DATA PROTECTION INFORMATION
With the following information we would like to give you an overview of the processing of your personal data in connection with the use of our website as well as during a stay in our hotel and inform you about your rights according to data protection law.
I. Information on the processing of personal data
By way of introduction, we would like to refer to our far-reaching information on transparency formation in accordance with Art. 13 and 14 DSGVO.
1. responsible party
The responsible party for data processing on this website pursuant to Art. 4 No. 7 DSGVO and provider of the website (service provider) within the meaning of the German Telemedia Act (TMG) is.
Hotel Rosengarten GmbH
Poppenbüttler Landstraße 10b
Phone: +49 40 608 714-0
Fax: +49 40 608 714-37
Complete information according to § 5 TMG (imprint)
2. purposes and legal basis for the processing of personal data
We process your personal data in accordance with the provisions of the EU General Data Protection Regulation (DSGVO), the new German Federal Data Protection Act (BDSG-neu) and all other applicable laws for the following purposes and based on the following legal grounds:
(a) To process and manage reservation requests and reservations as well as to provide our services under the accommodation contract, including the processing of your hotel stay, payment processing and to track your use of our services, e.g. telephone, to carry out check-in and manage access to rooms - the legal basis for this is Art. 6 para. 1 p. 1 lit. b) DSGVO.
(b) For the fulfillment of a legal obligation to which our company is subject as the responsible party (e.g. due to registration laws, tax laws, accounting obligations, etc.) - the legal basis for this is Art. 6 para. 1 p. 1 lit. c) DSGVO.
(c) Sending of our e-mail newsletter including the management of your subscription to the newsletter - the legal basis for this is your consent pursuant to Art. 6 para. 1 p. 1 lit. a) DSGVO.
(d) To implement and manage your participation in our planned loyalty program - the legal basis for this is your consent pursuant to Art. 6 para. 1 p. 1 lit. a) DSGVO.
(e) To maintain, guarantee and improve the quality of our products and services, in particular by conducting and analyzing satisfaction surveys and guest comments, by processing your personal data in our guest database, which enables us to recognize you as a returning guest, to better assess your requirements and wishes, to improve the quality and individuality of our communication with you and to create customized offers for you - the legal basis for this is Art. 6 (1) S. 1 lit. f) DSGVO. Our interests arise from the existing accommodation contract with you, which constitutes a relevant and appropriate relationship within the meaning of Recital 47 to the GDPR, as well as from the fact that this type of data processing is customary in the hotel industry and corresponds to the reasonable expectations of the vast majority of guests.
(f) For the purpose of advertising our offers and services to existing customers - the legal basis for this is Art. 6 (1) sentence 1 lit. f) DSGVO. You can find more details on advertising to existing customers under Part II No. 2 of this data protection notice.
(g) To safeguard house rights, to prevent and investigate criminal offences (in particular also by means of video surveillance), to assert and defend legal claims and to safeguard interests in the event of legal disputes, to ensure IT security and IT operations, to identify creditworthiness risks - the legal basis for this is Art. 6 (1) sentence 1 lit. f) DSGVO. Our overriding legitimate interests follow from our obligation to ensure a safe stay of our guests in the hotel as well as from our interest in the enforcement of our material and immaterial claims and the exercise of our rights as well as in the defense against unjustified claims. Furthermore, the processing of personal data to the extent strictly necessary for the prevention of fraud also constitutes a legitimate interest of our company pursuant to Recital 47 of the GDPR.
(h) To process the purchase of a voucher - the legal basis for this is Art. 6 para. 1 p. 1 lit. b) DSGVO.
Minors may not transmit personal data to us without the consent of their legal guardians. We do not process any knowingly obtained personal data of minors within the scope of the website.
3. categories of recipients of the personal data
If and insofar as necessary for the purposes stated in section 3 above, we also disclose your personal data to the following recipients or categories of recipients pursuant to Art. 4 No. 9 DSGVO:
Within our company, only those offices will receive inspection of or access to your data (to the extent necessary in each case) that need it to fulfill our contractual and legal obligations.
To the extent that your personal data is processed in our central guest database. When carrying out existing customer advertising measures, your personal data will only be disclosed to those employees of our company who have access to our central guest database.
Service providers used by us (e.g. as part of commissioned processing pursuant to Art. 28 DSGVO) and vicarious agents may also receive personal data for these purposes. These are companies in the categories of credit services and payment processing, IT services, cleaning services, logistics, printing services, telecommunications, debt collection, advice and consulting, and sales and marketing.
Furthermore, data may be passed on to public bodies and institutions if there is a legal obligation to do so (e.g. tax authorities, law enforcement agencies).
Further data recipients may be those bodies for which you have given us your consent to the transfer of data.
4. transfer of personal data to a third country
A transfer of personal data to bodies in states outside the European Union (so-called third countries) will take place if it is required by law or you have given us your consent.
5. duration of storage of personal data and criteria for determining this duration
We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations. If the data are no longer required for the fulfillment of contractual obligations, they are regularly deleted, unless their temporary further processing is required due to commercial and tax retention periods (including the German Commercial Code (HGB), the German Fiscal Code (AO). The retention and documentation periods specified there are two to ten years.
6. your rights as a data subject
Every data subject whose personal data is processed has the right to information from the controller about the personal data concerned in accordance with Article 15 of the GDPR, the right to rectification in accordance with Article 16 of the GDPR, the right to erasure in accordance with Article 17 of the GDPR, the right to restriction of processing in accordance with Article 18 of the GDPR, the right to object to processing in accordance with Article 21 of the GDPR and the right to data portability in accordance with Article 20 of the GDPR. With regard to the right to information and the right to deletion, the restrictions pursuant to Sections 34 and 35 BDSG-neu also apply.
More information on your right to object to processing pursuant to Art. 21 DSGVO.
If the processing of your personal data is based on consent given to us, you have the right to revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation.
Furthermore, you have the right to lodge a complaint with the competent data protection supervisory authority pursuant to Art. 77 DSGVO in conjunction with Section 19 BDSG-neu.
7. obligation to provide data
Within the framework of our contractual relationship, you must provide those personal data that are necessary for the establishment and execution of the accommodation contract or that we are legally obliged to collect. Without this data, we will generally not be able to conclude the contract with you or to execute it. In particular, we are required by Section 30 (2) of the Federal Registration Act to collect certain personal data about you as part of the registration form. If you do not provide us with the necessary information, we may not be able to provide the services you requested or not completely.
8. automated decision making and profiling
When establishing and implementing our contractual relationship, you will not be exposed to any decision based exclusively on automated processing - including profiling - pursuant to Art. 22 DSGVO, which produces legal effects vis-à-vis you or similarly significantly affects you.
9 Supplementary information about your right of objection pursuant to Art. 21 DSGVO.
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6(1) sentence 1 lit. e) DSGVO (data processing in the public interest) or Art. 6(1) sentence 1 lit. f) DSGVO (data processing on the basis of a balance of interests); this also applies to profiling based on this provision in accordance with Art. 4(4) DSGVO.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
If your personal data is processed by us in order to advertise for existing customers, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is connected with such advertising for existing customers.
The objection is possible without any formalities and should be addressed directly to us.
10. Video Surveillance:
For video surveillance in some public areas, the following applies to the associated processing of personal data:
(a) Purposes of data processing:
Exercise of domiciliary rights, prevention of criminal offences (e.g. damage to property or theft), ensuring criminal prosecution.
(b) Legal basis for data processing:
Art. 6 para. 1 p. 1 lit. f) DSGVO.
The overriding legitimate interests of our company follow from our obligation to ensure a safe stay of our guests at the hotel as well as from our interest in enforcing our material and immaterial claims and exercising our rights as well as defending against unjustified claims.
(c) Categories of recipients of the personal data:
Potential recipients of the data are law enforcement authorities and persons or companies we engage to exercise our rights (such as lawyers).
We do not intend to transfer the data to any third country or international organization.
(d) Duration of storage of personal data:
If a recording of surveillance footage takes place, the relevant recordings will be deleted after 72 hours at the latest; after this storage period has expired, only data that is required for the clarification of specific incidents or for the enforcement of claims based on a specific event (e.g. a criminal offense) will be stored. This data is also deleted after the purpose for continued storage has ceased to exist.
II. Supplementary information on data processing on this website
1. SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Encrypted payment transactions on this website
If, after the conclusion of a contract with costs, there is an obligation to transmit your payment data to us (e.g. account number in the case of direct debit authorization), this data is required for payment processing.
Payment transactions via the common means of payment (Visa/MasterCard, direct debit) are made exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
With encrypted communication, your payment data that you transmit to us cannot be read by third parties.
When contacting us (for example, by contact form or e-mail), the user's details are stored for the purpose of processing the request and in the event that follow-up questions arise.
2. E-mail newsletter and existing customer advertising
With the e-mail newsletter, we will inform you regularly about offers and information about special offers, services, promotions and services of the Hotel Rosengarten GmbH, especially about your stay, best price offers and on the occasion of your birthday, as well as invitations to events.
If you would like to receive the e-mail newsletter, we require a valid e-mail address from you. For the registration to our newsletter we use the so-called double-opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within two weeks, your information will be blocked and automatically deleted after one month. In addition, we store your respective IP addresses used and times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
You can revoke your consent at any time. The lawfulness of the processing until the exercise of your revocation remains unaffected. To exercise your right of revocation, you can click on the unsubscribe link in the respective message or send us a message to info@Hotel-Rosengarten-Hamburg.de.
Existing customer advertising
We reserve the right to send our guests offers from our range of services as an existing customer advertisement by e-mail. Our legitimate interest in advertising to existing customers is to be able to offer our guests individual offers tailored to their target groups, which are based on a previous booking (transaction) or the existing customer relationship.
We can process your personal data, which you provide to us when making a booking, within 12 months of a previous transaction for the purpose of sending out advertising to existing customers. If you do not make a new booking or do not make another transaction within this period, your personal data will no longer be processed for the purpose of existing customer advertising and will be deleted accordingly, unless you have subscribed to a newsletter or your personal data must continue to be stored due to other regulations.
- Necessary functions: These cookies contribute significantly to improving your movement and booking experience on our website. Basic functionalities and applications such as shopping carts or electronic billing procedures are thereby optimized and their handling facilitated. These cookies do not collect information about you that can be used for marketing campaigns or statistical analysis. These cookies are necessary for the use of the website, the legal basis for these cookies is Art 6 (1) lit. b) DSGVO.
- Statistical analysis: Statistical analysis is the processing and presentation of data about user actions and interactions on websites and apps (e.g. number of page visits, number of unique visitors, number of returning visitors, entry and exit pages, dwell time, bounce rate, actuation of buttons) and, where applicable, the classification of users into groups based on technical data about the software settings used (e.g. browser type, operating system, language setting, screen resolution). The legal basis for these cookies is consent in accordance with Art 6 (1) a) DSGVO.
- Reach measurement: Reach measurement is the visit action evaluation by analyzing user behavior in terms of determining specific user actions and measuring the effectiveness of online advertising. The number of visitors who have reached websites or apps, for example, by clicking on advertisements, is measured. In addition, the rate of users who perform a certain action (e.g. registering for the newsletter, ordering goods) can be measured. The legal basis for these cookies is consent pursuant to Art 6 (1) a) DSGVO.
- Personalized advertising: Certain functions of websites and apps are used to display personalized advertising materials (ads or commercials) to users in other contexts, for example on other websites, platforms or apps. For this purpose, conclusions about the interests of users are drawn from demographic information, search terms used, contextual content, user behavior on websites and in apps, or from the location of users. Based on these interests, advertising materials will be selected in the future and displayed at other online content providers. The legal basis for these cookies is consent in accordance with Art 6 (1) a) DSGVO.
Setting cookies via our Cookie Consent Tool
To adjust your cookie settings, you can use our Cookie Consent Tool at any time. To do so, you can access the tool via the following link and set the above categories of cookies there by giving or not giving consent to the use of these cookies in your browser.
Setting cookies via the browser
In your browser, you can set that cookies are only stored if you agree to this. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, completely disabling cookies may prevent you from using all the features of our website. If you only want to accept our cookies, but not cookies from partners, please select the "Block third-party cookies" in your browser. In the menu bar of your web browser, the help function will show you how to reject new cookies and disable those you have already received. We recommend that for shared computers that accept cookies and so-called Flash cookies, you always log out completely when finished.
4. Cookies provider
This website also uses Google Analytics, a web analytics service provided by Google Inc. based in Mountain View, USA ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States.
Recipient: Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001).
Mode of operation: The "Google Analytics" web analytics service uses technologies such as "cookies", "tracking pixels" and "device fingerprinting" to track specific user behavior on websites. Information stored on users' end devices is also processed in the process. With the help of the tracking pixels embedded in websites and the cookies stored on users' end devices, Google processes the information generated about the use of our website by users' end devices - e.g. that a certain web page was called up - and access data for the purpose of measuring the reach of website use. The access data includes, in particular, the IP address, browser information, the website previously visited and the date and time of the server request. "Google Analytics" is used with the extension "anonymizeIp()". This means that IP addresses are processed in a shortened form in order to make it significantly more difficult to relate them to individuals. According to "Google", the IP addresses are shortened beforehand within member states of the European Union.
Since the IP anonymization (so-called IP masking) provided by Google is activated on this website (by extending Google Analytics with the code "gat._anonymizeIp();"), your IP address will, however, be shortened beforehand by Google within the European Union or in other contracting states of the Agreement on the European Economic Area and thus anonymized. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
On behalf of the operator of this website, Google will use the information collected by Google Analytics for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
This offer uses social plugins ("plugins") of the social network facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). The plugins are recognizable by one of the Facebook logos (white "f" on blue tile or a "thumbs up" sign) or are marked with the addition "Facebook Social Plugin". The list and appearance of Facebook social plugins can be viewed here: https://developers.facebook.com/docs/plugins/. When a user calls up a website of this offer that contains such a plugin, his browser establishes a direct connection with Facebook's servers. The content of the plugin is transmitted by Facebook directly to your browser, which then integrates it into the website. The provider therefore has no influence on the scope of the data that Facebook collects with the help of this plugin and therefore informs users according to its level of knowledge:
Via the "Book Now" button, the visitor is directed to the website of TheBookingButton. Provider is SiteMinder, Waterfront, Hammersmith Embankment, Manbre Road, London W6 9RU, United Kingdom (https://www.siteminder.com/de/kontakt/). In order to use the functions of TheBookingButton, it is necessary to store your IP address. This information is usually transferred to a server of TheBookingButton and stored there. The provider of this site has no influence on this data transfer. When clicking on the "Book Now" button, the visitor is redirected to the website of TheBookingButton. If you enter and submit a booking request there, this data is usually transferred to a server of TheBookingButton and stored there. The provider of this site has no influence on this data transmission. The use of TheBookingButton is in the interest of the possibility of the booking request. This represents a legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO.
How it works:
Marketing tools for personalized advertising all technically work in a similar way, so the following text refers to this way of working for the providers mentioned above as a whole.
Personalized advertising providers use technologies such as "cookies," "tracking pixels," and "device fingerprinting" to serve ads relevant to users and improve campaign performance reports. With the help of these providers, interest-based advertisements can be played on the providers' websites as well as on our website. Information stored on users' end devices is also processed in the process.
The providers provide functions for this purpose, which are generally referred to as "remarketing". With remarketing, users of websites can be recognized on other websites within an advertising network of the provider and presented with advertisements tailored to their interests. The advertisements may also relate to such products and services that users have already viewed on our website. For this purpose, the interaction of users on our website is analyzed, e.g. which offers users are interested in, in order to be able to display targeted advertising to users on other sites even after they have visited our website. If users visit our website, a "cookie" is stored by the respective provider on the end device of users. With the help of "cookies" and "tracking pixels", the provider processes the information generated by the end devices of users about the use of our website and interactions with our website as well as access data, in particular the IP address, browser information, the previously visited website and the date and time of the server request, for the purpose of playing and analyzing personalized advertisements.
Furthermore, the aforementioned providers also use the "conversion" function to draw attention to our attractive offers with the help of advertising media on external websites. We can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. These advertising media are delivered by the providers via so-called "ad servers". For this purpose, we use "ad server cookies" through which certain parameters for measuring reach - e.g. display of the ads, duration of viewing or clicks by users - can be measured. Information stored on users' end devices is also processed in the process. If users access our website via an advertisement of the provider, a "cookie" is stored by the provider on the end device of the users. With the help of "cookies" and "tracking pixels", the provider processes the information generated by the user's end device about interactions with our advertisements (calling up a specific website or clicking on an advertisement) and user access data, in particular IP address, browser information, the website previously visited, and the date and time of the server request, for the purpose of analyzing and visualizing the reach measurement of our advertisements. Due to the marketing tools used, the users' browser automatically establishes a direct connection with the provider's server.
5. Integration of services and content from third-party providers (collection of IP address by third-party services).
Third-party content (hereinafter referred to as "third-party providers") is integrated within the website. For the use of such content, the transmission of the user's IP address to the respective third-party provider is technically necessary. This is because without the IP address, the third-party providers would not be able to send the content embedded in the website to the browser of the respective user. Example: videos from YouTube, map material from Google Maps, RSS feeds or graphics from others. We endeavor to use only such content whose respective providers use the IP address only for the delivery of the content. However, we have no influence if the third-party providers store the IP address, e.g. for statistical purposes. Insofar as this is known to us, we inform the users about it.
6. Integration of payment service providers for online payments
For the processing of online payments, we also use the external payment service provider Concardis GmbH (Helfmann-Park 7, 65760 Eschborn, Tel. +49 (0)69 79220), through whose platforms you can, based on your free decision, initiate payment transactions. If you wish to make an online payment, this can be done both integrated in the booking process and via an e-mail address provided by you by sending a corresponding link. In the event that you use such a link, you will be redirected to the pages of the payment platform of Concardis GmbH. For further details on the handling of your personal data in this context, please click here.
Status and updating of the data protection information
This data protection notice is valid as of 15.09.2022.
We will update this data protection notice from time to time in the event of relevant changes to our website, the processing of personal data or changes to legal requirements. The revised version will apply from the published effective date. In the event of significant changes to this privacy notice, we will inform you in good time before the changes come into force by posting a notice on our website. We may also notify our guests of the changes by email or other means.