1. Information about the collection of personal data
1.1 In what follows we will inform you of the collection of personal data when you use our Website. Personal data are any data that can be correlated with you personally, e.g., your name, address, email addresses, telephone numbers, and user behavior.
1.2 The controller within the meaning of Art. 4 para. 7 of the EU General Data Protection Regulation (hereinafter “GDPR”) is Heinrich Hecker Hotel GmbH & Co. KG, Stedener Feld 10, 33104 Paderborn, represented by Weber-Hecker GmbH, managing director: Thomas Weber, phone: +49 30 88 90 – 0, fax: +49 30 88 90 – 260, email: firstname.lastname@example.org.
1.3 When you contact us by email or through our contact form, we will store the data you provide (your email address and, if you so choose, your name and telephone number) to answer your questions. When data we collect in this connection are no longer needed, we will erase such data or, if we have legal recordkeeping obligations, restrict the processing of such data.
1.4 Should we use third-party service providers for certain features of our Website or use your data for advertising purposes, we have informed you of such processes below. We have also specified the criteria that are used to determine how long your data will be stored.
2. Your rights
2.1 You have the following rights against us with respect to your personal data:
- a right to information,
- a right to rectification or erasure,
- a right to restricted processing,
- a right to object to processing, and
- a right to data portability.
2.2 In addition, you have a right to lodge a complaint with a data protection supervisory authority with regard to our processing of your personal data.
2.3 Information about your right of revocation/objection under the General Data Protection Regulation:
a) If you have consented to processing of your personal data, you may revoke your consent at any time. Such revocation will impact the lawfulness of our processing of your personal data after the date of revocation.
b) To the extent that our processing of your personal data is based on legitimate interests, you may object to such data processing. This is the case, in particular, if processing your data is not necessary for performance of a contract with you, as we have explained below when describing the various features of our Website. If you exercise your right to object, please state the reasons why we should no longer process your personal data as we have done. If your objection is valid, we will review the facts and either stop processing your data or make changes to the way we process your data or provide you with compelling legitimate reason for continuing to process your data.
c) Of course, you may at any time object to the processing of your personal data for advertising or data analysis purposes. To exercise your right to object to the processing of your data for advertising purposes, please contact us at the contact information shown below.
Your right of revocation/objection may be exercised informally and, if possible, should be addressed as follows:
Heinrich Hecker Hotel GmbH & Co. KG
Stedener Feld 10
represented by Weber-Hecker GmbH
managing director: Thomas Weber
phone: +49 30 88 90 – 0
fax: +49 30 88 90 – 260
3. Collection of personal data when you visit our Website
3.1 If you use our Website for information purposes only, i.e., if you do not register, reserve a room, or otherwise transmit information to us, we will collect no data that will be stored in log files of our web server.
3.2 If you visit our Website not only for information purposes, but also to reserve a room online, you will be transferred to our reservation page with an input screen that was created for us by HotelNetSolutions GmbH. HotelNetSolutions GmbH is located at Genthiner Str. 8, 10785 Berlin, email: email@example.com, and may process the following data on our behalf that are technically necessary to display the reservation page and to ensure stability and security (the legal basis is Art. 6 para. 1 sent. 1 let. f) GDPR):
- IP address,
- date and time of request,
- time zone difference relative to Greenwich mean time (GMT),
- content of requested (specific page),
- access status/http status code,
- transferred data volume,
- website from which request is made,
- operating system and graphic user interface, and
- language and version of browser software.
3.3 We process personal data of visitors to our Website for the following purposes: to respond to inquiries from users, to accept and process reservation requests, to make available services in connection with hotel/room reservations through this Website; for the technical administration of the Website and its operational features, including the resolution of technical problems, statistical analysis, tests to prevent fraudulent activities or misuse of the Website or in connection with the Website; for compliance with applicable laws, to protect the security of each individual and our rights and property, and to prevent deceptions or security problems or technical problems.
In addition to collecting the aforementioned data, we will store cookies on your computer when you use our Website. Cookies are small text files which are stored on your hard drive by your browser and which provide the party that places the cookie (in this case, us), with certain information. Cookies can run no programs and transmit no viruses to your computer. Their purpose is to make our Website as a whole more user-friendly and effective.
a) This Website uses the following types of cookies, whose scope and functions are explained below:
- Transient cookies (see section b))
- Persistent cookies (see section c))
b) Transient cookies will be automatically deleted when you close your browser. Such cookies include, in particular, session cookies. Session cookies store a so-called session ID that allows different requests from your browser to be associated with one and the same session. This allows us to recognize your computer the next time you visit our Website. Session cookies will be deleted when you log out or close your browser.
c) Persistent cookies will be automatically deleted after a specified time period, which varies from cookie to cookie. You can delete cookies at any time by selecting the appropriate security settings in your browser.
d) You can configure your browser settings as desired and, for example, block third-party cookies or all cookies. We advise you however that if you do so, you may no longer be able to use all features of this Website.
e) We hereby inform users that cookies can be blocked or removed from their browsers, for example in accordance with the instructions provided on the following pages:
Internet Explorer https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
Mozilla Firefox https://support.mozilla.org/en-US/kb/delete-cookies-remove-info-websites-stored
5. Google Maps
6. Use of Google Analytics
6.2 The IP address transmitted by your browser in connection with Google Analytics will not be merged with any other data of Google.
6.3 You may block cookies by selecting the appropriate settings in your browser; we advise you however that if you do so, you may no longer be able to use all features of this Website to the full extent. Moreover, you may prevent Google from collecting data related to your use of the Website and generated by the cookie (including your IP address) and from processing such data by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
Opt-out cookies will prevent that your data will be collected the next time you visit this Website. To prevent tracking by Universal Analytics across multiple devices, you must opt out separately for each device you use.If you click here, an opt-out cookie will be placed: Disable Google Analytics.
6.4 This Website uses Google Analytics with the extension “_anonymize Ip().” As a result, IP addresses are masked before being processed, thereby ruling out that an IP address can be correlated with any particular individual. To the extent that data about you relate to your personally, such correlation will therefore be immediately prevented and such personal data will be promptly deleted.
6.5 We use Google Analytics to be able to analyze and continuously improve use of our Website. Statistical data from Google Analytics allow us to improve our products and services and make them more interesting to you, the user. In exceptional cases where personal data are transferred to the United States, Google has committed to comply with the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for using Google Analytics is Art. 6 para. 1 sent. 1 let. f) GDPR.
7. Use of Google web fonts
For the uniform display of fonts on this Website we use so-called web fonts by Google. When you access a page on our Website, your browser will load the necessary web fonts into your browser cache in order to correctly display texts and fonts.
For this purpose your browser must establish a connection to servers of Google. As a result, Google will find out that your IP address was used to access our Website. We use Google web fonts in the interest of a uniform and attractive display of our Website. This is a legitimate interest within the meaning of Art. 6 para. 1 let. f) GDPR.
If your browser does not support web fonts, your computer will use a standard font.
8. Online-Booking and Room Reserations
8.1 On our Website you can reserve rooms on a reservation page that was created for us by HotelNetSolutions GmbH. If you do so, the following personal data you enter into the input screen will be transmitted to and stored by us: your first name and last name, email address, telephone number, and billing address, the names of contact persons if you are a corporate customer, the number, names, and contact information of any additional travelers, your arrival and departure dates, any special requests, your payment data (payment method – such as credit card – and amount of payment – total price), and the date and time of your reservation. HotelNetSolutions GmbH is located at Genthiner Str. 8, 10785 Berlin, Germany. All reservation data entered by you will be transferred in encrypted form. As our contract partner, HotelNetSolutions GmbH has agreed to handle all of your data in compliance with applicable data privacy laws. The company will take all organizational and technical measures to protect your data. In this connection your data will not be transferred to any third parties by us. Your data will be used exclusively to process the booking/room reservation and to communicate with you.
8.2 The legal basis for processing your data is the conclusion of a lodging contract with you, Art. 6 para. 1a), b) GDPR. If the aforementioned data are not provided, we will be unable to enter into or manage a contract with you. Data you provide will be stored in our hotel software on an in-house server and used to perform our contract with you. Personal data entered into the input screen will be processed exclusively to process your reservation request and payment.
8.3 Data will be erased as soon as they are no longer needed for the purpose for which they were collected. If we have entered into a contract with you, we will erase data we have received from you as soon as we have complied with our legal recordkeeping obligations.
8.4 Even in the course of an online reservation you may at any time object to the processing of your personal data by sending an email to firstname.lastname@example.org. Please note that if you object to the processing of your personal data, your reservation cannot be completed and we can no longer communicate with you.
9. Transfer of data to non-EEA countries
We generally transmit no personal data to non-EEA countries. Our servers are located in the European Union. In cases in which personal data are transferred to countries that do not offer the same level of data protection as the European Union and in which you have not expressly consented to the transfer of your data to third countries, we will ensure that the contract with the third-party provider includes certain contractual obligations required under applicable data protection law (including standard contractual clauses approved by the European Commission), unless we can rely on different legal bases for transferring your personal data.