DATA PROTECTION

Contact: datenschutzbeauftragter@althoffhotels.com 

We are delighted that you have decided to visit our website and we would like to thank you for your interest in our company. The protection of personal data is very important to us. The use of our website is fundamentally possible without the provision of any personal data. However, if a user wishes to avail of specific company services via this website then it may be necessary to process personal data. If it is necessary to process personal data and if no legal basis for such processing exists then we will obtain the permission of the affected person as a general rule.

You can withdraw your consent at any time with effect for the future. The contact details of the data controller can be found at the end of this data protection declaration.

The personal data (name, address, email address or telephone number) of a user of this website is always processed on the basis of the General Data Protection Regulation and in accordance with the valid and applicable national data protection provisions.

ALTHOFF Beratungs- und Betreuungsgesellschaft mbH officially informs you in this data protection declaration of the type, purpose and scope of your personal data subject to processing. Furthermore, the persons affected by this data protection declaration are informed here of their associated rights.

The following terms are used in this data protection declaration, which were also used with the enactment of the EU General Data Protection Regulation. In order to keep the data protection declaration simple and comprehensible, these terms are explained here.

Personal data - according to Art 4 (1) GDPR, this is: 

All information that pertains to an identified or identifiable natural person (referred to in the following as “affected person”). A natural person is deemed to be identifiable if they can be directly or indirectly identified, in particular with assignment to an identifier such as a name, an ID number, location data, an online identification, or one or more particular characteristics, which constitute a manifestation of the physical, physiological, psychological, mental, economic, cultural or social identity of this natural person.

Affected person

Every identified or identifiable natural person, whose personal data is processed by the data controller.

Processing - according to Art 4 (2) GDPR, this is:

Any procedure or sequence of procedures, executed with or without the help of automated processes, that takes place in conjunction with personal data, such as acquisition, recording, organisation, sorting, storage, alignment or modification, reading out, querying, utilisation, publication or disclosure through transmission, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction.

Restriction of processing

The marking of stored personal data with the aim of restricting its future processing.

Profiling - according to Art 4 (4) GDPR, this is:

Any form of automated processing of personal data, which consists of using this personal data in order to evaluate specific personal aspects that pertain to a natural person, in particular in order to analyse or predict aspects pertaining to work performance, financial situation, health, personal preferences, interests, reliability, conduct or behaviour, whereabouts or change of location of this natural person.

Pseudonymisation

The processing of personal data in such a way that the personal data can no longer be attributed to a specific affected person without drawing upon additional information, insofar as this additional information is stored separately and is subject to technical and organisational measures that guarantee that the personal data cannot be assigned to an identified or identifiable natural person.

Data controller - according to Art 4 (7) GDPR, this is:

The natural or legal person, authority, institution or any other entity that decides, autonomously or together with others, on the purposes and means of processing personal data. If the purposes and means of this processing are specified by Union law or by the law of the member states then the data controller or the specific criteria governing their designation may be set out by Union law or by the law of the member states.

Recipient

A natural or legal person, authority, institution or any other entity to whom personal data is disclosed, irrespective of whether this is a third party or not. However, authorities that may receive personal data within the framework of a specific investigation mandate in accordance with Union law or the law of the member states are not deemed to be recipients.

Third party

A natural or legal person, authority, institution or any other entity apart from the affected person, the data controller, the order processor and the persons who are authorised under the direct responsibility of the data controller or the order processor, to process the personal data.

Order processor - according to Art 4 (8) GDPR, this is:

A natural or legal person, authority, institution or any other entity that processes the personal data on behalf of the data controller.

Consent - according to Art 4 (11) GDPR, this is:

Every manner in which the affected person provides permission and clearly states their will in the form of a declaration or any other unambiguous action of conveying confirmation on a voluntary basis for the specific case, whereby the affected person confirms that they permit the processing of their respective personal data.

Name and address of the data controller:

ALTHOFF Beratungs- und Betreuungsgesellschaft mbH

Aachener Strasse 1348

50859 Cologne

Email: servicelounge@althoffhotels.com

Internet: www.althoffhotels.com

Joint responsibility Art. 26 DSGVO  
The hotels of the ALTHOFF Collection together with ALTHOFF Beratungs- und Betreuungsgesellschaft mbH form a joint controller within the meaning of Art. 26 DSGVO.
This results in joint processing of the personal data collected in the hotels. The point of contact for data subjects is ALTHOFF Beratungs- und Betreuungsgesellschaft mbH; notwithstanding this, each data subject may assert his or her rights under the GDPR - in particular the right to information under Art. 15 GDPR - with each of the controllers.
The following controllers are involved in the joint processing:
ALTHOFF Beratungs- und Betreuungsgesellschaft mbH, Aachener Strasse 1348, 50859 Cologne, Germany.
Hotel Schloss Bensberg GmbH, Kadettenstrasse, 51429 Bergisch-Gladbach 
Schlossgarten Hotelgesellschaft mbH, Schillerstrasse 23, 70173 Stuttgart
Fürstenhof Hotelgesellschaft mbH, Hannoversche Strasse 55/56, 29221 Celle
Seehotel Überfahrt Hotelgesellschaft mbH, Überfahrtstrasse 10, 83700 Rottach-Egern
ALTHOFF Hotel Villa Belrose, Boulevard des Crêtes, F-83580 Gassin
Hotel Regent GmbH, Melatengürtel 15, 50933 Cologne 
AMERON Königshof Hotelgesellschaft mbH, Adenauerallee 9, 53111 Bonn
AMERON Hotelgesellschaft HH mbH, Am Sandtorkai 4, 20457 Hamburg
ABION Hotel Verwaltungs GmbH & Co. Betriebs KG, Alt Moabit 99, 10559 Berlin
AMERON Neckarvillen Hotelgesellschaft mbH, Neckarstrasse 7 - 13, 60329 Frankfurt/Main
AMERON Hotelgesellschaft Hohenschwangau mbH, Alpseestrasse 21, 87645 Schwangau
AMERON Hotelgesellschaft München mbH, Am Ausbesserungswerk 8, 80939 Munich, Germany
AMERON Hotelgesellschaft mbH ZWEIUNDZWANZIG, Aachener Strasse 1348, 50859 Cologne, Germany
Dulac AG, Seidenhofstrasse 5, CH - 6002 Lucerne
AM Hotel Davos AG, Scalettastrasse 22, CH - 7270 Davos
AMERON Hotel ZH AG, Seidenhofstrasse 5, CH - 6002 Lucerne
HÜ Restaurantgesellschaft mbH, Überfahrtstraße 10, 83700 Rottach-Egern
AMERON Hotelgesellschaft mbH ZWÖLF, Weißachdamm 50, 83700 Rottach-Egern
AMERON Hotelgesellschaft mbH FÜNFUNDZWANZIG, Aachener Str. 1348, 50859 Cologne

Cookies

This website uses cookies. Cookies are small text files that are sent to your browser by a web server and stored on the hard drive of your computer. Apart from the Internet Protocol Address, no personal data of the user is stored whatsoever. This information serves to automatically identify you and ease your navigation when you next visit our website. When you visit our website, our web server automatically stores information of a general nature in an anonymized form for marketing and optimisation purposes. This includes, as standard, the type of web browser, the operating system used, the domain name of your Internet Service Provider, the IP address that has been assigned to you by your Internet Service Provider, the website that you have visited us from, the web pages of ours that you visit, as well as the date and duration of your visit. This is exclusively information that permits no further conclusions to be drawn regarding you personally. Personal data is only stored if you provide this to us, for example within the framework of registration, a survey or when executing a contract. Through the use of cookies, it is possible to provide more user-friendly services to visitors to this website, which would not be possible without setting cookies.

Cookies can be used to optimise the information and services presented on this website for the specific user. The use of this website is simplified by the recognition of users. For example, the user of a website that uses cookies is not required to re-enter their access data every time they visit the site. Online shops are able to make a note of the items that a customer has placed in their virtual shopping basket through the use of cookies.

The visitor is able to prevent the use of cookies by this website at any time with the settings in their internet browser, and thereby permanently inhibit the use of cookies. Any cookies that have already been set can be deleted in all standard internet browsers or via other software programs. If the use of cookies is blocked or deactivated by the user, it may not be possible to use all of the functions of this website.

Registration on this website (e.g. online booking)

The affected person has the option of registering on the website of the data controller by providing their personal data. The personal data that is transmitted to the data controller depends on the respective input screen that is used for registration. The personal data entered by the affected person is acquired and stored exclusively for internal use by the data controller and for their own purposes. The data controller can initiate the passing on of the personal data to one or more order processors (for example a mailing service provider), who will also use the personal data exclusively internally and for the purpose of the data controller.

When registering on the website of the data controller, the IP address assigned to the affected person by the Internet Service Provider (ISP), as well as the date and time of registration will also be stored. The storage of this data takes place because it is only in this way that misuse of our services can be prevented. Furthermore, if necessary this data also facilitates the detection of committed offences and copyright infringements. As such, the storage of this data is necessary to safeguard the data controller. This data is never passed on to third parties unless a legal obligation exists to pass this on, or if this is necessary for law enforcement and prosecution purposes.

The registration of the affected person with the voluntary provision of personal data enables the data controller to offer the affected person contents or services that can only be offered to registered users due to the nature of the matter. Registered persons are entitled to have the personal data they provided at the time of registration deleted from the data inventory of the data controller in full.

On request, the data controller shall inform any affected person of the personal data that is stored about them at any time. Furthermore, the data controller shall correct or delete the personal data on request or notification by the affected person, unless statutory storage periods prevent this.

Contact

Personal data is also processed by ALTHOFF Beratungs- und Betreuungsgesellschaft mbH if you provide this to us. This takes place every time you get in contact with us for example. Personal data transmitted to us in this way is naturally only used for the purpose intended by you when you provide this to us at the time of establishing contact. This information is provided expressly on a voluntary basis and with your consent. Insofar as this information pertains to communication channels (e.g. email address, telephone number) then you also consent to us contacting you via these communication channels if necessary, in order to respond to your inquiry.

Security

ALTHOFF Beratungs- und Betreuungsgesellschaft mbH implements numerous technical and organisational measures, in order to protect your personal data against unintended or unlawful deletion, amendment or loss, and against unauthorised passing on or access. However, internet-based data transmissions for example may always be at risk of security breaches and it is therefore not possible to guarantee absolute protection. For this reason, all affected persons are free to transmit their personal data to us via alternative routes, for example on the telephone.

Links with other websites

This website contains links with other websites (so-called external links).

As the provider, ALTHOFF Beratungs- und Betreuungsgesellschaft mbH is responsible for its own contents in accordance with the valid European and national legal provisions. It is necessary to distinguish between these contents and the contents of other providers accessed via links. We have no influence over the operators of other websites and we cannot ensure that they comply with the valid European and national legal provisions. Please refer in this regard to the data protection declarations on the respective website. ALTHOFF Beratungs- und Betreuungsgesellschaft mbH accepts no liability for external contents that are marked as such and that are accessed via links. Furthermore, we do not adopt such contents as our own. Providers of the linked websites bear sole responsibility for unlawful, inaccurate or incomplete contents and for damages arising in connection with the use or non-use of information supplied in this way.

Acquisition of general data and information

The website of ALTHOFF Beratungs- und Betreuungsgesellschaft mbH acquires various general data and information every time an affected person or an automated system calls up the website. This general data and information is stored in the server log files. The data acquired may include the (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which the accessing system arrived on our website (so-called referrer), (4) the sub-pages that are called up on our website by the accessing system, (5) the date and time of access to the website, (6) an Internet Protocol Address (IP Address), (7) the Internet Service Provider of the accessing system and (8) other similar data and information that facilitates defence in the event of attacks of our information technology systems. When using this general data and information, ALTHOFF Beratungs- und Betreuungsgesellschaft mbH draws no conclusions regarding the affected person. Rather, this information is in fact required in order to (1) deliver the contents of our website correctly, (2) optimise the contents of our website and our advertising for this, (3) guarantee the continuous functionality of our information technology systems and the technology of our website, and (4) so that we can provide the necessary information to the law enforcement authorities for the purpose of prosecution in case of a cyber attack. This anonymously acquired data and information is evaluated by ALTHOFF Beratungs- und Betreuungsgesellschaft mbH on the one hand statistically and also with the aim of safeguarding data protection and the processed personal data. The anonymous data in the server log files is stored separately to all personal data provided by an affected person.

Data protection provisions on the use and application Facebook Pixel

To measure our conversion rates, our website uses the visitor activity pixel of Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”).
This tool allows the tracking of page visitors after they have been linked to the website of the provider after clicking on a Facebook ad. This makes it possible to analyse the effectiveness of Facebook ads for statistical and market research purposes and to optimize future advertising campaigns.
For us as the operators of this website, the collected data is anonymous. We are not in a position to arrive at any conclusions as to the identity of users. However, Facebook archives the information and processes it, so that it is possible to make a connection to the respective user profile and Facebook is in a position to use the data for its own promotional purposes in compliance with the Facebook Data Usage Policy. This enables Facebook to display ads on Facebook pages as well as in locations outside of Facebook. We as the operator of this website have no control over the use of such data.

The use of Facebook Pixel is based on Art. 6 Sect. 1 lit. f GDPR. The operator of the website has a legitimate interest in effective advertising campaigns, which also include social media.

Registering on our website

The affected person has the option of registering on the website of the data controller by providing their personal data. The personal data that is transmitted to the data controller depends on the respective input screen that is used for registration. The personal data entered by the affected person is acquired and stored exclusively for internal use by the data controller and for their own purposes. The data controller can initiate the passing on of the personal data to one or more order processors, for example a mailing service provider, who will also use the data exclusively internally and for the purpose of the data controller.

When registering on the website of the data controller, the IP address assigned to the affected person by the Internet Service Provider (ISP), as well as the date and time of registration will also be stored. The storage of this data takes place because it is only in this way that misuse of our services can be prevented. Furthermore, if necessary this data also facilitates the detection of committed offences. As such, the storage of this data is necessary to safeguard the data controller. This data is never passed on to third parties unless a legal obligation exists to pass this on, or if this is necessary for prosecution purposes.

The registration of the affected person with the voluntary provision of personal data enables the data controller to offer the affected person contents or services that can only be offered to registered users due to the nature of the matter. Registered persons are entitled to have the personal data they provided at the time of registration amended or deleted from the data inventory of the data controller in full at any time.

On request, the data controller shall inform any affected person of the personal data that is stored about them at any time. Furthermore, the data controller shall correct or delete the personal data on request or notification by the affected person, unless statutory storage periods prevent this. All employees of the data controller are available to the affected person as points of contact in this regard.

Subscribing to our newsletter

On the website of ALTHOFF Beratungs- und Betreuungsgesellschaft mbH, users are given the option of subscribing to our company newsletter. The personal data that is transmitted with subscription to the newsletter can be determined from the input screen used for this.

ALTHOFF Beratungs- und Betreuungsgesellschaft mbH informs its customers and business partners at regular intervals of the company offers and services via a newsletter. Our company newsletter can only be received by affected persons if (1) the affected person has a valid email address and (2) the affected person has registered for receipt of the newsletter. For legal reasons, a confirmation email will be sent to the email address initially provided by an affected person for receipt of the newsletter, within the framework of a double opt-in process. This confirmation email serves to ensure that the owner of the email address, as the affected person, has authorised receipt of the newsletter.

Upon registration for the newsletter, we also save the IP address assigned by the Internet Service Provider (ISP) to the computer system used by the affected person at the time of registration, as well as the date and time of registration. The acquisition of this data is necessary in order to track any (possible) misuse of the email address of an affected person at a later point in time, and therefore serves to legally safeguard the data controller.

The personal data acquired within the framework of registration for the newsletter is used exclusively for sending our newsletter. Furthermore, subscribers to the newsletter may receive information by email if this is necessary for operation of the newsletter service or an associated registration, for example with changes to the newsletter service or with a change to the technical conditions. The personal data acquired within the framework of the newsletter service is not passed on to third parties. Affected persons can cancel their subscription to our newsletter at any time. It is possible for affected persons to withdraw their consent to the storage of personal data provided for receipt of the newsletter at any time. Every newsletter contains a link provided for the purpose of withdrawing consent. Furthermore, it is possible to de-register for the receipt of the newsletter at any time directly on the website of the data controller, or to inform the data controller of de-registration in another way.

Newsletter tracking

The newsletter of ALTHOFF Beratungs- und Betreuungsgesellschaft mbH contains so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in emails that are sent in HTML format, that facilitate log file logging and log file analysis. In this way, statistical evaluation of the success or failure of online marketing campaigns can take place. Using the embedded tracking pixel, ALTHOFF Beratungs- und Betreuungsgesellschaft mbH is able to detect whether and when an email has been opened by an affected person, and which links have been called up in the email of the affected person.

The personal data acquired by means of the tracking pixels contained in the newsletters is stored and evaluated by the data controller, in order to optimise the newsletter dispatch and to better align the contents of future newsletters with the interests of the affected person. This personal data is not passed on to third parties. Affected persons are entitled at all times to withdraw their respective consent to this, provided separately within the framework of the double opt-in process. Following the withdrawal of consent, this personal data is deleted by the data controller. ALTHOFF Beratungs- und Betreuungsgesellschaft mbH automatically considers de-registration of the newsletter subscription to be a withdrawal of consent.

Contact options via the website

On the basis of statutory provisions, the website of ALTHOFF Beratungs- und Betreuungsgesellschaft mbH contains information that enables you to quickly get in touch with our company electronically and communicate with us directly. This information also includes a general electronic mail address (email address). If an affected person gets in touch with the data controller by email or via a contact form then the personal data transmitted by the affected person will be automatically saved. Such personal data transmitted by the affected person to the data controller on a voluntary basis is stored for the purpose of processing the inquiry or for getting in touch with the affected person personally. This personal data is not passed on to third parties.

Routine deletion and blocking of personal data

The data controller only processes and stores personal data of the affected person for the period required in order to realise the purpose of storage, or if this is prescribed by the European lawmakers and regulators, or by another legislator in laws or provisions that the data controller is subject to.

If the storage purpose no longer exists or a statutory storage period prescribed by the European lawmakers and regulators, or by another legislator, expires then the personal data will be routinely blocked or deleted in accordance with the legal provisions.

Rights of the affected person

Right to confirmation

Every affected person has the right granted by the European lawmakers and regulators to demand confirmation from the data controller regarding whether they are processing personal data pertaining to the affected person. If an affected person wishes to exercise this right to confirmation, they can contact an employee of the data controller at any time in this regard.

Right to information

Each person affected by the processing of personal data has the right granted by the European lawmakers and regulators to free information at any time from the data controller regarding any personal data stored about them personally, and to receive a copy of this information. Furthermore, the European lawmakers and regulators have granted the affected person the right to the following information:

• the purpose of processing

• the categories of personal data that are processed

• the recipients or categories of recipient that the personal data has been or is being disclosed to; in particular with recipients in third countries or with international organisations

• if possible, the planned duration of storage of the personal data, or if this is not possible then the criteria that determine this duration

• the existence of a right to correction or deletion of personal data that pertains to the affected person, or to the restriction of processing by the data controller, or a right to object to this processing

• the existence of a right to appeal to a regulatory authority

• if personal data is not acquired from the affected person: all available information regarding the origins of the data

• the existence of automated decision-making including profiling, in accordance with Article 22, sections 1 and 4 of the GDPR and - at least in these cases - meaningful information regarding the logic involved, as well as the implications and intended impacts of such processing for the affected person

• Furthermore, the affected person has the right be informed as to whether personal data has been transmitted to a third country or an international organisation. If this is the case then the affected person also has the right to information regarding the appropriate guarantees provided in relation to the transmission.

• If an affected person wishes to exercise this right to information, they can contact an employee of the data controller at any time in this regard.

Right to correction

Each person affected by the processing of personal data has the right granted by the European lawmakers and regulators to demand the immediate correction of incorrect personal data pertaining to them. Furthermore, the affected person also has the right to demand that incomplete personal data be completed - also with a supplementary explanation - with consideration to the purposes of processing.

If an affected person wishes to exercise this right to correction, they can contact an employee of the data controller at any time in this regard.

Right to deletion (right to be forgotten)

Each person affected by the processing of personal data has the right granted by the European lawmakers and regulators to demand that the data controller immediately delete any personal data pertaining to them, insofar as one of the following reasons applies and insofar as processing is not necessary:

• The personal data was acquired for such purposes as are no longer applicable, or processed in such a way that is no longer necessary.

• The affected person withdraws their consent to processing in accordance with Art. 6 section 1, letter a GDPR or Art. 9 section 2 letter a GDPR, and if no other legal grounds for processing exist.

• The affected person lodges their withdrawal of consent to processing in accordance with Art. 21 section 1 GDPR and no overriding justified grounds for processing exist, or the affected person lodges their withdrawal of consent to processing in accordance with Art. 21 section 2 GDPR.

• The personal data was processed unlawfully.

• Deletion of the personal data is necessary in order to satisfy a legal obligation in accordance with Union law, or the law of the member states applicable to the data controller.

• The personal data has been acquired in relation to a service provided by the information society in accordance with Art. 8 section 1 GDPR.

• If one of the aforementioned reasons applies and an affected person wishes to initiate the deletion of personal data that is stored by ALTHOFF Beratungs- und Betreuungsgesellschaft mbH, they can contact an employee of the data controller at any time. The employee of ALTHOFF Beratungs- und Betreuungsgesellschaft mbH will ensure that the deletion request is satisfied immediately.

• If personal data has been published by ALTHOFF Beratungs- und Betreuungsgesellschaft mbH and if our company is obligated to delete the personal data as the data controller in accordance with Art. 17 section 1 GDPR, ALTHOFF Beratungs- und Betreuungsgesellschaft mbH shall implement appropriate measures with consideration to the available technology and the costs of implementation, also of a technical nature, to inform other bodies responsible for data processing, which are processing the published personal data, that the affected person has demanded the deletion of this personal data by the other bodies responsible for the data processing, including all links to this personal data and all copies and duplicates of this personal data, insofar as processing is not necessary. The employee of ALTHOFF Beratungs- und Betreuungsgesellschaft mbH shall initiate the necessary measures in individual cases.

Right to restriction of processing

Each person affected by the processing of personal data has the right granted by the European lawmakers and regulators to demand the restriction of processing if one of the following preconditions exists:

• The correctness of the personal data is disputed by the affected person, whereby this restriction applies for a period that enables the data controller to check the correctness of the personal data.

• Processing is unlawful, the affected person rejects the deletion of their personal data and instead demands that use of the personal data be restricted.

• The data controller no longer requires the personal data for the processing purposes, however the affected person requires it in order to assert, exercise or defend against legal claims.

• The affected person has submitted an objection to processing in accordance with Art. 21 section 1 GDPR and it has not yet been determined, whether the justified reasons of the data controller outweigh the justified reasons of the affected person.

• If one of the aforementioned preconditions exists and an affected person wishes to demand the restriction of personal data that is stored by ALTHOFF Beratungs- und Betreuungsgesellschaft mbH, they can contact an employee of the data controller at any time. The employee of ALTHOFF Beratungs- und Betreuungsgesellschaft mbH shall initiate the restriction of processing.

The right to data portability

Each person affected by the processing of personal data has the right granted by the European lawmakers and regulators to receive the personal data pertaining to them, which the affected person previously provided to a data controller, in a structured, conventional and machine-readable format. Furthermore, they also have the right to demand that this data be transmitted without hindrance to another data controller by the data controller to which they initially provided the personal data, insofar as processing was based on consent in accordance with Art. 6 section 1 letter a GDPR or Art. 9 section 2 letter a GDPR, or on a contract in accordance with Art. 6 section 1 letter b GDPR and processing takes place with the aid of an automated process, insofar as processing is not required in order to perform a task that lies in the public interest or that takes place within the framework of exercising official authority, where this has been transferred to the data controller.

Furthermore, the affected person has the right, when exercising their right to data portability in accordance with Art. 20 section 1 GDPR, to demand that the personal data be transmitted directly from one data controller to another data controller, insofar as this is technically feasible and if this does not infringe on the rights and freedoms of other persons.

The affected person can contact an employee of ALTHOFF Beratungs- und Betreuungsgesellschaft mbH at any time in order to exercise their right to data portability.

Right to objection

Each person affected by the processing of personal data has the right granted by the European lawmakers and regulators to object at any time to the processing of personal data pertaining to them for reasons that arise due to their specific situation, where processing takes place on the basis of Art. 6 section 1 letters e or f GDPR. This also applies to profiling based on these conditions.

If an objection is lodged, ALTHOFF Beratungs- und Betreuungsgesellschaft mbH will no longer process the personal data unless we can verify compelling legitimate grounds for the processing, that outweigh the interests, rights and freedoms of the affected person, or if processing serves the assertion, exercising or defence of legal claims.

If ALTHOFF Beratungs- und Betreuungsgesellschaft mbH processes personal data for the purposes of direct advertising, the affected person has the right to object at any time to the processing of the personal data for the purposes of this type of advertising. This also applies to profiling, insofar as this is connected to such direct advertising. If the affected person lodges an objection with ALTHOFF Beratungs- und Betreuungsgesellschaft mbH regarding processing for the purposes of direct advertising then ALTHOFF Beratungs- und Betreuungsgesellschaft mbH shall no longer process the personal data for these purposes.

Furthermore, the affected person has the right, for reasons that arise from their specific situation, to lodge an objection to the use of the personal data pertaining to them by ALTHOFF Beratungs- und Betreuungsgesellschaft mbH for scientific or historic research purposes or for statistical purposes in accordance with Art. 89 section 1 GDPR, unless such processing is necessary in order to perform a task that lies in the public interest.

The affected person can contact any employee of ALTHOFF Beratungs- und Betreuungsgesellschaft mbH directly at any time in order to exercise their right to objection. The affected person is also entitled to exercise their right to object in relation to the use of services of the information society, notwithstanding directive 2002/58/EC, with automated processes whereby technical specifications are used.

Automated decision-making in individual cases including profiling

Each person affected by the processing of personal data has the right granted by the European lawmakers and regulators to avoid being subjected to a decision that is based exclusively on automated processing - including profiling - which has a legal affect on them or significantly affects them in a similar way, unless the decision (1) is necessary in order to conclude or realise a contract between the affected person and the data controller, or (2) is permissible on the basis of the legal provisions of the Union or the member states applicable to the data controller and this legal provision contains appropriate measures to safeguard the rights and freedoms, as well as the justified interests of the affected person, or (3) takes place with the express consent of the affected person.

If the decision (1) is necessary in order to conclude or realise a contract between the affected person and the data controller, or (2) takes place with the express consent of the affected person, ALTHOFF Beratungs- und Betreuungsgesellschaft mbH shall implement appropriate measures in order to safeguard the rights and freedoms, as well as the justified interests of the affected person, which include at least the right to obtain human intervention on the part of the data controller, to express their own point of view and to contest the decision.

If the affected person wishes to exercise rights in relation to automated decisions, they can contact an employee of the data controller at any time in this regard.

Right to withdraw consent in relation to data protection

Each person affected by the processing of personal data has the right granted by the European lawmakers and regulators to withdraw their consent to the processing of their personal data at any time.

If the affected person wishes to exercise this right to withdraw consent, they can contact an employee of the data controller at any time in this regard.

Data protection with applications and application procedures

The data controller acquires and processes personal data from applicants for the purposes of conducting the application procedure. This processing may also take place via electronic channels. This is the case in particular if an applicant transmits their application documents to the data controller via electronic channels, for example by email or via a web form provided on the website. If the data controller concludes an employment contract with an applicant then the transmitted data will be saved for the purposes of establishing the employment relationship with consideration to the legal regulations. If the data controller does not conclude an employment contract with the applicant then the application documents are automatically deleted two months after the rejection decision has been issued, unless other justified interests of the data controller stand against deletion. Other justified interests in this regard are for example the burden of proof in conjunction with processes in accordance with German general equal treatment law (AGG).

Data protection provisions on the use and application of Facebook

The data controller has integrated components of the company Facebook in this website. Facebook is a social network.

A social network is a social meeting point or online community operated on the internet, that generally enables its users to communicate with each other and interact in a virtual space. A social network can serve as a platform for exchanging opinions and experiences, or it may enable the internet community to provide personal or commercial information. Facebook enables users of the social network to create private profiles, upload photos and establish a network via friend requests for example.

The operator of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If an affected person lives outside the USA and Canada, the data controller responsible for processing personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

By calling up individual pages of this website, which are operated by the data controller and in which a Facebook component (Facebook plugin) has been integrated, the internet browser on the information technology system of the affected person will be automatically prompted by the respective Facebook component to download an image of the respective Facebook component from Facebook. A complete overview of all Facebook plugins can be called up via https://developers.facebook.com/docs/plugins/?locale=de_DE. Within the framework of this technical process, Facebook receives information regarding the actual sub-pages of our website visited by the affected person.

If the affected person is logged into Facebook at the same time, Facebook recognises which sub-pages of our website the affected person actually visits every time they access our website and for the entire duration of the affected person’s respective visit to our site. This information is collected by the Facebook component and assigned to the affected person by means of the respective Facebook account. If the affected person clicks on one of the Facebook buttons integrated in our website, for example the “Like” button, or if the affected person leaves a comment, Facebook will assign this information to the personal Facebook user account of the affected person and store this personal data.

Facebook always receives information via the Facebook component that the affected person has visited our website if the affected person is logged into their Facebook account and accesses our website at the same time; this takes place irrespective of whether the affected person clicks on the Facebook component or not. If the affected person does not wish this form of information transmission to Facebook, it is possible to prevent this transmission by logging out of the Facebook account before accessing our website.

The data guidelines published by Facebook under https://de-de.facebook.com/about/privacy/ provide information on the acquisition, processing and use of personal data by Facebook. Furthermore, the Facebook setting options available for protecting the privacy of the affected person can also be found here. Various applications are also available, which facilitate the suppression of data transmission to Facebook. Such applications can be used by the affected person to suppress the transmission of data to Facebook.

Data protection provisions on the use and application of Twitter

The data controller has integrated components of Twitter in this website. Twitter is a multilingual publicly accessible microblogging service, on which users can publish and transmit so-called Tweets, which are short messages limited to 140 characters. These short messages can be viewed by everyone, i.e. not only by people logged into Twitter. However, the Tweets are also displayed by so-called followers of the respective user. Followers are other Twitter users, who follow the Tweets of a user. Furthermore, Twitter allows users to address a wide audience via hashtags, links and retweets.

The operator of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

By calling up individual pages of this website, which are operated by the data controller and in which a Twitter component (Twitter button) has been integrated, the internet browser on the information technology system of the affected person will be automatically prompted by the respective Twitter component to download an image of the respective Twitter component from Twitter. Further information on the Twitter buttons can be found at https://about.twitter.com/de/resources/buttons. Within the framework of this technical process, Twitter receives information regarding the actual sub-pages of our website visited by the affected person. The purpose of integrating the Twitter component is to enable our users to further distribute the contents of this website, publicise this website within the digital world and increase our visitor numbers.

If the affected person is logged into Twitter at the same time, Twitter recognises which sub-pages of our website the affected person actually visits every time they access our website and for the entire duration of the affected person’s respective visit to our site. This information is collected by the Twitter component and assigned to the affected person by means of the respective Twitter account. If the affected person clicks on one of the Twitter buttons integrated in our website, the data and information transmitted here will be assigned to the personal Twitter user account of the affected person and Twitter will store and process this personal data.

Twitter always receives information via the Twitter component that the affected person has visited our website if the affected person is logged into their Twitter account and accesses our website at the same time; this takes place irrespective of whether the affected person clicks on the Twitter component or not. If the affected person does not wish this form of information transmission to Twitter, it is possible to prevent this transmission by logging out of the Twitter account before accessing our website.

The valid data protection policy of Twitter can be found at https://twitter.com/privacy?lang=de.

Data protection provisions on the use and application of Shariff

The data controller has integrated a Shariff component in this website. The Shariff component makes social media buttons available, which are compliant with data protection provisions. Shariff was developed for the computer publication c't and is published via GitHub, Inc.

The component developer is GitHub, Inc. 88 Colin P. Kelly Junior Street, San Francisco, CA 94107, USA.

The button solutions provided by the social networks usually transmit personal data to the respective social media network if a user visits an internet site in which a social media button has been integrated. However, if the Shariff component is used then personal data is only transmitted to social networks if the visitor actively clicks on one of the social media buttons on the website. You can find further information on the Shariff component from the computer publication c't by visiting http://www.heise.de/newsticker/meldung/Datenschutz-und-Social-Media-Der-c-t-Shariff-ist-im-Einsatz-2470103.html. The use of the Shariff component is intended to protect the personal data of visitors to our website and also enables us to integrate a button solution for social networks in this website.

Further information and the valid data protection provisions of GitHub can be found at https://help.github.com/articles/github-privacy-policy/.

Data protection provisions on the use and application of Google Analytics (with anonymization function)

The data controller has integrated the Google Analytics component (with anonymization function) in this website. Google Analytics is a web analysis service. Web analysis is the acquisition, collection and evaluation of data regarding the behaviour of visitors to websites. A web analysis service logs data and information such as the website from which an affected person arrived on a website (so-called referrer), the sub-pages of the website that an affected person visits, or how often and for what length of time a sub-page was viewed. A web analysis service is predominantly used in order to optimise a website and to analyse the value for money of internet advertising.

The provider of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The data controller uses the suffix “_gat._anonymizeIp” for web analysis via Google Analytics. Using this suffix, the IP address of the internet connection of the affected person is abbreviated and anonymised by Google, if the access to our website takes place from a member state of the European Union or another state that is a contracting party to the European Economic Area.

The purpose of the Google Analytics component is to analyse the flow of visitors to our website. Google uses the data and information acquired, for example, to evaluate the use of our website, to generate online reports for us, which show the activities on our web pages, and to deliver further services connected with the use of our website.

Google Analytics sets a cookie on the information technology system of the affected person. The nature of cookies is explained above. By setting cookies, Google is able to analyse the use of our website. By calling up individual pages of this website, which are operated by the data controller and in which a Google Analytics component has been integrated, the internet browser on the information technology system of the affected person will be automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. Within the framework of this technical process, Google obtains knowledge of personal data such as the IP address of the affected person, which Google uses for example to track the origin of visitors and clicks, and to accordingly settle commission.

Personal information pertaining to the affected person - such as the access time, place from which access was initiated, and the frequency of visits to our website - is saved with the cookie. With every visit to our website this personal data, including the IP address of the internet connection used by the affected person, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass this personal data, acquired via the technical process, on to third parties under certain circumstances.

The affected person is able to prevent the setting of cookies by our website at any time with the requisite settings in their internet browser, as described previously, and thereby permanently inhibit the setting of cookies. Applying these settings to the internet browser used would also prevent Google setting a cookie on the information technology system of the affected person. Furthermore, any cookie previously set by Google Analytics can be deleted via the internet browser or another software program at any time.

Additionally, the affected person can also object to and prevent the acquisition of the data logged by Google Analytics regarding the use of this website, as well as the processing of this data by Google. To do so, the affected person must download and install a browser add-on, via the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that it is prohibited to transmit data and information regarding visits to websites to Google Analytics. The installation of the browser add-on is considered by Google to be an objection. If the information technology system of the affected person is deleted, reformatted or reinstalled at a later point in time then the affected person must reinstall the browser add-on, in order to deactivate Google Analytics again. If the browser add-on is de-installed or deactivated by the affected person or by another person within their sphere of influence, it is possible to reinstall or reactivate the browser add-on.

Further information and the valid data protection provisions of Google can be found at https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html. Google Analytics is explained in greater detail here: https://www.google.com/intl/de_de/analytics/.

Data protection provisions on the use and application of YouTube

The data controller has integrated components of YouTube in this website. YouTube is an internet video portal, which enables video publishers to present video clips free of charge, and also allows other users to view, rate and comment on these for free. YouTube permits the publication of all types of videos, so that complete films and television programs, as well as music videos, trailers or videos produced by the users themselves can be called up via the internet portal.

The operator of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

By calling up individual pages of this website, which are operated by the data controller and in which a YouTube component (YouTube video) has been integrated, the internet browser on the information technology system of the affected person will be automatically prompted by the respective YouTube component to download an image of the respective YouTube component from YouTube. For further information on YouTube, visit https://www.youtube.com/yt/about/de/. Within the framework of this technical process, YouTube and Google receive information regarding the actual sub-pages of our website visited by the affected person.

If the affected person is logged into YouTube at the same time, YouTube recognises which sub-page of our website containing a YouTube video is actually visited by the affected person when this sub-page is called up. This information is collected by YouTube and Google and assigned to the affected person by means of the respective YouTube account.

YouTube and Google always receive information via the YouTube component that the affected person has visited our website if the affected person is logged into their YouTube account and accesses our website at the same time; this takes place irrespective of whether the affected person clicks on the YouTube video or not. If the affected person does not wish this form of information transmission to YouTube and Google, it is possible to prevent this transmission by logging out of the YouTube account before accessing our website.

The data protection provisions published by YouTube can be viewed at https://www.google.de/intl/de/policies/privacy/. These provide information on the acquisition, processing and use of personal data by YouTube and Google.

Data protection provisions on the use and application of Vimeo

The data controller has integrated plugins in this website from the video portal Vimeo, provided by Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA. Every time a page containing one or more Vimeo video clips is called up, a direct connection is established between your browser and a server of Vimeo in the USA. With this, information regarding your visit and your IP address is saved here. In case of interactions with the Vimeo plugins (e.g. clicking on the start button), this information is also transmitted to Vimeo and saved there.

If you have a Vimeo user account and you do not wish Vimeo to collect information about you via this website and link this with your member data stored by Vimeo, you must log out of Vimeo before you visit this website.

You can find the data protection declaration from Vimeo and further information on the acquisition and use of data by Vimeo here: http://vimeo.com/privacy.

Furthermore, Vimeo calls up the Google Analytics tracker via an iFrame, in which the video is called up. This is a Vimeo tracker to which we have no access. You can inhibit tracking by Google Analytics by using the deactivation tools, which Google offers for some internet browsers. Furthermore, the user can prevent the acquisition of the data created by Google Analytics and related to their use of the website (including the IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available through the following link: http://tools.google.com/dlpage/gaoptout?hl=de

Data protection provisions on the use and application of CODE2ORDER

The person responsible uses a solution from CODE2ORDER GmbH. This allows hotels to provide guests with information (e.g., guests A-Z) and services (e.g., wake-up calls, room service, etc.) digitally at each stage of their stay on the guest's front-end device. The hotel has the decision-making power over the provision of content and services.

Data categories and purpose of processing:

Personal data are only collected if you voluntarily inform us of these, unless legal provisions require the collection or processing of any data. For the use of various services, among other things for validation, the input of personal data is necessary to determine whether you are entitled to request or use a service. These include in particular the following categories of data:
 

• First name Name

• Geo-Data

• room number

• Transaction data (e.g., modules used and duration of visit)

• Booking details (for example, booking number, arrival and departure dates

Not all of the data categories mentioned here are actually always recorded or queried. This depends on the individual settings made by the hotel. In addition, no personal data is collected. The use of the solution / software is basically possible without user registration. The user is asked at least once for consent to this privacy policy when submitting or commissioning services.
 

Categories of recipients:
 

• Public authorities subject to prioritization

• Other external bodies as far as the data subject has given his consent or a transmission of predominant, legitimate interest is permitted

• The respective hotel and its employees who have access to the system and have the appropriate authorizations.
 

Transmission of data:

Without the consent of the user, there is basically no disclosure of the data to third parties. For the use of some functions and services, however, a system-side transmission of the data is necessary. You therefore agree to the transmission of the data to the following systems and companies:
 

• Mailjet SAS, 13-13 bis, rue de l'Aubrac, 75012, Paris, France (system mailing distributor)


In the context of contract implementation, contract processors outside the European Union can also be deployed if the person concerned has given his consent. For the use of some functions and services, a system-side transmission of data to processors outside the European Union is necessary. You therefore agree to the transmission of the data to the following systems and companies:


• Bugsnag, 110 Sutter St, Suite 1000, CA 94104 San Francisco, United States (Errone Tracking / Privacy Shield)

The software uses its own "cookies" to increase the user-friendliness. "Cookies" are records that are sent by the web server to the user's browser and stored there for later retrieval. No personal data is stored in our own "cookies". You can generally prevent the use of "cookies" if you prohibit the storage of "cookies" in your browser.


Responsible body of CODE2ORDER:

CODE2ORDER GmbH, Law. Representatives: Patrick Luik, Alexander Haußmann, Schelmenwasenstrasse 34,

70567 Stuttgart, Tel. +49 711 25247300, info@CODE2ORDER.com

Use of Paylink to process credit card payments

If you pay by credit card, the payment is processed via a pay link of the payment provider Concardis GmbH, Helfmann-Park 7, 65760 Eschborn/Germany. The data required for this (card number, validity and verification number) are recorded and processed in encrypted form exclusively by the payment provider and not by the responsible body, are not forwarded and cannot be viewed by the website operator. The electronic payment method by credit card is PCI-DSS-certified and offers the customer the highest possible data security. The processing of your data by the payment provider is based on Art. 6 Para. 1 lit a GSDVO (consent) and Art.6 Para. 1 lit b GSDVO (processing for the fulfilment of a contract). Further information can be found in the data protection information of Concardis GmbH at https://www.concardis.com/ch-de/datenschutz.

Legal basis for processing

Art. 6 I lit. a GDPR serves as the legal basis for our company’s processing procedures, whereby we obtain consent for a certain processing purpose. If the processing of personal data is necessary in order to implement a contract to which the affected person is a contracting party, for example the data processing required in order to deliver goods or provide any other form of service or counter-performance, processing takes place on the basis of Art. 6 I lit. b GDPR. The same applies to processing procedures that are necessary in order to perform pre-contractual measures, for example in the event of inquiries regarding our products or services. If our company is subject to a legal obligation, which results in a necessity to process personal data, for example to fulfil fiscal obligations, then processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data may be necessary in order to protect the vital interests of the affected person or another natural person. This would be the case for example if a visitor to our company were to sustain an injury and it were consequently necessary to inform a doctor, hospital or another third party of their name, age, health insurance details or other vital information. In this case, processing would be based on Art. 6 I lit. d GDPR. Finally, processing could be based on Art. 6 I lit. f GDPR. Processing procedures that take place on this legal basis, to which none of the previous legal bases apply, arise if processing is necessary in order to protect a justified interest of our company or a third party, insofar as this interest is not outweighed by the interests, basic rights and basic freedoms of the affected party. We are permitted to perform such processing procedures in particular because these have been specifically admitted by the European lawmakers. The legislation considers that a justified interest could be assumed if the affected person is a customer of the data controller (recital 47 clause 2 GDPR).

Justified interests in processing, which are pursued by the data controller or a third party

If the processing of personal data is based on Article 6 I lit. f GDPR then our justified interest is the performance of our commercial activity to the benefit of the well-being of all our employees and our shareholders.

Duration of storage of personal data

The criterion for the duration of storage of personal data is the respective statutory retention period. After the retention period has expired, the corresponding data is routinely deleted insofar as it is no longer required for contract fulfilment or contract initiation.

Legal or contractual regulations for the provision of personal data; necessity for contract conclusion; obligation of the affected person to provide the personal data; possible consequences of a failure to provide

Please note that the provision of personal data may be prescribed in certain cases (e.g. tax legislation), or that it may be necessary due to contract regulations (e.g. information about the contract partner). It may sometimes be necessary with the conclusion of a contract, for the affected person to provide personal data, which must in turn be processed by us. The affected person is obligated to provide personal data to us for example if our company is concluding a contract with them. A failure to provide the personal data would result in it being impossible to conclude a contract with the affected party. Before the affected person provides personal data, they must contact one of our employees. Our employee will clarify with the affected person, whether the provision of the required personal data is prescribed by law or by the contract in the respective case, or whether it is essential due to conclusion of the contract, and furthermore what the consequences would be for the affected person with a failure to provide the personal data.

Existence of automated decision-making

We do not perform any automatic decision-making or profiling.

Name and address of the data protection officer:

Andreas Lüerßen

AL Datenschutz e.K.

Im Riedegrund 30 a

30952 Ronnenberg

Email: info@al-datenschutz.de

Internet: www.al-datenschutz.de

Please direct all data protection inquiries to our data protection officer.

We reserve the right to amend our data protection practices and these guidelines, in order to align them with any changes in the relevant laws or provisions where applicable, or to better meet with your needs. Any changes to our data protection practices shall be duly noted here. Please observe the latest valid version of the data protection declaration in this regard.