Privacy Policy

1. Data protection at a glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data refers to any data that can be used to identify you personally. For detailed information on data protection, please refer to our privacy policy set out below this text.

Data collection on this website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the ‘Information on the Data Controller’ section of this privacy policy.

How do we collect your data?

Your data is collected, on the one hand, when you provide it to us. This may include, for example, data that you enter into a contact form.

Other data is collected automatically or with your consent by our IT systems when you visit the website. This consists primarily of technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you access this website.

What do we use your data for?

Some of the data is collected to ensure the website functions correctly. Other data may be used to analyse your user behaviour.

What rights do you have regarding your data?

You have the right at any time to obtain, free of charge, information about the source, recipients and purpose of your stored personal data. You also have the right to request the rectification or erasure of this data. If you have given your consent to data processing, you may withdraw this consent at any time with effect for the future. You also have the right, under certain circumstances, to request the restriction of the processing of your personal data. Furthermore, you have the right to lodge a complaint with the relevant supervisory authority.

You may contact us at any time regarding this matter or any other questions you may have about data protection.

Analytics tools and third-party tools

When you visit this website, your browsing behaviour may be statistically analysed. This is primarily carried out using so-called analytics programmes.

Detailed information on these analytics programmes can be found in the following privacy policy.

2. Hosting and Content Delivery Networks (CDN)

External hosting

This website is hosted by an external service provider (host). The personal data collected on this website is stored on the host’s servers. This may primarily include IP addresses, contact enquiries, meta and communication data, contractual data, contact details, names, website visits and other data generated via a website.

The use of the hosting provider is for the purpose of fulfilling our contractual obligations towards our potential and existing customers (Article 6(1)(b) of the GDPR) and in the interest of ensuring the secure, fast and efficient provision of our online services by a professional provider (Article 6(1)(f) of the GDPR).

Our hosting provider will only process your data to the extent necessary to fulfil its service obligations and will follow our instructions regarding this data.

We use the following hosting provider:

1&1 IONOS SE
Elgendorfer Str. 57
56410 Montabaur

Conclusion of a data processing agreement

To ensure that data is processed in accordance with data protection regulations, we have concluded a data processing agreement with our hosting provider.

3. General information and mandatory details

Data protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations and this privacy policy.

When you use this website, various types of personal data are collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

Please note that data transmission over the internet (e.g. when communicating by email) may be subject to security vulnerabilities. It is not possible to guarantee complete protection of data against access by third parties.

Information on the data controller

The data controller for data processing on this website is:

Hotel City Krone Rieger GmbH & Co. KG
Schanzstrasse 7
88045 Friedrichshafen

Telephone: +49 7541 705-0
Email: info@hotel-city-krone.de

The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).

Retention period

Unless a more specific retention period is stated within this privacy policy, your personal data will remain with us until the purpose for which the data is processed no longer applies. If you make a legitimate request for erasure or withdraw your consent to data processing, your data will be erased, provided we have no other legally permissible grounds for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted once these grounds no longer apply.

Note on data transfers to the USA

Our website incorporates, amongst other things, tools from companies based in the USA. When these tools are active, your personal data may be transferred to the US servers of the respective companies. We would like to point out that the USA is not a safe third country within the meaning of EU data protection law. US companies are obliged to disclose personal data to security authorities without you, as the data subject, being able to take legal action against this. It cannot therefore be ruled out that US authorities (e.g. intelligence services) may process, analyse and permanently store your data held on US servers for surveillance purposes. We have no influence over these processing activities.

Withdrawal of your consent to data processing

Many data processing operations are only possible with your explicit consent. You may withdraw any consent you have already given at any time. The lawfulness of the data processing carried out up to the point of withdrawal remains unaffected by the withdrawal.

Right to object to data collection in specific cases and to direct marketing (Article 21 of the GDPR)

IF DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6(1)( E OR F OF THE GDPR, YOU HAVE THE RIGHT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RELEVANT LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA, UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ARTICLE 21(1) OF THE GDPR).

IF YOUR PERSONAL DATA IS BEING PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSES OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING, INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR THE PURPOSES OF DIRECT MARKETING (OBJECTION PURSUANT TO ARTICLE 21(2) OF THE GDPR).

Right to lodge a complaint with the competent supervisory authority

In the event of infringements of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place where the alleged infringement occurred. This right to lodge a complaint is without prejudice to any other administrative or judicial remedies.

Right to data portability

You have the right to have data which we process automatically on the basis of your consent or in fulfilment of a contract provided to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another data controller, this will only take place to the extent that it is technically feasible.

SSL or TLS encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the website operator. You can recognise an encrypted connection by the fact that the address bar of your browser changes from ‘http://’ to ‘https://’ and by the padlock icon in your browser bar.

When SSL or TLS encryption is enabled, the data you send to us cannot be read by third parties.

Access, erasure and rectification

In accordance with the applicable legal provisions, you have the right at any time to obtain, free of charge, information about your stored personal data, its origin and recipients, and the purpose of the data processing, and, where applicable, the right to have this data rectified or erased. You may contact us at any time regarding this matter or any other questions relating to personal data.

Right to restriction of processing

You have the right to request that the processing of your personal data be restricted. You may contact us at any time regarding this. The right to restriction of processing applies in the following cases:

  • If you dispute the accuracy of your personal data stored by us, we generally require time to verify this. For the duration of this verification, you have the right to request that the processing of your personal data be restricted.
  • If the processing of your personal data has been or is being carried out unlawfully, you may request the restriction of data processing instead of erasure.
  • If we no longer require your personal data, but you require it to exercise, defend or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of erasure.
  • If you have lodged an objection under Article 21(1) of the GDPR, a balancing of interests between yours and ours must be carried out. Until it has been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, such data – apart from its storage – may only be processed with your consent or for the purposes of asserting, exercise or defence of legal claims, or to protect the rights of another natural or legal person, or for reasons of an important public interest of the European Union or a Member State.

4. Data collection on this website

Cookies

Our website uses so-called ‘cookies’. Cookies are small text files and do not cause any damage to your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or your web browser deletes them automatically.

In some cases, cookies from third-party companies may also be stored on your device when you visit our site (third-party cookies). These enable us or you to use certain services provided by the third-party company (e.g. cookies for processing payment services).

Cookies serve various purposes. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or the display of videos). Other cookies are used to analyse user behaviour or to display advertising.

Cookies that are required to carry out the electronic communication process (necessary cookies), to provide certain functions you have requested (functional cookies, e.g. for the shopping basket function) or to optimise the website (e.g. cookies for measuring website traffic) are stored on the basis of Article 6(1)(f) of the GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies to ensure the technically fault-free and optimised provision of its services. Where consent to the storage of cookies has been requested, the relevant cookies are stored exclusively on the basis of this consent (Article 6(1)(a) of the GDPR); consent may be withdrawn at any time.

You can configure your browser so that you are notified when cookies are set and can choose to allow cookies only on a case-by-case basis, to block the acceptance of cookies in specific cases or generally, and to enable the automatic deletion of cookies when you close your browser. If you disable cookies, the functionality of this website may be restricted.

Where cookies are used by third parties or for analytical purposes, we will inform you of this separately within this privacy policy and, where necessary, seek your consent.

Server log files

The website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include:

  • browser type and version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

This data is not combined with other data sources.

This data is collected on the basis of Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in ensuring the technically error-free display and optimisation of its website – to this end, the server log files must be recorded.

Contact form

If you send us enquiries via the contact form, the details you provide in the enquiry form – including the contact details you enter there – will be stored by us for the purpose of processing your enquiry and in the event of any follow-up questions. We will not pass on this data without your consent.

The processing of this data is based on Article 6(1)(b) of the GDPR, provided that your enquiry relates to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Article 6(1)(f) of the GDPR) or on your consent (Article 6(1)(a) of the GDPR), provided that this has been requested.

The data you enter in the contact form will remain with us until you request its deletion, withdraw your consent to its storage, or the purpose for storing the data no longer applies (e.g. once your enquiry has been fully processed). Mandatory legal provisions – in particular retention periods – remain unaffected.

Enquiries by email, telephone or fax

If you contact us by email, telephone or fax, your enquiry, including all personal data contained therein (name, enquiry), will be stored and processed by us for the purpose of dealing with your request. We will not disclose this data without your consent.

The processing of this data is based on Article 6(1)(b) of the GDPR, provided that your enquiry relates to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Article 6(1)(f) of the GDPR) or on your consent (Article 6(1)(a) of the GDPR), provided that this has been requested.

The data you send to us via contact enquiries will remain with us until you request its deletion, withdraw your consent to its storage, or the purpose for storing the data no longer applies (e.g. once your enquiry has been fully processed). Mandatory legal provisions – in particular statutory retention periods – remain unaffected.

5. Analytics tools and advertising

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that enables us to integrate tracking or analytics tools and other technologies into our website. Google Tag Manager itself does not create user profiles, store cookies or carry out any independent analysis. It serves solely to manage and deploy the tools integrated via it. However, Google Tag Manager does record your IP address, which may also be transferred to Google’s parent company in the United States.

The use of Google Tag Manager is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in the quick and straightforward integration and management of various tools on its website. Where consent has been obtained, processing takes place exclusively on the basis of Article 6(1)(a) of the GDPR; consent may be withdrawn at any time.

Google Analytics

This website uses features of the web analytics service Google Analytics. The provider is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, time spent on the site, operating systems used and the user’s location. Where applicable, Google may compile this data into a profile assigned to the respective user or their device.

Google Analytics uses technologies that enable the user to be recognised for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google regarding the use of this website is generally transmitted to a Google server in the USA and stored there.

The use of this analytics tool is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising. Where consent has been sought (e.g. consent to the storage of cookies), processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR; consent may be withdrawn at any time.

Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

IP anonymisation

We have enabled the IP anonymisation feature on this website. This means that your IP address is truncated by Google within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with further services relating to website and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data held by Google.

Browser plug-in

You can prevent Google from collecting and processing your data by downloading and installing the browser plug-in available via the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Further information on how Google Analytics handles user data can be found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Data Processing

We have entered into a data processing agreement with Google and fully comply with the strict requirements of the German data protection authorities when using Google Analytics.

Demographic features in Google Analytics

This website uses the ‘demographic features’ function of Google Analytics to display relevant adverts to website visitors within the Google advertising network. This enables reports to be generated that contain information on the age, gender and interests of site visitors. This data is derived from Google’s interest-based advertising and from visitor data provided by third parties. This data cannot be attributed to any specific individual. You can disable this feature at any time via the ad settings in your Google Account, or generally prevent Google Analytics from collecting your data as described in the section ‘Objecting to data collection’.

Retention period

Data stored by Google at user and event level that is linked to cookies, user identifiers (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android Advertising ID), are anonymised or deleted after 14 months. Further details can be found at the following link: https://support.google.com/analytics/answer/7667196?hl=de

Meta Pixel (formerly Facebook Pixel)

This website uses Facebook/Meta’s visitor action pixels for conversion tracking. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.

This allows the behaviour of website visitors to be tracked after they have been redirected to the provider’s website by clicking on a Facebook advert. This enables the effectiveness of Facebook adverts to be evaluated for statistical and market research purposes, and future advertising campaigns to be optimised.

The data collected is anonymous to us as the operators of this website; we cannot draw any conclusions about the identity of users. However, the data is stored and processed by Facebook, meaning a link to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook Data Use Policy (https://de-de.facebook.com/about/privacy/). This enables Facebook to display adverts both on Facebook pages and outside of Facebook. As the website operator, we have no influence over this use of the data.

Use of this service is based on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TTDSG. You may withdraw your consent at any time.

We use the ‘extended matching’ feature within the Meta Pixel.

Extended Matching enables us to transmit various types of data (e.g. place of residence, federal state, postcode, hashed email addresses, names, gender, date of birth or telephone number) relating to our customers and prospective customers, which we collect via our website, to Meta (Facebook). By enabling this feature, we can tailor our advertising campaigns on Facebook even more precisely to people who are interested in our offers. Furthermore, enhanced matching improves the attribution of website conversions and expands Custom Audiences.

Insofar as personal data is collected on our website and forwarded to Facebook using the tool described here, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Article 26 of the GDPR). This joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook following the transfer is not part of the joint responsibility. The obligations incumbent upon us jointly have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for ensuring that the tool is implemented on our website in a manner that complies with data protection law. Facebook is responsible for the data security of Facebook products. You may exercise your data subject rights (e.g. requests for access) regarding the data processed by Facebook directly with Facebook. If you exercise your data subject rights with us, we are obliged to forward these to Facebook.

Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Further details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

You can find further information on the protection of your privacy in Facebook’s privacy policy: https://de-de.facebook.com/about/privacy/.

You can also disable the ‘Custom Audiences’ remarketing feature in the ad settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook.

If you do not have a Facebook account, you can opt out of Facebook’s behaviour-based advertising on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.

The company is certified under the ‘EU-US Data Privacy Framework’ (DPF). The DPF is an agreement between the European Union and the US designed to ensure compliance with European data protection standards when data is processed in the US. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this is available from the provider via the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active

IONOS WebAnalytics

This website uses the analytics services provided by IONOS WebAnalytics (hereinafter: IONOS). The provider is 1&1 IONOS SE, Elgendorfer Straße 57, D – 56410 Montabaur. As part of the analyses carried out with IONOS, the following data, amongst other things, may be analysed: visitor numbers and behaviour (e.g. number of page views, duration of a website visit, bounce rates), visitor sources (i.e. which site the visitor came from), visitor locations and technical data (browser and operating system versions). For this purpose, IONOS stores the following data in particular:

  • referrer (previously visited website)
  • requested web page or file
  • Browser type and version
  • operating system used
  • Device type used
  • Time of access
  • IP address in anonymised form (used solely to determine the location of access)

According to IONOS, data collection is carried out in a fully anonymised manner, meaning that it cannot be traced back to individual persons. Cookies are not stored by IONOS WebAnalytics.

The storage and analysis of the data is carried out on the basis of Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in the statistical analysis of user behaviour in order to optimise both its website and its advertising. Where consent has been sought, processing takes place exclusively on the basis of Article 6(1)(a) of the GDPR; consent may be withdrawn at any time.

For further information on data collection and processing by IONOS WebAnalytics, please refer to the IONOS Privacy Policy at the following link:

https://www.ionos.de/terms-gtc/index.php?id=6

Data processing on behalf of the controller

We have entered into a data processing agreement with IONOS. This agreement is intended to ensure that IONOS handles your personal data in accordance with data protection regulations.

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising programme provided by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display adverts in the Google search engine or on third-party websites when users enter specific search terms into Google (keyword targeting). Furthermore, targeted adverts can be displayed based on user data held by Google (e.g. location data and interests) (audience targeting). As the website operator, we can evaluate this data quantitatively, for example by analysing which search terms led to our adverts being displayed and how many adverts resulted in corresponding clicks.

The use of Google Ads is based on Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in marketing its services and products as effectively as possible.

Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

6. Plugins and tools

Google Web Fonts (locally hosted)

This site uses so-called web fonts, provided by Google, to ensure a consistent display of typefaces. The Google Fonts are installed locally. No connection is made to Google’s servers.

Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

Adobe Fonts

This website uses web fonts from Adobe to ensure the consistent display of certain fonts. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).

When you visit this website, your browser downloads the required fonts directly from Adobe so that they can be displayed correctly on your device. In doing so, your browser establishes a connection to Adobe’s servers in the USA. As a result, Adobe becomes aware that this website has been accessed via your IP address. According to Adobe, no cookies are stored when the fonts are provided.

The storage and analysis of the data is carried out on the basis of Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in ensuring a consistent font display on its website. Where consent has been sought (e.g. consent to the storage of cookies), processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR; consent may be withdrawn at any time.

Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Further details can be found here: https://www.adobe.com/de/privacy/eudatatransfers.html.

Further information on Adobe Fonts is available at: https://www.adobe.com/de/privacy/policies/adobe-fonts.html.

Adobe’s privacy policy can be found at: https://www.adobe.com/de/privacy/policy.html

Google Maps

This site uses the Google Maps mapping service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

In order to use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this website has no influence over this data transfer.

The use of Google Maps is in the interests of presenting our online services in an appealing manner and ensuring that the locations specified on our website can be easily found. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR. Where consent has been sought, processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR; consent may be withdrawn at any time.

Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Further details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

Further information on the handling of user data can be found in Google’s Privacy Policy: https://policies.google.com/privacy?hl=de.

Google reCAPTCHA

We use ‘Google reCAPTCHA’ (hereinafter ‘reCAPTCHA’) on this website. The provider is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.

reCAPTCHA is designed to verify whether data entry on this website (e.g. in a contact form) is carried out by a human or by an automated programme. To this end, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor accesses the website. For the purposes of this analysis, reCAPTCHA evaluates various pieces of information (e.g. IP address, the length of time the website visitor spends on the website, or the mouse movements made by the user). The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run entirely in the background. Website visitors are not notified that an analysis is taking place.

The storage and analysis of the data are carried out on the basis of Article 6(1)(f) of the GDPR. The website operator has a legitimate interest in protecting its web services from abusive automated scraping and from spam. Where consent has been sought, processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR; consent may be withdrawn at any time.

Further information on Google reCAPTCHA can be found in Google’s Privacy Policy and Terms of Service at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

HOTELCLASS Widget

This page incorporates a widget from HOTELCLASS to display a hotel’s current star rating. The provider is DEHOGA Deutsche Hotelklassifizierung GmbH, Am Weidendamm 1A, 10117 Berlin, Germany (https://hotelclass.info/imprint.php). This allows guests to see at a glance that a hotel has been officially classified and complies with the official guidelines of the German Hotel Classification scheme. The protection of personal data is a matter of great importance to us. The use of the HOTELCLASS widget provided by DEHOGA Deutsche Hotelklassifizierung GmbH is in accordance with the applicable legal provisions on the protection of personal data and data security. This privacy notice provides information on how DEHOGA Deutsche Hotelklassifizierung GmbH handles information collected whilst using the HOTELCLASS widget.

Collection and processing of personal data
You can use the HOTELCLASS widget provided by DEHOGA Deutsche Hotelklassifizierung GmbH without providing any personal data. Personal data refers to any information relating to your identity, such as your name, email address or postal address. Such data is neither collected nor stored when using the HOTELCLASS widget.

Server log files
Our website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. The data contained in the log files includes:
Referrer URL (the website you came from)
Browser type
, browser version and language; operating system used and its user interface; IP address (anonymised)
; time of the server request
; HTTP status code
; access status; and the volume
of data transferred. The retention period is 7 days
. This data is not combined with other data sources.
The legal basis for data processing is Article 6(1)(f) of the GDPR, which permits the processing of data for the optimal presentation and security of the website on the basis of our legitimate interest, provided that your interests in excluding data collection do not override this.

Data storage location
This information is generally transmitted to a server operated by
MINDSTREAM – Christian Klar,
Maria-Theresien-Straße 21,
6020 Innsbruck
, at the Data Centre Park Falkenstein site, where it is stored.

Security
DEHOGA Deutsche Hotelklassifizierung GmbH takes precautions to protect your personal data against loss, destruction, falsification, manipulation and unauthorised access. The statutory data protection provisions of the Federal Republic of Germany are, of course, observed.

Right of access
If you have any questions regarding the processing of your personal data, please contact info@hotelstars.eu or:

DEHOGA Deutsche Hotelklassifizierung GmbH
Am Weidendamm 1A
10117 Berlin

Authorised Managing Director: Markus Luthe

7. Our own services

Handling of applicant data

We offer you the opportunity to apply for a job with us (e.g. by email, post or via the online application form). Below, we provide information on the scope, purpose and use of your personal data collected as part of the application process. We assure you that the collection, processing and use of your data are carried out in accordance with applicable data protection law and all other statutory provisions, and that your data will be treated as strictly confidential.

Scope and purpose of data collection

When you submit an application to us, we process your associated personal data (e.g. contact and communication details, application documents, notes taken during interviews, etc.) to the extent necessary to decide whether to enter into an employment relationship. The legal basis for this is Section 26 of the new Federal Data Protection Act (BDSG-neu) under German law (pre-contractual negotiations regarding an employment relationship), Article 6(1)(b) of the GDPR (general pre-contractual processing) and – provided you have given your consent – Article 6(1)(a) of the GDPR. You may withdraw your consent at any time. Your personal data will be disclosed within our company exclusively to those persons involved in processing your application.

If your application is successful, the data you have submitted will be stored in our data processing systems on the basis of Section 26 of the BDSG-neu and Article 6(1)(b) of the GDPR for the purpose of carrying out the employment relationship.

Retention period for data

If we are unable to make you a job offer, if you decline a job offer or if you withdraw your application, we reserve the right to retain the data you have provided on the basis of our legitimate interests (Article 6(1)(f) of the GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. The data is retained in particular for evidential purposes in the event of a legal dispute. If it is apparent that the data will be required after the expiry of the 6-month period (e.g. due to an imminent or pending legal dispute), the data will not be deleted until the purpose for its continued retention no longer applies.

Data may also be retained for a longer period if you have given your consent (Art. 6(1)(a) GDPR) or if statutory retention obligations prevent deletion.

8. Terms and Conditions for Participation in Hotel City Krone Rieger GmbH & Co. KG Facebook and Instagram Competitions

The competitions are organised by Hotel City Krone Rieger GmbH & Co. KG. Any natural person resident in Germany who has reached the age of 18 is eligible to enter. The start and closing dates of the competition can be found in the relevant competition post. The entry period is specified there. Late entries cannot be considered.

Entry to the competition is only permitted via the participant’s personal registration. Entry via automated processes (e.g. via competition clubs or competition service providers) is not permitted. In such cases, and in the event of breaches of the terms and conditions or manipulation, we reserve the right to exclude the participants concerned.

Multiple comments from the same Facebook user and/or the same person will be counted as a single entry to the competition. The winner will be selected at random from all entrants and notified via a private message. To select the winner, all participants’ ‘Facebook names’ or Instagram usernames will be recorded and stored for the purpose of determining the winner. Address details will only be collected from the winners at a later stage and used solely for the purpose of dispatching the prize. Participants are entitled to their statutory rights to information and to withdraw consent.

Prize description

The prize description can be found in the relevant post (on Instagram or Facebook) for the competition. This post describes exactly what the prize consists of.

Winners must respond within 14 days of being notified of their win. If this deadline passes, the prize will be awarded to another winner or will be forfeited.

Winners will be notified directly on our Facebook page following the competition, either by the official ‘Hotel City Krone’ account replying to the original comment with which they entered the competition, or by contacting participants via private message (Instagram).

In this comment, winners will be asked to provide their address for the prize to be sent to them via Facebook Direct Message to Hotel City Krone Rieger GmbH & Co. KG. Should a winner fail to contact Hotel City Krone Rieger GmbH & Co. KG of their own accord within 14 days, the prize will be forfeited and the winner will lose their entitlement to receive the prize. The announcement of the winners is made without guarantee.

Hotel City Krone Rieger GmbH & Co. KG is entitled to pass on personal data to third parties in order to facilitate the delivery of the prize. Only one prize per participant is permitted, and this cannot be paid out in cash as an alternative. Claims to the prize are not transferable to other persons. Hotel City Krone Rieger GmbH & Co. KG shall be released from all obligations upon handover of the prize. Hotel City Krone Rieger GmbH & Co. KG shall only be liable for legal defects and material defects in the event of wilful misconduct or gross negligence.

Early termination of the competition

Hotel City Krone Rieger GmbH & Co. KG reserves the right to cancel or terminate the competition at any time without prior notice. Hotel City Krone Rieger GmbH & Co. KG shall make use of this option in particular if, for technical reasons (e.g. viruses in the computer system, tampering or faults in the hardware and/or software) or for legal reasons, the proper conduct of the competition cannot be guaranteed. If such termination is caused by the conduct of a participant, Hotel City Krone Rieger GmbH & Co. KG may claim compensation from that person for the damage incurred.

Applicable law; severability clause; exclusion of legal recourse; right to amend

These terms and conditions of participation and the entire legal relationship between the participants and Hotel City Krone Rieger GmbH & Co. KG are governed exclusively by the law of the Federal Republic of Germany. Should any individual provisions of these terms and conditions be or become invalid, the validity of the remaining provisions shall remain unaffected. Any incomplete or invalid provisions shall be supplemented or replaced in such a way that an alternative, appropriate provision is found which, in economic terms, most closely corresponds to the meaning and purpose of the invalid or incomplete provision. Legal recourse is excluded.

No involvement of Facebook or Instagram in the competition

The competition is not affiliated with Facebook or Instagram and is in no way supported, sponsored or controlled by Facebook or Instagram. The recipient of the information provided is not Facebook or Instagram, but Hotel City Krone Rieger GmbH & Co. KG. Any questions, comments or complaints should therefore be addressed not to Facebook or Instagram, but to Hotel City Krone Rieger GmbH & Co. KG. Participation does not give rise to any claims against Facebook or Instagram.

Legal notice of the competition organiser

The competition organiser’s legal notice is available via the following link: Legal Notice
These terms and conditions were created in part using LykeUp.de.

9. Online reviews

Shortly after your stay, we will send you an email containing a link to our review form. If you do not wish to do so, simply ignore this message. This will not result in any disadvantages for you. Your data (email address) will be deleted as soon as the message has been sent. We use the reviews submitted exclusively for quality assurance purposes.

10. Pseudonymised use of the website

You can generally visit our website without providing us with any personal data. Pseudonymised usage data is not linked to the data of the person behind the pseudonym. No pseudonymous usage profiles are created.

11. Specific features of the website

Our website offers you various functions; when you use these, we collect, process and store personal data. Below, we explain what happens to this data:

12. Room booking

We do not rule out the possibility of using your data for our own advertising purposes relating to similar goods and services. You may object to this use at any time without incurring any costs other than transmission charges in accordance with standard rates.

13. Contract fulfilment

The data you provide in order to make use of our range of goods and/or services is processed by us for the purpose of contract fulfilment and is necessary for this purpose. It is not possible to conclude or fulfil a contract without you providing your data.

The legal basis for the processing is Article 6(1)(b) of the GDPR.

We will delete the data once the contract has been fully performed, but must comply with the retention periods under tax and commercial law.
As part of contract fulfilment, we will pass on your data to the transport company responsible for delivering the goods or to the financial service provider, insofar as such disclosure is necessary for the delivery of goods or for payment purposes.
The legal basis for the transfer of data is then Article 6(1)(b) of the GDPR.

14. Data transfer / credit checks and scoring / other purposes

We only disclose data (e.g. name and address) that is necessary for us to fulfil our contractual obligations and for third parties to ensure a smooth process, in particular for the fulfilment of a concluded contract, or where its storage is required for other legal reasons.

If you provide us with personal data, this data will only be used for the specified purpose to which you consented prior to entering the data. We will only store your personal data for as long as is necessary for the intended purpose of the data collection or as required by law.

Where we make advance payments, we reserve the right, in order to safeguard our legitimate interests, to obtain a credit reference from credit reference agencies based on mathematical and statistical methods, where necessary. To this end, we will transfer the personal data required for a credit check to third parties and use the information received regarding the statistical probability of default to make a balanced decision on whether to enter into, fulfil or terminate the contractual relationship. The credit reference may contain probability values (score values) which are calculated on the basis of scientifically recognised mathematical and statistical methods and which incorporate, amongst other things, address details.

Your legitimate interests will be taken into account in accordance with the statutory provisions. You may request information from the relevant body regarding the data stored about you.

No data will be disclosed to third parties except for the stated purposes of credit checks, contract processing and payment processing.

15. YouTube

We use YouTube on our website. This is a video portal operated by YouTube LLC, 901 Cherry Ave., 94066 San Bruno, CA, USA, hereinafter referred to simply as ‘YouTube’.

YouTube is a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, hereinafter referred to simply as ‘Google’.

Through its certification under the EU-US Privacy Shield

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Google, and consequently its subsidiary YouTube, guarantees that EU data protection requirements are complied with even when data is processed in the USA.

We use YouTube in conjunction with the ‘Enhanced Privacy Mode’ feature to display videos to you. The legal basis for this is Article 6(1)(f) of the GDPR. Our legitimate interest lies in improving the quality of our website. According to YouTube, the ‘Enhanced Privacy Mode’ function ensures that the data specified in more detail below is only transmitted to YouTube’s server if you actually play a video.

Without this ‘Enhanced Privacy Mode’, a connection is established with YouTube’s server in the USA as soon as you visit one of our web pages on which a YouTube video is embedded.

This connection is necessary to display the relevant video on our website via your web browser. In the process, YouTube will collect and process at least your IP address, the date and time, and the web page you have visited. In addition, a connection is established with Google’s ‘DoubleClick’ advertising network.

If you are logged in to YouTube at the same time, YouTube will associate the connection information with your YouTube account. If you wish to prevent this, you must either log out of YouTube before visiting our website or adjust the relevant settings in your YouTube account.

For the purposes of functionality and to analyse usage behaviour, YouTube permanently stores cookies on your device via your web browser. If you do not consent to this processing, you can prevent the storage of cookies by adjusting the settings in your web browser. Further information on this can be found above under ‘Cookies’.

Further information on the collection and use of data, as well as your rights and options for protection in this regard, is provided by Google in its privacy policy, which can be accessed at https://policies.google.com/privacy.

16. Disable Google Analytics