Design Hotels
Search Destination
Check-in - Check-out
Guests
Show search capsule Menu Close

Privacy Policy

Information on Data Protection

1. We take privacy seriously

The protection of your privacy when processing personal data is important to us. In the following, we therefore inform you about the details of the processing of your personal data and your related rights.

By default, when you visit our website, our web servers store the IP address of your internet service provider, the website from which you visit us, the websites you visit, the date and duration of the visit. This information is mandatory for the technical transfer of websites and secure server operation. A personalized evaluation of this data does not take place.

2. Data Controller and data Protection Officer

For all processing activities of your personal data in connection with the use of this website (except for hotel bookings and cancellations as pointed out under No. 4.5 below), we are a "data controller" within the meaning of Art. 4 No. 7 GDPR. In relation to hotel bookings and cancellations, we collect your personal data as a “processor” within the meaning of Art. 4 No. 8 GDPR on behalf of the respective member hotels which act as “data controllers”.

You can contact us as follows:
Design Hotels GmbH
Stralauer Allee 2c
10245 Berlin, Germany
Tel: +49 (0) 30 884 940 000
Email: [email protected]

Legal representative: Stijn Oyen, Michel Miserez

You can contact our Data Protection Officer as follows:
Hans-Peter Toft
BDO Legal Rechtsanwaltsgesellschaft mbH
Fuhlentwiete 12
20355 Hamburg
Deutschland/Germany
T: +49 40 30293-945
F: +49 40 30293-331
[email protected]

This privacy policy only applies to this website operated by us. Should offers from other providers ("third party offers") be accessible from this website, in particular the websites of our member hotels, neither our privacy policy applies nor we are data controller within the meaning of Art. 4 No. 7 GDPR for the processing of your personal data within the scope of such third party offers.

3. Type and scope of data processing

3.1 Server log files

You can browse our website without having to provide any personal data. We only store the following types of access data in so-called server log files, such as:

  • your IP address
  • the type and version of your Internet browser
  • the parts of our website you are browsing
  • the referrer website (the website from which you are browsing us)
  • the time, date, location, language, screen resolution, flash version, java, and duration of your browsing

The IP address can be regarded as personal data, since, under certain conditions and with additional information provided by the respective Internet service provider, it allows to obtain the identity of the subscriber of the Internet connection.

The data within the server log files is used by us exclusively to ensure the smooth operation of the website for which we have a legitimate interest in the sense of Art. 6 para. 1 lit. f) GDPR. Your IP address will be deleted within 26 months.

3.2 Inquiries by you

We offer you the opportunity to contact us by email. In this case, we process the personal data you voluntarily provide to us when contacting us which includes at least your email address. We will only process these data for the correspondence with you and for the purpose for which you have given us the data in the course of this communication, such as to contact you at your request. In this case, processing takes place on the basis of your consent in the sense of Art. 6 para. 1 lit. a) GDPR. Insofar as processing is necessary for the performance of a contract to which you are party or in order to take, at your request, steps prior to entering into a contract, processing is based on Art. 6 para. 1 lit. b) GDPR. After completing your request, your data will be erased in compliance with statutory retention periods, unless you have explicitly consented to a further use of your data or we have a right to store your data otherwise.

4. For what purposes do we use personal data and on which legal basis do we process?

4.1 Mandatory data

If you want to make a booking through our site or if you want to apply with us, you have to provide certain data within the scope of the contract to be concluded. In any other context, the provision of personal data is neither required by law nor by contract, nor are you required to provide personal information. However, the provision of personal data for the use of our services may also be partially required within the services we provide. In other words, if you do not provide us with the information, we specify to be necessary, we may not be able to provide you with the full scope of services. When you visit our website, we store certain information for administrative and technical reasons.

4.2 Newsletter

On our website, you can subscribe to our email newsletter. In this case, we process the following data from:

  • your email address
  • your confirmation that you have taken note of our terms and conditions and privacy policy
  • the time and date of granting your consent
  • your IP address

The e-mail address is required to send you our newsletter, the legal basis for the processing therefore stems from your consent, Art. 6 para. 1 lit. a) GDPR. Regarding the other types of data, we have a legitimate interest to document your granting of consent to receive the newsletter in order to be able to prove this in case of doubt, Art. 6 para 1 lit. f) GDPR. In order to obtain your consent, we use the so-called double opt-in procedure, which means that we will only send you a newsletter by email if you have previously explicitly confirmed to us that we should activate your account. After entering your email address into the input mask, we will send you a notification email asking you to confirm that you wish to receive our newsletter by clicking on a link in this email.

Alternatively, we may send you our newsletter, if

  • we have obtained your email address in connection with the sale of goods or services,
  • use your address for direct advertising of our own similar goods or services,
  • you have not objected to this use, and
  • you have been clearly and unequivocally advised when the address is collected and each time it is used that you can object to such use at any time without costs arising by virtue thereof, other than transmission costs pursuant to the basic rates.

We will send you newsletters for an indefinite period of time until you unsubscribe, or we decide to stop sending newsletters to you. If you no longer wish to receive newsletters from us, you can object to them at any time without costs arising by virtue thereof, other than transmission costs pursuant to the basic rates.

4.3 Trend Report

On our website, you can download a free version of our "Trade Report". Before you do, we will prompt you to subscribe to our newsletter and join our Design Hotels Community. Furthermore, we will ask for the following data:

  • last name
  • work email address
  • company name
  • job title
  • Sector (e.g. Advertising, Architecture, Music&Culture)
  • Role (e.g. Executive, Sales, PR)
  • Seniority (e.g. Entry-Level, Junior, Senior)
  • Location

We will analyze the forementioned data to provide you with tailored offers, such as invites to exclusive events. The legal basis is Art. 6 para. 1 lit. a) GDPR.

 

We will store your data until you withdraw the consent you have provided, as outlined in section 6.1. Otherwise, your data will be erased in accordance with statutory retention periods, unless you have explicitly consented to a further use of your data or we have a right to store your data otherwise.

For further details on data processing related to our newsletter and how to withdraw your consent, see section 4.2 of our privacy policy. For further details on data processing related to our Design Hotels Community and how to withdraw your consent, see section 4.4 of our privacy policy.

4.4 Design Hotels Community membership

You can register an account for the Design Hotels Community which will provide you various benefits. When you register for such an account, we will initially ask for your email address, to which a welcome email is sent to verify said email address and activate the account. The legal basis is Art. 6 para. 1 lit. b) GDPR.

After activation you are able to log in and provide further personal data voluntarily under “profile settings”. If you provide additional voluntary personal data, it will be used to prefill the personal details form upon making a booking, and/or be used to provide you with more refined topics in our communications, should you have opted in to any of our newsletters. The legal basis in these cases is Art. 6 para. 1 lit. a) GDPR.

We will store your data as long as you have an active Design Hotels Community Membership. When you cancel your membership, we will store your data in accordance with statutory retention periods and erase it afterwards unless you have explicitly consented to a further use of your data or we have a right to store your data otherwise.

4.5 Design Hotels Pro

You can additionally register an account for the Design Hotels Pro – The Portal for Travel Professionals. When you register for such an account, we will ask for the following data:

  • first and last name
  • email address
  • company/agency name
  • travel industry ID type
  • travel industry ID number
  • company address
  • country/region and city
  • key markets and target group

The legal basis is Art. 6 para. 1 lit. b) GDPR.

We will store your data as long as you have an active Design Hotels Pro Membership. When you cancel your membership, we will store your data in accordance with statutory retention periods and erase it afterwards unless you have explicitly consented to a further use of your data or we have a right to store your data otherwise.

4.6 Hotel bookings and cancellations

You can book a hotel stay in our member hotels via our website. In this case, we process the following data:

  • title
  • first and last name
  • email address
  • phone number
  • address
  • city
  • country/region
  • credit card information
  • confirmation number

These data are collected on behalf of our member hotels and transferred via our reservation system to the respective hotel for the arrangement of the contractual relationship.

In case you cancel your booking, we will process above data.

4.7 Guest profiles

Should you wish so, with each booking on our website, the indicated email address and the associated booking information will be automatically registered with an account that stores the booking, such as the given email address, full name, and address provided during the booking (see previous paragraph for more details). In order to access the account, it must be activated by following the instructions of the welcome email (see paragraph above, “Design Hotels Community Membership”). In any case, the legal basis is Art. 6 para 1 lit. b) GDPR.

Your bookings will be recorded for the purpose of making the specific information accessible to you and the statistic information available to us. This is necessary due to our legitimate interests of providing relevant offers to our customers and improving the user experience of our website, Art. 6 para. 1 lit. f) GDPR.

We will store such data in accordance with statutory retention periods.

4.8 Website and newsletter personalisation

We aim for the best user experience on designhotels.com. Therefore, when you register to our newsletter, Design Hotels Community, Further, or Design Hotels Pro – The Portal for Travel Professionals, we will personalize content based on what pages you visit to show you the information that interests you the most. We will not create a personalised user profile. The underlying data is anonymised.

4.9 Application as member hotel

You can submit an application to become a member hotel via our website. In this case, we ask for the following data:

  • hotel name
  • hotel status
  • hotel opening date
  • street and number
  • city and postal code
  • country/region
  • number of rooms and number of suits
  • hotel website
  • first and last name of contact
  • company name
  • job title
  • email address
  • phone number

The legal basis is Art. 6 para. 1 lit. a) GDPR.

The data will only be used to decide whether to accept your hotel into our membership portfolio. It will be forwarded internally only to the responsible contact persons who will decide on the admission. All data will be erased in accordance with statutory retention periods erased, unless you have explicitly consented to a further use of your data or we have a right to store your data otherwise.

4.10 Shop

By using our online shop, we process the following data:

  • name
  • email address
  • postal address
  • city/state/providence and ZIP code
  • country
  • credit card information

We disclose these data to third parties only in the context of extradition, payment, or in the context of legal permissions and obligations.

Possible categories of recipients are

  • delivery services
  • partners for handling payment transactions
  • law firms or tax consultants
  • law enforcement agencies

The data will only be processed to countries outside the EU/EEA, if necessary, for the performance of the contract. Where data are processed to a third country, we make sure that there exists an adequacy decision by the Commission or appropriate or suitable safeguards in the sense of Art. 46, 47 GDPR or derogations in the sense of Art. 49 GDPR or inform you otherwise in this Policy.

Processing is for the purpose of providing our contractual services, billing, delivery and customer care. The legal basis derives from Art. 6 para. 1 lit. b) GDPR as far as execution of order transaction is concerned and from Art. 6 para. 1 lit. c) as far as retention periods are concerned.

All data will be erased in accordance with statutory retention periods erased, unless you have explicitly consented to a further use of your data or we have a right to store your data otherwise.

4.11 Applicants data

In the event that you apply for a job via our website, you first need to register with an account. We collect the following data:

  • title
  • first and last name
  • email address
  • password
  • phone number
  • cover letter
  • résumé
  • information on how your heard about us

You may additionally add you LinkedIn or Xing profile and other documents.

Your data will only be used for the decision on whether to establish an employment relationship with you. It will be forwarded internally to the responsible contact persons only who will decide on the staffing of the position you are interest in. In case you do not apply for a specific vacancy, we will use your data with regard to all positions vacant at the moment of your application that meet your requirements.

The legal basis for the processing is Art. 88 GDPR in conjunction with section 26 para. 1 German Federal Data Protection Act.

We will erase your data after completion of the application process upon expiry of a six months retention period.

4.12 Website technology and tracking

For some of the purposes described in this section, we use tracking technologies. The legal basis for the use of cookies and alternative technologies is your consent in accordance with Article 6(1)(a) GDPR, § 25(1) TTDSG.

4.13 Cookies

On our website we make use of cookies. Cookies are small text files that are transferred from an Internet server to your browser and stored on its hard disk. The information, which is stored in the cookies, allows us inter alia to automatically recognize you the next time you visit our website, which will facilitate your use of the same.

We make use of cookies for the following purposes:

Authentication - We use cookies to verify your account and determine when you’re logged in so we can make it easier for you to access your accounts and related content and features.

Security site and product integrity - We use cookies to help us keep your account, data and the Designhotels.com safe and secure.

Advertising, recommendations, insights and measurement - We use cookies to help us show relevant content and to make recommendations on designhotels.com and our mailings with the goal to provide the best experience possible. In addition, we apply cookies to measure the performance of our advertising campaigns.

Analytics and research - We use cookies to better understand how people use the Design Hotels websites, based on your consent in accordance with Article 6(1)(a) GDPR, § 25(1) TTDSG.

Of course, you can also visit our website without accepting cookies. If you do not want your computer to be recognized the next time you visit, you may also decline to use cookies by changing the settings in your browser to "decline cookies". The respective procedure can be found in the operating instructions of your respective browser. If you refuse the use of cookies, however, it may lead to restrictions in the use of some areas of our websites.

4.13.1 Auto Log in

If you choose to stay logged in on our website, we will store your login information in a cookie on your computer so that you do not have to authenticate upon return to our website but will be automatically logged in ("auto log in"). The cookie and thereby the auto log in expire automatically after 60 days.

4.13.2 Adform

We use technology of ADFORM (Hovedvagtsgade 6, 1103 Kopenhagen, Danmark). In this context a cookie is stored on your computer as part of so called conversion tracking, if you have clicked on an ad from or have accessed our website through an ad. This allows us to analyse the behaviour of users on our website, that have accessed our website through ads, in order to adapt our ads and the website to user needs. You will find more information about adform and can opt out from the collection of data by Adform at: https://site.adform.com/privacy-policy/en/.

4.13.3 Google

We use various services provided by Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland) (“Google”). For general information regarding how Google handles your data, as well as further details about the services listed below, please refer to Google’s privacy policy at: https://policies.google.com/privacy?hl=en

The information generated by Google may be transmitted to and stored on a server located in the United States or other third countries. The company Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) is certified under the EU-US Data Privacy Framework, ensuring an adequate level of protection in accordance with the Commission's implementing decision.

You can access the commission implementing decision here: https://commission.europa.eu/system/files/2023-07/Adequacy%20decision%20EU-US%20Data%20Privacy%20Framework_en.pdf. This also applies to the wholly-owned subsidiaries of Google LLC in the US, as specified in the certification. The certification in accordance to the EU-US Data Privacy Framework can be found here: https://www.privacyshield.gov/ps/participant?status=Active&id=a2zt000000001L5AAI.

If there is no corresponding adequacy decision by the EU Commission, Google relies on standard contractual clauses for data transfers, based on the standard contractual clauses for the transfer of personal data to third countries adopted by the European Commission on June 4, 2021. These can be viewed here: https://business.safety.google/adsprocessorterms/sccs/c2p/ and here: https://business.safety.google/adsprocessorterms/sccs/p2p-intra-group/

For more information on international data transfers by Google, please refer to Google's privacy policy, accessible here: https://policies.google.com/privacy/frameworks?hl=en.

 

4.13.3.1 Google Tag Manager

We use Google Tag Manager, a tag management system that allows us to incorporate and manage tracking codes and associated code snippets ("tags") on our website through a user interface. This enables us to deploy and update tags from both Google and third-party providers.

When certain events ("triggers") take place, Tag Manager coordinates the transfer of data to different services, including Google Ads and Google Analytics. These services may subsequently collect data about you. For a thorough comprehension of how your data is handled by these services, please consult the following sections of this privacy policy.

To ensure service stability, monitor system performance and for diagnostic purposes, Google collects certain aggregated data related to triggers through the Tag Manager. However, Google does not gather any information about you as a visitor of our website.

Additional information about the tool and the handling of your data can be found in the Google Tag Manager's terms of use: https://support.google.com/tagmanager/answer/7157428?sjid=4480480199764118044-EU and here: https://support.google.com/tagmanager/answer/6102821?hl=en.

4.13.3.2 Google Analytics with anonymization function

Our website uses the web analytics service "Google Analytics" provided by Google. Google acts as our data processor under Article 28 GDPR when using this service.

Google Analytics measures and analyzes user behavior on our website (e.g., events like page visits or clicks on links, interactions during the checkout process, or sign-ups for newsletters), information about your browser or device (e.g., language setting, browser type, operating system, screen resolution), approximate location data and similar information. For this purpose, Google employs analysis and tracking techniques (especially cookies and tracking codes).

Google uses this data to generate comprehensive reports on our website usage, allowing us to tailor personalized advertisements. This helps us in assessing visitor interests, refining our content and presenting relevant offers to our audience.

If you have a Google account and opt for 'Personalized Ads', Google Analytics might enrich these aggregated reports with details about your demographic traits (e.g., age range, language preferences) and interests (e.g., product preferences) gathered by Google itself (e.g., from other websites or Google partners). For "Personalized Advertising," Google analyzes data from your Google account, along with your online activities like search queries or ad interactions.

If you have a Google account and opt for 'Personalized Ads', we can additionally analyze your website usage across various devices using Google Analytics ("Cross-device Tracking"). This means that, for instance, a product purchase can be identified even if different devices were used to complete it. The reports generated for us (potentially cross-device as well) through Google Analytics solely consist of aggregated data without any individual user data. "Personalized Advertising" can be disabled or customized anytime in your Google account settings. Further details can be found here: https://support.google.com/My-Ad-Center-Help/answer/12155451?hl=de

If you have a Google account and opt for the "Web & App Activity" function, you may also be able to view the use of this website in aggregated form, thereby having the opportunity to manage your data yourself. Further information can be found here: https://support.google.com/websearch/answer/54068

In Google Analytics, IP addresses are neither logged nor stored. For EU-based accesses, IP address data is solely utilized to extract location data and promptly discarded thereafter. They are not stored, not accessible, and not utilized for any other purposes. Consequently, the transmitted information can no longer be linked to an individual's IP address. For more details, please refer to: https://support.google.com/analytics/answer/12017362?hl=de

Your data will be automatically deleted no later than 14 months after your last visit to our website. Data on age, gender, and interests will be deleted after two months.

The legal basis for data processing is your consent in accordance with Article 6(1)(a) GDPR or § 25(1) TTDSG.

4.13.3.3 Google Signals

Our website uses Google Signals, an advanced feature of Google Analytics. This tool enables us to gather more in-depth insights about users who are signed into their Google accounts and have opted in for ‘Ads Personalization’. As a result, we gain access to demographic and interest reports based on users’ preferences and activities. Additionally, it allows the delivery of ads to you through Cross Device-eligible remarketing campaigns and supports Cross Platform reporting. Importantly, these Cross Platform reports are compiled from aggregated data, ensuring that your individual data remains undisclosed. The processing of this data is contingent on your consent, as outlined in Article 6(1)(a) GDPR.

You can disable or adjust 'Personalized Ads' at any point in your Google account settings. For more details, please visit: https://support.google.com/My-Ad-Center-Help/answer/12155656?sjid=5350810462406516293-EU#turn-on-or-off-personalized-ads

 

Further information about Google Signals can be found here: https://support.google.com/analytics/answer/9445345?hl=en&ref_topic=12233523&sjid=5350810462406516293-EU#zippy=%2Cin-this-article%2Cdemographics-and-interests%2Ccross-platform-reporting%2Cremarketing-with-google-analytics

4.13.3.4 Google Ads and Remarketing

We use Google Ads to show online ads tailored to your interests. To do this, Google Ads places cookies on your device to track sales and other conversions resulting from our ads and content. We receive statistical analyses from Google, like the frequency of ad clicks. However, we don't receive information that allows us to draw conclusions about individual users' interactions with the ads.

Additionally, we user the remarketing feature of the service. This allows us to create target audiences, leveraging unique identifiers such as the Google Tag ID and insights from Google Analytics. This provides us with a more comprehensive understanding of user behavior (e.g., a user has added an item to their shopping cart but did not complete the purchase) and allows us to re-engage with these users. This data is shared with Google, allowing them to prioritize advertising products in online marketing that match your interests. For more details on audience targeting and its implementation in Google Ads: https://support.google.com/analytics/answer/12800258?hl=de&ref_topic=14277381&sjid=2536706793491386667-EU

For more information on how Google processes your data for advertising purposes, please refer to Google's Privacy Policy, available here: https://policies.google.com/privacy. You can find more details on how Google Ads operates here: https://ads.google.com/intl/de_de/home/how-it-works/

The legal basis for data processing is your consent in accordance with Article 6(1)(a) GDPR or § 25(1) of the TTDSG.

4.13.4 Microsoft Bing Ads

On our website, we use the conversion and tracking tool "Bing Ads" of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft is certified under the Privacy Shield Agreement, which is why it guarantees to comply with European data protection law. Microsoft Bing Ads places a cookie on your device if you have accessed our website via a Microsoft Bing ad. Microsoft Bing as well as we can thus recognize that someone clicked on an ad, was redirected to our website and reached a previously determined landing page (conversion page). We only get to know the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No personal information about the identity of the user will be shared. If you do not want information about your behaviour to be used by Microsoft as explained above, you can refuse the cookies in your browser settings. In addition, you may prevent the collection of data generated by the cookie and related to your use of the website as well as the processing of this data by Microsoft by using the following link: http://choice.microsoft.com/en-EN/opt-out and objecting to the use of these cookies. For more information about privacy and cookies used by Microsoft and Bing Ads, visit the Microsoft Web site at https://privacy.microsoft.com/en-us/privacystatement.

4.13.5 Facebook

On our website we use different services provided by Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA ("Facebook"). For more information on the collection and use of data by Facebook and your rights in this regard and ways to protect your privacy, see the privacy policy of Facebook https://www.facebook.com/about/privacy. Facebook is Privacy Shield certified and thus an adequate level of protection exists according to the Implementing Decision of the Commission (EU) 2016/1250 (https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016D1250&from=EN). The certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

4.13.5.1 Facebook Impressions

In this context we use the function Facebook Impressions. Through this feature information about the frequency with which a post of our site is displayed is gathered. Here the frequency of the page views is recorded by the visitors of our website. The information generated by these cookies, such as time, location and frequency of your website visit, including your IP address, will be transferred to the Facebook servers in the United States.

The storage of cookies can be prevented by appropriate settings in your browser. The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your rights in this regard and setting options for the protection of your privacy can be found in the Privacy policy of Facebook.

4.13.5.2 Facebook Custom Audiences Pixels

To promote interest-based advertisements to visitors to our website while visiting Facebook, we use Custom Audiences Pixel from Facebook. It connects to the Facebook servers when visiting our website. The information that you have visited our website is transmitted to the Facebook server and Facebook assigns this information to your personal Facebook user account.

4.13.6 Microsoft Clarity

This website uses Microsoft Clarify, a web analytics tool of Microsoft Corporation , One Microsoft Way, Redmond, WA 98052, U.S.A, to collect individual visits (using an anonymous IP address only). The mouse movements and mouse clicks are logged, along with the intention of individual visits to this site as so-called session replays to reproduce and evaluate the so-called heat maps and determine potential improvements for this site. The data collected by Microsoft Corporation are non-personal and will not be disclosed to third parties outside the Microsoft network. For more information about the features of Microsoft Clarity, please visit: https://privacy.microsoft.com/de-de/privacystatement

4.14 Facebook Lead Ads

We use Facebook Lead Ads and collect your email address to send you newsletters. The rules set out in Section 4.2 apply to registration, unsubscription, and dispatch details.

4.15 Design Hotels Community Rate

The Design Hotels Community Rate is offered in cooperation with various member hotels. You can subscribe to the Design Hotels Community Rate on the websites of participating member hotels. If you subscribe you will receive our newsletter and the newsletter of the respective member hotel. For this purpose your email address and information on the time and date of your subscription is shared with the respective member hotel.

With regard to the subscription process we and the respective member hotel process personal data as joint controllers. As such we and the respective member hotel are jointly responsible for the data processing. In an agreement on joint controllership pursuant to Art. 26 GDPR Design Hotels and the respective member hotel have determined how the responsibilities in the processing of personal data are structured and who fulfills which data protection obligations. In particular the agreement determines how an appropriate level of security and your rights as a data subject can be ensured how the information duties under data protection law can be fulfilled jointly and how potential data protection incidents can be monitored. This also includes ensuring that reporting and notification obligations are fulfilled.

If you want to exercise your data protection rights with regard to the processing of personal data in joint controllership you can reach out to Design Hotels or any jointly responsible member hotel. In accordance with the aforementioned agreement under Art. 26 GDPR Design Hotels and the respective member hotel will coordinate to respond to your request and ensure your rights as a data subject.

5. Recipients of data

As explained above we will share your personal data with the hotels if you make a booking and we will use external parties as data processors as follows:

  • Emarsys Interactive Services GmbH, Stralauer Alee 6, 10245 Berlin, Germany for the purposes of customer relationship management and the sending of emails.
  • A reservation system for bookings provided by Sabre GLBL Inc., 3150 Sabre Drive, Southlake, TX 76092 USA, whom we have entered a contract under the standard contractual clauses (https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087&from=EN) with, that guarantees an adequate level of data protection.
  • Achiga Headquarters, 260 King Street East, Suite C-200, Toronto, Ontario M5A5L5, Canada for the purposes of website maintenance and development as well as customer relationship management.
  • GetWebCraft Limited, Klimentos 41-43, Klimentos Tower, Flat/Office 25, 1061, Nicosia, Cyprus, operating as getsidecontrol, who provide smart widgets for website optimization.
  • Squarespace, Inc., 225 Varick Street, 12th Floor, New York, New York 10014, USA for ecommerce purposes, Squarespace is Privacy Shield certified and thus an adequate level of protection exists according to the Implementing Decision of the Commission (EU) 2016/1250 (https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016D1250&from=EN). The certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt0000000GnjcAAC&status=Active.
  • Positioner SA, Via Lavizzari 3, 6900 Lugano, Switzerland for the purpose of website maintenance and development as well as customer relationshiop management and digital marketing consulting purposes.
  • Stripe, Inc., California, 185 Berry Street, Suite 550, San Francisco, California 94107, USA that is used by Squarespace for payment services. Stripe is Privacy Shield certified and thus an adequate level of protection exists according to the Implementing Decision of the Commission (EU) 2016/1250 (https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016D1250&from=EN). The certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt0000000TQOUAA4&status=Active.
  • Mailchimp, The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308 USA for the purposes of sending newsletters.
  • Zapier, Inc. 548 Market St. #62411. San Francisco, CA 94104-5401 for the purpose of allowing users to register to our Community via Facebook.

6. Your rights

In connection with the processing of your personal data, you have the following rights. These can be basically exercised free of charge. However, where your requests for the rights set out in numbers 2 to 5 are manifestly unfounded or excessive, in particular because of their repetitive character, we may either

- charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or
- refuse to act on the request.

6.1 Withdrawal of consent

You have the right to withdraw any consent you have given us for processing your data. However, this will only effect future processing. The lawfulness of processing carried out on the basis on your original consent will not be affected.

6.2 Confirmation and access

You have the right to request confirmation as to whether your person data is being processed. If this is the case, you are entitled to have access to the personal data in the sense of Art. 15 GDPR.

6.3 Rectification and erasure

You have the right to demand rectification of incorrect personal data and the completion of incomplete data (Art. 16 GDPR) as well as, under the conditions of Art. 17 GDPR, erasure of your data.

6.4 Restriction of processing

You have the right to restrict the processing of your personal data under the conditions of Art. 18 GDPR.

6.5 Right to data portability

You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without our hindrance. However, this right exists only insofar as the processing is based on your consent pursuant to Art. 6 para. 1 lit. a) or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b); and the processing is carried out by automated means.

This right is precluded as far as rights and freedoms of other persons (in particular personal data of third parties, business or company secrets existing on our parts, copyrights) are concerned.

6.6 Obligation to provide data

There is no obligation for you to provide your personal information. However, if you do not provide the data required according to this privacy statement, you may not be able to use certain services or features in whole or in part.

6.7 Right to lodge a complaint

Insofar as you believe that we do not properly comply with the obligations stipulated in data protection law, you have the right to lodge a complaint with a supervisory authority.

The competent supervisory authority would be:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstraße 219
10969 Berlin, Germany
Tel: +49 (0)30/138890
Email: [email protected]

7. Right to object

On grounds relating to your particular situation and where processing is based on Art. 6 para. 1 lit. e) or lit. f) GDPR, you may object to the processing of your personal data at any time. We then will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

8. Changes to this privacy policy

8.1 Updating our privacy policy

New legal or regulatory requirements or new features on our website may require an update of this Privacy Notice. In these cases, we will provide further information here. It is therefore recommended to periodically review this Policy for any changes. The latest version of this Policy can be found as conclusion.

8.2 Printing and storing the privacy policy

You can print and save this privacy policy directly via the print or save function of your browser.

 

March, 2024