Select location + Book now Rooms / Table / Meetings & Events

Select location

Select location + Book now Room / Table / Meeting

Select location

Berlin

Munich

Munich Hackenviertel

Hotel MIO by AMANO

Leipzig

Leipzig Main Station

AMANO HOME Leipzig

Dusseldorf

Dusseldorf City Center

Hotel Düsseldorf Mitte

London

London Covent Garden

Hotel AMANO Covent Garden
Select location + Book now Room / Table / Meeting

Select location

Berlin

Berlin Central Station

Berlin Friedrichshain

London

London Covent Garden

Penelope's
Select location + Book now Room / Table / Meeting

Select location

Berlin

Munich

Munich Hackenviertel

AMANO Bar Munich

London

London Covent Garden

AMANO Rooftop Bar London
Select location + Book now Room / Table / Meeting

Select location

Select location + Book now Room / Table / Meeting
Book now

Make a reservation

Rooms Table Meetings & Events

Traveldata

From 10 Rooms:

Hotels Restaurants Bars Meetings & Events
AMANO 15 yearsAMANO NightlifeCareer & JobsPressContact
de

Privacy Policy

Information on the processing of your data

The operators of these web pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

 

Whenever you use this website, various personal data items are collected. Personal data is data which can be used to personally identify you. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

 

Please note that the transmission of data on the Internet (such as communication by e-mail) may have security gaps. It is not possible to fully protect the data against access by third parties.

Scope

The privacy policy applies to all web pages of www.amanogroup.com and www.josephberlin.de. It does not extend to any linked websites of other providers.

Data Controllers

The data controllers responsible for processing data on this website are:

 

R&S Hotelbetriebsgesellschaft mbH

AMANO München GmbH
Spichernstrasse 24
D-10777 Berlin

 

AREVITHO GmbH

Marburger Straße 2

D-10789 Berlin

 

AMANO Operations Limited
c/o Pkf Littlejohn

15 Westferry Circus Canary Wharf
London E14 4HD
United Kingdom (UK)

 

E-mail: dataprotection@amanogroup.com

 

The data controller is the natural person or legal entity that – alone or jointly with others – determines the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).

Data Protection Entity

We have appointed mb-datenschutz as the data protection entity.

 

mb-datenschutz GmbH

Jänickendorfer Weg 17

D-13591 Berlin

https://mb-datenschutz.de

Website visitors

Data Protection Information regarding Our Website

General and Mandatory Information

Legal Basis for Data Processing on This Website


If you have consented to data processing, we will process your personal data on the basis of Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR if special categories of data pursuant to Art. 9 (1) GDPR are processed. If you have explicitly consented to the transfer of personal data to third countries, data will also be processed on the basis of Art. 49 (1) (a) GDPR. If you have consented to cookies being stored or to accessing information on your terminal device (such as via device fingerprinting), the data will be processed on the basis of Art. 6 (1) (a) GDPR. You can revoke your consent at any time. If your data is required for implementing a contract or pre-contractual measures, we will process your data on the basis of Art. 6 (1) (b) GDPR. Moreover, we will process your data if this is necessary for complying with a legal obligation on the basis of Art. 6 (1) (c) GDPR. In addition, the data may be processed on the basis of our legitimate interest according to Art. 6 (1) (f) GDPR. Information on the relevant legal basis in each individual case is provided in the following paragraphs of this privacy policy.

 

 

No Obligation to Provide Data


You are under no legal or contractual obligation to provide us with data. However, some services can only be rendered if you have provided the data we require.

 

 

Data Transfer to the USA and Other Third Countries


Some of the tools we use are from companies based in the USA or other third countries that are not governed by data protection law. When these tools are active, your personal data may be transferred to these third countries for processing. Please note that a level of data protection comparable to that in the EU cannot be guaranteed in these countries. For example, companies in the USA are obliged to hand over personal data to security authorities without the data subject being able to take legal action to prevent this. For this reason, it cannot be ensured that US authorities (e.g. intelligence services) will not process, evaluate or store your data for an extended period on servers in the USA for surveillance purposes. We have no influence over these processing activities. Where our service providers are already certified for the adequacy decision agreed on 10/07/2023 (EU-US Data Privacy Framework), we use this basis to secure your personal data.

 

 

Revoking Your Consent to Data Processing


Many data processing operations are only possible with your explicit consent. You can revoke consent you have already given at any time (Art. 7 (3) GDPR). The legality of data processing performed until the revocation shall remain unaffected by the revocation.

 

 

Right to Object to the Collection of Data in Special Cases and to Direct Advertising


If data is processed on the basis of Art. 6 (1) (f) GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to any profiling based on these provisions. The legal basis for each kind of processing is found in this privacy policy. If you object, we will no longer process your personal data – unless we are able to demonstrate compelling, legitimate reasons for such processing that override your interests, rights and freedoms, or if the data processing serves to assert, exercise or defend against legal claims (Art. 21 (1) GDPR).

 

 

Right of Appeal to a Supervisory Authority


In the event of GDPR breaches, data subjects have a right of appeal to a supervisory authority (EU) or the Information Commissioner’s Office (ICO-UK) under Art. 77 GDPR.

 

 

Data Portability
You have the right to data portability if you have consented to the processing of your data or have concluded a contract with us (Art. 20 (1) GDPR).

 

 

Information, Erasure and Correction


Within the framework of the applicable legal provisions, you have at any time – free of charge – the right to information about your stored personal data, its origin and recipients and the purpose of processing the data (Art. 15 (1) GDPR), along with a right to have this data corrected (Art. 16 GDPR) or erased (Art. 17 (1) GDPR) if you desire. You can contact us at any time about the above or any other questions you may have on the subject of personal data.

 

 

Right to Restriction of Processing


You have the right to demand that the processing of your personal data be restricted (Art. 18 (1) GDPR). You can contact us at any time in this regard. You are entitled to restrict such processing in the following cases:

 

  • If you dispute the accuracy of your personal data in our possession, we will usually need time to verify this. Until we have done so, you will have the right to demand that the processing of your personal data be restricted.
  • If your personal data is (being) processed unlawfully, you can request that the processing of your data be restricted instead of having it erased.
  • If we no longer need your personal data, but you still need it to exercise, defend or enforce legal claims, you have the right to demand that the processing of your personal data be restricted instead of having it erased.
  • If you have lodged an objection according to Art. 21 (1) GDPR, a balance must be struck between your interests and ours. Until it has been determined whose interests prevail, you will have the right to demand that the processing of your personal data be restricted.

 

If you have restricted the processing of your personal data, such data may – apart from being stored – only be processed with your consent or for asserting, exercising or defending legal claims or for protecting the rights of another natural person or legal entity or for reasons of important public interest of the European Union or a Member State.

 

 

Retention Period


Unless a more specific retention period is stated within this privacy policy, we will retain your personal data until the purpose for processing the data no longer applies. If you assert a justified request for erasure or revoke your consent for data processing, your data will be erased unless we have other legally permissible reasons for retaining your personal data (e.g., retention periods under tax or commercial law); in the latter case, the data will be erased once these reasons no longer apply.

Hosting

We host the content of our websites at the following providers:

 

Domainfactory GmbH

c/o WeWork

Neuturmstraße 5

80331 München

(www.amanogroup.com)

 

Host Europe GmbH

Hansestraße 111

51149 Köln

(www.josephberlin.de)

 

Usage is based on Art. 6 (1) (f) GDPR. We have a legitimate interest in ensuring that the presentation of our website is as reliable as possible. If corresponding consent has been requested, the data will be processed exclusively on the basis of Art. 6 (1) (a) GDPR; this also applies if the consent includes the storage of cookies or access to information on the user’s terminal device (such as for device fingerprinting). You can revoke your consent at any time.

 

We have concluded a contract on order processing for using each of the above-mentioned services. This is a contract required by data protection law, which ensures that the host will only process personal data from our website visitors in line with our instructions and in compliance with the GDPR.

 

 

SSL and TLS Encryption


This website uses SSL or TLS encryption for security reasons and in order to protect the transfer of confidential content, such as orders or enquiries that you send to us, the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

 

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

 

 

Server Log Files


You can always use our website for purely informational purposes without disclosing your identity. If so, when you call up individual pages of the website, only access data will be transmitted to our web space provider in order to display the website to you. This includes the following data:

 

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Access date and time
  • IP address of the requesting computer

 

Temporary processing of the IP address by the system is required to enable the technical delivery of the website to your computer. To do this, it is necessary to process your IP address for the duration of the session. The legal basis for such processing is Art. 6 (1) sentence 1 (f) GDPR.

 

The access data will not be used to identify individual users or be merged with other data sources. The access data will be erased once it is no longer needed for achieving the purpose of processing it. In the case where data is collected to provide the website, this occurs when you end your visit to the website.

 

IP addresses are stored in log files to ensure the functionality of the website. In addition, we also use the data to optimise our website and safeguard the security of our information technology systems. The data collected in this context is not analysed for marketing purposes either.

 

The data is generally deleted after seven days at the latest, although processing beyond this time is possible in individual cases. When this occurs, the IP address is deleted or altered to prevent the calling client from being identified.

 

Details can be found in the privacy policies of Domainfactory (https://www.df.eu/de/datenschutz/) and Host Europe (https://www.hosteurope.de/AGB/Datenschutzerklaerung/).

Cookies

Our Internet pages make use of “cookies”. Cookies are small data packets and do not cause any harm to your end device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your terminal device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or until they are automatically deleted by your web browser.

 

Cookies can come directly from us (first-party cookies) or from third-party companies (third-party cookies). Third-party cookies enable the integration of certain third-party services within websites (e.g. cookies for processing payment services).

 

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (such as the shopping cart function or the displaying of videos). Other cookies may be used to evaluate user behaviour or for advertising purposes.

 

Cookies necessary for the electronic communication process, for providing certain functions you have requested (such as the shopping cart function) or for optimising the website (such as cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 (1) (f) GDPR if no other legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the purpose of providing technically error-free and optimised services.

 

If consent has been requested for the storage of cookies and comparable recognition technologies, data will be processed exclusively on the basis of this consent (Art. 6 (1) (a) GDPR); this consent can be revoked at any time.

 

You can set your browser to inform whenever cookies are set and to only allow cookies in individual cases, prevent cookies from being accepted for certain cases or in general and activate the automatic deletion of cookies when the browser is closed. Deactivating cookies may limit the functionality of this website.

 

 

Consent with OneTrust


Our website uses OneTrust’s consent technology to obtain your consent to store certain cookies on your terminal device or to use certain technologies and document this in a manner compliant with data protection regulations. This technology is provided by:

 

OneTrust Technology Limited

82 St John St, Farringdon

London EC1M 4JN

United Kingdom (UK)

(hereinafter OneTrust)

 

When you enter our website, a connection is established with OneTrust’s servers in order to obtain your consent and other declarations regarding cookie use. OneTrust then saves a cookie in your browser in order to assign the consent granted or its revocation to you. The data collected in this way is stored until you ask us to delete it, delete the Consent Manager Provider cookie yourself or until the purpose for storing the data no longer applies. Mandatory statutory retention obligations shall remain unaffected by this.

 

OneTrust is employed in order to obtain the legally required consent for using cookies. The legal basis for this is Art. 6 (1) (c) GDPR.

 

We have concluded a contract on order processing for using the above-mentioned service. This is a contract required by data protection law, which ensures that the host will only process personal data from our website visitors in line with our instructions and in compliance with the GDPR.





Tracking & Analytics

When you visit this website, your surfing behaviour may be statistically analysed. This is done mainly by means of analysis programmes.

 

 

Google Tag Manager


We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

 

Google Tag Manager is a tool that allows us to embed tracking or statistical tools and other technologies on our website. Google Tag Manager does not create user profiles itself, nor does it store cookies or perform any independent analyses. It is only used for the administration and reproduction of the tools incorporated through it. However, Google Tag Manager collects your IP address, which may also be transferred to Google’s parent company in the United States.

 

Google Tag Manager is used on the basis of Art. 6 (1) (f) GDPR. The operator of the website has a legitimate interest in the quick and uncomplicated integration and administration of various tools on the website. If corresponding consent has been requested, the data will be processed exclusively on the basis of Art. 6 (1) (a) GDPR; this also applies if the consent includes the storage of cookies or access to information on the user’s terminal device (such as for device fingerprinting). You can revoke your consent at any time.

 

 

Google Analytics


This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

 

Google Analytics allows the website operator to analyse the behaviour of visitors to the website. This provides the website operator with various usage data, such as page views, duration of visit, operating systems used and the origin of the user. This data is summarised in a user ID and assigned to the respective end device of the website visitor.

 

In addition, Google Analytics allows us to record your mouse/scrolling movements and clicks, among other things. Furthermore, Google Analytics uses various modelling approaches to augment the data sets collected and employs machine learning technologies when analysing the data.

 

Google Analytics uses technologies that enable recognition of the user in order to analyse user behaviour (e.g. cookies or device fingerprinting). The information Google collects on the use of this website is usually transferred to a Google server in the USA and stored there.

 

Use of this service is based on your consent according to Art. 6 (1) (a) GDPR. You can revoke your consent at any time.

 

We have concluded an order processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

 

Data transfer to the USA is governed by the standard contractual clauses of the EU Commission. For details, go to: https://privacy.google.com/businesses/controllerterms/mccs/.

 

We have activated the IP anonymisation function on this website. This means that your IP address is shortened by Google within Member States of the European Union, in the UK and in other contracting states to the Agreement on the European Economic Area before being transmitted to the USA. Google will use this information to evaluate your use of the website, compile reports on website activity and perform other services relating to website activity and internet usage on behalf of this website’s operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

 

We use Google Signals. When you visit our website, Google Analytics collects your location, your search and YouTube history and demographic data (visitor data), among other things. This data can be used for personalised advertising with the aid of Google Signals. If you have a Google account, visitor data from Google Signals will be linked to your Google account and used for personalised advertising messages. The data is also used to compile anonymised statistics on the behaviour of our users.

 

This website uses the “Demographic Characteristics” function of Google Analytics in order to display suitable advertisements to website visitors within the Google advertising network. This allows reports to be created that include statements about the age, gender and interests of visitors to the website. This data comes from interest-based advertising from Google and visitor data from third-party providers. The data cannot be matched with a specific person. You can deactivate this function at any time via your Google account’s ad settings.

 

This website uses the “E-commerce Measurement” function of Google Analytics. Using E-commerce Measurement, the website operator can analyse the buying behaviour of website visitors to improve online marketing campaigns. Information such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product are recorded for the analysis. This data can be summarised by Google under a transaction ID, which is assigned to the respective user or their device.

 

You can prevent your data from being collected and processed by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

 

More information on how user data is handled with Google Analytics is found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Online Marketing & Sales (not valid for www.josephberlin.de)

Google Ads


The website operator uses Google Ads. Google Ads is an online advertising programme of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

 

Google Ads makes it possible for us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Moreover, targeted advertisements can be displayed based on user data available at Google (such as location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analysing which search terms have resulted in our advertisements being displayed and how many advertisements have led to corresponding clicks, for example.

 

Use of this service is based on your consent according to Art. 6 (1) (a) GDPR. You can revoke your consent at any time.

 

Data transfer to the USA is governed by the standard contractual clauses of the EU Commission. For details, go to: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.

 

 

Google Ads Remarketing


This website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

 

We can use Google Ads Remarketing to assign people who interact with our online offer to specific target groups. One tool we use to form target groups is the customer matching function of Google Ads Remarketing. If the customers in question are Google users and logged into their Google account, they will be shown suitable advertising messages within the Google network (such as on YouTube, by Gmail or in the search engine).

 

What is more, the advertising target groups created with Google Ads Remarketing can also be linked using Google’s cross-device functions. This way, based on your previous usage and surfing behaviour, interest-based and personalised advertising messages adapted to your preferences on one end device (such as your mobile phone) can also be displayed on another of your end devices (such as your tablet or PC).

 

If you have a Google account, you can block personalised advertising at the following link: https://www.google.com/settings/ads/onweb/.

 

Use of this service is based on your consent according to Art. 6 (1) (a) GDPR. You can revoke your consent at any time.

 

More information and the data protection provisions are found in Google’s privacy policy at: https://policies.google.com/technologies/ads?hl=de.

 

 

Google Conversion Tracking


This website uses Google conversion tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

 

Google conversion tracking allows Google and us to see whether a user has taken certain actions. For example, we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics, which show us the total number of users who have clicked on our ads and what actions they have taken. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification purposes.

 

Use of this service is based on your consent according to Art. 6 (1) (a) GDPR. You can revoke your consent at any time.

 

You can find more information about Google conversion tracking in Google’s privacy policy.: https://policies.google.com/privacy?hl=de.

 

 

Google DoubleClick


This website uses Google DoubleClick functions. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “DoubleClick”).

 

DoubleClick is used to show you interest-based ads across the Google advertising network. DoubleClick can be used to help target advertisements to the interests of the respective viewer. For example, our advertising may be displayed in Google search results or in advertising banners associated with DoubleClick.

 

In order to display interest-based advertising to users, DoubleClick must be able to recognise viewers individually and associate web pages visited, clicks and other information on user behaviour with them. To do this, DoubleClick uses cookies or comparable recognition technologies (such as device fingerprinting). The information collected is compiled in a pseudonymous user profile in order to display interest-based advertising to the particular user.

 

Use of this service is based on your consent according to Art. 6 (1) (a) GDPR. You can revoke your consent at any time.

 

For more information on how to block advertisements displayed by Google, please see the following links: https://policies.google.com/technologies/ads and https://adssettings.google.com/authenticated.

 

 

Bing Ads


This website uses Bing Ads. The provider is Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, hereinafter “Microsoft”).

 

For Bing Ads, Microsoft stores a cookie on the user’s computer that allows the use of our online offer to be analysed. This only occurs if the user has reached our website via an advertisement from Microsoft Bing Ads. This enables Microsoft and us to recognise that someone has clicked on an ad, has been redirected to our website and has arrived at a pre-determined landing page. We are only notified of the total number of users who clicked on a Bing ad and were then redirected to the target page (conversions). No IP addresses are stored. Due to the marketing tools used, your browser automatically establishes a direct connection with the Microsoft server. We have no influence on the extent of the data or its further processing due to the use of Bing Ads. The legal basis for the processing of your data is Art. 6 (1) sentence 1 (f) GDPR; the website operator has a legitimate interest in effective advertising measures. We have no knowledge of what the retention period at Microsoft is and no possibility of influencing it. You can find more information on data protection at Microsoft at: https://privacy.microsoft.com/de-de/privacystatement.

 

 

LinkedIn Insight Tag


This website uses the Insight Tag of LinkedIn. The provider of this services is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

 

By using the LinkedIn Insight Tag, we receive information about the visitors to our website. If a website visitor is registered with LinkedIn, we can analyse the key professional data (such as career level, company size, country, location, industry and job title) of our website visitors and thus better tailor our site to the respective target groups, among other things. Moreover, we can also use LinkedIn Insight Tags to measure whether visitors to our websites make a purchase or take any other action (conversion measurement). Conversion measurement can also extend across devices (such as from a PC to a tablet). LinkedIn Insight Tags also offer a retargeting function allowing us to display targeted off-site advertising to visitors to our website – LinkedIn affirms that it does not identify the recipients of its ads.

 

In addition, LinkedIn directly collects log files (URL, referrer URL, IP address, device and browser properties and time of access). IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymised). Direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymised data is then deleted within 180 days.

 

The data collected by LinkedIn cannot be used by us, the website operator, to identify specific individuals. LinkedIn stores the personal data collected from website visitors on its servers in the USA and uses it for its own advertising measures. Details can be found in the privacy policy of LinkedIn at https://www.linkedin.com/legal/privacy-policy#choices-oblig.

 

If your consent has been obtained, the above-mentioned service is used exclusively on the basis of Art. 6 (1) (a) GDPR. You can revoke your consent at any time. If no consent has been obtained, this service is used on the basis of Art. 6 (1) sentence 1 (f) GDPR; the website operator has a legitimate interest in effective advertising measures, including the use of social media.

 

We have concluded a contract on order processing for using the above-mentioned service. This is a contract required by data protection law, which ensures that the host will only process personal data from our website visitors in line with our instructions and in compliance with the GDPR.

 

Data transfer to the USA is governed by the standard contractual clauses of the EU Commission. For details, go to: https://www.linkedin.com/legal/l/dpa and  https://www.linkedin.com/legal/l/eu-sccs.

 

You can opt out of usage behaviour analysis and targeted advertising by LinkedIn at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

 

Moreover, LinkedIn members can also control the use of their personal data for advertising purposes in the account settings. To prevent LinkedIn from linking data collected on our website to your LinkedIn account, you must log out of your LinkedIn account before visiting our website.

Online Booking System (not valid for www.josephberlin.de)

Processing of Customer and Contractual Data


We collect, process and use personal customer and contractual data for the purpose of establishing, defining the content of and modifying our contractual relationships. We collect, process and use personal data about the use of this website (usage data) only insofar as this is necessary to enable the user to use the service or to be billed for it. The legal basis for this is Art. 6 (1) (b) GDPR.

 

The customer data collected will be deleted after the order is completed or the business relationship has come to an end and after any existing legal retention periods have expired. Statutory retention periods shall remain unaffected by this.

 

 

Data Transmission upon Conclusion of a Contract for Services


We only transmit personal data to third parties if this is necessary for processing the contract, such as crediting the institution commissioned with processing payments.

 

The data will not be transmitted further unless you have expressly consented to this. Your data will not be passed on to third parties without your express consent, such as for advertising purposes.

 

The legal basis for processing your data is Art. 6 (1) sentence 1 (b) GDPR, which permits data processing in order to implement a contract or pre-contractual measures.

 

 

Processing and Forwarding of Personal Data


If you wish to make a booking in our online booking system, you will need to provide personal data such as your name, address and e-mail address to initiate and conclude the contract. The details required for processing the booking and contract are clearly marked; other details are provided voluntarily.

 

We process your data to complete the booking; in particular, we forward payment data to your chosen payment service provider or our main bank. As part of your booking or booking request, the booking information is also transferred to external Internet booking engine operators [TravelClick, Inc, (“Amadeus”), 75 New Hampshire Avenue, Portsmouth, NH 03801, USA] for to implement or prepare the contract. The legal basis for processing your data is Art. 6 (1) sentence 1 (b) GDPR.

 

To prevent unauthorised third parties from accessing your personal data, the booking process on the website is encrypted using SSL/TLS technology.

 

You can voluntarily create a customer account where we will store your data for future visits to the website. When you create a customer account, the data you provide will be processed. You can edit or delete all other data, including your customer account, yourself after you have registered successfully.

 

We will delete the data collected in this context after storing it is no longer required or restrict its processing if there are statutory retention obligations. Due to mandatory commercial and tax regulations, we are obliged to retain your address, payment and booking data for a period of ten years. Two years after the contract comes to an end, we will restrict the processing of your data to what is necessary to comply with existing legal obligations.

 

 

Encrypted Payment Transactions on This Website


If, after a fee-based contract is concluded, there is an obligation to provide us with your payment data (such as your account number for direct debit authorisation), this data is required for us to process payments.

 

Payment transactions with common means of payment (Visa, MasterCard, AMEX, Diners Club, JCB, Paypal) are exclusively made using an encrypted SSL or TLS connection. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

 

Thanks to encrypted communication, your payment data that you transmit to us cannot be read by third parties.

Online Table Reservation

We use the table reservation platform Open Table on our website. The provider of Open Table is:

 

Open Table GmbH

Schumannstraße 27

60325 Frankfurt

(hereinafter “Open Table”)

 

When you use the reservation system, Open Table GmbH receives your contact details and the information required to process the reservation (date of stay, accommodation, etc.). In addition, the data mentioned in the “Access Data” section is also transmitted to Open Table, while cookies may be used as described in the “Cookies” section.

 

Open Table stores your data and processes it for booking and advertising, market research and/or needs-based website design. Your data may also be transferred outside the EU, particularly to the USA. For this reason, we have concluded “Data Processing Agreements” with Open Table in order to oblige Open Table to maintain an appropriate level of data protection. We will provide you with a copy of the agreement upon request.

 

More information and Open Table’s valid privacy policy can be found at https://www.opentable.de/legal/privacy-policy.

 

The legal basis for processing your data is Art. 6 (1) sentence 1 (f) GDPR. The purpose of processing personal data is to make our website design more appealing and offer you additional services. We have no knowledge of what the retention period at Open Table is and no possibility of influencing it.

Contact Forms

Requests


You can use the forms provided on the websites to request the creation of vouchers or make group reservations or rental requests for event or design spaces.

 

If you send us requests via the contact form, your information from the request form, including the contact data you have provided there, will be stored by us for the purpose of processing the request and for any follow-up requests. We will not pass on this data without your consent.

 

This data will be processed on the basis of Art. 6 (1) (b) GDPR if your request is related to the performance of a contract or is necessary for implementing pre-contractual measures. In all other cases, the processing of your data will be based on our legitimate interest in effectively handling the requests addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if this has been requested; consent can be revoked at any time.

 

We will retain the data you enter in the contact form until you ask us to delete it, revoke your consent to our storing it or if the purpose for storing the data no longer applies (such as after we have completed processing your request). Mandatory statutory provisions – particularly retention periods – shall remain unaffected by this.

Communication

Request by E-Mail or Telephone


If you contact us by e-mail or telephone, your request and all resulting personal data (name, request) will be stored and processed by us in order to handle your request. We will not pass on this data without your consent.

 

This data will be processed on the basis of Art. 6 (1) (b) GDPR if your request is related to the performance of a contract or is necessary for implementing pre-contractual measures. In all other cases, the processing of your data will be based on our legitimate interest in effectively handling the requests addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if this has been requested; consent can be revoked at any time.

 

We will retain the data passed on to us until you ask us to delete it, revoke your consent to our storing it or if the purpose for storing the data no longer applies (such as after we have completed processing your request). Mandatory statutory provisions – particularly statuory retention periods – shall remain unaffected by this.

 

 

E-Mail Reservation Assistant HERA Resbot


When you e-mail us, particularly with booking requests, the e-mail and its metadata may also be shared with external operators of third-party software that assists us in responding to e-mails. The provider is:

 

Hotel Res Bot UG

Mönchsgasse 48

50737 Köln

Germany

 

Personally identifiable information (PII), including your e-mail address and the content of the e-mail, will then be processed and a response e-mail generated by this system. The legal basis for processing your data is Art. 6 (1) sentence 1 (b) GDPR.

 

Received or sent e-mails are automatically deleted after 5 days. Cached personal data, which includes the content of the e-mail and the offer details, will be deleted 2 weeks after the requested departure date for booking requests or 2 weeks after the e-mail was received for other requests.

 

Automated decision-making is used to suggest the most suitable products (room and rate types) to the agent based on the written request. Your data will be shared in a secure manner with third-party processors (such as AWS, where the app is hosted, or an e-mail service provider for sending and receiving e-mails). There is nothing specifying that your personal data will be transferred to a country outside the EU or UK.

 

To prevent unauthorised third parties from accessing your personal data, your e-mail will be encrypted for transport in standy mode.

 

 

E-Marketing Platform TravelClick GMS | Pre-Stay and Post-Stay E-Mails


Your e-mail address will be processed with TravelClick in order to send e-mails before your stay and feedback requests after your stay. The provider is:

 

TravelClick, Inc. (“Amadeus”)

75 New Hampshire Ave

Portsmouth, NH 03801, USA

(hereinafter TravelClick)

 

Your e-mail address and name will be stored on TravelClick’s servers in the USA. TravelClick processes this information to send and evaluate the e-mails on our behalf and to optimise or improve its own services, such as by technically optimising how it sends and presents the content and guest surveys.

 

Technical information, such as information on the browser and your system, your IP address and the time of the retrieval, is initially collected when the e-mails are opened. This information is processed to improve the services based on the technical data or the target groups and improve reading behaviour based on their retrieval locations (which can be determined by the IP address) or access times.

 

An additional order processing agreement lays out the conditions applicable for TravelClick’s processing of personal data under the contract. This is to ensure that processing will be carried out in accordance with UK data protection legislation. The legal basis for such processing is Art. 6 (1) sentence 1 (f) GDPR. We have no knowledge of what the retention period at Travelclick is and no possibility of influencing it. We process this data for marketing purposes until two years after the contract has come to an end.

 

More information and TravelClick’s valid privacy policy can be found at https://www.amadeus-hospitality.com/travelclick-legal/terms-and-conditions/#all.

 

 

E-Marketing Platform TravelClick GMS |  E-Mail Marketing (Existing Customer Advertising)


While implementing the contract or afterwards, we reserve the right to process the e-mail address provided by you during booking or via the form for our guest WLAN in accordance with the statutory provisions in order to send you the following content – among other things – by e-mail, provided that you have not already objected to our processing of your e-mail address:

other interesting offers from our portfolio, information on events organised by our company and by third parties, an overview of possible leisure offers, special or time-limited offers, upselling e-mails, a feedback link to Tripadvisor or Google, invitations to events.

 

The legal basis for processing your data is Art. 6 (1) sentence 1 (f) GDPR. We perform the aforementioned processing for the purpose of customer care and expanding our services.

 

Please note that you can object to receiving direct advertising at any time without incurring any costs other than transmission costs according to basic rates. You have a general right to object without needing to specify reasons (Art. 21 (2) GDPR).

 

 

EasyWay Messenger Service


We use the platform of EasyWay Technologies Ltd. in selected hotels to communicate with you. The provider is:

 

EasyWay Technologies Ltd.

Allenby 87

6513427 Tel Aviv

Israel

 

EasyWay enables communication between the hotel and you via text message and/or WhatsApp. EasyWay is a processor that works on the basis of an agreement pursuant to Art. 28 GDPR.

 

The hotel uses EasyWay to collect, store and use data for the purpose of establishing communication between the hotel and the guest. A data transfer to Canada is also governed by the European Commission’s adequacy decision according to Art. 45 GDPR. Your personal data is processed for the purpose of communication according to Art. 6 (1) sentence 1 (b) GDPR, as this is necessary for the hotel to initiate/implement a contract.

 

Your personal data is also used for informing you about services provided by the hotel or other services (such as evaluation requests). The hotel has a legitimate interest in such direct advertising according to Art. 6 (1) sentence 1 (f) GDPR. You can object to this processing of your data at any time by sending a message directly to the hotel. Through the use of the EasyWay platform, the following categories of your personal data will be processed:

name, mobile phone number / contact details of the messaging service used (such as WhatsApp), arrival and departure dates, data relating to the stay such as room number, language.

 

It may happen that other personal data or special categories of personal data within the meaning of Art. 9 GDPR will be processed if your messages to the hotel contain this data (such as messages about food intolerances or religious customs). The hotel will never expressly ask you to submit such data. If you do so anyway, you consent to allow the hotel to process it further according to the information in this notice immediately after you have sent it.

 

The hotel has activated the EasyWay function to send automatic replies. The content of the guest’s message is analysed, and predefined answers to standard questions are sent out. The hotel has also activated the EasyWay function to check the language and translate messages. The content of the message will be analysed to identify the language used. If there is a discrepancy between the language used and the languages set as standard by the hotel, the message will be translated. Your personal data processed when using the EasyWay platform will be deleted three days after the end of your stay at the hotel.

 

Please note that you can object to receiving direct advertising and the processing of data for the purpose of direct advertising at any time without incurring any costs other than transmission costs according to basic rates. You have a general right to object without needing to specify reasons (Art. 21 (2) GDPR). After you have exercised your right to object, we will delete your data in connection with existing customer advertising. To do this, click on the unsubscribe link in the respective e-mail or send your objection to the contact details listed in the “Responsible Provider” section.

Review Management

Whenever you rate us through participating review platforms or processes such as Google, Booking.com or TripAdvisor, we will manage and analyse these hotel reviews through the Revinate Reputation platform. The provider is:

 

Revinate Inc.

One Lettermann Drive

Bldg. C, Suite CM100

San Francisco, CA 94129.

 

Details can be found in the privacy policy of Revinate: https://www.revinate.com/privacy/.

 

An additional order processing agreement lays out the conditions applicable for Revinate’s processing of personal data under the contract. This is to ensure that processing will be carried out in accordance with data protection legislation of the European Union. The legal basis for such processing is Art. 6 (1) (f) GDPR. We have no knowledge of what the retention period at Revinate is and no possibility of influencing it.

Amendments to the Privacy Policy

We reserve the right to amend this privacy policy at any time. The current version of the privacy policy shall apply.