never accept third party cookies”. Then the browser will not send the content of other integrated service providers to the server. When choosing this setting not only are the plugins deactivated, it is also possible that other cross-page features no longer function.   

a) Facebook
We use plugins from the social network facebook.com, which is run by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). You can find the link to Facebook’s privacy policy here:  Facebook’s Privacy Policy. 

b) Instagram
We use plugins from the social network Instagram (“Instagram”), which is run by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA. The plugins characterized by the Instagram logo, for example, in the form of an “Instagram Camera”. When you are logged into Instagram, Instagram can immediately allocate your visit to our website to your Instagram account. Purpose and scope of the data collection and the further processing and usage of this data by Instagram as well as your rights concerning this matter and setting options to protect your privacy can be found here:  Instagram’s Privacy Policy. 

c) Tripadvisor  
We use plugins from the network tripadvisor.de (“Tripadvisor”), which is run by TripAdvisor LLC, 400 1st Avenue, Needham, MA 02494 USA. You can find the link to Tripadvisor’s privacy policy here: Tripadvisor’s Privacy Policy 

6. YouTube
Our website uses plugins from Google’s internet site YouTube, which is run by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a site with a YouTube plugin, a connection to the YouTube server is established. The YouTube server is then informed about which of our internet sites you have visited. When you are logged into your YouTube account, you enable YouTube to allocate your surfing behavior directly to your personal profile. You can prevent this when you log out of your YouTube account. Further information about the handling of user data can be found YouTube’s Privacy Policy

7. Hotjar  
For an improved user experience on our website we use the software (http://www.hotjar.com, 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe). With the help of Hotjar we can measure and evaluate user behavior (mouse movements, clicks, scrollheight etc.) on our websites. For this purpose, Hotjar sets cookies on users’ devices and can store anonymized user data, e.g. browser information, operating system, time spent on the site etc. You can prevent Hotjar from processing your data by going to the settings of your browser and deactivating the cookie feature and deleting the active cookies. You can find more information about Hotjar’s data processing here: Hotjar’s Privacy Policy.  

8. Google Tag Manager by Google
Our website uses Google Tag Manager. Google Tag Manager is a tool, with which marketers can manage website tags on an interface. The tool Tag Manager, that implements the tags itself, is a cookie-less domain and does not collect and personal data. The tool triggers other tags, that may possibly collect data. Google Tag Manager does not access this information. Should a deactivation have taken place at domain or cookie level, this remains in place for all tracking tags, which were implemented with Google Tag Manager.

9. Double Click by Google
Doubleclick by Google is a service from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Doubleclick by Google uses cookies to present you with relevant advertising. Your browser is assigned a pseudonymous identification number (ID) in order to monitor which ads your browser were displayed to you and which ads were called up. The cookies do not contain any personal information. Using DoubleClick cookies only enables Google and its partner websites to show ads based on previous visits to our or other website in the internet. Google transmits and stores the information generated by the cookies to a server in the USA to be evaluated. Google will also potentially pass this information on to third parties, when it is legally required or insofar as third parties process this data on behalf of Google.  

10.  Omniture Adobe Analytics
This website uses Adobe Analytics, a web analysis service from Adobe Systems Software Ireland Limited (“Adobe”). Adobe Analytics uses so-called “cookies”, which are text files stored on your computer and enable Adobe to analyze the usage of the website. The browser’s IP address which is transmitted within this context is not amalgamated with other Adobe data. You can prevent the cookies being stored by changing your settings in your browser’s software.   

11. TrustYou
This website integrates a widget from TrustYou to display ratings. The widget is provided by TrustYou GmbH, Munich Center of Technology, Agnes-Pockels-Bogen 1, 80992 München, Deutschland. It is necessary to save your IP address in order to be able to use the TrustYou widget. This information is generally transmitted to a TrustYou server in Germany and stored there. The owner of this website has no influence on this data transmission. The usage of the TrustYou widget takes place in the interest of our hotel so we can offer the possibility to write a review on TrustYou. This is a legitimate interest within the meaning of Art. 6 (1)(f) General Data Protection Regulation. You can find more information about how TrustYou handles user data here  TrustYou Privacy Policy.   

XI. Rights of the Person Affected

According to § 13 Abs. 7 TMG in connection with § 34 German Data Protection Regulation you have the full rights to information about the data we have stored about you free of charge as well as the right to have impermissible or inaccurate data deleted or blocked according to § 35 German Data Protection Regulation. Upon request we are gladly willing to inform you in written form about whether we have stored data on you and what these data are. To the extent possible we will take appropriate measures to update or correct the data we have stored about you. Please send all information requests about or objections to data processing via e-mail including your full postal address directly to our data protection officer. Should your personal data be processed, you are an affected person according to the General Data Protection Regulation and you may exercise the following rights over the responsible data collector:   

1. Right to Information Access
You can demand a confirmation from the responsible data collector, whether we process personal data, which affect you.  

If such processing exists, you can demand information about the following:
· the purposes for which the personal data was processed;  
· the categories of personal data, that were processed;  
· the recipients or the categories of recipients to whom the personal data was disclosed or will still be disclosed to;
· the planned duration of the storage of the personal data or, in the event that concrete details are not possible, criteria for the determination of the storage duration.
· the existing right to have your personal data corrected or deleted, the right to limiting the processing by the responsible data collector or the right to objection to the processing of your data;
· the existing right to appeal to a regulatory authority;  
· all available information about the origin of the data, when the personal data was not collected directly from the person affected;
· the existence of automated decision-making including profiling according to Art. 22 (1) and (4) General Data Protection Regulation and at least in these cases, meaningful information about the logic involved as well as the implications and the desired impact of such data processing for the person affected. 

You have the right to demand information, whether the personal data concerned has been transmitted to a third country or to an international organization. In this context you can demand to be informed about the appropriate guarantees in connection with the transmission according to Art. 46 General Data Protection Regulation.

2. Right to Correction
You have the right of correction and/or completion against the responsible data collector in as far as the personal data processed, that refer to you are incorrect or incomplete. The responsible data collector must make the corrections immediately.  

3. Right to Processing Restriction
You can request that the processing of your personal data be restricted under the following conditions:
· when you contest the accuracy of your personal data for a period, which makes it possible for the responsible data collector to check the accuracy of the personal data;
· the processing is illegal and you object to the deletion of the personal data and instead demand the restriction of the usage of your personal data;
· the responsible data collector no longer needs the personal data for processing purposes, you, however, need them for the assertion, exercising or defense of legal claims, or
· when you have objected to the processing according to Art. 21 (1) General Data Protection Regulation and it is still uncertain whether the proper reasons of the responsible data collector outweigh your reasoning. 

If the processing of the personal data was restricted, these data may only be processed with your consent (except for their storage) or for the assertion, exercising or defense of legal claims or for the protection of the rights of another natural person or legal entity or for reasons of important public interest of the Union or a member state. If a data restriction was enacted due to the above-mentioned reasons, you will be informed by those responsible before the restriction is lifted.  

4. Right to Deletion 
a) Obligation to Delete
You can request of the responsible data collector, that your personal data be immediately deleted and the responsible data collector is obligated to delete the data immediately provided one of the following reason apply:
· The personal data concerning you are no longer necessary for the purpose for which they were collected or otherwise processed.
· You revoke your consent, to which the processing according to Art. 6 (1)(a) or Art. 9 (2)(a) General Data Protection Regulation is based and there is no other legal basis for the processing.
· You object to the processing according to Art. 21 (1) General Data Protection Regulation and there are no other overriding proper reasons for the processing or you object to the processing according to Art. 21 (2) General Data Protection Regulation.
· Your personal data were processed unlawfully.
· The deletion of your personal data is to fulfill a legal requirement according to the European Union or to the law of a member state, which the responsible data collector is subject to.
· The personal data concerning your person was collected with regards to the services offered by the information society according to Art. 8 (1) General Data Protection Regulation.

b) Information Transmitted to Third Parties  
If the responsible data collector has made the personal data concerning your person public, they are obligated to delete them according to Art. 17 (1) General Data Protection Regulation and have to take appropriate measures with regards to the available technologies and implementation costs, also of technical nature, to inform those responsible for the data processing, that you as the person concerned have requested the deletion of all links to these personal data or to copies or replications hereof.

c) Exceptions
The right to deletion does not apply, when it is necessary to process the data  
· to exercise the right to freedom of speech and information;
· to fulfill a legal obligation that the processing requires according to European Union or member state law to which the responsible data collector is subject or to carry out a task that is in public interest or in the exercise of official authority that was vested in the responsible data collector;
· due to reasons of public interest in the area of public health according to Art. 9 (9)(h) and (i) as well as Art. 9 (3) General Data Protection Regulation;
· for archiving purposes which are in the public interest, for scientific or historical research purposes or for statistical purposes according to Art. 89 (1) General Data Protection Regulation, insofar as the law stated in Section a) will probably make the realization of the goals of the processing impossible or seriously impair them, or  
· for the assertion, exercising or defense of legal claims. 

5. Right to Information
Once you have exercised your right to correction, deletion of or restriction in the processing of your data against the responsible data collector, they are obligated to inform all recipients, to whom the personal data concerning your person have been disclosed, about the correction, deletion of the data or the restrictions in processing unless this proves impossible or requires disproportionate or unreasonable effort. You have the right to be informed about the recipients by those responsible.  

6. Right to Data Portability
You have the right to receive the personal data, which you provided to the responsible data collector, in a structured, conventional and machine-readable format. Further, you have the right to transmit these data to another responsible data collector without being impeded by the responsible data collector to whom you provided your personal data in the first place, provided   (1) the processing is based on consent according to Art. 6 (1)(a) General Data Protection Regulation or Art. 9 (2)(a) General Data Protection Regulation or on a contract according to Art. 6 (1)(b) General Data Protection Regulation.  (2) the processing took place with the assistance of automated processes. In exercising this right, you further have the right to effect that the personal data be directly transmitted from one responsible data collector to another, insofar as this is technically possible. The rights and freedoms of others must not hereby be impaired. The right to data portability does not apply to the processing of data that is necessary for carrying out a task that lies in public interest or in the exercise of official authority that has been vested onto the responsible data collector.

7. Right to Objection
You have the right at any time, for reasons that result from your special situation, to object to the processing of your personal data, which were collected according to Art. 6 (1)(e) or (f) General Data Protection Regulation; this is also valid for profiling based on these regulations. The responsible data collector will no longer process your personal data unless he can provide compelling and legitimate reasons for the processing, that outweigh your interests, rights and freedoms or the processing is necessary for the assertion, exercising or defense of legal claims. If your personal data is processed for direct advertising purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling, insofar as there is a connection to such direct advertising. If you object to the processing for the purpose of direct advertising, your personal data will no longer be processed for such purposes. You have the possibility in connection with the usage of services of the information society – notwithstanding Directive 2002/58/EG – to exercise your right to objection by means of an automated process, to which technical specifications apply. 

8. Right to Revoke Data Privacy Declaration of Consent  
You have the right, to revoke your Data Privacy Declaration of Consent at any time. In revoking your declaration, the lawfulness of the processing which was based on your consent up to your revocation will not be affected.  

9. Automated Individual Decision-Making, including Profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which becomes legally effective or similarly significantly affects you. This does not apply when the decision
· is necessary for entering into or fulfilling a contract between you and the responsible data collector.  
· is authorized by Union or Member State law to which the responsible data collector is subject to and which also lays down suitable measures to safeguard your rights and freedoms and your legitimate interests; or
· is based on your explicit consent. 

However, these decisions may not be based on special categories of personal data according to Art. 9 (1) General Data Protection Regulation provided Art. 9 (2)(a) or (g) do not apply and appropriate measures have been taken to protect your rights and freedoms as well as your legitimate interests. With regards to the cases mentioned in (1) and (3) the responsible data controller takes appropriate measures to safeguard the rights and freedoms as well as your legitimate interests, including the right to effecting intervention by a person on the side of the responsible data collector, the right to provide a standpoint statement and the right to appeal the decision. 

10. Right to Lodge a Complaint with a Supervisory Authority    
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to your person infringes the General Data Protection Regulation. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy according to Art. 78 General Data Protection Regulation. 

XII. Other Notes

Insofar as parts of our website are offered in languages other than German, this is solely a service for our customers, other interested parties and employees who are not in command of the German language. 

Stand of our Data Protection Declaration: June 2018