1. Data protection at a glance

General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally. Detailed information on the subject of data protection can be found in our privacy policy listed below this text.

Data collection on this website

Who is responsible for the data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the section "Note on the responsible body" in this privacy policy.

How do we collect your information?

On the one hand, your data is collected when you provide it to us. This can be, for example, data that you enter into a contact form. Other data is collected automatically or with your consent when you visit the website by our IT systems. This is mainly technical data (e.g. Internet browser, operating system or time of page access). The collection of this data takes place automatically as soon as you enter this website.

What do we use your data for?

Part of the data is collected to ensure that the website is provided without errors. Other data may be used to analyze your user behavior. If contracts can be concluded or initiated via the website, the transmitted data will also be processed for contract offers, orders or other order requests.

What rights do you have regarding your data?

You have the right to receive information about the origin, recipient and purpose of your stored personal data at any time, free of charge. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data in certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time for this and other questions on the subject of data protection.

2. Hosting and Content Delivery Networks (CDN)

We host the content of our website with the following provider:

Hetzner

The provider is Hetzner Online GmbH, Industriestrasse 25, 91710 Gunzenhausen (hereinafter referred to as Hetzner). Details can be found in the privacy policy of Hetzner:

https://www.hetzner.com/de/legal/privacy-policy/.

The use of Hetzner is based on Art. 6 (1) (f) GDPR. We have a legitimate interest in presenting our website as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.

Order processing

We have concluded a contract processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law that ensures that it processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

3. General information and mandatory information

Privacy

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration.

When you use this website, various personal data is collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) may have security gaps. It is not possible to completely protect the data from access by third parties.

Note on the responsible body

The person responsible for data processing on this website is:

Légère Hotel Group GmbH & Co. KG

Humboldtstraße 6

65189 Wiesbaden

Phone: +49 611 450443-0E-mail: info@legere-hotelgroup.com

The controller is the natural or legal person who, alone or jointly with others, decides on the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

Data protection supervisor

We have appointed an external data protection officer:

TÜV SÜD Akademie GmbH

80339 Munich

E-mail: datenschutz@legere-hotelgroup.com

You can reach our data protection officer by post at the address of the responsible body with the note for the attention of the data protection officer.

Storage period

Unless a specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for which the data is processed no longer applies. If you assert a justified request for erasure or revoke consent to data processing, your data will be deleted, unless we have other legally permissible grounds for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the deletion takes place after these reasons have ceased to exist.

General information on the legal basis of data processing on this website

If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR, insofar as special categories of data are processed in accordance with Art. 9 (1) GDPR. In the case of explicit consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 (1) (a) GDPR. If you have consented to the storage of cookies or access to information in your device (e.g. via device fingerprinting), data processing is also carried out on the basis of Section 25 (1) TDDDG. The consent can be revoked at any time. If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 (1) (b) GDPR. Furthermore, we process your data if it is necessary to comply with a legal obligation on the basis of Art. 6 (1) (c) GDPR. Data processing may also be carried out on the basis of our legitimate interest in accordance with Art. 6 (1) (f) GDPR. Information about the relevant legal bases in each individual case is provided in the following paragraphs of this data protection declaration.

Recipients of personal data

As part of our business activities, we work together with various external bodies. In some cases, it is also necessary to transmit personal data to these external bodies. We only pass on personal data to external bodies if this is necessary in the context of the performance of a contract, if we are legally obliged to do so (e.g. disclosure of data to tax authorities), if we have a legitimate interest in the disclosure in accordance with Art. 6 (1) (f) GDPR or if another legal basis allows the data transfer. When using processors, we only share our customers' personal data on the basis of a valid data processing agreement. In the case of joint processing, a joint processing contract is concluded.

The following presentation provides an overview of these external service providers

As a booking engine and voucher shop, we use the hotel software cbooking and voucherbooking from HotelNetSolutions GmbH (HNS), Genthiner Str. 8, 10785 Berlin. When you make bookings through our website, you enter your details in this software system we use, where they are stored and processed. You can find the link to the privacy policy here: https://www.hotelnetsolutions.de/Datenschutz

We also use the SIHOT.PMS hotel software to manage our hotels. PMS, a property management system (PMS) of GUBSE AG, Bahnhofstraße 26-28, 66578 Schiffweiler. It is an information and management system for controlling the processes in the hotel, in which all functions of the front office, reservation and property management areas are combined in one interface. You can find more information on this below under section 9.

As a global distribution system (GDS) that travel agencies use to request information and booking options, in particular about prices, availability and booking options, we use systems from our partner Supranational Hotels Ltd. in particular, the CRS (Central Reservation System) there, so that we can also be booked online internationally for customers and guests via the affiliated travel agencies and travel service providers. Supranational is a brand of Reconline AG, Staldenstrasse 58, 3920 Zermatt, Switzerland. You can find the link to the privacy policy here: http://www.reconline.com/d/index.html#

As a guest feedback platform and rating tool, we use the MARA Solutions service, provided by MARA Solutions GmbH, Rotherstraße 19, 10245 Berlin, Germany, for the automated analysis and evaluation of online reviews and customer feedback. The aim is to continuously improve the quality of our offer and customer satisfaction. MARA Solutions processes publicly available information, in particular customer reviews on platforms such as Google, Trustpilot or other review portals. The processing is carried out exclusively for the structured evaluation and presentation of feedback trends. In doing so, MARA Solutions may also process personal data (e.g. names or content of reviews) if they are publicly visible. The processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the optimisation of our offer and the customer-oriented further development of our products and services. Further information on data processing by MARA Solutions can be found in the provider's privacy policy at: https://www.mara-solutions.com/company/privacy-policy

Exclusively for the Légère Hotel Luxembourg, it is possible to book a table in the restaurant and other food and beverage services online. For this purpose, a table reservation tool of the Tablebooker cvba, 11, Lozenberg B-1932 Zaventem is used. The customer can enter his name, contact details and the number of seats required. For more information on data processing by Tablebooker, please refer to the provider's privacy policy at: https://en.tablebooker.com/privacy-policy

In the field of affiliate marketing, we work together with Media Berg, Altschwande 37, 87480 Weitnau. Media Berg supports us in the implementation and processing of affiliate marketing measures. Further information on data processing by Media Berg can be found at: https://mediaberg.de/datenschutzerklaerung/

In the case of job advertisements, we link applicants who would like to apply via our website directly to the HOTELCAREER website of our partner YOURCAREERGROUP GmbH, Kaiserswerther Straße 282, 40474 Düsseldorf. The applicant can then enter the information required on the HOTELCAREER website, which will then be forwarded to us by HOTELCAREER. You can find the link to the privacy policy here: https://www.hotelcareer.de/datenschutzerkl%C3%A4rung

To carry out and administer application procedures, we use the applicant management tool of BITE GmbH, Magirus-Deutz-Straße 12, 89077 Ulm (hereinafter referred to as "BITE"). Data processing is carried out on the basis of Art. 6 (1) (b) GDPR (implementation of pre-contractual measures) and – if required by law – on the basis of Art. 6 (1) (a) GDPR (consent). If you apply via our online applicant portal, the personal data you provide (e.g. contact details, CV, certificates) will be transmitted directly to BITE and processed there on our behalf. A data processing agreement has been concluded with BITE GmbH in accordance with Art. 28 GDPR, which ensures compliance with data protection requirements. The processing of your application data is carried out exclusively for the purpose of processing your application. After completion of the application process, your data will be stored in accordance with the statutory retention periods and then deleted, unless you have given further consent to its storage (e.g. foran applicant pool). Further information on data processing by BITE can be found at: https://www.b-ite.de/legal-notice.html

To send our newsletter, we use the dailypoint® service, provided by Toedt, Dr. Selk & Coll. GmbH, Augustenstraße 79, 80333 Munich, Germany. Dailypoint supports us in the central management of guest data and the implementation of personalized newsletter campaigns. If you register for our newsletter, we process your e-mail address and, if applicable, other voluntarily provided data (e.g. name, interests) in order to send you information and offers tailored to you. Registration takes place in the double opt-in procedure. You can revoke your consent to receive the newsletterat any time with effect for the future, for example via the unsubscribe link in the newsletter or by sending us a message. Your data is processed on the basis of your consent in accordance with Art. 6 (1) (a) GDPR. The technical processing and dispatch of the newsletters is carried out within the framework of order processing by dailypoint in accordance with Art. 28 GDPR. A corresponding contract has been concluded with the provider to ensure data protection. Further information on data processing by dailypoint can be found at: https://www.dailypoint.com/datenschutz

These service providers will only have access, if at all, to such personal information as is necessary to perform their respective activities and may only use the personal information as instructed by us. The service providers may not pass on your personal information or use it for other purposes, in particular for their own advertising purposes.

Insofar as external service providers come into contact with your personal data, we ensure that these service providers also comply with the applicable data protection regulations by means of legal, technical and organisational measures as well as regular checks. Légère Hotel Group GmbH & Co. KG has committed these service providers to the German level of data protection and monitors their compliance on an ongoing basis.

Finally, it may also happen that we are obliged by existing laws to transmit personal data to the competent authorities for law enforcement.

Even if a chargeback of credit card payments occurs, it may be necessary to provide certain booking details to the payment provider and the relevant financial institutions in order to process the chargeback request. This can be, for example, a copy of the booking confirmation or the IP address used for the booking.

Your personal data will not be passed on commercially to other companies.

Finally, we integrate the use of some social media into our websites so that we are involved in the collection of your personal data or the social media provider receives some of your information as a result. We have listed the further details below.

Withdrawal of your consent to data processing

Many data processing operations are only possible with your explicit consent. You can revoke any consent you have already given at any time. The lawfulness of the data processing carried out up to the time of revocation remains unaffected by the revocation.

Right to object to data collection in special cases as well as to direct marketing (Art. 21 GDPR)

IF THE DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6 PARA. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 PARA. 1 GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING, INSOFAR AS IT IS RELATED TO SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL THEN NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21 PARA. 2 GDPR).

Right to lodge a complaint with the competent supervisory authority

In the event of violations of the GDPR, the data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged infringement. The right of appeal exists without prejudice to other administrative or judicial remedies.

Competent supervisory authority:

The Hessian Commissioner for Data Protection and Freedom of Information

Gustav-Stresemann-Ring 1

65189 Wiesbaden

P.O. Box 31 63,

65021 Wiesbaden

Phone: +49 (0) 611 1408 0

Fax: +49 (0) 611 1408 611

Internet: http://www.datenschutz.hessen.de

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done to the extent that it is technically feasible.

Information, correction and deletion

Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipients and the purpose of the data processing at any time and, if necessary, a right to rectification or deletion of this data. You can contact us at any time for this and other questions on the subject of personal data.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time for this. The right to restriction of processing exists in the following cases:

- If you contest the accuracy of your personal data held by us, we will usually need time to verify this. For the duration of the audit, you have the right to request the restriction of the processing of your personal data.

- If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of deletion.

- If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request the restriction of the processing of your personal data instead of erasure.

- If you have filed an objection in accordance with Art. 21 (1) GDPR, a balancing of your interests and ours must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data may only be processed with your consent or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or of a Member State.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address bar of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Encrypted payment transactions on this website

If, after concluding a fee-based contract, there is an obligation to provide us with your payment data (e.g. account number in the case of direct debit authorisation), this data will be required for payment processing.

Payment transactions via the usual means of payment (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address bar of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

With encrypted communication, your payment data that you transmit to us cannot be read by third parties.

Objection to advertising e-mails

The use of contact details published in the context of the imprint obligation for the sending of unsolicited advertising and information material is hereby contradicted. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example by spam e-mails.

4. Data collection on this website

Cookies

Our websites use so-called "cookies". Cookies are small data packets and do not cause any damage to your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or until your web browser automatically deletes them.

Cookies can come from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain third-party services within websites (e.g. cookies for processing payment services).

Cookies have different functions. Many cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies may be used to evaluate user behavior or for advertising purposes.

Cookies that are necessary to carry out the electronic communication process, to provide certain functions that you have requested (e.g. for the shopping cart function) or to optimise the website (e.g. cookies to measure the web audience) (necessary cookies) are stored on the basis of Art. 6 (1) (f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG); consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies in certain cases or generally exclude the automatic deletion of cookies when you close the browser. If you disable cookies, the functionality of this website may be limited.

You can find out which cookies and services are used on this website in this privacy policy.

Consent with ConsentManager

Our website uses ConsentManager's consent technology to obtain your consent to the storage of certain cookies on your device or to the use of certain technologies and to document them in compliance with data protection regulations. The provider of this technology is Jaohawi AB, Håltegelvägen 1b, 72348 Västerås, Sweden, website:

https://www.consentmanager.de (hereinafter referred to as "ConsentManager").

When you enter our website, a connection is established to the servers of ConsentManager in order to obtain your consents and other explanations regarding the use of cookies. ConsentManager then stores a cookie in your browser in order to be able to assign you the consents you have given or their revocation. The data collected in this way will be stored until you ask us to delete it, delete the consent manager provider cookie yourself or the purpose for which the data is stored no longer applies. Mandatory statutory retention obligations remain unaffected.

ConsentManager is used to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 (1) (c) GDPR.

Order processing

We have concluded a contract processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law that ensures that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Contact

If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We do not pass on this data without your consent.

The processing of this data is carried out on the basis of Art. 6 (1) (b) GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), if this has been requested; consent can be revoked at any time.

The data you enter in the contact form will remain with us until you ask us to delete it, revoke your consent to the storage or the purpose for which the data is stored no longer applies (e.g. after your enquiry has been processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.

Enquiry by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your enquiry, including all personal data resulting from it (name, enquiry), will be stored and processed by us for the purpose of processing your request. We do not pass on this data without your consent.

The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to its storage or the purpose for which it was stored no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

5. Social media

Our social media presences

This privacy policy applies to the following social media presences

https://www.facebook.com/LegereHotelGroup

https://www.instagram.com/legere.hotel.group/

https://www.linkedin.com/company/legere-hotelgroup

Data processing through social networks

We maintain publicly accessible profiles on social networks. The social networks we use in detail can be found below.

Social networks such as Facebook, X, etc. can usually analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presences triggers numerous data protection-relevant processing operations. In detail:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection is carried out, for example, via cookies that are stored on your device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be shown to you on and off the respective social media presence. If you have an account with the respective social network, interest-based advertising can be displayed on all devices on which you are logged in or were logged in.

Please also note that we cannot track all processing processes on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and privacy policy of the respective social media portals.

Legal basis

Our social media presences are intended to ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be indicated by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR).

Controller and exercise of rights

If you visit one of our social media presences (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) against us as well as against the operator of the respective social media portal (e.g. against Facebook).

Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing processes of the social media portals. Our options are largely based on the corporate policy of the respective provider.

Storage period

The data collected directly by us via the social media presence will be deleted from our systems as soon as you ask us to delete it, revoke your consent to its storage or the purpose for which it was stored no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal provisions – esp. retention periods – remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Your rights

You have the right to receive information about the origin, recipient and purpose of your stored personal data at any time, free of charge. You also have the right to object, data portability and a right to lodge a complaint with the competent supervisory authority. You can also request the correction, blocking, deletion and, under certain circumstances, the restriction of the processing of your personal data

Social networks in detail

Facebook

We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (hereinafter referred to as Meta). According to Meta, the data collected will also be transferred to the USA and other third countries.

We have concluded a joint processing agreement (Controller Addendum) with Meta. This Agreement sets out which data processing operations we or Meta are responsible for when you visit our Facebook page. You can view this agreement at the following link:

https://www.facebook.com/legal/terms/page_controller_addendum.

You can adjust your advertising settings independently in your user account. To do this, click on the following link and log in: https://www.facebook.com/settings?tab=ads.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission.

Details can be found here:

https://www.facebook.com/legal/EU_data_transfer_addendum and

https://de-de.facebook.com/help/566994660333381.

Details can be found in Facebook's privacy policy: https://www.facebook.com/about/privacy/.

The company is certified according to the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified according to the DPF is committed to complying with these data protection standards. For more information, please contact the provider at the following link: https://www.dataprivacyframework.gov/participant/4452.

Instagram

We have a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

Details on their handling of your personal data can be found in Instagram's privacy policy: https://privacycenter.instagram.com/policy/.

LinkedIn

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you wish to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission.

Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

Details on their handling of your personal data can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.

The company is certified according to the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified according to the DPF is committed to complying with these data protection standards. Further information on this can be obtained from the provider under the following link: https://www.dataprivacyframework.gov/participant/5448

Juicer

We use the "Juicer" service of Juicer.io, Inc., LLC 304 S. Jones Blvd #1205, Las Vegas NV 89107, USA., to display social media content (e.g. from Instagram, Facebook, X, LinkedIn or other platforms) in a bundled manner.

When integrating Juicer, content is loaded from external servers. This may involve the processing of personal data, in particular the IP address, device and browser information and, if necessary, other technically necessary usage data. This data is transmitted to Juicer's servers and processed there.

If you interact with the displayed social media content (e.g. clicking on a post or redirecting to a social media platform), further data processing is the responsibility of the respective social media provider.

The processing is carried out on the basis of Art. 6 (1) (a) GDPR (consent), provided that appropriate consent is obtained via our consent management tool. Juicer will not be loaded without your consent. If Juicer is involved in a technically imperative manner, the processing is carried out on the basis of Art. 6 (1) (f) GDPR (legitimate interest in an appealing presentation of our social media presence).

A transfer of data to third countries (in particular to the USA) cannot be ruled out. If a transfer to a third country takes place, this is done on the basis of suitable safeguards within the meaning of Art. 44 et seq. GDPR, in particular by concluding EU standard contractual clauses or on the basis of an adequacy decision.

Further information on data processing by Juicer can be found in the provider's privacy policy at: https://www.juicer.io/privacy

6. Analytics Tools and Advertising

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or statistics tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager does collect your IP address, which may also be transmitted to Google's parent company in the United States.

The use of Google Tag Manager is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and management of various tools on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.

The company is certified according to the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified according to the DPF is committed to complying with these data protection standards. Further information can be obtained from the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, dwell time, operating systems used and origin of the user. This data is summarized in a user ID and assigned to the respective end device of the website visitor.

Furthermore, we can use Google Analytics to, among other things: Record your mouse and scroll movements and clicks. In addition, Google Analytics uses various modeling approaches to complement the collected data sets and uses machine learning technologies in data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. The consent can be revoked at any time.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

The company is certified according to the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified according to the DPF is committed to complying with these data protection standards. Further information on this can be obtained from the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.

IP anonymization

Google Analytics IP anonymization is activated. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before it is transmitted to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet use to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data held by Google.

Browser Plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

You can find more information about the handling of user data by Google Analytics in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Order processing

We have concluded a contract processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Google Analytics E-Commerce Measurement

This website uses the "e-commerce measurement" function of Google Analytics. With the help of e-commerce measurement, the website operator can analyze the purchasing behavior of website visitors to improve its online marketing campaigns. Information such as the orders placed, average order values, shipping costs and the time from viewing to buying a product are recorded. This data may be summarized by Google under a transaction ID that is assigned to the respective user or their device.

Google Ads Remarketing

This website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

With Google Ads Remarketing, we can assign people who interact with our online offer to specific target groups in order to then display interest-based advertising in the Google advertising network (remarketing or retargeting).

Furthermore, the advertising audiences created with Google Ads Remarketing can be linked to Google's cross-device functions. In this way, interest-based, personalised advertising messages that have been adapted to you depending on your previous usage and surfing behaviour on one device (e.g. mobile phone) can also be displayed on another of your devices (e.g. tablet or PC).

If you have a Google account, you can object to personalized advertising at the following link: https://adssettings.google.com/anonymous?hl=de.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. The consent can be revoked at any time. Further information and the data protection regulations can be found in the privacy policy from Google at: https://policies.google.com/technologies/ads?hl=de.

The company is certified according to the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified according to the DPF is committed to complying with these data protection standards. Further information can be obtained from the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.

Target group creation with customer matching

For target group formation, we use, among other things, the customer match of Google Ads Remarketing. In doing so, we transfer certain customer data (e.g. email addresses) from our customer lists to Google. If the customers in question are Google users and logged in to their Google Account, they will be shown relevant advertising messages within the Google network (e.g. on YouTube, Gmail or in the search engine).

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. With the help of Google conversion tracking, Google and we can see whether the user has taken certain actions. For example, we can evaluate which buttons on our website have been clicked on how often and which products have been viewed or purchased particularly often. This information is used to compile conversion statistics. We learn the total number of users who clicked on our ads and what actions they took. We do not receive any information that allows us to personally identify the user. Google itself uses cookies or comparable recognition technologies for identification.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. The consent can be revoked at any time.

You can find more information about Google conversion tracking in Google's privacy policy: https://policies.google.com/privacy?hl=de.

The company is certified according to the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified according to the DPF is committed to complying with these data protection standards. Further information can be obtained from the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.

ADCELL

We use the partner program "ADCELL" of Firstlead GmbH (Rosenfelder Str. 15-16, 10315 Berlin; "ADCELL"). ADCELL and we are jointly responsible for the collection of your data that takes place when the service is integrated and for the transmission of this data to ADCELL. The basis for this is an agreement between us and ADCELL on the joint processing of personal data. The agreement can be accessed at https://www.adcell.de/datenverarbeitung. Accordingly, we and ADCELL are equally responsible for fulfilling the obligations under the GDPR, in particular for fulfilling the information obligations under Art. 13, 14 GDPR and for granting the rights of data subjects according to Art. 15 - 21 GDPR.

If you click on an ad with an affiliate link, ADCELL will place a conversion tracking cookie on your computer. The cookies serve the purpose of correct billing within the framework of the affiliate program by recording the success of an advertising medium. The cookies recognize that you have clicked on the ad and the origin of the order with the advertiser can be traced. In addition, ADCELL uses so-called tracking pixels. This can be used to evaluate information such as visitor traffic on the pages.

The information generated by cookies and tracking pixels about the use of this website (including the IP address) and the delivery of advertising formats is transmitted to an ADCELL server and stored there. Among other things, ADCELL can recognize that the affiliate link has been clicked on this website. ADCELL may pass on this (anonymized) information to contractual partners under certain circumstances, but data such as e.g. the IP address is not merged with other stored data.

The use of cookies or comparable technologies takes place with your consent on the basis of Section 25 (1) sentence 1 TTDSG in conjunction with Article 6 (1) (a) GDPR. The processing of your personal data is carried out with your consent on the basis of Art. 6 (1) (a) GDPR. You can withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of your consent before its withdrawal.

Meta Custom Audiences

We use Facebook Custom Audiences, a server-side event tracking tool, on our website. The service provider is the American company Meta Platforms Inc. The company Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) is responsible for the European region.

Facebook processes your data in the USA, among other places. Facebook or Meta Platforms is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure data transfer of personal data of EU citizens to the USA. More information can be found on https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.

In addition, Facebook uses so-called standard contractual clauses (= Art. 46 paras. 2 and 3 GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there. Through the EU-US Data Privacy Framework and the Standard Contractual Clauses, Facebook undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

The Facebook Data Processing Terms, which refer to the Standard Contractual Clauses, can be found under https://www.facebook.com/legal/terms/dataprocessing.

You can learn more about the data processed through the use of Facebook Custom Audiences in the Privacy Policy on https://www.facebook.com/about/privacy.

Meta Pixel (formerly Facebook Pixel)

This website uses the "Facebook pixel" of Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Meta"). In the case of explicit consent, this can be used to track the behavior of users after they have seen or clicked on a Facebook ad. This process is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can help optimize future advertising efforts.

When visiting the website, the following data, among others, may be processed by the Meta Pixel:

- IP address

- Device

- Browsing history

- Interactions on our website (e.g., page views, clicks, conversions).

The data is stored and processed by Meta so that a connection to the respective user profile is possible and Meta can use the data for its own advertising purposes, in accordance with the Meta (Facebook) Data Use Policy (https://www.facebook.com/about/privacy/). Meta and its partners will thus be able to place ads on and off Facebook. A cookie may also be stored on your computer for these purposes.

The collected data is stored by Meta for a period of 180 days and then removed if the website is not visited again by the user.

These processing operations are carried out exclusively upon the granting of explicit consent in accordance with Art. 6 (1) (a) GDPR.

This US company is certified under the EU-US Data Privacy Framework. This is an adequacy decision in accordance with Art. 45 GDPR, so that a transfer of personal data may also take place without further guarantees or additional measures.

7. Plugins and Tools

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The company is certified according to the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified according to the DPF is committed to complying with these data protection standards. Further information can be obtained from the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.

Google APIs

We use Google API Services services provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") to improve certain features of our website or applications – such as address completion, Google Maps integration, or synchronization with Google Calendars.

This may involve the transmission and processing of personal data to Google, in particular if you actively use functions that require a Google API. The processing will only take place if you have previously given your consent to it (Art. 6 para. 1 lit. a GDPR). Your data may also be processed on servers in the USA. Google is certified under the EU-U.S. Data Privacy Framework and thus offers an adequate level of data protection in accordance with Art. 45 GDPR.

We use the Google API Services only in accordance with the Google API Services User Data Policy, including the Limited Use requirements.

For more information on data processing by Google, please visit: https://policies.google.com/privacy

DialogShift chat application and other communication services on our website

This website uses the communication services of DialogShift GmbH, Torstr. 201, 10115 Berlin. These include a chat application, email communication, and phone communication. The applications process and store data for the purpose of web analysis, to operate the communication services and to respond to inquiries.

For the operation of the chat function, the chat texts are stored and a cookie with a unique ID is set - this is used to recognize you as a customer. In the case of e-mail and telephone communication, the communication content is also stored temporarily in order to ensure efficient processing of your requests.

A cookie is a small text file that is stored locally in the cache on your device. With the help of this cookie, our application recognizes the device and can call up past chat logs. This cookie is stored for 90 days since it was last used. You can disable the storage of cookies in your browser settings. However, without the use of cookies, the chat function cannot be performed.

The possible disclosure of e.g. name, e-mail address or a telephone number is voluntary and with the consent to temporarily use and store this data for the purpose of contacting us until the end of the contact. This personal data will be deleted after 90 days. When using the Journey Messaging Service, your contact information may also be used to provide travel-related information (such as check-in information) if you have consented to this.

The legal basis for data processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TTDSG.

DialogShift offers further information on the collection and use of data as well as on your rights and options for protecting your privacy under https://www.dialogshift.com/datenschutz.

8. eCommerce and payment providers

Processing customer and contract data

We collect, process and use personal customer and contract data to establish, design and amend our contractual relationships. We collect, process and use personal data about the use of this website (usage data) only to the extent necessary to enable the user to use the service or to bill for it. The legal basis for this is Art. 6 (1) (b) GDPR.

The customer data collected will be deleted after completion of the order or termination of the business relationship and expiry of any existing statutory retention periods. Statutory retention periods remain unaffected.

Payment service provider, payments by credit card or Girocard

PAYONE

To process payments at our check-in terminals and the on-site shops, we use the payment service provider PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt am Main (hereinafter referred to as "PAYONE"). PAYONE takes over the technical payment processing for various payment methods (e.g. credit card, SEPA direct debit, PayPal, etc.) on our behalf.

The processing of your payment data is carried out for the execution of the contract concluded with you (Art. 6 para. 1 lit. b GDPR) and to safeguard our legitimate interests in secure and efficient payment processing (Art. 6 para. 1 lit. f GDPR). The data transmitted to PAYONE includes, among other things, payment information, invoice amounts, details of the selected means of payment and other information necessary for payment processing.

PAYONE processes this data as an independent controller within the meaning of the GDPR. Further information on data processing by PAYONE and on your rights as a data subject can be found at: https://www.payone.com/datenschutz

Planet

To process payments on our website as well as the terminals at the receptions and in the restaurants, we use the payment service provider Planet Payment Limited, IDA Business & Technology Park, Clonshaugh, Dublin 17, D17 AK63, Ireland (hereinafter referred to as "Planet").

The processing of your payment data is carried out for the execution of the contract concluded with you (Art. 6 para. 1 lit. b GDPR) and to safeguard our legitimate interests in secure and efficient payment processing (Art. 6 para. 1 lit. f GDPR). The data transmitted to Planet includes, but is not limited to, payment information, invoice amounts, details of the payment method selected and other information necessary for payment processing.

Your data is processed for the purpose of making the payment on the basis of Art. 6 (1) (b) GDPR (performance of a contract) and on the basis of our legitimate interest in secure and efficient payment processing in accordance with Art. 6 (1) (f) GDPR. Planet acts as an independent responsible party.

For more information on data processing by Planet, please visit: https://www.weareplanet.com/legal/privacy-policy

PaybyLink

For the processing of payments via payment link, we use the service provider PayByLink B.V. Veenweg 158-B, 3641 SM Mijdrecht, Netherlands (hereinafter referred to as "PaybyLink").

When you make a payment using a payment link provided by us, you will be redirected to a secure payment page provided by PaybyLink. There you enter your payment details (e.g. credit card information), which are processed directly by PaybyLink. We do not receive complete payment data in this context, but only a confirmation of the successful or failed payment.

For more information on data processing by PaybyLink, please visit: https://paybylink.com/en/privacy-policy/

PayPal

We use the online payment service PayPal. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg. PayPal is an online payment service provider. Payments are processed via so-called PayPal accounts, which are virtual private or business accounts. In addition, PayPal offers the option of processing virtual payments via credit cards if a user does not have a PayPal account. A PayPal account is managed via an e-mail address, which is why there is no classic account number. PayPal makes it possible to initiate online payments to third parties or to receive payments. PayPal also performs fiduciary functions and offers buyer protection services.

If you select "PayPal" as the payment option during the ordering process in our online shop, your data will be automatically transmitted to PayPal. By selecting this payment option, you consent to the transfer of personal data required for payment processing.

The personal data transmitted to PayPal is usually first and last name, address, e-mail address, IP address, telephone number, mobile phone number or other data necessary for payment processing. For the processing of the purchase contract, such personal data in connection with the respective order is also necessary.

The transmission of the data is intended for payment processing and fraud prevention. We will transmit personal data to PayPal in particular if there is a legitimate interest in the transfer. The personal data exchanged between PayPal and us may be transmitted by PayPal to credit reference agencies. The purpose of this transfer is to check identity and creditworthiness.

PayPal may pass on the personal data to affiliated companies and service providers or subcontractors insofar as this is necessary for the fulfilment of contractual obligations or the data is to be processed on behalf of the customer.

You have the option of revoking your consent to the handling of personal data at any time vis-à-vis PayPal. A revocation does not affect personal data that must be processed, used or transmitted for the purpose of (contractually compliant) payment processing.

The use of PayPal is in the interest of proper and smooth payment processing. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. Your personal data will only be transmitted if you give your express consent in accordance with Art. 6 (1) (a) GDPR.

The applicable data protection regulations of PayPal can be accessed at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Credit checks

In the case of payment methods that are associated with payment default risks for us due to the provision of advance services or the possibility of a chargeback, i.e. payment by credit card or payment in cash or with Girocard at the end of the hotel stay, we occasionally check your current and previous payment behaviour towards us as well as your creditworthiness, based on the necessity and the overriding legitimate interest, Prevent payment defaults and protect our customers from identity abuse. This is done on the basis of and in accordance with the provision in Art. 22 (1) (a) GDPR and in Art. 6 (1) (b) and (f) GDPR as the legal basis. For this purpose, we work together with Creditreform, more precisely the Association of Associations Creditreform e.V., Hellersbergstraße 12, 41460 Neuss, from which we receive the necessary data. You can find the link to the privacy policy here: https://www.creditreform.de/eu-dsgvo.html

9. Own Services

Handling of applicant data

We offer you the opportunity to apply to us. In the following, we inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that the collection, processing and use of your data will be carried out in accordance with applicable data protection law and all other legal provisions and that your data will be treated in the strictest confidence.

We have commissioned YOURCAREERGROUP GmbH, Kaiserswerther Straße 282, 40474 Düsseldorf, to carry out the application process. A link on our website takes the applicant directly to the HOTELCAREER website of the YOURCAREERGROUP. There, the applicant can provide the information required for the application, which will then be forwarded to Fibona GmbH.

BITE

In addition, we use the applicant management tool of BITE GmbH, Magirus-Deutz-Straße 12, 89077 Ulm (hereinafter referred to as "BITE"). Data processing is carried out on the basis of Art. 6 (1) (b) GDPR (implementation of pre-contractual measures) and – if required by law – on the basis of Art. 6 (1) (a) GDPR (consent).

If you apply via our online applicant portal, the personal data you provide (e.g. contact details, CV, certificates) will be transmitted directly to BITE and processed there on our behalf. A data processing agreement has been concluded with BITE GmbH in accordance with Art. 28 GDPR, which ensures compliance with data protection requirements.

The processing of your application data is carried out exclusively for the purpose of processing your application. After completion of the application process, your data will be stored in accordance with the statutory retention periods and then deleted, unless further consent to storage has been given (e.g. for an applicant pool). Further information on data processing by BITE can be found at: https://www.b-ite.de/legal-notice.html

LinkedIn Recruiter

We use the "LinkedIn Recruiter" tool, a service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, to actively search for and approach potential applicants.

As part of the use of LinkedIn Recruiter, we process personal data of candidates that are publicly accessible on the LinkedIn platform or have been provided by the candidates themselves for professional networking. These include, in particular:

Name
Professional contact details
Professional Career
Qualifications and skills
Other information contained in the LinkedIn profile

The processing is carried out for the purpose of recruiting and filling vacancies on the basis of Art. 6 (1) (f) GDPR (legitimate interest in attracting suitable skilled workers) and – if a specific application procedure is initiated – additionally on the basis of Section 26 BDSG or Art. 6 (1) (b) GDPR.

If we contact candidates directly via LinkedIn, we process the contact details required for this purpose exclusively for the purpose of addressing them professionally. Any further processing will only take place if an application procedure is initiated or consent has been given.

In the context of the use of LinkedIn, a transfer of personal data to third countries, in particular to the USA, cannot be ruled out. LinkedIn bases data transfers to third countries on suitable safeguards within the meaning of Art. 44 et seq. GDPR, in particular on EU standard contractual clauses and, if applicable, on an adequacy decision of the European Commission.

Further information on data processing by LinkedIn can be found in LinkedIn's privacy policy at:
https://www.linkedin.com/legal/privacy-policy

Scope and purpose of data collection

If you send us an application, we will process your associated personal data (e.g. contact and communication data, application documents, notes in the context of job interviews, etc.) insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Art. 6 (1) (b) GDPR (general contract initiation) and – if you have given consent – Art. 6 (1) (a) GDPR. The consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.

If the application is successful, the data you submit will be stored in our data processing systems on the basis of Section 26 of the Federal Data Protection Act (BDSG) and Article 6 (1) (b) of the GDPR for the purpose of carrying out the employment relationship.

Data retention period

If we are unable to make you a job offer, you reject a job offer or withdraw your application, we reserve the right to store the data you provide on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. The storage serves in particular for the purpose of providing evidence in the event of a legal dispute. If it is evident that the data will be required after the expiry of the 6-month period (e.g. due to an imminent or pending legal dispute), deletion will only take place when the purpose for further storage no longer applies.

Longer storage may also take place if you have given your consent (Art. 6 para. 1 lit. a GDPR) or if statutory retention obligations preclude deletion.

Wiesbaden, February 2026

Data privacy

Subscribe to our Newsletter now