A- A A+

Data Protection

Information on our Data Protection Statement, your data and about your rights connected with it.

We reserve the right to amend this Data Protection Statement in future, in particular if we develop the web-site, use new technologies or if the legal basis or relevant jurisdiction for the website changes.

We recommend that you return to this Data Protection Statement from time to time and read it again, and that you keep a copy of it in your records.

Definitions

  • "Website" or "online presence" means all pages operated by the Controller on www.hotel-mutterhaus.de.
  • "Personal data" means any information related to an identifiable natural person. A natural person is considered identifiable if they can be directly or indirectly linked to an identifier such as a name, an identification number, location data, online identity, or to one or more expressions of personal identity, which may be physical, physiological, genetic, psychological, economic, cultural or social. This means that personal data is understood to include the name, email address and telephone number of a person, and may include data relating to preferences, hobbies and memberships.
  • "Processing" means any operation or set of operations performed with or without automated means on personal data or sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, alignment, combination, restriction, erasure or destruction.
  • "Pseudonymisation" means the processing of personal data in such a way that the personal data cannot be attributed to a specific data subject without the use of additional information, provided that such ad-ditional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.
  • "Consent" means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signifies agreement to the pro-cessing of personal data relating to them.
  • "Google" means Google, LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; registered office in the European Union: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. 

Scope of application

This Data Protection Statement applies to all pages on the domain www.hotel-mutterhaus.de. It does not cover any linked website or online presence operated by another party. 

Controller 

The Controller responsible for processing data covered by this Data Protection Statement is: 

Hotel MutterHaus Düsseldorf GmbH 
Geschwister-Aufricht-Straße 1
40489 Düsseldorf 
Telefon: +49 (0) 211/ 61727 0; 
Telefax: +49 (0) 211/ 617271504
E-Mail: infohotel-mutterhausde

Questions relating to data protection 

If you have any questions relating to data protection within our company and/or on our website, please contact us (see contact details under "Controller"), or send an email to: datenschutzbeauftragterhotel-mutterhausde

Security

We have put extensive technical and organisational precautions in place to ensure that your personal data is protected from unauthorized access, misuse, loss or other external influence. We review our security in-frastructures regularly and ensure they reflect the state of the art. 

Your rights 

You can assert the following rights against us with regard to your personal data:

  • Right to access (Art. 15 GDPR),
  • Right to rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR),
  • Right to restriction of processing (Art. 18 GDPR),
  • Right to object to processing (Art. 21 GDPR),
  • Right to withdraw consent (Art. 7 (3) GDPR),
  • Right to receive data in a structured, commonly used and machine-readable format ("data portabil-ity") and the right to have data transmitted to another controller where the conditions in Art. 20 (1)(a, b) GDPR are met (Art. 20 GDPR).

You can assert your rights by notifying the data protection officer nominated by us. 

You also have the right to lodge a complaint with a data protection supervisory authority if you believe our processing of your personal data infringes the General Data Protection Regulation (Art. 77 GDPR).

Use of the website, access data

You can use our website to find information without disclosing your identity. When you open a page on our website to find out more about our hotel, the only data transmitted to our web hosting service is the access data needed to allow the page to be displayed. This is:

  • Browser and version
  • Operating system
  • Language and version of the browser software
  • Hostname of the accessing device
  • IP address
  • Website the request comes from
  • Content of the request (specific page)
  • Date and time of the request to the server
  • Access status/HTTP status code
  • Referrer URL (the site visited before)
  • Data volume transferred
  • Time zone in relation to Greenwich Mean Time (GMT)

Time zone in relation to Greenwich Mean Time (GMT)The system must process the IP address at least temporarily in order to be able to send the website to your computer, and so your IP address must be processed for the duration of your visit to our website. This processing is governed by Art 6 (1)(f) GDPR.

The access data is not used to identify an individual website user and is not combined with other data sources. The access data is erased as soon as it is no longer needed to achieve the purpose for which it was processed. In the case of data collected in order to display our website, it is erased when you leave the web-site.

IP addresses are stored in log files to ensure that the website functions. The data also helps us optimise the website and safeguard our IT systems. We do not evaluate the data for marketing purposes. The data is erased after seven days at the latest, though later processing may be possible in individual cases. In such cases, the IP address is erased or is amended in such a way that it can no longer be linked to the accessing client.

If our website is to function, it is essential that we collect access data and process it in log files. You can object to the processing of this data. If you tell us the reason for your objection, we will examine the matter and stop processing the data, alter our data processing procedures or will explain our legitimate reasons for continuing to process the data. 

Contacting us 

If you contact us, e.g. by email or via the contact page on our website, we process the personal data you give us so that we can respond to your enquiry. 

In order for us to be able to deal with enquiries sent via the website, we require a name or pseudonym, a title or other way of addressing you and a valid email address. 

Where the contact is in preparation for entering into a contract, this data processing is governed by Art. 6 (1)(f) GDPR, or Art. 6 (1)(b) GDPR.

We process and store the personal data entered into the contact form in order to be able to respond to the enquiry, to carry out any later transactions or to send information material by post. If you contact us by email, it constitutes the legitimate interest that is necessary for us to process your data. The other personal data collected during the sending process is used solely to prevent misuse of the contact form and to ensure the security of our IT systems.

In no case is the personal information passed on to third parties. The data is processed only in so far as it serves to facilitate the interaction between you and us. Any data processed during our conversation is either erased as soon as it is no longer needed for the process, or we restrict the processing to the statutory requirements for storage.

You have the possibility of objecting at any time to us processing your personal data in order to respond to your enquiry. This may be the case if processing your data is not necessary in order to enter into a contract with you, in which case we will point this out at the relevant place. It may mean, however, that we cannot respond to your enquiry. If you tell us the reason for your objection, we will examine the matter and either stop processing the data, alter our data processing procedures or will explain our legitimate reasons for continuing to process the data. 

Processing and transmitting personal data for contractual reasons 

We process and store your personal data if and insofar as it is necessary to prepare, establish perform and/or terminate a legal transaction with us. The legal footing for this arises from Art. 6 (1)(b) GDPR. 

We also process and save your personal data only in so far as we are entitled on the basis of consent given by you (e.g. consent to processing of an email address in order to send electronic advertising), a contractual agreement, a lawful authorization (e.g. to send direct advertising), or unless we have legitimate interests (e.g. data retention in order to be able to enforce claims) in retaining the data and are entitled to process the data in connection with those interests.

We will not pass on your personal data unless

  • it is required in order to establish, perform or terminate a legal transaction with our company (e.g. transmission of data to a payment service provider/a shipping company so that we can enter into a contract with you) (Art. 6 (1)(b) GDPR), or
  • it is needed by a subcontractor or agent that we engage only within the scope of providing the ser-vices you request (unless you are explicitly informed otherwise, any agents are entitled to process your personal data only in connection with providing the services or products you request), or
  • we are served with an executable order from a state authority or agency (Art. 6 (1)(c) GDPR), or
  • we are served with an executable court order (Art. 6 (1)(c) GDPR), or
  • we are legally obliged to pass on your data (Art. 6 (1)(c) GDPR), or
  • it is necessary in order to protect the vital interests of the data subject or another natural person (Art. 6 (1)(d) GDPR), or
  • we are authorized or even obligated to pass on the data in the pursuit of predominantly legitimate interests (Art. 6 (1)(f) GDPR).

We will not pass on your personal data to other persons, enterprises or parties unless you have consented to it. This aspect of data processing is governed by (Art. 6 (1)(a) GDPR).

Processing and transmission of personal data in our online ordering system 

If you want to order from our online shop or book a room with us, we need to ask you for personal data such as your name, your street address and your email address in order to be able to initiate and enter into a contract with you. We clearly indicate which information we need to have in order to process your order or booking; any other information you give us is on a voluntary basis. We process the data you give us to help us complete your order or booking, and we pass on the payment details you give us to the payment service provider you select or to our bank. Information you give us as part of a booking enquiry or a booking is also passed on to VIATO, our providers for internet booking services, for preparing or performing the contract. We use SSL/TLS encryption technology to prevent third parties from accessing your personal data. 

We erase any data we have collected in this context as soon as it is no longer necessary to store it or, if we are required by the law to retain it, we restrict processing of the data. For instance, German trade and tax law requires us to retain your address, payment details and booking information for a period of ten years. 

Processing of personal data in accordance with the Federal Registration Act 

Section 30 (§ 30) of the Federal Registration Act (Bundesmeldegesetz, BMG) requires accommodation pro-viders such as hotels to collect the following information from guests on their day of arrival and to ensure they personally sign the registration form: 

  • date of arrival and planned date of departure,
  • family name,
  • given names,
  • date of birth,
  • nationality,
  • home address,
  • number of companions and their nationalities as specified in the second and third sentences of § 29(2) BMG,
  • the passport and/or document number of recognised and valid passports or travel documents pre-sented by non-German nationals, and
  • other data required for levying tourist or visitor taxes.

We are required by the BMG to collect, process and transmit this data; the legal footing for processing arises from Art. 6 (1)(c) GDPR.

If we have received no consent from you and if we have no legitimate interest in further processing your personal date, we erase or restrict processing of it as soon as permitted to do so by the requirements of the BMG (Art. 6 (1)(a) GDPR).

Comments function/ guestbook on the website 

You can leave a comment and/or rating, or write an entry in our guestbook. 

If you make a comment, we process the following personal data:

  • email address
  • name used
  • user name
  • place of residence (voluntary information)
  • age (voluntary information)
  • type of visit (voluntary information).

You do not have to supply your real name; you can use a pseudonym when making a comment etc. 

When your entry is published, your email address remains hidden: only your name or pseudonym is dis-played. We do not check your entry before it is published, but we reserve the right to remove any comments that are found to be unlawful. 

We process your email address and your name/pseudonym so that we can ascertain that your comment is based on a genuine experience. We would also like to be able to contact you if your comment on our website is found to be unlawful, so that we can defend ourselves against any complaints or claims that might arise because of your comment. 

If we erase your comment, we process your email address, the name(s) and other information supplied until the statutory period of limitation has expired. 

We do not pass the data to third parties unless we are obliged to do so by law or by administrative or court order, or if passing the data on is necessary for the pursuit of our legitimate interests. The legal footing is Art. 6 (1)(f) GDPR.

You can object to your data being processed. If you would like to remove your comment, please contact our enterprise (see under "Controller" in this Data Protection Statement for contact details). 

Email marketing

Promotions for regular customers 

Unless you have already indicated that you do not consent to the processing of your email address, we reserve the right to process in conformity with statutory regulations the contact details you supply as part of the booking process or an inquiry so that we can send you information of the following kind during or after your booking with us:

  • other interesting products and services from our portfolio,
  • events organised by our enterprise,
  • inquiries about future transactions.

The legal footing for this processing is Art. 6(1)(f) GDPR. We process the data in this way in order to main-tain our high level of customer service and to improve the services we offer. 

You can withdraw your consent to receiving promotional material at any time without incurring any costs beyond transmission costs at the basic rate. To withdraw consent, click on the unsubscribe link in the newsletter or send your withdrawal of consent to the address given under "Controller" in this Data Protection Statement.

Newsletter

You can choose to subscribe to our newsletter on the website. The newsletter is sent regularly by email and contains information about:

  • Special offers from our portfolio
  • Events organised by our company. 

To be able to send our newsletter, we need the following personal data:

  • Recipient (name or pseudonym)
  • Valid email address.

Subscribing to our email newsletter involves a double opt-in process. When you have entered the details marked as required on the form, we send an email to the address you have given. In the email, we ask you to explicitly confirm that you would like to subscribe to our newsletter by clicking on a "confirm" link. This means we can be sure that you really do want to receive our email newsletter. If you do not click on the "confirm" link within 24 hours of us sending the email, we block the data you have given us and delete it after one month at the latest. 

We process your IP address together the time and date of when you subscribed to the newsletter and when your confirmed your subscription in order to document your subscription and to prevent your personal data being misused. The legal footing for this processing is Art. 6(1)(f) GDPR. We continue to process this data for up to two years after your booking with us. If you subscribe to our newsletter without making a booking, we process the data for up to two years after you subscribed to the newsletter. We erase your data when your subscription to the newsletter ends. 

After you have confirmed you want to subscribe to the newsletter, we process the email address and name/pseudonym supplied so that we can send our email newsletter. The legal footing for this processing is Art. 6(1)(a) GDPR. We erase this data when you unsubscribe. 

You can withdraw your consent to your email address being used for our newsletter at any time. You can either send a message withdrawing your consent (see contact details under "Controller" in this Data Protection Statement or by clicking the unsubscribe link in the newsletter.

Payment Service Provider (PSP)Disclosure of personal details for credit card payments

We disclose your personal data only insofar as is necessary to complete your booking with us. This means that we pass on the payment details to the credit institute selected by you, or to our provider of payment and invoice services. 

The legal footing for this processing is Art. 6(1)(b) GDPR (processing for performance of a contract). The data needed for completing payment is transferred securely using SSL protocols and is processed solely for the purpose of completing payment. We either erase the data we collect in this connection when it is no longer needed or, if we are required by law to retain it, we restrict processing of it.

Disclosure of personal details for "bookings on account"

If you want to book with us on account, we reserve the right to disclose the data you give us to an external company for a credit check (e.g. Verband der Vereine Creditreform e.V., Hellersbergstraße 12, D-41460 Neuss).The legal footing for this disclosure is Art. 6 (1)(f) GDPR as, in the case of bookings on account, we are effec-tively providing credit and so bear the risk of default. We either erase the data we collect in this connection when it is no longer needed or, if we are required by law to retain it, we restrict processing of it.

You can withdraw consent to this processing at any time, but you may then no longer be able to book with us on account. 

Disclosure of personal data for enforcement of rights / ascertaining an address / debt collection

If payment is not made, this constitutes a legitimate interest in the terms of Art. 6 (1)(f) GDPR, and we re-serve the right to disclose the data supplied at the time of booking to a lawyer and/or external company (e.g. Verband der Vereine Creditreform e.V., Hellersbergstraße 12, D-41460 Neuss) in order to ascertain an address and/or enforce our rights.

We will also disclose your data if necessary in order to protect our rights, the rights of companies associated with us, our cooperation partners, employees and/or users of our website. Under no circumstances will we sell or lease your data to third parties. The legal footing for the disclosure of this data is Art. 6 (1)(f) GDPR. 

We either erase the data we collect in this connection when it is no longer needed or, if we are required by law to retain it, we restrict processing of it.

You can withdraw consent to the processing of your data at any time. This may be the case if processing your data is not necessary in order to enter into a contract with you, in which case we will point this out at the relevant place. If you tell us the reason for your objection, we will examine the matter and either stop processing the data, alter our data processing procedures or will explain our legitimate reasons for continuing to process the data. 

Hosting

We employ an external web hosting service in order to provide the following services: infrastructure and platform services, computing capacity, storage capacity and databank services, security and technical ser-vices. This involves all data necessary for operating and using our website. 

We use external hosting services to operate this website. Our reason for using external hosting services is to ensure that our website operates efficiently and securely. The legal footing for this processing is Art. 6(1)(f) GDPR.

If the website is to function correctly, it is essential to collect the data needed to enable the website to be displayed and used, and an external web hosting service must process the data. You can object to this pro-cessing of your data, however. If you tell us the reason for your objection, we will examine the matter and either stop processing the data, alter our data processing procedures or will explain our legitimate reasons for continuing to process the data. 

Integration of third-party content 

Third-party content such as videos, maps, RSS feeds or graphics from other websites is embedded in our website. Integration of this content or these features always means that the content providers ("third-party providers") can see the IP address of the user of this website. Without the IP address, they could not send their content to the user's browser. In other words, the IP address is essential if the content is to be dis-played. 

We make every effort to ensure that we use content only from third-party providers who process IP addresses solely for the purposes of providing content. However, we have no control over whether the third-party providers use IP addresses for statistical analysis, for example. What follows is an explanation of where we are aware of this happening.

Some third-party providers may process data outside the European Union. 

You can object to this by installing a JavaScript blocker like NoScript (www.noscript.net) or by deactivating JavaScript in your browser settings. 

This may lead to restricted functionality on the website, however. 

Integration of Google Maps

This website also uses "Google Maps", a service provided by Google to display maps or sections of maps as part of the route planning function on the website. 

When you visit our website, Google receives the information that you have accessed that page. In the process, the data listed under "Access Data" in this Data Protection Statement is transmitted to Google. This happens regardless of whether you are logged into your Google account or not, or even if you have no Google account. If you are logged into your Google account, the data is automatically assigned to your account. If you do not want Google to assign the data to your profile, you must log out of your account before accessing this website.

Google stores your data as a user profile and processes it for use in advertising, market research or to adapt its services to your interests. Data (even data belonging to users who are not logged in) is used to customize advertising and to inform other social media user about your activities on our website. 

The legal footing for this processing is Art. 6(1)(f) GDPR. The processing serves to make our website more attractive and means we can offer useful services to you. We do not know how long Google retains the data it collects and we do not have any way of influencing it. 

You can find out more about how much data the add-on provider collects and why it does so by consulting the provider's data protection statement(s). You can also find more information about your rights and op-tions for protecting your privacy by visiting this page: https://policies.google.com/privacy?hl=en&gl=en Google processes some of your data in the USA and has signed up to the EU-US Privacy Shield https://www.privacyshield.gov/EU-US-Framework. More information about the terms of use for Google Maps can be found here: https://www.google.com/intl/en_en/help/terms_maps.html

You also have the right to refuse consent to this processing, but you must direct your refusal to Google. You can change the settings on your browser to either deactivate or restrict the acceptance of cookies. You can delete any cookies that are already on your device at any time, or you can set your browser preferences to do this automatically. If you deactivate cookies from our website, some features and functions may no longer be available or may not function correctly.

Bookmarks/Plugins

Bookmarks/plugins, e.g. for social media networks like Google+, mean that you can add links from our web-site to your profile(s) on social media to save them as bookmarks or share them with your contacts.

You can recognise the bookmarks/plugins by the icons (e.g. "g+") at the bottom of the page on our website. When you open a page on our website, the bookmarks/plugins can place cookies (small text files with a series of numbers allowing your browser to be recognised in the future) on your device/in your browser. If you are logged onto a social media platform at the same time, the operator of the platform can see which pages you are visiting, unless you have set your browser to refuse or not to save cookies. If you use bookmarks/plugins, information is sent to the social networks they refer to.

We can neither influence nor can we be held responsible for the comments and/or actions of people who use bookmarks/plugins. Anybody who disseminates our content via bookmarks/plugins is not entitled to speak for us or for our website, or to give third parties the impression that they speak for us or for our website.

The legal footing for using bookmarks/plugins is Art. 6(1)(f) GDPR. We do not have any information about how social media operators process your data nor about how long they retain the data, and we do not have any way of influencing them. 

You have the right to object to user profiles being built up about you, but to exercise this right you must contact the provider of the relevant plugin. You can also exercise your right by preventing user profiles being built up about you in other ways:

  • by changing the settings on your browser so that, for instance, cookies from third parties are not accepted, meaning that you will not see content provided by third parties;
  • by deactivating customized advertising placed by providers who are part of the About Ads self-regulation campaign. More information is available at www.aboutads.info/choices, although this setting is erased if you erase their cookies.

Statistics, analysis and marketing services 

We use statistics, analysis and marketing services offered by third parties to make our website as user-friendly and informative as possible. These third-party service providers use cookies (see "Book-marks/Plugins" above) to help their services function. Unless detailed otherwise below, they do not process personal information.

Some third-party service providers give you the opportunity to decline their services, for example by setting an opt-out cookie.

If you activate an opt-out cookie, the third-party provider it comes from will no longer be able to track your user behaviour. You can also select specific elements of a third-party's services and refuse consent to only those. If you change device or browser or delete all cookies, you will need to re-set the opt-out cookie.

You can also object to the use of cookies by going to the opt-out platform of BVDW, the German digital industry association, at http://www.meine-cookies.org/cookies_verwalten/praeferenzmanager.html (all in German) or the opt-out page of NAI, the Network Advertising Initiative, at http://www.networkadvertising.org/choices/ (in English). You can read more about behavioural advertising and opt-outs at: http://www.youronlinechoices.com

What follows tells you about the third-party services we currently use on our website, why and how the data collected is processed in each case, and about how you can object. 

Matomo (formerly Piwik)

We use Matomo, an open-source application for statistically evaluating visits to websites, in order to under-stand how our website is used and to be able to improve it. The statistics show us how we can make our services more useful and attractive for you. 

The legal footing for the use of Matomo is Art. 6 (1)(f) GDPR. Matomo uses cookies (see "Bookmarks/Plugins" above). The data gathered is processed on servers wholly within the borders of the European Union. Our website uses Matomo in conjunction with the AnonymizeIP plugin, which processes only shortened forms of IP addresses, with the result that no direct links can be made to individual persons. The IP address collected from your browser by Matomo is not collated with other data we collect. We have no information about how long Matomo retains the data, and we do not have any way of influencing it.

You can read more about Matomo's data protection policy here: https://matomo.org/privacy-policy/.

You have the right to object to this processing. You can stop Matomo processing your data by deleting all cookies on your device and deactivating the "save cookies" function in your browser. The website may not function fully as a result, however.

If you wish to prevent your activity being tracked, you can exercise your right to object by clicking on the opt-out button on this page: https://matomo.org/privacy-policy/.