If you have any questions about data protection or wish to exercise your rights, please contact our data protection contact by sending an email to the following address: firstname.lastname@example.org
Provided that the relevant legal requirements are met, as a person affected by data processing you have the following rights:
Right of access: You have the right to request access to your personal data stored and processed by us at any time and free of charge. This gives you the opportunity to check what personal data we process about you and that we use it in accordance with applicable data protection regulations.
Right to rectification: You have the right to have inaccurate or incomplete personal data rectified and to be informed of the rectification. In this case, we will inform the recipients of the data concerned of the adjustments made, unless this is impossible or involves disproportionate effort.
Right to deletion: You have the right to have your personal data deleted under certain circumstances. In individual cases, especially in the case of legal retention obligations, the right to deletion may be excluded. In this case, we may block your data instead, provided the conditions are met.
Right to restrict processing: You have the right to request that the processing of your personal data be restricted.
Right to data transfer: You have the right to obtain from us, free of charge, the personal data you have provided to us in a readable format.
Right to object: You can object to the processing of your data at any time, in particular for data processing in connection with direct advertising (e.g. advertising emails).
Right of withdrawal: In principle, where you have given consent you have the right to withdraw that consent at any time. However, processing activities that have already taken place based on your consent do not become unlawful because of your revocation of consent.
To exercise these rights, please send us an email to the following address: email@example.com
Right of complaint: You have the right to lodge a complaint with a competent supervisory authority, for example against the way your personal data is processed.
We use appropriate technical and organisational security measures to protect your personal data stored with us against loss and unlawful processing, namely unauthorised access by third parties. Our employees and the service companies commissioned by us are obliged by us to maintain confidentiality and data protection. Furthermore, these persons are only granted access to the personal data to the extent necessary for the fulfilment of their tasks.
Our security measures are continuously adapted in line with technological developments. However, the transmission of information via the Internet and electronic means of communication always involves certain security risks and we cannot provide an absolute guarantee for the security of information transmitted in this way.
If you contact us via our contact addresses and channels (e.g. by e-mail, telephone or contact form), your personal data will be processed. The data you have provided us with, e.g. the name of your company, your name, your function, your e-mail address or telephone number and your request, will be processed. In addition, the time of receipt of the request will be documented. Data that it is mandatory you provide are marked with an asterisk (*) in the relevant contact form.
We process this data exclusively in order to implement your requests (e.g. providing information about our Hotel, support in the processing of a contract such as questions regarding your booking, incorporating your feedback into the improvement of our service, etc.). The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-GDPR in the implementation of your request or, if your request is directed towards the conclusion or execution of a contract, the necessity for the implementation of the required measures within the meaning of Art. 6 para. 1 lit. b EU-GDPR.
We evaluate this data in order to further develop our offers in a needs-oriented manner and to display and suggest the most relevant information and offers to you. We also use methods that predict possible interests and potential future orders based on your website use. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-GDPR in carrying out marketing measures.
If you register for our e-mail newsletter (e.g. when opening or within your customer account), the following data will be collected. Mandatory data is marked with an asterisk (*) in the registration form:
In order to avoid misuse and to ensure that the owner of an e-mail address has actually given their consent, we use a double opt-in procedure for registration. After sending the registration form, you will receive an e-mail from us containing a confirmation link. In order to definitely register for the newsletter, you must click on this link. If you do not click on the confirmation link within the specified period, your data will be deleted again and our newsletter will not be sent to this address.
By registering, you consent to the processing of your data in order to receive messages from us about our Hotel, our offers and related products and services. This may also include invitations to participate in competitions or to evaluate our products and services. The collection of the salutation and name allows us to verify any link between the registration and a possibly already existing customer account and to personalise the content of our messages to you. The link to a customer account helps us to make the offers and content contained in the newsletter more relevant to you and better tailored to your potential needs.
We will use your data to email you until you revoke your consent. Revocation is possible at any time, in particular via the unsubscribe link in all our marketing emails.
Our marketing emails may contain a so-called web beacon or 1x1 pixel (tracking pixel) or similar technical tools. A web beacon is an invisible graphic that is linked to the user ID of the respective newsletter subscriber. For each marketing email sent, we receive information on which addresses have not yet received the email, to which addresses it was sent and for which addresses the sending failed. We also see which addresses have opened the email, for how long and which links they have clicked on. Finally, we receive information about which addresses have unsubscribed. We use this data for statistical purposes and to optimize our promotional emails in terms of frequency, timing, structure and content. This allows us to better tailor the information and offers in our emails to the individual interests of recipients.
The web beacon is deleted when you delete the email. To prevent the use of the web beacon in our marketing emails, please set the parameters of your email program so that HTML is not displayed in messages if this is not already the case by default. In the help section of your email software you will find information on how to configure this setting.
By subscribing to the newsletter, you also consent to the statistical evaluation of user behavior for the purpose of optimizing and adapting the newsletter. This consent constitutes our legal basis for the processing of your data within the meaning of Art. 6 para. 1 lit. a EU-GDPR.
We use Campaign Monitor email marketing software Campaign Monitor (201, Elizabeth Street, Sydney, Australia) for marketing emails. Your data will be stored in a database of Campaign Monitor, which allows Campaign Monitor to access your data if this is necessary for the provision of the software and for support in the use of the software. The legal basis for this processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-GDPR in the use of third-party services.
Without the support of other companies, we would not be able to provide our services in the desired form. In order for us to be able to use the services of these companies, it is also necessary to pass on your personal data to a certain extent. Such a transfer takes place to the extent that it is necessary for the fulfilment of the contract requested by you, for example to restaurants or other third parties for which you have made a reservation. The legal basis for these disclosures is the necessity for the performance of the contract within the meaning of Art. 6 para. 1 lit. b EU-GDPR.
In addition, your data may be disclosed to authorities, legal advisors or debt collection agencies, if we are legally obliged to do so or if this is necessary to protect our rights, in particular to enforce claims arising from our relationship with you. Data may also be disclosed if another company intends to acquire our company or parts thereof and such disclosure is necessary to carry out due diligence or to complete the transaction. The legal basis for this data transfer is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-GDPR in safeguarding our rights and complying with our obligations or the sale of our company.
When you visit our website, the servers of our hosting provider "myhotelshop GmbH", Flossplatz 6, 04107 Leipzig, Germany) temporarily store every access in a log file. The following data is collected without your intervention and stored by us until automatically deleted:
The collection and processing of this data is carried out for the purpose of enabling the use of our website (connection establishment), to permanently guarantee system security and stability as well as for error and performance analysis and enables us to optimize our website (see on these last points also Section 13).
In the event of an attack on the network infrastructure of the website or a suspicion of other unauthorized or abusive website use, the IP address and the other data will be evaluated for the purpose of clarification and defence and, if necessary, used in the context of criminal proceedings to identify and take civil and criminal action against the users concerned.
Our legitimate interest in data processing within the meaning of Art. 6 para. 1 lit. f EU-GDPR lies in the purposes described above.
Cookies are information files that your web browser stores on your computer's hard drive or memory when you visit our website. Cookies are assigned identification numbers that identify your browser and allow the information contained in the cookie to be read.
You may also be able to configure your browser so that no cookies are stored on your computer or so that a message always appears when you receive a new cookie. Deactivating cookies may mean that you cannot use all the functions of our website.
The website uses the Google SiteSearch/Google Custom Search Engine of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). This enables us to provide you with an efficient search function on our website.
For needs-based design and continuous optimization of our website, we use the web analysis services listed below. In this context, pseudonymised usage profiles are created and cookies are used (please also refer to Section 11). The information generated by the cookie about your use of our website is usually transferred together with the log file data listed in Section 10 to a server of the service provider, where it is stored and processed. This may also result in a transfer to servers abroad, e.g. the USA (see on this point, in particular on the guarantees taken, Section 8).
In processing this data, we obtain the following information, among others:
The provider will use this information on our behalf to evaluate the use of the website, to compile reports on website activities for us and to provide other services related to website and internet use for the purposes of market research and needs-based design of these internet pages. For these processing operations, we and the providers may to a certain extent be considered joint data controllers.
The legal basis for this data processing with the following tools is your consent within the meaning of Art. 6 para. 1 lit. a EU-GDPR. You can revoke your consent or refuse processing at any time by rejecting or deactivating the relevant cookies in your web browser settings (see Section 11) or by making use of the service-specific options described below.
For the further processing of your data by the respective provider as the (sole) data protection controller, in particular also any forwarding of this information to third parties such as authorities on the basis of national legal regulations, please refer to the respective data protection information of the provider.
We use the web analytics service Google Analytics from Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) or Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) ("Google").
The data described about the use of the website may be transmitted to the servers of Google LLC. in the USA for the processing purposes explained (see Section 13.1). The IP address is shortened by activating IP anonymization ("anonymizeIP") on the website before transmission within the Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
Users can prevent the collection of the data generated by the cookie and related to their website use (inclunding the IP address) and its transmission to and processing by Google by downloading and installing a browser plugin.
On our website, we have included links to our profiles in the social networks of the following providers:
When you click on the icon of a social network on our website, you are automatically redirected to our profile in the respective network. This establishes a direct connection between your browser and the server of the respective social network. This provides the network with the information that you have visited our website with your IP address and clicked on the link.
If you click on a link to a network while you are logged into your user account with the network in question, the content of our website may be linked to your profile so that the network can assign your visit to our website directly to your account. If you want to prevent this, you should log out before clicking on the relevant links. A connection between your access to our website and your user account takes place in any case if you log in to the respective network after clicking on the link. The respective provider is responsible under data protection law for the associated data processing. Please note the information on the relevant network's website. The legal basis for any data processing attributed to us in this regard is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-GDPR in the use and promotion of our social media profiles.
We use services of various companies to provide you with interesting offers online. In the process of doing this, your user behavior on our website and websites of other providers is analyzed in order to subsequently be able to show you online advertising that is individually tailored to you.
Most technologies for tracking your user behavior and targeting advertisements work with cookies (see also Section 11), which can be used to recognize your browser across different websites. Depending on the service provider, it may also be possible for you to be recognized online even when using different end devices (e.g. laptop and smartphone). This may be the case, for example, if you have registered for a service that you use with several devices.
We and our service providers use this data to identify whether you belong to the target group we address and take this into account when selecting the advertisements. For example, after you have visited our site, you may be shown advertisements of the products or services you have consulted when you visit other sites ("re-targeting"). Depending on the scope of the data, a user's profile may also be created, which is evaluated automatically, and the ads are selected according to the information stored in the profile, such as membership of certain demographic segments or potential interests or behaviors. Such ads may be presented to you on various channels, which include, in addition to our website or app (as part of onsite and in-app marketing), ads provided through the online advertising networks we use, such as Google.
The data may then be analyzed for the purpose of billing the service provider and assessing the effectiveness of advertising measures in order to better understand the needs of our users and customers and to improve future campaigns. This may also include information that the taking of an action (e.g. visiting certain sections of our website or sending information) is due to a particular advertising ad. We also receive aggregated reports from service providers of ad activity and information about how users interact with our website and ads.
The legal basis for this data processing is your consent within the meaning of Art. 6 para. 1 lit. a EU-GDPR. You can revoke your consent at any time by rejecting or deactivating the relevant cookies in the settings of your web browser (see Section 11). You can also find further options for blocking advertising in the information provided by the respective service provider.
If you open a customer account on our website, we collect the following data, whereby mandatory data is marked with an asterisk (*) in the corresponding form:
We use the personal details to establish your identity and to check the requirements for registration. The email address and password are used as login details to ensure that the correct person is using the website under your account. We also need your email address to verify and confirm the opening of your account and for future communication with you as required to process the contract. In addition, this data is stored in the customer account for future bookings or the conclusion of contracts. For this purpose, we also enable you to store further details in the account (e.g. your preferred means of payment).
We also use the data to provide an overview of the products ordered and bookings made (see Sections 177 and 18) and as a simple way to manage your personal data, to administer our website and our contractual relationships, i.e. to establish, define the content of, process and amend the contracts concluded with you via your customer account (e.g. in connection with your booking with us).
The legal basis for the processing of your data for the preceding purpose is your consent pursuant to Art. 6 para. 1 lit. a EU-GDPR. You can revoke your consent at any time by removing the information from your customer account or by deleting your customer account or having it deleted by notifying us.
To avoid misuse, you must always keep your login details confidential and should close the browser window when you have finished communicating with us, especially if you share the computer with others.
On our website you have the possibility to order a wide range of products and gift vouchers. For this we collect the following data - depending on the product or service - whereby mandatory data is marked with an asterisk (*) in the corresponding form:
We use this data and other data voluntarily provided by you only to be able to execute your order according to your wishes. The processing of this data is therefore carried out within the meaning of Art. 6 para. 1 lit. b EU-GDPR for the implementation of pre-contractual measures as well as for the fulfillment of a contract.
When you make bookings or order vouchers either via our website, by correspondence (e-mail or letter post) or by telephone call, we collect the following data, whereby mandatory data are marked with an asterisk (*) in the corresponding form:
On our website you have the possibility to reserve a table in one of the restaurants mentioned on our website. For this purpose, we collect the following data, whereby mandatory information is marked with an asterisk (*) in the corresponding form:
We collect and process the data only to process the reservation, in particular to compile your reservation request according to your wishes, to make the reservation and to contact you in case of ambiguities or problems.
Finally, we may be informed by the platform operators of disputes relating to a booking. In the process, we may also receive data on the booking process, which may include a copy of the booking confirmation as proof of the actual booking completion. We process this data to protect and enforce our claims. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f. EU-GDPR.
We reserve the right to delete unlawful ratings and to contact you in case of suspicion and ask you to comment. The legal basis for this processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f EU-GDPR in providing the comment and rating function and preventing abuse when using it.
You have the option of applying for a specific job advertisement spontaneously or via a corresponding e-mail address. We will use these and other data voluntarily provided by you to check your application. Application documents of unsuccessful applicants will be deleted at the end of the application process, unless you explicitly agree to a longer retention period or we are not legally obliged to retain them for a longer period. The legal basis for processing your data for this purpose is therefore the performance of a contract (pre-contractual phase) in accordance with Art. 6 para. 1 lit. b EU-GDPR.
Upon arrival at our hotel, we may require the following information from you and your companions (mandatory *):
We collect this information in order to fulfil statutory notification obligations, which arise in particular from hospitality or police law. We forward this information to the competent police authority if we are required to do so under the applicable regulations. The processing of this data is carried out on the basis of a legal obligation within the meaning of Art. 6 para. 1 lit. c EU-GDPR.
If you receive additional services as part of your stay (e.g. wellness, restaurant, activities), we will record the subject of the service and the time at which it was received for billing purposes. The legal basis for this data processing is the fulfilment of the contract with you according to Art. 6 para. 1 lit. b EU-GDPR.
If you have given us your e-mail address in connection with your booking, you will receive an electronic form after departure. For this purpose, we collect the following data, whereby mandatory information is marked with an asterisk (*) in the corresponding form:
To prevent abuse and to take action against illegal behaviour (especially theft and damage to property), the entrance area and the publicly accessible areas of our Hotel are monitored by cameras. The image data is only viewed if there is a suspicion of unlawful behaviour. Otherwise, the images are automatically deleted after 60 days.
For the provision of the video surveillance system, we rely on a service provider who may have access to the data where this is necessary for the provision of the system. Should the suspicion of illegal behaviour be substantiated, the data may then be passed on to our advisors (in particular our legal advisors) and authorities to the extent necessary to enforce claims or file charges. The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f. EU-GDPR in the protection of our property and the protection and enforcement of our rights.