Responsible for the collection and processing of the data: JMB Hotel-Betriebsgesellschaft, Wöhlerstr. 2, 22113 Hamburg, Germany. The above company is represented by its Managing Director, Christian Wolff.
2. Saving of IP addresses
The IP address of the requesting PC, laptop or computer will generally be anonymised so that personal identification is not possible. The log data will be processed in anonymised form so that an erasure of the data is not absolutely necessary.
Our website in Germany is hosted by: SANG Computersysteme GmbH, Kruppstr. 82 - 100, 45145 Essen, Germany.
3. Usage data when visiting this homepage
When you visit our website, so-called usage data will be temporarily saved on our web server in the form of a record for statistical purposes.
This is in the interests of improving the quality of our website and to facilitate technical access to the web pages.
This usage data consists of:
- the file name
- the web page from which the file was requested
- the date and time of the request
- the transferred data volume
- the access status (file transferred or not found)
- the description of the type of web browser used,
- the IP address of the requesting computer (will be anonymised immediately, refer to item 2)
Both our website and our in-house reservation system use session cookies for the purpose of technical operations.
In detail, these are: CFID / CFTOKEN / JSESSIONID
Cookies are cryptic numbers with which the connection to our website is managed during the session.
Cookies do not harm your computer and do not contain viruses.
The cookies are used in order to ensure a superior user guidance.
In this context, no personal data will be collected.
If you do not accept the cookies, however, this may partially limit the functionality of our website.
5. Google Analytics
This allows for your identification and logging as a returning visitor.
The data processing takes place on the basis of Art. 6(1)(1)(f), GDPR.
As we have activated IP anonymisation on this website, however, your IP address will be abbreviated beforehand by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and abbreviated there. Google will use this information to analyse your use of the website on our behalf, to compile reports on the website activity and to provide further services that are connected to the use of this website and of the internet.
You can object to the creation of the pseudonymised user profiles at any time, however. There are several ways of doing this:
1.) Depending on the web browser that you use, you can install a browser plugin which prevents the tracking. To do so, please click on this link: https://tools.google.com/dlpage/gaoptout?hl=de and install the browser plugin which you can access there.
2.) You can also prevent the storage of the cookies that are used by setting your browser software accordingly.
3.) One possible way of contradicting the web analysis by Google Analytics is to place an opt-out-cookie which instructs Google to neither store nor use your data for the purposes of web analysis.
Please note that with this solution, the web analysis will only take place for the actual duration in which the opt-out-cookie is stored by the browser.
6. Web tracking tools
We use web tracking technology on this website. In this context, user profiles are created under a pseudonym. These will not be used for the personal identification of the visitors to this website and will not be combined with personal data pertaining to the bearer of the pseudonym. You can object to the processing of the data by web tracking tools at any time.
7. Forwarding (links) to other websites
This website also contains links to websites of other service providers. This is generally identifiable because a new browser window will open. Unless it relates to offerings from JMB Hotel-Betriebsgesellschaft, we are unable to provide any guarantees concerning the compliance with the data protection provisions by such service providers. If you have any questions on data protection, please contact the respective service provider.
In the interests of offering a comprehensive customer service and providing the possibility to leave reviews or obtain further information about our company, our website also includes links to social networks (Facebook and Google+) which are provided on the basis of Art. 6(1)(1)(f), GDPR.
The social networks can also apply so-called web tracking methods on their web pages. It is not possible to exclude the possibility that these networks may use and evaluate your data. We have no influence over the processing of your data by such social networks. Please refer to the declarations of the service provider if you access our website on a social network.
8.) Online reservations
We process the following data according to Art. 6(1)(b), GDPR for the purpose of performance of contract:
- Title (all hotel guests)
- First name, surname (all hotel guests)
- Address details (primarily of persons making reservations for mailing invoices or travel documentation)
- Telephone number of the principal traveller and/or personal contact (for contact at short notice in the case of changes)
- Mail address (primarily of the person making the reservation and/or the principal traveller for sending reservation data and/or confirmations)
- Credit card data in the case of payment by credit card
- Banking data in the case of payment by direct debit (SEPA)
This also includes the associated customer care. The provision of your telephone number is voluntary. Failure to provide it may delay or make subsequent communication more difficult, however.
If you wish to arise after 18.00 hrs. we will collect your payment data as a guarantee. Your data will only be processed for the provision of our contractual services and will naturally be handled confidentially.
In the event of online reservations via our own website, you will be forwarded automatically to the online reservation system of our carefully chosen cooperation partner, Busy Rooms (Essen office): Kruppstrasse 82-100, 45145 Essen, Germany, who will complete the reservation on our behalf. Busy Rooms is obligated to comply with the data protection provisions.
We will send your confirmation of reservation to the email address that you provide. In the context of your reservation, in addition to the confirmation of reservation, you may also receive further emails relating to your trip with advertising content regarding proprietary or similar products. You can object to such emails at any time by sending an email to firstname.lastname@example.org. After receiving your objection we will stop such emails from being sent without delay.
If necessary, personal data will be forwarded to the companies which participate in the implementation of this contract, for example, credit institutes for the processing of payments.
Data required for the fulfilment of the contract will only be retained for possible enquiries and will be erased after an internally specified period.
The data will not be erased if outstanding receivables exist after the end of the contract that require collection, however.
In the case of the existence of legal storage periods, the data in question will be archived for the duration of such periods.
9.) General handling of personal data
Insofar as you provide us your first name and surname and/or your postal address, we shall use these for hotel-related advertising purposes and for statistical evaluations on the basis of Art. 6(1)(1)(f), GDPR, and in the interests of informing you about products or news from the Best Western Plus Hotel Böttcherhof.
You have the right to object to the processing of this data. Please refer to the item “Your rights” for further information.
In this respect, we shall only use other personal details or contact data for advertising purposes or statistical evaluations insofar as you have provided your express consent. The data processing will then take place on the basis of Art. 6(1)(1)(a), GDPR.
If you do not want us to use your data for advertising purposes and evaluations, you can provide us with the appropriate notification and/or withdraw your consent at any time.
In this respect, please contact:
1.) by post: Best Western Plus Hotel Böttcherhof, Wöhlerstr. 2, 22113 Hamburg, Germany.
2.) by email to: email@example.com
The withdrawal of consent does not affect the legality of the previous processing.
If the consent is withdrawn, we will end the processing of the appropriate data.
Personal data which you transfer to us online (by email or with the use of web forms) will be gathered and processed according to the legal provisions.
We will only forward your data to third parties if we are legally authorised or obliged to do so (e.g. for contractual purposes and/or criminal proceedings) or upon you express request.
10. Data recipients
In the scope of the processing of an order according to Art. 28, GDPR, we will transfer your data to service providers who support us with the operation of our website and the associated processes. Our service providers follow our strict instructions and are bound by contractual obligation accordingly.
11. Transfer of data to third countries
It is sometimes the case that we will transfer personal data to a third country outside the EU. In this context, we are responsible for ensuring an appropriate level of data protection:
- In the case of Best Western customer loyalty programmes, the forwarding of data to third countries is managed by: Best Western Central Europe GmbH, Frankfurter Str. 10 - 14 in 65760 Eschborn, Germany
- In the case of Google Analytics (USA), an appropriate level of data protection is provided due to the corresponding participation in the Privacy Shield Agreement (Art. 45(1), GDPR).
We will not sell your personal data to third parties or market it in any other way.
12. Security of your data
We have taken the appropriate technical and organisational security measures to protect your data from unwanted access as far as possible. Besides obliging our employees to comply with confidentiality, carefully selecting and checking service providers and securing our operational environment, in certain areas we also use an encryption process. The information that you provide is transferred in encrypted form with the use of an SSL protocol (Secure Socket Layer) and checked for its authenticity so as to prevent the data from being misused by third parties. You can see this due to the lock symbol in the status bar of your browser and because the address line begins with https.
13. Your rights as a user
Regarding the processing of your personal data, the GDPR grants you, as user of the website, certain rights:
1.) Right of access (Art. 15, GDPR):
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed. If that is the case, you have a right of access to this personal data and the information specified in detail in Art. 15, GDPR.
2.) Right to rectification and erasure (Art. 16 and 17, GDPR):
You have the right to obtain, without undue delay, the rectification of inaccurate personal data concerning your person and, if necessary, the right to request the completion of incomplete personal data.
You also have the right to request an erasure of the personal data concerning you without undue delay, insofar as one of the reasons listed in Art. 17, GDPR applies, for example, if the data is no longer required for the intended purpose.
Please note: It will not be possible to erase the data if other legal provisions and/or storage periods exist which take precedence over the GDPR.
3.) Right to restriction of processing (Art 18, GDPR):
If one of the conditions stated in Art. 18, GDPR applies, you shall have the right to restrict the processing of your data, if you have lodged an objection to the processing for example, for the duration of a possible verification.
4.) Right to data portability (Art. 20, GDPR):
In certain cases, as stated in Art. 20, GDPR, you have the right to receive the personal data concerning your person in a structured, commonplace and machine-readable format, and/or to request the transfer of the data to a third party.
5.) Right to object (Art. 21, GDPR):
If data is collected on the basis of Art. 6(1)(1)(f) (data processing to protect legitimate interests), on the basis of reasons that arise due to your personal situation, you have the right to object to processing at any time. We will then no longer process the personal data unless there are demonstrably compelling reasons for processing which are in need of protection and which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
6.) Right to lodge a complaint with a supervisory authority
According to Art. 77, GDPR, you have the right to lodge a complaint with a supervisory authority if you consider the processing of the data concerning your person to infringe data protection regulations. The right to a complaint can, in particular, be lodged with a supervisory authority in the member state of your place of residence, your place of work, or the place of the alleged infringement. In Hamburg, the responsible supervisory authority is the Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI), Klosterwall 6, 20095 Hamburg.
14. Data Protection Commissioner
D & C Datenschutz und Consulting
Mr. Dirk Borbe
Telephone: +49 (0)162 / 58 17 253