Privacy Policy

Information on the processing of your data

Information for our guests

Pursuant to Art. 12 General Data Protection Regulation (hereinafter referred to as “GDPR”), we are obliged inform you about the processing of your data when you use our Website. We take protecting your personal data very seriously, and this Data Privacy Statement informs you about the details of the processing of your data, as well as about your statutory rights in this respect.

We reserve the right to adapt the Data Privacy Statement, with effect for the future, in particular in the event of the Website being enhanced, if we use new technologies or if there is any change in the statutory basis or the corresponding case law.

We recommend you to read the Data Privacy Statement from time to time, and print it out or make a copy for your records.

Definitions

• “Website” or “Internet presence” shall mean, below, all pages of the Controller at www.amanogroup.de/en/ and www.josephberlin.de/en
• “Personal data” shall mean any information which relates to an identified or identifiable natural person. A person who can be identified, either directly or indirectly, in particular by way of being allocated to an identifier, such as a name, an identification number, location data, an online identifier or one or more special features which are an expression of the physical, physiological, genetic, mental, economic, cultural or social identity of said natural person, is identifiable. Personal data therefore includes, for example, the name, e-mail address and telephone number of an individual, but may also include data on preferences, hobbies and memberships.
• “Processing” shall mean procedures or sequences of procedures in connection with personal data that are carried out with or without the aid of automated processes, such as gathering, recording, organising, classifying, storing, adapting, changing, reading out, retrieving, using, disclosing by transmission or disseminating data, or any other form of provision, comparing, linking, limiting, erasing or destructing such data.
• “Pseudonymisation” shall mean the processing of personal data in such a manner that the personal data can no longer be allocated to a specific data subject without drawing upon additional information, as long as such additional information is stored separately and is subject to technical and organisational measures which guarantee that the personal data is not allocated to an identified or identifiable natural person.
• “Consent” shall mean, below, any declaration of intent voluntarily, in an informed manner and unmistakably submitted in regard to the particular case at hand, in the form of a statement or other clear act of confirmation, by which the data subject indicates that he/she is in agreement with the processing of the personal data relating to him/her.
• “Google” shall hereinafter mean Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.

Scope of application

The Data Privacy Statement shall apply to all pages of www.amanogroup.de and www.josephberlin.de. It shall not extend to any linked Websites or Internet presences of other providers.
Responsible for the processing of personal data within the area of application of this Data Privacy Statement are:

R & S Hotelbetriebsgesellschaft mbH
AMANO München GmbH
Spichernstraße 24
10777 Berlin

Arevitho GmbH
Marburger Straße 2
10789 Berlin

E-mail: dataprotection@amanogroup.de

Questions concerning data protection

We have appointed mb-datenschutz as our data protection officer.

mb-datenschutz GmbH
Jänickendorfer Weg 17
13591 Berlin

Please send any enquiries regarding data protection to

E-mail: dataprotection@amanogroup.de

Security

We have taken extensive technical and organisational precautions to protect your personal data from unauthorised access, abuse, loss and any other external interference. For this purpose, we review our security measures regularly and adapt them to the state of the art.

Your rights
You have the following rights that you may assert vis-à-vis us in regard to the personal data concerning you:

• The right of access to information (Art. 15 GDPR)
• The right to rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR)
• The right to restriction of processing (Art. 18 GDPR)
• The right to object to the processing (Art. 21 GDPR)
• The right to withdraw your consent (Art. 7(3) GDPR)
• The right to receive the data in a structured, common, machine-readable format (“data portability”), as well as the right to have the data passed on to a different controller, if the prerequisites of Art. 20(1)(a), (b) GDPR exist (Art. 20 GDPR).

You may assert your rights by notifying us using the contact details specified in the “Provider Responsible” section or vis-à-vis the Data Protection Officers appointed by us.
In addition, you are entitled to complain to a data protection supervisory authority about the processing of your personal data undertaken by us (Art. 77 GDPR).

Use of the Website, access data

You can basically use our Website for purely informational purposes without disclosing your identity. When you access the individual pages of the Website for this purpose, access data is only transmitted to our webspace provider, so that the Website can be displayed to you. That includes the following data:

• Browser type and browser version
• Operating system used
• Language and version of the browser software
• Host name of the accessing terminal
• IP address
• The Website from which the request comes
• The date and time of the server request
• The referring URL (the page visited previously)
• The volume of data transmitted
• The time zone difference in relation to Greenwich Mean Time (GMT)

The temporary processing of the IP address by the system is necessary to technically enable the Website to be delivered to your PC. It is therefore necessary for your IP address to be processed for the duration of the session. The legal basis for said processing is Art. 6(1)(1)(f) GDPR.

The access data is not used to identify individual users, and not merged with other data sources. The access data is erased once it is no longer necessary in order to achieve the purpose for which it was processed. In the case of the data being recorded to provide the Website, the aforementioned is the case once you finish visiting the Website.

The IP addresses are stored in log files to ensure the functionality of the Website. In addition, the data serves the purpose of enabling us to optimise the Website and ensure that our IT systems are secure. The data is also not evaluated for marketing purposes in this context. The data is essentially erased at the latest after seven days. It may be processed beyond that period in individual cases. In this case, the IP address is deleted or masked in such a way that it is no longer possible to allocate it to the accessing client.

Cookies

Beyond the above-mentioned access data, so-called cookies are stored in the web browser of the terminal used by you when you use the Website. These are small text files containing a sequence of numbers, which are stored locally in the cache of the browser used. Cookies do not form a component of the PC system, and cannot execute any programs. They serve to design our Website in a user-friendly manner. The use of cookies may be technically necessary or may serve other purposes (e.g. analysis/evaluation of the use of the Website).

The consent to the use of cookies, provided these are not absolutely necessary, can be revoked at any time with effect for the future. The link to the cookie preferences is in the footer of the Website.

a) Cookies that are technically necessary

These cookies are necessary for the functioning of the Website and therefore cannot be deactivated. They are used, for example, to save your data protection settings. You can set your browser to block these cookies. However, this will result in some areas of our Website no longer functioning.

ADRUM
AppDynamics detects possible errors in the booking engine TravelClick. This enables the team of TravelClick to improve the usability of the Website.
Duration: Session.

cookieDirectBooking
Is set from our Website. Saves whether a hint window has already been displayed. If so, it will no longer be displayed on the following pages.
Duration: 7 days.

OptanonAlertBoxClosed
Is used by OneTrust. Keeps a timestamp when the cookie consent has been set by the user.
Duration: 1 year.

OptanonConsent
Is used by OneTrust. Saves which cookies you have agreed to on our Website. The cookie contains no personal information.
Duration: 1 year.

kirby_session
Is set by our editorial system Kirby. Saves the selected language.
Duration: Session.

b) Functional cookies

These cookies help us to improve the functionality of the site and provide you with a personalised website experience. In some cases we use functional cookies from third party providers. You can disable or enable these cookies at any time. If you do not consent to their use, some features may not function optimally. The data processing is based on your consent according to Art. 6 para. 1 lit. a GDPR. The transfer to a third country takes place on the basis of Art. 49 para. 1 lit. a GDPR.

_dd_s

Cookie used to group all events generated by a unique user session across multiple pages. It contains the current session ID, whether the session is excluded due to sampling, and the session expiry date. The cookie is extended for a further 15 minutes each time the user interacts with the website, up to the maximum duration of the user session (4 hours).

Duration: A few seconds.

ADRUM_BT

AppDynamics – Browser Performance Management Tool uses these cookies to collect web performance data and IP addresses.

Duration: A few seconds.

ADRUM_BT1

AppDynamics – Browser Performance Management Tool uses these cookies to collect web performance data and IP addresses.

Duration: A few seconds.

ADRUM_BTa

AppDynamics – Browser Performance Management Tool uses these cookies to collect web performance data and IP addresses.

Duration: A few seconds.

SameSite

In combination with session cookies, significantly increases protection against cross-site request forgery.

Duration: A few seconds.

SESSION

Session cookies are cookies that are valid for one session. A session begins when you access a website or web application and ends when you leave the website or close your browser window. Session cookies contain information that is stored in a temporary location that is deleted at the end of the session. Unlike other cookies, session cookies are never stored on your device. Therefore, they are also called transient cookies, non-persistent cookies or temporary cookies.

Duration: Session

c) Statistics cookies
These cookies help us to understand the behaviour of our Website visitors and make our Website even better for you. Your data is processed by Google in the USA. The European Court of Justice considers the level of data protection in the USA to be insufficient. If data is transferred to the USA, there is a risk that the data collected will be processed by US authorities for control and monitoring purposes – possibly without any possibility of legal recourse. With your consent you also agree to the processing of your data in the USA.

_ga
Is used by Google Analytics. Creates a unique, randomly generated user ID that is used to identify the visitor. This makes it possible, for example, to recognize returning visitors.
Duration: 2 years.

_gid
Is used by Google Analytics. Similar to the _ga cookie. Contains a unique, randomly generated user ID that is used to identify user behavior.
Duration: 1 day.

_gat-UA
Is used by Google Analytics. This cookie does not store any user data. It serves to minimize the queries to Google.
Duration: 1 minute.

d) Marketing cookies
These cookies can be set via our Website by our advertising partners. Some help us measure the success of our marketing campaigns. Others are used to create a profile of your interests and show you relevant advertising on other websites. Your data is processed by Google in the USA. The European Court of Justice considers the level of data protection in the USA to be insufficient. If data is transferred to the USA, there is a risk that the data collected will be processed by US authorities for control and monitoring purposes – possibly without any possibility of legal recourse. With your consent you also agree to the processing of your data in the USA.

_gcl
Used by Google Ads. Contains a unique, randomly generated user ID that is used to identify user behavior and measure sales.
Duration: 90 days.

IDE
Is set by Google Ads in the course of remarketing and sales tracking. Contains a randomly generated user ID. Allows Google to recognize visitors to this Website on other websites and to display personalized ads to them.
Duration: 1 year.

MUID
Used by Microsoft Ads (formerly Bing Ads). Stores a unique user ID and is used to identify user behavior and measure revenue.
Duration: 390 days.

test_cookie
Is set by Google Ads in the course of remarketing and sales tracking. Checks whether the browser allows the setting of cookies.
Duration: 1 day.

_uetsid
Used by Microsoft Ads (formerly Bing Ads). Service to recognize the user and measure the sales of ads at Bing.
Duration: 1 day.

_uetvid
Used by Microsoft Ads (formerly Bing Ads). Service to recognize the user and measure the sales
of ads at Bing.
Duration: 16 days.

lang
This is used by LinkedIn and saves the language setting of the Website visitor.
Duration: session.

bcookie
This is used by LinkedIn and contains a unique ID. This is used to recognize user behavior.
Duration: 2 years.

bscookie
This is used by LinkedIn and contains a unique ID. This is used to recognize user behavior.
Duration: 2 years.

UserMatchHistory
This is used by LinkedIn and contains a unique ID.
Duration: 30 days.

lissc
This is used by LinkedIn.
Duration: 1 year.

lidc
This is used by LinkedIn.
Duration: 1 day.

Contacting our company

When making contact with our company, e.g. by e-mail or via contact form on our Website, the personal data notified by you is processed by us in order to answer your enquiry. The legal basis for the processing is Art. 6(1)(1)(f) GDPR or Art. 6(1)(1)(b) GDPR if you are contacting us aiming at concluding an agreement. Should the processing be required in order to conclude an agreement, it may be impossible to conclude or execute an agreement if the data is not provided. If contact is made by e-mail or via contact form on our Website, the legitimate interest in the processing of the data that is required lies in attending to the contact taken up.
No respective data is passed on to third parties in this context. The data is exclusively processed for the purpose of attending to the conversation. We delete the data occurring in this connection once the processing is no longer necessary, or restrict the processing to complying with the existing statutorily obligatory archival periods.

Contact forms:
You can contact us using the forms provided on the Websites for making a voucher request or requesting rental of event spaces. The following valid data are required for the processing of the inquiries.

Voucher request: Contact details (last name, e-mail, telephone), desired amount, shipping method.

Rental request for event space: Contact details (last name, e-mail, telephone), general information (desired date, planned period, number of guests), accommodation, equipment.

Additional information can be given voluntarily as needed.

Processing and passing on of personal data for contractual purposes

We process your personal data if, and to the extent that, it is necessary for initiating, concluding, executing and/or terminating a legal transaction with our company. The legal basis for this emerges from Art. 6(1)(1)(b) GDPR.

Should the data processing be necessary in order to conclude an agreement, if your personal data is not provided it may be impossible to conclude the agreement or execute and/or terminate a legal transaction with our company.

When processing enquiries, personal and other booking-related data is routed outside the European legal area through the use of software service providers for order processing on the basis of guarantees (standard data protection clauses) and may be stored there.

Once the purpose has been achieved (e.g. an agreement fulfilled), the personal data will be blocked for any further processing or erased, unless we are entitled to continue to store it based on any consent granted by you (e.g. consent to your e-mail address being processed for sending you electronic advertising mail), or a contractual agreement, a statutory authorisation (e.g. an authorisation to send you direct advertising) or based on legitimate interests (e.g. archival in order to enforce any claims), and, in the respective connection, are entitled to process it as necessary.
Your personal data is passed on to the extent that

• it is necessary to conclude, execute or terminate legal transactions with our company (e.g. when passing on data to a payment service provider/a shipping company in order to execute an agreement with you (Art. 6(1)(1)(b) GDPR); or
• a sub-contractor or vicarious agent whom we exclusively deploy in the context of providing the offers or services desired by you needs said data (such assistants are, unless you have expressly been informed of anything to the contrary, only entitled to process the data to the extent that it is necessary in order to provide the offer or service); or
• an enforceable official decree exists (Art. 6(1)(1)(c) GDPR); or
• an enforceable judicial order exists (Art. 6(1)(1)(c) GDPR); or
• we are obliged by law to do so (Art. 6(1)(1)(c) GDPR); or
• the processing is necessary in order to protect vital interests of the data subject or another natural person (Art. 6(1)(1)(d) GDPR); or
• it is necessary in order to take on a task that is in the public interest or that is carried out exercising public authority (Art. 6(1)(1)(e) GDPR); or
• we are authorised, or even obliged, to pass it on in order to pursue overwhelming legitimate interests (Art. 6(1)(1)(f) GDPR).

Any passing on of your personal data to other persons, companies or places extending beyond that will not occur unless you have effectively consented to such passing on of your data. The legal basis for the processing is then Art. 6(1)(1)(a) GDPR.

The processing and passing on of personal data in the online booking system

If you would like to make a booking in our online booking system, it is necessary for initiating and concluding the agreement that you provide personal data, such as your name, address and e-mail address. The obligatory details necessary for handling the booking and agreement are marked separately. Further details can be given voluntarily. We process your data in order to handle the booking. For that purpose, we shall, in particular, pass on payment data to the payment services provider selected by you or our principal bank. Within the context of your booking or booking enquiry, the booking information is also passed on to external operators of Internet booking machines (TravelClick, Inc., an Amadeus company, 55 West, 46th Street, 27th Floor, New York, USA). The legal basis for the processing is Art. 6(1)(1)(b) GDPR.

In order to prevent access to your personal data by unauthorised third parties, the booking procedure on the Website is encrypted using SSL/TLS technology. You can voluntarily set up a customer account, where we store your data for subsequent further visits to the Website. When you set up a customer account, the data given by you is processed. Once you have successfully registered, you can independently edit or delete any further data, including your customer account.

We shall delete the data stored within this context after their storage is no longer necessary, or restrict the processing of such data in the event that statutory storage obligations are in place. Due to mandatory trading and tax regulations, we are obliged to keep your address, payment and booking data for a period of ten years. After two years have passed since the agreement was terminated, we undertake a restriction of the processing and reduce the processing to complying with the existing statutory obligations.

Processing of personal data pursuant to Sec. 30 Federal Registration Act (BMG)

Providers of accommodation, such as, in particular, hotels, are obliged, under Sec. 30 Federal Registration Act (BMG), to gather the following data from the guest on the day of arrival and to arrange for the registration form to be signed by the guest in handwriting:

• Date of arrival and the anticipated date of departure
• Surnames
• First names
• Date of birth
• Nationalities
• Address
• Number of fellow travellers and their nationality in the cases falling under Sec. 29(2), sentences 2 and 3.
• Serial numbers of the recognised and valid passport or passport replacement document in the case of individuals from abroad
• Any further data for collecting tourist and visitors’ taxes.

We are obliged to gather, process and pass on such data within the context of the Federal Registration Act (BMG). The legal basis for the processing arises from Art. 6(1)(1)(c) GDPR. You are statutorily obliged to specify your data. If you fail to provide your data, it is impossible to conclude or execute the agreement.

We erase this data or restrict the processing once it is permissible under the regulations of the Federal Registration Act (BMG) and if you have not consented to it being stored and processed (Art. 6(1)(1)(a) GDPR) and no other legitimate interest on our part in continuing to process it exists.

E-mail marketing

Advertising to existing customers

In so far as you have not already objected to the e-mail address notified by you being processed, we reserve the right to process it in the course of booking in line with the statutory provisions on the latter, in order to, inter alia, forward you the following content by e-mail during or following the fulfilment of the agreement:

• Further interesting offers from our portfolio
• concerning events of our company and third party events
• Technical information
• An overview of any leisure time offers
• Directions on how to get to us using public transport
• Special or limited period offers
• Pre-stay/upselling e-mails
• Post-stay: Feedback link to TripAdvisor or Google
• Invitations to events

The legal basis for the processing is Art. 6(1)(1)(f) GDPR. We carry out the processing mentioned as part of customer relationship management and in order to improve our services. We delete your data once you end the newsletter subscription, however at the latest two years after the agreement has been terminated. It is necessary to provide your details in order to conclude the agreement. If you do not provide the data, it is impossible to send you the newsletter.

Marketing platform “Travelclick GMS”

Your e-mail address will be processed with Travelclick for sending marketing e-mails as well as for sending e-mails before your stay and for feedback requests after your stay.
The provider is TravelClick Inc, at Amadeus company, 55 West, 46th Street, 27th Floor, New York, USA.

Your email address and your name will be saved on the Travelclick servers in the USA. Travelclick processes this information to send and evaluate the emails on our behalf as well as to optimize or improve its own services, e.g. for the technical optimization of the dispatch and the presentation of the content and guest surveys. When opening the e-mails, technical information such as Information about the browser and your system, as well as your IP address and time of access, are collected. This information is processed to improve the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or the access times.

An additional order processing agreement defines the conditions that apply to the processing of personal data by Travelclick under the contract. This is to ensure that the processing takes place in accordance with the data protection legislation of the European Union.

We have no knowledge of the storage period at Travelclick and we have no influence on it.
We process this data for marketing purposes up to two years after the end of the contract.

Communication platform “EasyWay”

In selected hotels we use the EasyWay Technologies Ltd (EasyWay Technologies Ltd., Allenby 87, 6513427 Tel Aviv, Israel) platform to communicate with you. EasyWay enables communication between the hotel and you via SMS and / or WhatsApp. EasyWay is a data processor on the basis of an agreement pursuant to Art. 28 GDPR.

The data is collected, stored and used by the hotel through EasyWay in order to establish a communication between the hotel and the guest.

A data transfer to Canada also takes place on the basis of the adequacy decision of the European Commission pursuant to Art. 45 GDPR.

Your personal data is processed for the purpose of communication in accordance with Art. 6 (1)(1)(b) GDPR because it is necessary for the hotel to fulfil the contract.

Your personal data will also be used for the purpose of informing you about services provided by the hotel or other services (e.g. guest review requests). There is a legitimate interest of the hotel for direct advertising according to Art. 6 (1)(1)(f) GDPR. You can object to the processing of your data at any time by sending a direct message to the hotel.

When using the EasyWay platform, the following categories of personal data are processed:

• name
• mobile phone number / contact details of the messaging service used (e.g. WhatsApp)
• arrival and departure data
• data relating to the stay such as room number.

It may happen that further personal data or special categories of personal data within the meaning of Art. 9 GDPR are processed if your messages to the hotel contain such data (e.g. in the case of messages about food intolerances or religious customs). The hotel does not ask you to provide such data. If you do so anyway, you consent to their further processing in accordance with the information in this notice immediately upon sending these data.

The hotel has activated the EasyWay function for sending automatic replies. This involves analysing the content of guest messages and sending pre-defined responses to standard questions.

The hotel has activated the EasyWay function for language checking and translation of messages. In this process, the content of the message is analysed for the language used. If there is a discrepancy between the language used and the languages specified as standard by the hotel, the message is translated.

Your personal data will be deleted by EasyWay three (3) days after the end of your stay at the hotel.

Hotel email reservation assistant “HERA Hotel Resbot”

If you write us an email, in particular booking enquiries and general questions, that email including its meta data may also be passed on to external operators of a 3rd party software which helps us respond to emails (Hotel Res Bot UG, Mönchsgasse 48, 50737 Cologne, Germany). Personally identifiable information (PII) including your email address and the contents of the email will then be processed, and a response email will be generated over this system.

The legal basis for the processing is Art. 6(1)(1)(b) GDPR.

Received or sent emails will be automatically deleted after 5 days. The cached personal data, which include the content of the email and proposal details, will be deleted 2 weeks after the requested departure date for booking enquiries, or 2 weeks after the email was received for other email intents, unless otherwise configured by the client.

Automated Decision Making is used to suggest to the agent the best matching products (room and rate types) based on the written request.

Your data is passed securely to 3rd party processors (eg. AWS where the application is hosted, or an email service provider to send and receive email). No targeted transmission of your personal data to a non-EU country is planned.

In order to prevent access to your personal data by unauthorized third parties, the email is encrypted in transport using TLS 1.2 and at rest using AES-256 encryption.

“Revinate” reputation platform

When you rate us via participating review platforms such as Google, Booking.com, TripAdvisor, we manage and analyse these hotel reviews via the Revinate Reputation Platform.

The provider is Revinate Inc., One Lettermann Drive, Bldg. C, Suite CM100, San Francisco, CA 94129.

An additional data processing agreement sets out the conditions that are applicable to the processing of personal data by Revinate under the contract. This is to ensure that the processing takes place in accordance with the data protection legislation of the European Union.

The legal basis for the processing is Art. 6(1)(1)(f) GDPR.

We have no knowledge of the storage period at Revinate and we have no influence on it.

Payment Service Providers (PSPs)

Passing on of personal data in the case of payment by credit card

Your personal data is essentially only passed on to the extent that it is necessary for executing the agreement. In particular in order to process the payment, we provide the payment data at the bank commissioned with the payment, necessary to settle the payment transaction, or pass it on to any payment and billing service provider commissioned by us.

The data is processed based on Art. 6(1)(1)(b) GDPR (Processing in order to fulfil an agreement). If you fail to provide your personal data, it may be impossible to conclude or execute the agreement. The data required for processing the payment is transmitted securely via the “SSL” procedure, and exclusively processed for the purpose of settling the payment transaction. We shall delete the data stored within this context after their storage is no longer necessary, or restrict the processing of such data in the event that statutory storage obligations are in place.

Passing on of personal data for purposes of enforcing rights/ascertaining the address/collecting debts

In the event of non-payment, if a legitimate interest under Art. 6(1)(1)(f) GDPR exists, we reserve the right to pass on the data notified at the time of booking to an attorney-at-law and/or an external companies (e.g. Verband der Vereine Creditreform e.V., Hellersbergstraße 12, D-41460 Neuss) for the purposes of ascertaining the address and/or enforcing rights.
We may, moreover, pass on your data if it is necessary in order to preserve our rights, as well as the rights of the companies affiliated with us, our co-operation partners, our employees and/or the users of our Website. We will never sell or lease your data to third parties. Such data is passed on based on Art. 6(1)(1)(f) GDPR. It is in particular necessary to process data in order to conclude the agreement. If you fail to provide your personal data, it may be impossible to conclude or execute the agreement.

We shall delete the data stored within this context after their storage is no longer necessary, or restrict the processing of such data in the event that statutory storage obligations are in place.

Hosting

We make use of external hosting providers, which serve the purpose of providing the following services: Infrastructural and platform services, computing capacity, memory resources and database services, security services and also technical maintenance services. In this context, all the data that is necessary for operating and using our Website is processed.
We use external hosting providers for operating this Website. By commissioning external hosting providers, we aim to make our Website available in an efficient and secure manner. The legal basis for the processing is Art. 6(1)(1)(f) GDPR.

Integrating third party content

Third party content, such as videos, map material, RSS feeds or graphics from other websites, is integrated into the Website. Such integration always requires the providers of such content (“third party providers”) to make use of the users’ IP addresses. For, without the IP address, they cannot transmit the content to the browser of the respective user. The IP address is therefore necessary for displaying such content.

We endeavour to exclusively use content of third party providers who only use the IP address to deliver the content. We do not, however, have any control over it if the third party providers process the IP addresses for statistical purposes, for example. In so far as we are aware of this, we inform you about it below.
In the case of some of third party providers, it is possible that data will be processed outside the European Union.

LiveRate for comparing prices

In order to display the price comparison with other booking providers, we use LiveRate’s widget. The provider is LiveRate GmbH, Metzstr. 12, D-81667 Munich, Web: https://www.liverate.chat hereinafter referred to as: “LiveRate”.

This tool searches various other websites, in particular booking portals, for the currently lowest prices offered there when making a booking request. This price is then also displayed on our direct booking page.

The price comparison tool does not collect and process any personal data. In particular, no cookies are used and your IP address is not collected either. Only randomly generated so-called request IDs are assigned. These consist of the date and time of your request as well as the requested booking information (number of people, period of the requested booking and the price) and cannot be traced back to you as a visitor to our Website by LiveRate. The booking requests are therefore made completely anonymously for LiveRate.

You can find further information on the purpose and scope of processing by LiveRate in the provider’s data privacy statement. There you will also find further information on your rights and setting options to protect your privacy, in this respect: (https://www.liverate.de/company/datenschutz). It is not intended to transmit your personal data to countries outside the EU.

Google Web Fonts

In order to display fonts uniformly, we use so-called web fonts, that are provided by Google. When a page is accessed, your browser loads the necessary web fonts into the browser cache, in order to display texts and fonts correctly.

For this purpose, the browser used by you needs to connect to Google’s servers. Thereby Google becomes aware of the fact that our Website has been accessed via your IP address.

Web fonts are deployed in the interests of a uniform and appealing display of our online services. This constitutes a legitimate interest within the meaning of Art. 6(1)(1)(f) GDPR. It is not known to us for how long Google stores the data, and we have no control over this.

You can find further information on Google web fonts at https://developers.google.com/fonts/faq and in Google’s Data Privacy Statement: https://www.google.com/policies/privacy/.

Google Tag Manager

We deploy the Google Tag Manager on our Website. Google Tag Manager is a solution enabling marketers to administer website tags using an interface. The Tool Tag Manager itself (which implements the tags) is a cookie-less domain and does not gather any personal data. The tool ensures that other tags are triggered, which, for their part, gather data in certain circumstances. Google Tag Manager does not access such data. If a deactivation has been undertaken at domain or cookie level, this continues in force for all tracking tags that are implemented using Google Tag Manager.

As an addition to data processing, the standard contractual clauses with Google were accepted on May 2, 2018.

Fonts.com

To display our Website, we additionally use the services of Fonts.com belonging to Monotype (Monotype Imaging Inc., 600 Unicorn Park Drive, Woburn, MA 01801, United States). Whenever you access our Website, the browser loads the necessary web fonts, in order to display texts and graphics correctly. For that purpose, your browser produces a connection with the servers of Monotype in the USA, whereby Monotype becomes aware of your IP address, as well as the fact that you have accessed the page. We have concluded so-called “standard contractual clauses” with Monotype, in order to oblige Monotype to comply with an appropriate level of data protection. Upon request, we will provide you with a copy of the agreement. Fonts.com stores your data for 30 days, and subsequently deletes it.
The legal basis for the processing is Art. 6(1)(1)(f) GDPR. We use Fonts.com to achieve a uniform and appealing display, in regard to which the latter constitutes a legitimate interest within the meaning of Art. 6(1)(1)(f) GDPR.

You can find further information on data privacy at Fonts.com at: https://www.monotype.com/legal/privacy-policy and https://www.monotype.com/legal/privacy-policy/web-font-tracking-privacy-policy/

Google Maps

This Website also uses the “Google Maps” service of Google to display maps or map sections, and thus enables you to conveniently use the map function on the Website.
Through the visit to the Website Google obtains the information that you have accessed the corresponding sub-page of our website. In addition, the data specified in the “Access data” section is transmitted to Google. This is done irrespective of whether Google provides a user account, via which you are logged in, or whether no user account exists. If you are logged into Google, your data is directly assigned to your account. If you do not wish it to be assigned to your profile at Google, you need to log out prior to activating the button.

Google stores your data in the form of usage profiles and uses it for the purpose of advertising, market research and/or designing its Website in line with your requirements. Such an evaluation is in particular undertaken (even for non-logged in users) to provide customised advertising and to inform other users of the social network about your activities on our Website.

The legal basis for the processing is Art. 6(1)(1)(f) GDPR. The processing serves the purpose of designing our Website more attractively and offering you additional service. It is not known to us for how long Googles stores the data, and we have no control over this.

You can obtain further information on the purpose and scope of processing by the plug-in provider in the provider’s data privacy statements. There you will also receive further information on your rights and setting options to protect your privacy, in this respect: http://www.google.de/intl/de/policies/privacy.

You can find further information on the terms and conditions of use of Google Maps at: https://www.google.com/intl/de_de/help/terms_maps.html.

Open Table

We use the table reservation platform Open Table on our Website. The provider of Open Table is Open Table GmbH, Schumannstraße 27, 60325 Frankfurt (“Open Table”).

Through the reservation system being used, Open Table GmbH receives your contact details, as well as the information necessary to carry out the reservation (e.g. the date of the stay, any accommodation). In this respect, the data outlined in the “Access data” section is transmitted to Open Table, and cookies may be deployed in this context, in accordance with the “Cookies” section. Open Table stores your data and processes it for the purposes of booking and advertising, market research and/or designing its website in line with your requirements.

Your data may also be transmitted to areas outside the EU, in particular to the USA. For this eventuality, we have concluded a “Data Processing Agreement” with Open Table, in order to oblige Open Table to comply with an appropriate level of data protection. Upon request, we will provide you with a copy of the agreement. Further information and Open Table’s applicable data protection provisions can be accessed at https://www.opentable.de/legal/privacy-policy.

The legal basis for the processing is Art. 6(1)(1)(f) GDPR. The processing serves the purpose of designing our Website more attractively and offering you additional service. It is not known to us for how long Open Table stores the data, and we have no control over this.

HOTELCAREER

Through our Website, we offer our career opportunities via links to the platform of the service provider hotelcareer. hotelcareer is a service of YOURCAREERGROUP GmbH, Völklinger Straße 1 in 40219 Düsseldorf.
If you apply for a job to us, your data will be collected by hotelcareer and sent encrypted to us.
The privacy policy of YOURCAREERGROUP can be viewed at https://www.hotelcareer.com/data-privacy-statement

We will delete the information after the end of the application process in case the application is unsuccessful.

The legal basis for the processing of applicant data is Art. 6 Abs. 1 S. 1 lit. b DSGVO bzw. § 26 BDSG.

Services for statistical, analytical and marketing purposes

We use services of third party providers for statistical, analytical and marketing purposes. This enables us to give you a user-friendly, optimised experience when using our Website. The third party providers use cookies to manage their services (cf. the “Cookies” section). Unless anything to the contrary is explained below, personal data is not processed.

Some of the third party providers give you the opportunity to directly object to the respective service being deployed, e.g. by setting an opt-out cookie.

We are informing you below about the services of external providers currently deployed on our Website, as well as the purpose and scope of the respective processing in the individual case and on your existing opportunities to object.

Google Analytics

In order to be able to optimally co-ordinate our Website with your interests, we deploy Google Analytics, a web analysis service of Google. Google Analytics deploys cookies (cf. the previous section, “Cookies”) – which are stored on your computer, enabling an analysis of the way you use the Website. The information generated by the cookie on your use of this Website is transferred to a server of Google in the USA and processed there.

Should IP anonymisation be activated on this Website, your IP address is, however, first truncated by Google within Member States of the European Union or in other contracting states in the EEA. Only in exceptional cases is the full IP address transferred to a server of Google in the USA and truncated there. On our behalf, Google will use such information to evaluate your use of the Website, in order to compile reports for us on the Website activities, and in order to provide further services associated with the use of the Website and the Internet to us.

The IP address transmitted by your browser within the context of Google Analytics is not merged with other data of Google.

This Website uses Google Analytics with the extension “_anonymizeIp()”. As a result, your IP addresses are processed on in truncated form, so that any personal reference can thereby be excluded. Should the data gathered about you be attributed a personal reference, this is thus immediately excluded and the personal data is deleted at once.

We use Google Analytics to be able to analyse the use of our Website and regularly enhance it. The statistics help us to enhance our Website and design it in a more interesting way for you, as the user.

We also use Google Analytics to display the ads served by advertising services of Google and its partners only to those users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Google (so-called “Remarketing Audiences”, or “Google Analytics Audiences”).
With the help of Remarketing Audiences, we also want to ensure that our advertisements correspond to the potential interest of our users.

As an addition to data processing, the standard contractual clauses with Google were accepted on May 2, 2018.

The legal basis for the processing by Google Analytics is Art. 6(1)(1)(f) GDPR. The Google Analytics cookies are deleted at the latest after fourteen months.

You can find further information of the third-party provider Google at:

http://www.google.com/analytics/terms/de.html, http://www.google.com/intl/de/analytics/learn/privacy.html, http://www.google.de/intl/de/policies/privacy.

Usage-based online advertising

Google Ads

We use the offer of Google Ads from Google to, with the aid of advertising media (“Google Ads”), make users aware of our attractive offers on external websites. We are, in relation to the data of the advertising campaigns, able to ascertain how successful the individual advertising efforts are. We thereby pursue the interest of displaying to you advertisements that are of interest to you, designing our Website so as to be more interesting to you, and achieving a fair calculation of advertising costs.

Such advertising media are delivered by Google via “Ad Servers”. For that purpose, we use Ad Server cookies, through which certain parameters for measuring success, such as displaying the advertisements or clicks by the user, can be measured. Should you arrive at our Website via a Google advertisement, a cookie is stored on your PC by Google Ads. These cookies generally lose their validity after 30 days, and are not supposed to serve the purpose of personally identifying you. The unique cookie ID, the number of Ad Impressions per placing (frequency), the latest impression (relevant for post-view conversions) and also opt-out information (indicating that the user would prefer no longer to be addressed) are usually stored within this cookie.

These cookies enable Google to recognise your browser again. Should a user visit certain pages of the Website of an AdWord customer and the cookie stored on his or her PC not yet have expired, Google and the customer can discern that the user has clicked on the advertisement and has been redirected to this particular page. Every Google AdWords customer is assigned a different cookie. Cookies can therefore not be tracked via the websites of AdWords customers. We ourselves do not process any personal data in the course of said advertising efforts. Statistical evaluations are merely made available to us by Google. These evaluations enable us to recognise which of the advertising efforts deployed is particularly effective. We do not receive any further data from deploying the advertising media, and we can in particular not identify the user based on this information.

Based on the marketing tools deployed, your browser automatically produces a direct connection with Google’s server. We have no control over the scope and further processing of the data that is gathered by Google by deploying this tool, and we therefore keep you informed accordingly to the best of our knowledge: Through the integration of  Google Ad’s conversion, Google receives information that you have accessed the corresponding section of our Website or clicked on one of our advertisements. If you are registered with a service of Google, Google may assign the visit to your account. Even if you are not registered with Google, or are not logged in, it is possible that the provider obtains your IP address and stores it.

As an addition to data processing, the standard contractual clauses with Google were accepted on May 2, 2018.

To the extent Google processes your personal data on our behalf, the legal basis for the processing is Art. 6(1)(1)(f) GDPR. It is not known to us for how long Google stores the data, and we have no control over this.
You can find further information on data privacy at Google here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org.

Google Remarketing

Besides Adwords Conversion, we use the Google Remarketing application of Google. This concerns a procedure with which we would like to address you again. Through this application, after you have visited our Website our advertisements can be shown to you when you continue to use the Internet. This is done by means of cookies stored in your browser by means of which your usage pattern is recorded and evaluated by Google when you visit various websites. In this way, your previous visit to our Website can be detected by Google. As per Google’s own statement, the data gathered in the context of the remarketing is not merged with your personal data that may be processed by Google. According to Google, in particular Pseudonymisation is used in conjunction with remarketing.

As an addition to data processing, the standard contractual clauses with Google were accepted on May 2, 2018.
The legal basis for the processing is Art. 6(1)(1)(f) GDPR. It is not known to us for how long Google stores the data, and we have no control over this.

Google DoubleClick

We furthermore use Google’s online marketing tool “DoubleClick” on the Website. DoubleClick deploys cookies to display advertisements relevant to the user, improve the reports on the campaign’s performance or prevent users from being shown the same advertisements repeatedly. Via a Cookie ID – which is a pseudonymous identification number assigned to your browser – Google records which advertisements are displayed in which browser, and can thus prevent them from being displayed repeatedly. Information on the user’s activities on the website is assigned to this pseudonym. This enables Google and its partner sites to display advertisements based on previous visits to websites. DoubleClick can, furthermore, with the aid of the Cookie ID, record conversions relating to advertisement enquiries. Conversion means, for example, a user being shown a double-click advertisement and subsequently accessing the website of the advertiser with the same browser and buying something there.
The information generated by the DoubleClick cookies is transmitted by Google to a server in the USA and stored there.

As an addition to data processing, the standard contractual clauses with Google were accepted on May 2, 2018.

Data is only transmitted to third parties based on statutory regulations or within the context of contract data processing. Google’s DoubleClick cookies do not contain any personal information.

Based on the marketing tools deployed, your browser automatically produces a direct connection with Google’s server. We have no control over the scope and further processing of the data that is gathered by Google by deploying this tool, and we therefore keep you informed accordingly to the best of our knowledge. Through the integration of DoubleClick, Google receives the information that you have accessed the corresponding section of our Website or clicked on one of our advertisements. If you are registered with a service of Google, Google may assign the visit to your account. Even if you are not registered with Google, or are not logged in, it is possible that the provider obtains your IP address and stores it.

The legal basis for the processing is Art. 6(1)(1)(f) GDPR. The DoubleClick cookies are deleted at the latest after six months. By deploying DoubleClick, we pursue the interest of displaying to you advertisements that may be of interest to you, in order to design our Website so as to be more interesting to you.

You can obtain further information on DoubleClick at: https://www.google.de/doubleclick, http://support.google.com, https://policies.google.com/privacy?hl=de (on data privacy at Google in general).

Bing Ads

We deploy the conversion and tracking tool Bing Ads of Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, hereinafter referred to as “Microsoft”) on our Website.
This involves a cookie being stored by Microsoft on the user’s PC, so as to enable the use of our online services to be analysed. A prerequisite for the latter is that the user arrives at our Website via an advertisement of Microsoft Bing Ads. Microsoft and we can, in this way, recognise that somebody has clicked on an advertisement, been re-routed to our online services, and arrived at a previously specified target page. In this context, we only find out the total number of users who have clicked on a Bing advertisement and then been re-routed to the target page (conversions). No IP addresses are stored.

Based on the marketing tools deployed, your browser automatically produces a direct connection with Microsoft’s server. We have no control over the scope and further processing of the data which is arranged for through the deployment of Bing Ads.

The legal basis for the processing is Art. 6(1)(1)(f) GDPR. It is not known to us for how long Microsoft stores the data, and we have no control over this. You can find further information on data privacy at Microsoft at: https://privacy.microsoft.com/de-de/privacystatement.

LinkedIn Insight Tag

We use the conversion tool “LinkedIn Insight Tag” of the social network LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland, on our Website.
The tool creates a cookie in your web browser, which enables the collection of the following data, among others: IP address, device and browser properties and page events (e.g. page views).

We use the tool to display targeted LinkedIn ads (so-called LinkedIn Ads) only to those users on LinkedIn who have shown an interest in our online offer. With the help of the LinkedIn Insight Tag, we can also track the effectiveness of the LinkedIn Ads for statistical and market research purposes by seeing whether users were redirected to our Website after clicking on the Ads (so-called “conversion measurement”).

The legal basis for the use of the LinkedIn Insight Tag is Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in effective advertising measures including social media so that we can improve our offer and make it more interesting for you as a user.
You can find more information on this in LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy .
You can prevent the analysis of your usage behaviour by LinkedIn and the display of interest-based recommendations via https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Plug-ins of social networks

Social network plug-ins are integrated into our Website. These are made available by the following providers:

• Facebook (the provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland), e-mail: impressum-support@support.facebook.com, data privacy policy can be found at: https://www.facebook.com/privacy/explanation; http://www.facebook.com/about/privacy/your-info-on-other#applications, as well as http://www.facebook.com/about/privacy/your-info#everyoneinfo.; hereinafter referred to as “Facebook”,
• Instagram (the provider is Instagram Inc., 1601 Willow Road, Menlo Park, California 94025, USA), data privacy policy can be found at: https://help.instagram.com/155833707900388
• LinkedIn (the provider is LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Irland), data privacy policy can be found at: https://www.linkedin.com/legal/privacy-policy

The plug-ins are identified within the scope of our Website by the above-mentioned fonts or by small stylised icons.
We give you the opportunity to communicate directly with the provider of the plug-in using the button. Only if you click on the field marked and thereby activate it does the plug-in provider receive the information that you have accessed the corresponding Website of our online range of services. In addition, the data specified in the “Access data” section above is transmitted.

In the case of Facebook and Xing, as per details given by the respective providers in Germany the IP address is anonymised immediately once it is gathered. That means that, through the plug-in being activated, personal data of yours is transmitted to the respective plug-in provider and stored there (in the case of US providers, in the USA). As the plug-in provider in particular gathers data using cookies, we recommend you to delete all cookies via your browser’s security settings prior to clicking on the greyed-out box.

We neither have any control over the data gathered or the data processing procedures nor are we are aware of the full extent of the data gathered, the purposes of the processing or the storage periods. We also have no information about the deletion of the data gathered by the plug-in provider.

The plug-in provider stores the data gathered about you in the form of usage profiles and uses it for the purpose of advertising, market research and/or designing its website in line with user requirements. Such an evaluation is in particular carried out (also for users who are not logged in) in order to display advertising in line with the user’s requirements and inform other users of the social network about your activities on our Website.

The legal basis for the use of the plug-ins is Art. 6(1)(1)(f) GDPR. Via the plug-ins we give you the opportunity to interact with the social networks and other users, so that we can improve our Website and design it in a more interesting way for you as a user.

Data is disclosed irrespective of whether or not you have an account with the plug-in provider or are logged in there. If you are logged into the plug-in provider, your data gathered on our Website will be directly assigned to your account kept with the plug-in provider. If you press the activated button and link the page, for example, the plug-in provider also stores this information in your user account and notifies your contacts about it publicly.

We recommend you to regularly log out after using a social network, in particular, however, prior to activating the button, as in this way you can avoid any of your user activities being assigned to your profile kept with the plug-in provider.