Data Protection Declaration
1. Data protection at a glance
Analytical tools and tools from third-party providers
When visiting our website, your browsing behaviour may undergo statistical analysis. This takes place primarily using cookies and so-called analysers. Your browsing behaviour is generally analysed anonymously; browsing behaviour cannot be traced back to you. You can object to this analysis or prevent it by avoiding the use of certain tools. Detailed information on this can be found in the following data protection declaration. You can object to this analysis. In this data protection declaration, we will provide information regarding the means by which to object.
2. General notes and mandatory information
Note regarding the responsible body
The responsible body for data processing on this website is: Hotel Bellevue GmbH Hilden / AMBER HOTELS Schwanenstraße 27 D-40721 Hilden Telephone: +49 2103 503-0 Email: email@example.com The responsible body is the physical person or legal entity that, either alone or working together with others, decides on the purposes and means by which personal data is processed (e.g. names, email addresses etc.).
The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and according to statutory data protection regulations, as well as in accordance with this data protection declaration. When you use this website, various pieces of personal data are collected. Personal data is data by which you can be personally identified. This data protection declaration explains which data we collect and what we use it for. It also explains how and to what purpose we collect data. We hereby point out that data transfer via the Internet (e.g. during communication by email) may involve gaps in security. Absolute protection of data against access by third parties is not possible.
Revocation of your consent to data processing
Many data processing processes are only possible with your express consent. You can withdraw already granted consent at any time. In order to withdraw consent, all that is required is that you send us an email. The lawfulness of the data processing that has taken place prior to revocation will remain unaffected by the revocation.
Right of appeal to the competent supervisory authority
In the case of data protection violations, the affected party has a right to appeal to the competent supervisory authority. The competent supervisory authority in matters pursuant to data protection law is the State Data Protection Officer of the Federal State in which our company has its head office. A list of the data protection officers and their contact details can be found via the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Right to data portability
You have the right to have data that we automatically process on the basis of your consent or within the scope of the fulfilment of a contract issued to you or to a third party in a standard, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only take place insofar as is technically feasible.
SSL or TLS encryption
For security reasons and to protect confidential content, such as orders or queries that you send to us within our capacity as site operators, this site uses SSL or TLS encryption. You can recognise an encrypted connection in that the address bar of the browser changes from “http://” to “https://”, and by the lock symbol in your browser line. If SSL or TLS encryption is activated, then the data that you send to us cannot be read by third parties.
Encrypted payment transactions on this website
Following the conclusion of a fee-based contract, if there is an obligation to send us your payment details (e.g. account number with direct debit authorisation), this data will be required for the processing of payment. Payment transactions using standard means of payment (Visa/MasterCard, direct debit) take place exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection in that the address bar of the browser changes from “http://” to “https://”, and by the lock symbol in your browser line. During encrypted communication, the payment details that you send to us cannot be read by third parties.
Access to, blocking and deletion of information
Within the scope of the applicable statutory provisions, you have the right to access your stored personal data at all times and at no cost, and to know its origin, recipients and the purpose of data processing, and if applicable you also have a right to demand the correction, blocking or deletion of this data. Questions regarding this and other matters relating to the topic of personal information can be submitted to us at any time using the address stated in the Legal Notice.
Note regarding external links
This website contains links to external websites of third parties, on whose content we have no influence. For this reason, no guarantee can be assumed for these external contents. The contents of external websites to which links are provided here do not reflect the opinion of the website operator, but are merely intended to provide information and present context. The respective provider or operator of the pages is always responsible for the contents of the linked pages. The linked pages were checked for possible legal violations at the time of linking. At the time of linking, illegal contents were not discernible. A permanent control of the contents of the linked pages is not reasonable without concrete evidence of an infringement. As soon as we become aware of any legal infringements, we will remove such links immediately.
3. Data Protection Officer
Legally prescribed Data Protection Officer
We have appointed a data protection officer for our company. Sascha Hasselbach Astrid-Lindgren-Str. 40 40764 Langenfeld www.datenschutz-extern-nrw.de Phone: 021732041244 Email: firstname.lastname@example.org
4. Data recording on our website
In some instances, our web pages use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies help us to make our website more user-friendly, efficient and secure. Cookies are small text files that are placed on your computer and that your browser stores. The majority of the cookies we use are so-called “session cookies”. They are deleted automatically when your visit is over. Other cookies remain saved on your end device until you delete them. These cookies allow us to recognise your browser the next time you visit us. You can configure your browser in such a way that you are informed of the placing of cookies and only allow cookies in individual cases, exclude the acceptance of cookies in certain cases or generally, and activate the automatic deletion of cookies when you close your browser. If cookies are disabled, the functionality of this website may be impaired. Cookies that are required in order to execute the electronic communication process or for the provision of certain desired features (e.g. shopping cart feature) are stored on the basis of Art. 6(1) (f) GDPR (General Data Protection Regulation). The website operator has a legitimate interest in the storing of cookies, with a view to ensuring the technically flawless and optimised provision of his services. Insofar as other cookies (e.g. cookies for the analysis of your browsing behaviour) are saved, these are addressed separately in this data protection declaration.
Server log files
The website provider automatically collects and stores information in so-called server log files, which your browser sends to us automatically. This includes:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
This data is not combined with data from other sources. The legal basis for the processing of this data is Art. 6(1) (f) GDPR. Our legitimate interest results from the following reasons for data collection: system security and stability.
When you submit queries to us using the contact form, your details from the query form, including the contact details you provide there, will be stored by us for the purpose of the processing of the query and for the event of follow-up queries. We will not pass this data on without your consent. The data provided in the contact form will only be processed subject to your consent (Art. 6(1) (a) GDPR). You can withdraw this consent at any time. In order to withdraw consent, all that is required is that you send us an email. The lawfulness of the data processing that has taken place prior to the revocation shall remain unaffected by the revocation. The data you enter in the contact form will remain stored by us until you request that it be deleted, withdraw your consent to its being stored or until the purpose for which the data is being stored is no longer applicable (e.g. once your query has finished being processed). Mandatory statutory provisions – in particular storage terms – shall remain unaffected.
Processing of data (customer and contractual data)
We collect, process and use personal data only insofar as this is required for the establishment, definition with respect to content or amendment of the legal relationship (inventory data).
This takes place on the basis of Art. 6(1) (b) GDPR, which authorises the processing of data for the fulfilment of a contract or pre-contractual measures.
We only collect, process and use personal data provided through the use of our website (usage data) insofar as this is necessary to allow the user to avail of the service, or to bill him for it.
In order to process our online bookings, we use a service provided by Hotelnetsolutions GmbH (HNS), Genthiner Str. 8 in 10785 Berlin.
If you book or reserve a room online, then your personal data will be transmitted to “HNS”. 14 days after your departure, we will delete this personal data from the servers of Hotelnetsolutions GmbH.
The processing of the booking takes place on the basis of Art. 6(1) (b) GDPR, which authorises the processing of data for the fulfilment of a contract or pre-contractual measures. You also have the option to register during the booking process. The data entered there will also be stored by HNS and allows you to use the data you have entered for future bookings. For important changes, for example to the scope of the services offered or in the event that technical changes are required, we use the email address you have entered during registration to keep you informed.
The data entered during registration is processed subject to your consent (Art. 6(1) (a) GDPR). You can withdraw your granted consent at any time.
In order to withdraw consent, all that is required is that you send us an email. The lawfulness of the data processing that has already taken place shall remain unaffected by the revocation. The data recorded during registration will be stored by us for as long as you are registered with our website and thereafter will be deleted. Legal storage periods remain unaffected.
We have concluded a contract with HNS for order data processing.
Collected customer data will be deleted following the completion of the order or the termination of the business relationship. Legal storage periods remain unaffected.
5. Analytical tools and advertising
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. Google Analytics uses so-called cookies. These are text files that are stored on your computer and enable the analysis of your use of the website. The information that the cookie generates regarding your use of this website (including your IP-address) is generally transferred to and stored on a server operated by Google in the USA. The storage of Google Analytics cookies takes place on the basis of Art. 6(1) (f) GDPR. The website operator has a legitimate interest in the analysis of user behaviour, with a view to optimising both his website and his advertising.
We have activated the IP anonymisation function on this website. This means that your IP address will be truncated by Google within an EU member state or other EEA state before being transmitted to the US. Only in exceptional cases is the full IP address sent to a Google server in the USA and truncated there. On behalf of the website provider, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and Internet usage to the website provider. Google will not associate your IP address transmitted within the scope of Google Analytics with any other data held by Google. The data of users will be deleted after 14 months.
Objection to Data Collection
You can object to the use of Google Analytics by clicking on the following link. An opt-out cookie will be placed on the computer, which prevents the future collection of your data when visiting this website: Disabling Google Analytics.
Processing of order data
We have concluded a contract with Google concerning the processing of order data and fully comply with the strict provisions issued by the German Data Protection Authorities when using Google Analytics.
Demographic characteristics with Google Analytics
This website uses the “Demographic Characteristics” feature of Google Analytics. This enables the generation of reports containing statements regarding the age, gender and interests of the visitors to the website. This data is derived from interest-based advertising by Google as well as from visitor data from third-party providers. This data cannot be attributed to any identifiable person. You can disable this feature at any time via the ad settings in your Google Account, or you can prohibit the collection of your data by Google Analytics in general, as outlined in the “Opposition to Data Collection” section.
Google Tag Manager
We use “Google Tag Manager” on our website, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (hereafter referred to as “Google”). Google Tag Manager allows us as marketers to manage web page tags from one interface. The Google Tag Manager tool that implements the tags is a cookie-free domain and does not collect personally identifiable information. Google Tag Manager triggers other tags that may collect data under certain circumstances. Google Tag Manager does not access this data. If disabled at the domain or cookie level, it will remain effective for all tracking tags implemented with Google Tag Manager.
Google has now submitted to and is certified according to the Privacy Shield Agreement between the European Union and the United States. As a result, Google agrees to comply with the standards and regulations of European data protection law. You can find additional information in the following linked entry: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Third-party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
More information about data protection can be found on Google’s following websites:
- Privacy notice: http://www.google.de/intl/de/policies/privacy
- FAQ Google Tag Manager: https://www.google.com/intl/de/tagmanager/faq.html
We use HubSpot for marketing and optimization purposes, in particular to analyse the use of our website and to continuously improve individual functions and offers as well as the user experience. By statistically evaluating user behaviour, we can improve our offer and make it more interesting for you as a user. This is also where our legitimate interest lies in the processing of the aforementioned data by a third party. The legal basis is article 6 para. 1 p. 1 lit. f) GDPR.
You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in your web browser’s settings. We point out that in this case you may not be able to use all the functions of our website to the full extent. You may object to or prevent the collection and transfer of personal information by disabling the execution of Java Script in your browser. In addition, you can prevent the execution of Java Script code altogether by installing a Java Script blocker (e.g. https://noscript.net/ or https://www.ghostery.com).
We point out that in this case you may not be able to use all the functions of our website to the full extent.
In addition, HubSpot has submitted to and is certified according to the Privacy Shield Agreement between the European Union and the United States. As a result, HubSpot agrees to comply with the standards and regulations of European data protection law. You can find additional information in the following linked entry:https://www.privacyshield.gov/participant?id=a2zt0000000TN8pAAG&status=Active
Third party information: HubSpot, Inc., 25 First St, 2nd Floor, Cambridge, MA 02141, USA. Additional information about the third party for data protection can be found on the following website: https://legal.hubspot.com/privacy-policy
Our website uses the analysis service etracker. The provider is etracker GmbH, Erste Brunnenstraﬂe 1, 20459 Hamburg, Germany. User profiles can be created from the data under pseudonyms. Cookies may be used to this end. Cookies are small text files that are stored in the visitor’s local browser cache. They make it possible for your browser to be recognised again. The data compiled with the etracker technologies will not be used to personally identify visitors to this website and will not be associated with personal data regarding the bearer of the pseudonym without the express permission of the respective individual.
etracker cookies remain on your end device until you delete them.
The storage of etracker cookies takes place on the basis of Art. 6(1) (f) GDPR. The website operator has a legitimate interest in the analysis of user behaviour, in order to optimise both his website and his advertising.
You can object to the collection and storage of date at any time with future effect.
To object to the collection and storage of your user data with future effect you can acquire an opt-out cookie from etracker via the following link. This will ensure that in future no visitor data from your browser will be collected and stored by etracker: https://www.etracker.de/privacy?et=V23Jbb.
Conclusion of a contract regarding the processing of order data
We have concluded a contract with etracker concerning the processing of order data and fully comply with the strict provisions issued by the German Data Protection Authorities when using etracker.
This website uses Mouseflow, a website analytics tool provided by Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark, to log individual visits, selected at random (using anonymised IP addresses only). This produces a log of mouse movements and clicks with a view to playing back a random sample of website visits and deducing potential improvements to the website. The information is not personal and is not passed on to third parties. If you do not wish this recording to be made, you can disable it on all web pages that use Mouseflow here. We have concluded an order data processing contract with Mouseflow.
If you would like to receive the newsletter offered on this website, we require that you provide an email address as well as information enabling us to check that you are the holder of the email address indicated and your consent to the receipt of the newsletter. No other data will be collected, or such data will only be collected on a voluntary basis. We will only use this data to send you the required information and will not forward it to third parties. The processing of the data entered in the newsletter registration form will only take place on the basis of your consent (Art. 6(1) (a) GDPR). Your issued consent to the storage of your data, your email address and its use for the sending of the newsletter can be withdrawn at any time, for instance using the “Unsubscribe” link in the newsletter. The lawfulness of the data processing that has taken place prior to the revocation shall remain unaffected by the revocation.
The data you store with us for the purpose of the newsletter subscription will be stored by us until you unsubscribe from the newsletter, at which point it will be deleted. Data that we hold stored for other purpose (e.g. email addresses for the membership area) shall remain unaffected.
Please understand that for legal reasons our newsletter may only be subscribed to by persons over the age of 16 years.
7. Plugins and tools
Google Web Fonts
This website uses the technical platform provided by empaction GmbH for the sending of newsletters. The provider is empaction GmbH, Marktstrasse 33-35, 60388 Frankfurt am Main, Germany. empaction is a technology provider with which the sending of newsletters can be organised and analysed, alongside other services. The data you enter for the purpose of newsletter subscription will be stored on the empaction servers in Germany. If you do not wish for analysis to be performed by empaction, you must unsubscribe from the newsletter. To this end, we provide a corresponding link in every newsletter message.
Data analysis by empaction
For the purposes of analysis, emails sent with empaction contain a so-called “tracking pixel”, which connects to the empaction servers when the email is opened and enables personalised tracking. It can thus be determined whether or not a newsletter message has been opened. Furthermore, using empaction we can determine whether and which links in the newsletter message have been clicked on. All links in the email are so-called tracking links, with which your clicks can be counted. More detailed information can be found at https://empaction.com/de/start.html and https://empaction.com/de/wissen.html.
Data is processed subject to your consent (Art. 6(1) (a) GDPR). You can withdraw this consent at any time. The lawfulness of the data processing that has taken place prior to the revocation shall remain unaffected by the revocation.
The data you store with us for the purpose of newsletter subscription will be stored by us until you unsubscribe from the newsletter, at which point it will be deleted from both our servers and empaction’s servers.
Conclusion of a contract regarding commissioned data processing
We have concluded a contract with empaction in which we oblige empaction to protect our customers’ data and to refrain from passing it on to third parties.
9. Social networks
Data processing by social networks
We maintain publicly available profiles on social networks. You will find a list of the social networks we use below.
Social networks such as Facebook, Google+ etc. can generally analyse user behaviour comprehensively when their website or a website with integrated social media content (such as buttons or advertising banners) is accessed. When you visit our social media pages, numerous data protection-relevant processing operations are triggered.
If you are logged on to your social media account and visit our social media pages, the operator of the social media platform can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media platform. In this case, the data is collected, for example, via cookies that are stored on your terminal device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media platforms can create user profiles in which your preferences and interests are stored. In this way, interest-related advertising can be displayed inside and outside the respective social media pages. If you have an account with the relevant social network, interest-based advertising can be displayed on all devices on which you are logged in or were logged in.
Our social media sites are designed to ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be stated by the operators of the social networks (for example consent pursuant to Art. 6 (1) (a) GDPR).
Controller and assertion of rights
If you visit one of our social media pages (such as Facebook), we, together with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can exercise your rights (to information, correction, deletion, restriction of processing, data portability and to lodge a complaint) both with us as well as with the operator of the respective social media platform (for example with Facebook).
Please note that despite our joint responsibility with the social media platform operators, we do not have full control over the data processing operations of the social media platforms. Our possibilities depend to a large extent on the corporate policy of the respective provider.
The data collected directly from us via the social media pages will be deleted from our systems as soon as the purpose for their storage lapses, you ask us to delete it, you revoke your consent to the storage or the purpose for the data storage lapses. Stored cookies remain on your device until you delete them. Mandatory statutory provisions – in particular legal retention periods – remain unaffected.
Social networks in detail
We have a profile on Facebook. Provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook is certified under the EU-US Privacy Shield.
We have concluded an agreement with Facebook on a joint responsibility for the processing of data (Controller Addendum). This Agreement sets out the data processing operations that we or Facebook are responsible for when you visit our Facebook fan page.
You can view this agreement at the following link:
You can adjust your advertisement settings independently in your user account. Click on the following link and log in: