Privacy Policy

Privacy policy

 

We, see imprint, would like to take this opportunity to inform you of the way we process personal data.

You can contact our Data Protection Officer by email at gch-dsb@daspro.de or by telephone on +49 (0)30 8877 4150, DSB GCH-Gruppe, daspro GmbH, Kurfürstendamm 21, 10719 Berlin.

Below we have compiled the most important information about typical forms of data processing, broken down according to the stakeholder groups involved. For certain forms of data processing that only affect certain groups, information obligations are met separately.

Where the text refers simply to “data”, this is taken to refer solely to personal data as defined by the General Data Protection Regulation (GDPR).

1.        Website visitors
2.        Hotel guests
3.        Interested parties, communication partners
4.        Business partners and their employees
5.        Rights of affected persons and other details

 

1. Website visitors

1.1 Server log data
For each query, our server processes a range of data that your browser automatically sends to our web server. This data includes the current IP address of your device, the date and time of your query, the actual page or file accessed, the http status code and the volume of data transferred; it also includes the website from which your query originated, the browser used, the operating system of your device and the language setting. The web server uses this data to present the content of this website on your device the best way possible.

1.2    Analysis of usage behaviour – Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses cookies, text files that are stored on your device that make it possible to analyse your use of the website. The information created by the cookie about your use of the website is usually transmitted to a Google server in the USA and stored there. IP anonymisation is activated for this website, i.e. your IP address is first truncated within the European Union or in another state party to the Agreement on the European Economic Area. Only in exceptional cases is the complete IP address transmitted to a Google server in the USA and truncated there.
As a processor in the sense of Art. 28 GDPR, Google will use this information to analyse your use of the website, to compile reports about website activities and to render to the operator of the website other services related to the use of the website and internet usage. The IP address transmitted as part of the Google Analytics service is not combined with any other Google data.
You can prevent Cookies from being saved by adjusting the relevant setting in your browser software. You can prevent the storage of data created by the cookie and related to your use of the website (incl. your IP address) and Google’s processing of this data by downloading and installing the browser plug-in [https://tools.google.com/dlpage/gaoptout?hl=en-GB]. Alternatively, you can set an “opt-out cookie” which will prevent the capture of your data during future visits of this website.

1.3    Analysis of usage behaviour – Google Tag Manager
This website uses Google Tag Manager provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This service allows the management of website tags. The Google Tag Manager solely triggers these tags in the form of a code in order to measure the number and the activity of website visitors. The tag source is Google Analytics (see above). The Google Tag Manager’s sole purpose is to manage these tags; it is a cookie-free domain and does not collect any personal data. If tracking is disabled [https://support.google.com/analytics/answer/181881?hl=en], the setting applies for all tracking tags managed by the Google Tag Manager.

1.4    Analysis of usage behaviour – Google AdWords
This website uses Google AdWords, a service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This service tracks keywords used for online search queries by saving cookies in the user’s browser. These cookies track the type of search query, the IP address of your device, the browser type, the browser language and the date and time of your search query. This allows Google AdWords to display advertisements relevant to the used keywords in the search engine. For more information about how Google AdWords processes data and its privacy policy, please refer to https://policies.google.com/privacy?hl=en-GB&gl=de.
You have the option to opt-out of Google Ad Words personalised advertising. To do this, go to https://adssettings.google.com/anonymous?hl=en and deactivate “Ads Personalization on Google Search”.

1.5    Analysis of usage behaviour – Google Dynamic Remarketing
This website uses Google Dynamic Remarketing, a web analysis service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This service uses and saves cookies in the user’s web browser to analyse the website usage. The data is used to created anonymised profiles to analyse the use of the website. This technology enables Google to place contextual third-party advertisements on our offerings on other previously visited websites or online services within the Google Partner Network.
The personal data collected by the cookies is stored and processed in pseudonymous form. You have the option to opt-out of the use of cookies for these purposes. To do this, follow the instructions on https://adssettings.google.com/anonymous?hl=en.

1.6    Analyse of usage behaviour – Google Analytics Audience
This website uses Google Analytics Audience, a web analysis service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses cookies, text files that are stored on your device that make it possible to analyse your use of the website. The information created by the cookie about your use of the website serves to analyse the usage behaviour and to build interest-based target groups. The information about these target groups and their usage behaviour is transmitted to the owner of this website. You have the option to opt-out of the tracking and processing of your data (incl. the tracking of your IP address) by Google by downloading and installing the available browser plug-in on your device [https://tools.google.com/dlpage/gaoptout?hl=en-GB]. Alternatively, you have the option to set a so-called opt-out cookie that will prevent the tracking of your data during future visits of this website.

1.7    Analysis of usage behaviour – DoubleClick
This website uses DoubleClick, a tracker and analysis service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This technology sends information about your use of the website (incl. the IP address and keywords used for web search) in order to generate interest-based advertisements on this and on other websites. Your browser receives a pseudonymised ID to double-check the type of advertisements displayed and clicked on during a session. DoubleClick cookies enable Google to present interest-based advertisements based on the data collected during previous visits of this or other websites. You have the option to opt-out of the cookies for these purposes. To do this, download and install the browser plug-in available on https://tools.google.com/dlpage/gaoptout?hl=en-GB on your device.

1.8    Analysis of usage behaviour - DoubleClick Ad Exchange-Buyer
This website uses the DoubleClick Ad Exchange Buyer provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The DoubleClick Ad Exchange-Buyer uses cookies to track information about the search request initiated by the user, followed by the visit of this website. The information includes the IP address, the browser type, the browser language, the date and time of the search request and information on previously visited websites or online services within the Google Partner Network. Google uses this data to display contextual third-party advertisements. For further information about how Google uses the data provided by DoubleClick Ad Exchange-Buyer and its privacy policy, please visit: https://policies.google.com/privacy?hl=en-GB&gl=de.
You have the option to opt-out and decline the placement of contextual third-party advertisements by Google’s DoubleClick Ad Exchange-Buyer. To do this, please visit https://adssettings.google.com/anonymous?hl=en and disable the option “Ads Personalization on Google Search”.

1.9    Analysis of usage behaviour – SessionCam
We use SessionCam, a web analysis service of SessionCam Ltd, for anonymous analysis of mouse movements, clicks, scrolling behaviour and form entries, although any personal form entries (e.g. name, bank details) are automatically anonymised on collection.
You can prevent the anonymised recording of your usage behaviour at any time by setting an opt-out cookie [https://sessioncam.com/choose-not-to-be-recorded/].

1.10    MyFonts Counter
This website uses MyFonts Counter, provided by Monotype Imaging Holdings Inc., 600 Unicorn Park Drive, Woburn, Massachusetts 01801 USA. MyFonts Counter enables us to integrate fonts on our website. During a website visit, MyFonts Counter directly transmits the used font to the user’s browser. For this purpose, the IP address and information about the visited website are sent to a server of MyFonts. To find out more about the MyFonts privacy policy, please visit: https://www.monotype.com/legal/privacy-policy/web-font-tracking-privacy-policy/.
You can prevent the use of cookies by this tool by deactivating Java Script in your browser or by installing a tool like “NoScript” [https://noscript.net].

1.11    Adobe Fonts (typekit)
This website uses AdobeFonts, a service by Adobe Systems Inc., 345 Park Avenue, San Jose, CA 95110-2704. This service provides this website with fonts. To provide the service “Adobe Fonts”, Adobe has access to the fonts and font kits used on this website, the download speed, used ad blockers and the website visitor’s IP address. Adobe uses this information for the provision of the service “Adobe Fonts” and to diagnose rendering and download issues. The information is also used in service contracts with the script and font providers. To find out more about how Adobe Fonts uses data, please visit: https://www.adobe.com/cis_en/privacy/policies/adobe-fonts.html.

1.12    Google Maps
Some subpages of this website use map materials of the service Google Maps. When accessing subpages in which the Google Maps service is embedded, in technical terms the map material is retrieved using the user’s IP address, i.e. Google’s servers can save and use your IP address and other data automatically sent by your browser (see point 1.1 above, Server log data). The map service is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google) and is solely governed by Google’s Data Protection Terms (Google Privacy Policy). We would like to point out that personal data may be transmitted to the USA and other non-EU countries that may be categorised as insecure countries in data protection terms according to the GDPR. We have no influence on the type and scope of data processing carried out by Google.

1.13    Google reCAPTCHA
In some form entries on this website, the Google reCAPTCHA is used to prevent automated mass entries by malicious software. Here, Google has no access to form entries, it rather analyses the movement pattern of the mouse, as well as the click pattern, to determine whether a human or a machine is at work. When retrieving this form fields, in technical terms they are retrieved using the user’s IP address, i.e. Google’s servers can save and use your IP address and other data automatically sent by your browser (see point 1.1 above, Server log data). reCAPTCHA is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), and is solely governed by Google’s data protection terms (Google Privacy Policy). We would like to point out that personal data may be transmitted to the USA and other non-EU countries that may be categorised as insecure countries in data protection terms according to the GDPR. We have no influence on the type and scope of data processing carried out by Google.

1.14   
Data is processed to facilitate the presentation of our company and its goods and services on the internet, as well as exchange with communication partners. When you subscribe to our newsletter, we process your data to enable us to send you the newsletter. Website usage behaviour is evaluated to ensure the site is configured in accordance with the requirements.

1.15    
The legal basis for this processing is Art. 6(1)(f) GDPR (legitimate interest, operation of an internet presence and exchange with communication partners). The legal basis for the processing of newsletter data is Art.6(1)(a) GDRP in conjunction with Art. 7 GDPR (consent). The legal basis for analysis of usage behaviour is Art. 6(1)(f) GDPR (legitimate interest, namely the configuration of the website in accordance with the requirements).

1.16    
Logging and communication data are not passed on to third parties unless particular circumstances apply. Data may be passed on to the police and public prosecutors where there is suspicion of a criminal offence or to facilitate investigation procedures.

1.17    
IP addresses are anonymised after 24 hours at the latest. Newsletter data is deleted upon unsubscribing from the newsletter. Pseudonymous usage data is deleted after a period of three months.

1.18    
The website cannot be used without disclosure of personal data such as your IP address. Communication via the website is not possible without entering data. Entering data is required for the receipt of the newsletter. Without such data the newsletter cannot be sent. It is still possible to use the website if the user rejects pseudonymous usage analysis.

 

2.    Hotel guests

2.1    
When accommodation is booked, the purpose of processing your data is the conclusion of a contract and the execution of the contractual relationship, as well as fulfilment of statutory requirements. Should the booking service of the hotel be tasked with booking tickets and other services, the purpose of processing is to carry out the desired booking. We also process your contact data and the time and duration of your visit for the purpose of tracing risks for infections with the coronavirus (SARS-CoV-2) and thereby to prevent the spread of infections to protect our visitors, employees and business partners, as well as to inform you about possible risks of infection. Should video monitoring be installed in the publicly accessible areas of the hotel, the purpose of the video monitoring is to maintain order in the building and to reveal and prosecute criminal offences, as well as to enforce claims under civil law. Newsletters are being sent by the responsible employee with the purpose of informing you about our offer.

2.2    
The legal basis for the processing of contracts with natural persons is Art. 6 (1)(b) GDPR (preparation and performance of the contract); for contracts with legal entities it is Art. 6(1)(c) GDPR (legal obligations, particularly reporting obligations, as well as fiscal and commercial provisions). The legal basis for the processing of your data for the purpose of preventing the spread of the coronavirus is Art. 6 (1)(c) GDPR (legal obligations, if required by national law) or Art. 6(1)(f) GDPR (legitimate interest in preventing the spread of infections with the coronavirus and protection of our employees, visitors and business partners).
The legal basis for video monitoring is Art. 6.(1)(f) GDPR (legitimate interest, namely maintenance of order in the building, revelation and prosecution of criminal offences, enforcement of claims under civil law). The legal basis for the distribution of newsletters and information is Art. 6(1)(f) GDPR, namely legitimate interest in the information of our hotel guests.

2.3    
Recipients of data may be franchisors of the respective hotel brand, as well as banks, for the processing of payments. When booking further services through the booking service, data is passed on to the relevant service provider. In the event of a possible infection with the coronavirus and upon request by the authorities, we will forward your contact details and information about possible contact persons during the time of your stay to the relevant authorities, as far as we are entitled or obliged to transfer data. Where we are obliged or entitled to transfer data, recipients may include authorities and agencies within the scope of their duties. On suspicion of a criminal act or in investigation procedures, data from video monitoring may be passed on to the police and public prosecutors. We also use service providers in our order processing, particularly for the provision, maintenance and servicing of IT systems.

2.4  
In accordance with fiscal and commercial retention terms, all data related to contracts and bookings is retained for a period of ten calendar years following the end of the contract. Data collected by us solely for the purpose of preventing a spread of the coronavirus will be deleted four weeks after your visit, unless there is the possibility that you were exposed to a risk of infection. In this event, we will store your data for as long as it is necessary to trace contacts and prevent a spread of the infection. Recordings from video monitoring systems are generally deleted after three days at the latest.

2.5    
Hotel guests are both legally and contractually obliged to provide data. Without provision of data, there is no foundation for the contractual relationship and the contract cannot be enacted. Recording by video monitoring systems occurs automatically. There is no option for entering monitored areas without being recorded.

2.6    
Where bookings are received via third-party operated booking portals or booking hotlines, the latter transfer contractually relevant data such as contact and billing data, booking period and room category to the operator of the hotel for the purpose of initiating and enacting the contract.

 

3.    Interested parties, communication partners

3.1    
We process data from interested parties and communication partners for the purpose of communication with the stakeholders involved.

3.2    
The legal basis for the processing of data from interested parties and other communication partners is Art. 6(1)(f) GDPR (legitimate interest, namely communication with interested parties and communication partners).

3.3    
We pass queries on internally to the employee responsible. We also use service providers in our order processing, particularly for the provision, maintenance and servicing of IT systems.

3.4    
Queries and communications are automatically deleted after ten calendar years.

3.5    
Interested parties and communication partners are required to provide data. Without such data communication is not possible.

 

4.    Business partners and their employees

4.1    
The purpose of processing is the preparation and performance of contracts, as well as communication with the employees of business partners.

4.2    
The legal basis for the processing of contracts with natural persons is Art. 6(1)(b) GDPR (preparation and performance of the contract); for contracts with legal entities it is Art. 6(1)(f) GDPR (legitimate  interest, namely communication with contact persons relevant to the contract); as well as Art. 6(1)(c) GDPR (legal obligations, particularly fiscal and commercial provisions).

4.3    
For the processing of payments, recipients of data may include banks. Where we are obliged or entitled to transfer data, recipients may include authorities and agencies within the scope of their duties. We also use service providers in our order processing, particularly for the provision, maintenance and servicing of IT systems.

4.4    
In accordance with fiscal and commercial retention terms, all data related to contracts and bookings is retained for a period of ten calendar years following the end of the contract.

4.5    
Business partners and the employees of business partners are both legally and contractually obliged to provide data. Without provision of data, there is no foundation for the business relationship, and it cannot be carried out.

5.    Rights of affected persons and other details

5.1    
There is no transferral of data to non-EU countries.

5.2    
We do not use procedures for automated case-by-case decisions.

5.3    
You have the right to demand at any time information about all personal data relating to you that we process.

5.4    
Should your personal data be incorrect or incomplete, you have the right to obtain correction and completion.

5.5    
You can demand the deletion of your personal data at any time, as long as we are not legally obliged or entitled to process your data further.

5.6    
If the legal conditions apply, you may demand a restriction on the processing of your personal data.

5.7    
You have the right to raise an objection to the processing where data processing is carried out for the purpose of direct marketing or profiling.

5.8    
Should the processing be carried out on the basis of balancing interests, you may object to the processing on presentation of grounds that relate to your particular situation.

5.9    
Should the data processing take place on the basis of your consent or in the fulfilment of a contract, you have the right to portability of the data provided by you, as long as this does not adversely affect the rights and liberties of other persons.

5.10    
Where we process data on the basis of a declaration of consent, you have the right to revoke this consent at any time, with effect for the future. Processing carried out prior to the revocation remains unaffected by the revocation.

5.11    
You also have the right at any time to lodge a complaint with the supervisory authorities responsible for data protection if you are of the opinion that data processing is being carried out in violation of applicable law.

Last updated: June 5, 2020