Information on our Data Protection Statement, your data and about your rights connected with it.
Information on our Data Protection Statement, your data and about your rights connected with it.
We reserve the right to amend this Data Protection Statement in future, in particular if we develop the web-site, use new technologies or if the legal basis or relevant jurisdiction for the website changes.
We recommend that you return to this Data Protection Statement from time to time and read it again, and that you keep a copy of it in your records.
- “Website” or “online presence” means all pages operated by the Controller on www.hotel-mutterhaus.de.
- “Personal data” means any information related to an identifiable natural person. A natural person is considered identifiable if they can be directly or indirectly linked to an identifier such as a name, an identification number, location data, online identity, or to one or more expressions of personal identity, which may be physical, physiological, genetic, psychological, economic, cultural or social. This means that personal data is understood to include the name, email address and telephone number of a person, and may include data relating to preferences, hobbies and memberships.
- “Processing” means any operation or set of operations performed with or without automated means on personal data or sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, alignment, combination, restriction, erasure or destruction.
- “Pseudonymisation” means the processing of personal data in such a way that the personal data cannot be attributed to a specific data subject without the use of additional information, provided that such ad-ditional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.
- “Consent” means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signifies agreement to the pro-cessing of personal data relating to them.
- “Google” means Google, LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; registered office in the European Union: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
Scope of application
This Data Protection Statement applies to all pages on the domain www.hotel-mutterhaus.de. It does not cover any linked website or online presence operated by another party.
The Controller responsible for processing data covered by this Data Protection Statement is:
Hotel MutterHaus Düsseldorf GmbH
Telefon: +49 (0) 211/ 61727 0;
Telefax: +49 (0) 211/ 617271504
Questions relating to data protection
If you have any questions relating to data protection within our company and/or on our website, please contact us (see contact details under “Controller”), or send an email to: email@example.com
We have put extensive technical and organisational precautions in place to ensure that your personal data is protected from unauthorized access, misuse, loss or other external influence. We review our security in-frastructures regularly and ensure they reflect the state of the art.
You can assert the following rights against us with regard to your personal data:
- Right to access (Art. 15 GDPR),
- Right to rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR),
- Right to restriction of processing (Art. 18 GDPR),
- Right to object to processing (Art. 21 GDPR),
- Right to withdraw consent (Art. 7 (3) GDPR),
- Right to receive data in a structured, commonly used and machine-readable format (“data portabil-ity”) and the right to have data transmitted to another controller where the conditions in Art. 20 (1)(a, b) GDPR are met (Art. 20 GDPR).
You can assert your rights by notifying the data protection officer nominated by us.
You also have the right to lodge a complaint with a data protection supervisory authority if you believe our processing of your personal data infringes the General Data Protection Regulation (Art. 77 GDPR).
Use of the website, access data
You can use our website to find information without disclosing your identity. When you open a page on our website to find out more about our hotel, the only data transmitted to our web hosting service is the access data needed to allow the page to be displayed. This is:
- Browser and version
- Operating system
- Language and version of the browser software
- Hostname of the accessing device
- IP address
- Website the request comes from
- Content of the request (specific page)
- Date and time of the request to the server
- Access status/HTTP status code
- Referrer URL (the site visited before)
- Data volume transferred
- Time zone in relation to Greenwich Mean Time (GMT)
Time zone in relation to Greenwich Mean Time (GMT)The system must process the IP address at least temporarily in order to be able to send the website to your computer, and so your IP address must be processed for the duration of your visit to our website. This processing is governed by Art 6 (1)(f) GDPR.
The access data is not used to identify an individual website user and is not combined with other data sources. The access data is erased as soon as it is no longer needed to achieve the purpose for which it was processed. In the case of data collected in order to display our website, it is erased when you leave the web-site.
IP addresses are stored in log files to ensure that the website functions. The data also helps us optimise the website and safeguard our IT systems. We do not evaluate the data for marketing purposes. The data is erased after seven days at the latest, though later processing may be possible in individual cases. In such cases, the IP address is erased or is amended in such a way that it can no longer be linked to the accessing client.
If our website is to function, it is essential that we collect access data and process it in log files. You can object to the processing of this data. If you tell us the reason for your objection, we will examine the matter and stop processing the data, alter our data processing procedures or will explain our legitimate reasons for continuing to process the data.
If you contact us, e.g. by email or via the contact page on our website, we process the personal data you give us so that we can respond to your enquiry.
In order for us to be able to deal with enquiries sent via the website, we require a name or pseudonym, a title or other way of addressing you and a valid email address.
Where the contact is in preparation for entering into a contract, this data processing is governed by Art. 6 (1)(f) GDPR, or Art. 6 (1)(b) GDPR.
We process and store the personal data entered into the contact form in order to be able to respond to the enquiry, to carry out any later transactions or to send information material by post. If you contact us by email, it constitutes the legitimate interest that is necessary for us to process your data. The other personal data collected during the sending process is used solely to prevent misuse of the contact form and to ensure the security of our IT systems.
In no case is the personal information passed on to third parties. The data is processed only in so far as it serves to facilitate the interaction between you and us. Any data processed during our conversation is either erased as soon as it is no longer needed for the process, or we restrict the processing to the statutory requirements for storage.
You have the possibility of objecting at any time to us processing your personal data in order to respond to your enquiry. This may be the case if processing your data is not necessary in order to enter into a contract with you, in which case we will point this out at the relevant place. It may mean, however, that we cannot respond to your enquiry. If you tell us the reason for your objection, we will examine the matter and either stop processing the data, alter our data processing procedures or will explain our legitimate reasons for continuing to process the data.
Processing and transmitting personal data for contractual reasons
We process and store your personal data if and insofar as it is necessary to prepare, establish perform and/or terminate a legal transaction with us. The legal footing for this arises from Art. 6 (1)(b) GDPR.
We also process and save your personal data only in so far as we are entitled on the basis of consent given by you (e.g. consent to processing of an email address in order to send electronic advertising), a contractual agreement, a lawful authorization (e.g. to send direct advertising), or unless we have legitimate interests (e.g. data retention in order to be able to enforce claims) in retaining the data and are entitled to process the data in connection with those interests.
We will not pass on your personal data unless
- it is required in order to establish, perform or terminate a legal transaction with our company (e.g. transmission of data to a payment service provider/a shipping company so that we can enter into a contract with you) (Art. 6 (1)(b) GDPR), or
- it is needed by a subcontractor or agent that we engage only within the scope of providing the ser-vices you request (unless you are explicitly informed otherwise, any agents are entitled to process your personal data only in connection with providing the services or products you request), or
- we are served with an executable order from a state authority or agency (Art. 6 (1)(c) GDPR), or
- we are served with an executable court order (Art. 6 (1)(c) GDPR), or
- we are legally obliged to pass on your data (Art. 6 (1)(c) GDPR), or
- it is necessary in order to protect the vital interests of the data subject or another natural person (Art. 6 (1)(d) GDPR), or
- we are authorized or even obligated to pass on the data in the pursuit of predominantly legitimate interests (Art. 6 (1)(f) GDPR).
We will not pass on your personal data to other persons, enterprises or parties unless you have consented to it. This aspect of data processing is governed by (Art. 6 (1)(a) GDPR).
Processing and transmission of personal data in our online ordering system
If you want to order from our online shop or book a room with us, we need to ask you for personal data such as your name, your street address and your email address in order to be able to initiate and enter into a contract with you. We clearly indicate which information we need to have in order to process your order or booking; any other information you give us is on a voluntary basis. We process the data you give us to help us complete your order or booking, and we pass on the payment details you give us to the payment service provider you select or to our bank. Information you give us as part of a booking enquiry or a booking is also passed on to VIATO, our providers for internet booking services, for preparing or performing the contract. We use SSL/TLS encryption technology to prevent third parties from accessing your personal data.
We erase any data we have collected in this context as soon as it is no longer necessary to store it or, if we are required by the law to retain it, we restrict processing of the data. For instance, German trade and tax law requires us to retain your address, payment details and booking information for a period of ten years.
Processing of personal data in accordance with the Federal Registration Act
Section 30 (§ 30) of the Federal Registration Act (Bundesmeldegesetz, BMG) requires accommodation pro-viders such as hotels to collect the following information from guests on their day of arrival and to ensure they personally sign the registration form:
- date of arrival and planned date of departure,
- family name,
- given names,
- date of birth,
- home address,
- number of companions and their nationalities as specified in the second and third sentences of § 29(2) BMG,
- the passport and/or document number of recognised and valid passports or travel documents pre-sented by non-German nationals, and
- other data required for levying tourist or visitor taxes.
We are required by the BMG to collect, process and transmit this data; the legal footing for processing arises from Art. 6 (1)(c) GDPR.
If we have received no consent from you and if we have no legitimate interest in further processing your personal date, we erase or restrict processing of it as soon as permitted to do so by the requirements of the BMG (Art. 6 (1)(a) GDPR).
Comments function/ guestbook on the website
You can leave a comment and/or rating, or write an entry in our guestbook.
If you make a comment, we process the following personal data:
- email address
- name used
- user name
- place of residence (voluntary information)
- age (voluntary information)
- type of visit (voluntary information).
You do not have to supply your real name; you can use a pseudonym when making a comment etc.
When your entry is published, your email address remains hidden: only your name or pseudonym is dis-played. We do not check your entry before it is published, but we reserve the right to remove any comments that are found to be unlawful.
We process your email address and your name/pseudonym so that we can ascertain that your comment is based on a genuine experience. We would also like to be able to contact you if your comment on our website is found to be unlawful, so that we can defend ourselves against any complaints or claims that might arise because of your comment.
If we erase your comment, we process your email address, the name(s) and other information supplied until the statutory period of limitation has expired.
We do not pass the data to third parties unless we are obliged to do so by law or by administrative or court order, or if passing the data on is necessary for the pursuit of our legitimate interests. The legal footing is Art. 6 (1)(f) GDPR.
You can object to your data being processed. If you would like to remove your comment, please contact our enterprise (see under “Controller” in this Data Protection Statement for contact details).
Promotions for regular customers
Unless you have already indicated that you do not consent to the processing of your email address, we reserve the right to process in conformity with statutory regulations the contact details you supply as part of the booking process or an inquiry so that we can send you information of the following kind during or after your booking with us:
- other interesting products and services from our portfolio,
- events organised by our enterprise,
- inquiries about future transactions.
The legal footing for this processing is Art. 6(1)(f) GDPR. We process the data in this way in order to main-tain our high level of customer service and to improve the services we offer.
You can withdraw your consent to receiving promotional material at any time without incurring any costs beyond transmission costs at the basic rate. To withdraw consent, click on the unsubscribe link in the newsletter or send your withdrawal of consent to the address given under “Controller” in this Data Protection Statement.