1. about this privacy policy
The protection of your privacy is important to us, Fibona GmbH. We would therefore urge you to read the following summary of how our website www.legere-hotelgroup.com works and - although limited in its functionality - to read it carefully at www.fibona.de.
The data protection declaration listed here complies with the guidelines of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). It is intended to provide information about the type, scope and purpose of the processing of personal data by the website operator (Fibona GmbH) and the websites, functions and content associated with it.
In this respect, our privacy policy also uses the terms and definitions of the General Data Protection Regulation (GDPR) and the BDSG. Further details can be found there or in the following section 4 of this privacy policy, where the terms used here are defined and explained in more detail, such as “personal data” or their “processing”. In this regard, we refer in particular to Art. 4 of the General Data Protection Regulation (GDPR).
Although our website is equipped with various security precautions, complete protection of your data cannot be guaranteed, as security gaps on the Internet cannot be ruled out. If you have any concerns regarding your data, you will find the relevant contact details of our contact persons at the beginning of this text.
2 Legal basis for the processing of personal data
When using our online services, we ask you to provide us with the information necessary for us to provide these online services, for example to find and book suitable accommodation or events. This required information includes your name (first name and surname), your address, other contact details such as telephone number or e-mail address, the name of the guests traveling with you, your payment information, for example your credit card details or bank account details if direct debit has been agreed. All this information is required within the meaning of Art. 6 para. 1 lit. b. Alt. 1 GDPR, because this is the only way to book hotel rooms in this way. We therefore need your personal data to support, complete, manage and realize your bookings and to ensure that we can provide the best possible service by contacting you, answering and clarifying inquiries and sending you the latest offers.
You are of course free not to provide us with this information. However, without this information we will not be able to respond to booking inquiries, make hotel bookings or provide any services.
When you visit our website, we collect further information about the device you are using, such as your IP address, the browser you are using, etc. This is necessary to ensure the functionality of our website. This is necessary to ensure the functionality of our websites and also to guarantee both the IT security of our services and your personal data.
We process personal data exclusively in compliance with the relevant data protection regulations. User data is only processed if we have legal permission to do so, i.e. in particular if data processing is required to provide our contractual services (e.g. processing booking inquiries) or is prescribed by law, if consent has been given or on the basis of our legitimate interest.
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.
Art. 6 para. 1 lit. b GDPR serves as the legal basis for the processing of personal data of the data subject, the collection and use of which is necessary for the performance of a contract with the data subject. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Where the processing of personal data is necessary for compliance with a legal obligation to which we are subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
Our legitimate interest lies in the analysis, optimization, economic operation and security of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR. GDPR, in particular when measuring reach, creating profiles for advertising and marketing purposes, collecting access data and using the services of third-party providers.
3. personal data
The term “personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The term “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
We receive the personal data directly from you, e.g. as part of general inquiries or reservation and booking requests, requests for a table reservation in the restaurant or bar, as part of bookings, orders for brochure materials or newsletter subscriptions, as part of existing business relationships or through personal contact with our employees. We only process your personal data in accordance with the GDPR insofar as this is necessary for the provision of our services.
We process the following data, among others:
Contract data (first name, surname, address, telephone and e-mail address, services used, contact person data, payment information, forwarding of this payment information to payment service providers)
Master data for making contact (e.g. first name and surname, address, contact details)
Order and correspondence data (e.g. in the context of order processes)
Advertising and sales data (e.g. about potentially interesting products)
Data for the initiation and execution of our business relationships (e.g. newsletter, payment processing)
For further details on this processed data, please refer to the explanations in section 3 above, in which this information and data is specifically named.
We use the data we collect to provide the products and services you have requested, to inform you about other products and services we offer, to administer our websites and services and to comply with our statutory rights and data processing obligations.
Data is processed to fulfill a contract with you or to carry out pre-contractual measures based on your request. The purposes of data processing depend in detail on the specific business relationship or the specific order placed by you.
In accordance with the applicable regulations, this data is only collected and stored for as long as it is required and used to fulfill our services and the legally applicable deletion regulations are complied with.
4. further data collection
In addition, we collect further general data and information (e.g. browser type and version, operating system used, the website from which our website is accessed, the date and time of access to our website, the respective Internet Protocol address (IP address), as well as other information used for security purposes) each time our website is accessed, for example:
4.1 Log files
When you visit our website, the browser you use automatically sends information to our website server. This information is temporarily stored in a so-called log file. Such a log file is created as part of an automatic log of the processing computer system. This means that information relating to the end device you are using is stored as log files on a server.
We also carry out a log file analysis. As the website provider or the provider commissioned by us to do so, we record the following data
Access to the page: date, time, frequency
How you reached the page (previous page, hyperlink, etc.)
Amount of data sent
Which browser and which version of it you are using
Your IP address
Here too, the data collected is only used to improve our offer. In addition, a smooth connection setup of the website as well as a comfortable use should be ensured. The mentioned data is also processed for the evaluation and review of system security and system stability as well as for further administrative purposes. We or our provider may only store server log files for longer, release them or subsequently access them if this is permitted within the legal framework (e.g. in the event of suspected illegal activities).
4.2 Cookies
a) Session cookies/session cookies
This website uses cookies. Cookies are small text files or other storage technologies that are placed and stored on your end device by the Internet browser you use. These cookies are used to process certain information about you, such as your browser or location data or your IP address, on an individual basis. Among other things, we use authentication cookies, language/country cookies and cookie consent.
This processing makes our website more user-friendly, effective and secure, as the processing enables, for example, the reproduction of our website in different languages or the offer of a shopping cart function.
The legal basis for this processing is Art. 6 para. 1 lit. b GDPR, insofar as these cookies process data for the initiation or execution of a contract.
If the processing does not serve to initiate or process a contract, our legitimate interest lies in improving the functionality of our website. The legal basis is then Art. 6 para. 1 lit. f GDPR.
All cookies are deleted when you log out. Otherwise, authentication cookies are deleted after 20 minutes of inactivity (expiry of the session), the cookieconsent after 1 year and language/country cookies when the browser is closed or 20 minutes of inactivity.
You have the option of blocking the setting of cookies and deleting cookies that have already been set. In such a case, we must inform you that certain features on the site will either no longer work or will only work to a limited extent.
b) Third-party cookies
With our website, we also use cookies from third-party companies with whom we work for the purpose of advertising, analysis or the functionalities of our website.
Please refer to the following information for details, in particular the purposes and legal basis for processing such third-party cookies.
Since most browsers automatically accept cookies, we have set up an initial query before you use our website, in which you can choose whether you only want to allow technically necessary cookies or also third-party cookies. You can therefore configure your browser so that only session cookies, but not third-party cookies, are stored on your computer. You can therefore also allow all cookies, but revoke this consent at any time via the Consent Manager and thus delete cookies that have already been stored at any time. However, the steps and measures required for this depend on the specific Internet browser you are using. If you have any questions, please use the help function or documentation of your Internet browser or contact its manufacturer or support. In the case of so-called Flash cookies, however, processing cannot be prevented via the browser settings. Instead, you must change the settings of your Flash player. The steps and measures required for this also depend on the specific Flash player you are using. If you have any questions, please also use the help function or documentation of your Flash player or contact the manufacturer or user support.
However, if you prevent or restrict the installation of cookies, this may mean that not all functions of our website can be used to their full extent.
5.1 Google Analytics web analytics services
We use Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), for the purpose of designing and continuously optimizing our pages to meet your needs. In this context, pseudonymized user profiles are created and cookies (see section 4) are used. The information generated by the cookie about your use of this website, such as
Browser type/version,
operating system used,
Referrer URL (the previously visited page)
Host name of the accessing computer (IP address)
Time of the server request,
are generally transmitted to a Google server and stored there; this may also involve transmission to the servers of Google LLC. in the USA. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage for the purposes of market research and the needs-based design of this website. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymized so that they cannot be assigned (IP masking).
Through certification in accordance with the EU-US Privacy Shield
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Google guarantees that the data protection requirements of the EU are also complied with when processing data in the USA.
The Google Analytics service is used to analyze the usage behavior of our website. The legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the analysis, optimization and economic operation of our website.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this link. An opt-out cookie will be set to prevent the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
5.2 Newsletter and subscriptions
If you subscribe to a newsletter offered to receive our promotional information, we will store your e-mail address together with your first and last name and other information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter.
By sending you a registration e-mail with a confirmation link, our registration system ensures that you actually wish to receive the selected newsletter (so-called double opt-in procedure).
Within the scope of the consent thus expressly granted in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we will then use your e-mail address to send you our newsletter on a regular basis. To receive the newsletter, it is sufficient to provide an email address.
Your data will be processed exclusively for the requested newsletter; your data will not be used for any other purposes. We will also not pass on your data to third parties.
We use the mailing service “MailChimp” from the US company The Rocket Science Group to collect the data and send the newsletter. This personal data is processed on servers in the USA within the framework of and in compliance with the “EU-US Privacy Shield”. With the decision of the European Commission (2016/1250) of July 12, 2016 on the so-called EU-U.S. Privacy Shield, this basis has been available for data transfers to the USA since August 1, 2016. MailChimp is certified under this data protection agreement “EU-US Privacy Shield” and thus undertakes to comply with EU data protection regulations. For further details on MailChimp, please refer to the following information under section 8.2 paragraph (8).
If you no longer wish to receive the newsletter, you can unsubscribe at any time. A link to unsubscribe is provided at the bottom of the newsletter and your e-mail address will be deleted from the mailing list immediately.
6. contacting us
When contacting us directly (via the contact form on our website, by email, letter, telephone, messenger service, etc.), your details will be used to process the contact request and its handling in accordance with Art. 6 para. 1 lit. b. GDPR. DSGVO processed. We are also entitled to do so on the basis of our legitimate interests (efficient and fast processing of user inquiries).
We use the hotel software onepagebooking from HotelNetSolutions GmbH (HNS) to collect data on our website and for online bookings. This personal data is processed as part of order processing in accordance with Art. 28 GDPR.
This data is then transferred, stored and processed via an interface to the property management system (PMS) we use, the SIHOT.PMS hotel software from GUBSE AG. According to information from Gubse AG and to our knowledge, the personal data collected in this way is not accessed. However, Gubse AG would be and is itself obliged to comply with the EU level of data protection.
7. Comments and contributions
Even if you leave comments or other contributions, your respective IP address will be stored on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR for 7 days. GDPR for 7 days. This is necessary if unlawful, in particular illegal, in particular criminal content is left in comments and posts (e.g. insults, prohibited political propaganda, etc.). In this case, we ourselves could be responsible for the comment or contribution and must therefore at least be able to determine the identity of the author.
8. Passing on data to third parties
As a matter of principle, we do not pass on your data to third parties. We also take appropriate measures and carry out regular checks to ensure that the data we collect cannot be viewed by third parties and that it cannot be accessed.
8.1 Data transfer to external service providers
Service partners are an exception to the above regulation, insofar as they work on our behalf and support Fibona GmbH in the provision of its services. Such service partners are, for example, the provider of this website or the hotel software used for the bookings. This may also be the case, for example, when sending advertising content or when processing payment transactions, for example by credit card. Data is only ever passed on in accordance with the legal requirements. We only pass the data on to third parties if you have given your express consent to this in accordance with Art. 6 para. 1 sentence 1 lit. a. GDPR or if this is e.g. on the basis of Art. 6 para. 1 lit. b. GDPR is required for contractual purposes or on the basis of legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR in an economic and effective operation.
Insofar as external service providers come into contact with your personal data, we also take legal, technical and organizational measures and carry out regular checks to ensure that these service providers comply with the applicable data protection regulations. Fibona GmbH has obliged these service providers to comply with the applicable data protection level in accordance with the GDPR and BDSG and also monitors their compliance on an ongoing basis.
8.2 The following table provides an overview of these external service providers
(1) We have commissioned Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany, as the hosting provider, i.e. for hosting the websites and for back-up. This hosting provider operates the Internet services required for the necessary infrastructure of the website. You can find the link to the privacy policy here: https://www.hetzner.de/rechtliches/datenschutz
(2) We use the hotel software onepagebooking from HotelNetSolutions GmbH (HNS), Genthiner Str. 8, 10785 Berlin as a booking engine. When making bookings via our website, you enter your details in this software system used by us, where they are stored and processed. You can find the link to the privacy policy here: https://www.hotelnetsolutions.de/Datenschutz
We also use the hotel softwareSIHOT.PMS, a property management system (PMS) from GUBSE AG, Bahnhofstraße 26-28, 66578 Schiffweiler, Germany, to manage our hotels. This is an information and management system for controlling processes in the hotel, in which all front office, reservation and property management functions are combined in one interface. Further information on this can be found in section 9 below.
(3) We use the systems of our partner Supranational Hotels Ltd. as a global distribution system (GDS), which travel agencies use to query information and booking options, in particular about prices, availability and booking options, in particular the CRS (Central Reservation System) there, so that we can also be booked online internationally for customers and guests via the affiliated travel agencies and travel service providers. Supranational is a brand ofReconline AG, Staldenstrasse 58, 3920 Zermatt, Switzerland.you can find the link to the privacy policy here: http://www.reconline.com/d/index.html#
(4) We use the TRUSTYOU product from TrustYou GmbH, Steinerstrasse 15, 81369 Munich, Germany, as a guest feedback platform and rating tool. Customers receive an e-mail from the hotel with a direct link to TRUSTYOU and fill out online questionnaires with customer data. The completed questionnaires with the customer data are evaluated and processed by TRUSTYOU and then made available to the hotel. You can find the link to the privacy policy here: https://www.trustyou.com/wp-content/uploads/2018/06/2018-05-24-trustyou-DSE.pdf
(5) Only for the Légère Hotel Luxembourg is it possible to book a table in the restaurant and other food & beverage services online. A table reservation tool from Luxtable artipub s.à r.l., 13, rue Edmond Reuter, L-5326 Contern, is used for this purpose. The customer can enter their name, contact details and the number of seats required there
(6) We have commissioned the advertising agency Münch Impact GmbH, Humboldtstraße 6, 65189 Wiesbaden, Germany, as our advertising agency, which is also responsible for creating and sending the newsletter; you can find the link to the privacy policy here: https://muenchimpact.com/datenschutz/
(7) For job advertisements, we link applicants who wish to apply via our website directly to the HOTELCAREER website of our partner YOURCAREERGROUP GmbH, Kaiserswerther Straße 282, 40474 Düsseldorf. The applicant can then enter the required information on the HOTELCAREER website, which will then be forwarded to us by HOTELCAREER. You can find the link to the privacy policy here: https://www.hotelcareer.de/datenschutzerkl%C3%A4rung
(8) The newsletter is sent via “MailChimp”, a newsletter distribution platform of the US provider The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.
Your data stored when you register for the newsletter via MailChimp (first and last name, email address, IP address, date and time of your registration) will be transferred to a server of The Rocket Science Group in the USA and stored there in compliance with the EU-US Privacy Shield. The link to the privacy policy with further information on data protection at MailChimp can be found at: mailchimp.com/legal/privacy/
Further information on the “EU-US Privacy Shield” can be found at The Federal Commissioner for Data Protection and Freedom of Information ec.europa.eu/justice/data-protection/international-transfers/eu-us-privacy-shield/index_en.htm
(9) Credit check: In the case of payment procedures that are associated with payment default risks for us due to the provision of advance services or the possibility of a chargeback, i.e. payment by credit card or payment in cash or by Girocard at the end of the hotel stay, we occasionally check your current and previous payment behavior towards us as well as your creditworthiness, based on the necessity and the overriding legitimate interest in avoiding payment defaults and protecting our customers from identity fraud. This is based on and in accordance with the provision in Art. 22 para. 1 lit. a GDPR and in Art. 6 para. 1 lit. b. and lit. f. GDPR as the legal basis. For this purpose, we work together with Creditreform, more precisely the Verband der Vereine Creditreform e.V., Hellersbergstraße 12, 41460 Neuss, from which we receive the necessary data. You can find the link to the privacy policy here: https://www.creditreform.de/eu-dsgvo.html
The processing of your personal data by contracted service providers takes place within the framework of order processing in accordance with Art. 28 GDPR, but only to the extent necessary, i.e. to the extent that these service providers receive or can receive access to relevant personal information at all.
These service providers only receive access - if at all - to such personal information as is necessary for the fulfillment of the respective activity and may only use the personal data in accordance with our instructions. The service providers may not pass on your personal information or use it for other purposes, in particular for their own advertising purposes.
Insofar as external service providers come into contact with your personal data, we take legal, technical and organizational measures and carry out regular checks to ensure that these service providers also comply with the applicable data protection regulations. Fibona GmbH has obligated these service providers to comply with the German level of data protection and also monitors their compliance on an ongoing basis.
Finally, we may also be required by law to disclose personal data to the competent authorities for law enforcement purposes.
Even if a chargeback is made for credit card payments, certain booking details may have to be transmitted to the payment provider and the respective financial institutions for clarification in order to process the chargeback request. This may include, for example, a copy of the booking confirmation or the IP address used for the booking.
Your personal data will not be shared commercially with other companies.
Finally, we integrate the use of some social media into our websites, so that we are involved in the collection of your personal data or the provider of the social media receives some of your information as a result. We have listed further details on this below.
9. integration of third-party services and content
We integrate content or service offers from third-party providers in order to provide you with a comprehensive, convenient service offering that meets your expectations. To enable you to use these services, your IP address must be forwarded to these third-party providers because they would not be able to send the content to your browser without the IP address.
Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to analyze information such as visitor traffic on the pages of this website.
The following presentation provides an overview of the third-party providers integrated by us and their content, together with - where possible - links to their data protection declarations, which contain further information on the processing of data and opt-out options:
9.1 Google Analytics web analysis services
This website uses functions of the web analysis service Google Analytics. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. this service enables us to track the use of our website by creating reports and thus to adapt our offer to the demands of the users. We are legally obliged to inform you about how this service works.
Google Analytics sets its own cookies. The data collected in this way is usually transferred to a server in the USA and stored there. Google Analytics cookies are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising.
Data generated by Google Analytics includes:
Type of browser and its version
The operating system you are using
How long you stay on our site
The previously visited website
Your IP address
Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law.
We have also adapted Google Analytics to the applicable data protection legislation. If you have anonymized your IP address, it will generally be truncated before leaving the European Economic Area.
If you would like to deactivate the relevant cookies, you can find a corresponding browser plugin under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
If you do not want your data to be collected by Google Analytics at all, you can set an opt-out cookie via the following link, which will prevent future collection of information: https://tools.google.com/dlpage/gaoptout?hl=de
IP anonymization
We have activated the IP anonymization function on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Browser plugin
You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
Objection to data collection
You can prevent the collection of your data by Google Analytics by clicking on the following link: Deactivate Google Analytics
An opt-out cookie will be set to prevent your data from being collected on future visits to this website. You can find more information on how Google Analytics handles user data in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
Demographic characteristics with Google Analytics
This website uses the “demographic features” function of Google Analytics. This allows reports to be created that contain statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google and from visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in the section “Objection to data collection”.
9.2 YouTube videos
We have embedded YouTube videos on our website, which are stored on the servers of the provider YouTube and can be played from our website via embedding. The videos are embedded with the option for extended data protection settings activated. When you play these videos, YouTube cookies and DoubleClick cookies are stored on your computer and data may be transferred to Google Inc, Amphitheater Parkway, Mountain View, CA 94043, USA, as the YouTube operator.
When videos stored on YouTube are played, at least the following data is currently transmitted to Google Inc. as the YouTube operator and operator of the DoubleClick network: IP address and cookie, the specific address of the page accessed on our website, system date and time of access, identification of your browser.
This data is transmitted regardless of whether you have a Google user account that you are logged into or whether you do not have a user account. If you are logged in in this way, Google may assign this data directly to your account. If you do not wish to be associated with your profile, you must log out before activating the play button for the video.
YouTube and Google Inc. store this data as user profiles and may use it for the purposes of advertising, market research and/or the needs-based design of their websites. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google as the operator of YouTube to exercise this right.
Further information on the purpose and scope of data collection and its processing by Google can be found on this information page. The following data protection provisions published by YouTube, which can be found at www.google.de/intl/de/policies/privacy/abrufbar, inform you about the collection, processing and use of personal data by YouTube and Google.
Opt-out: https://www.google.com/settings/ads/.
9.3 Google Maps
This website uses the map software GoogleMaps from Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using this website, you consent to the collection, processing and use of data that may be collected automatically by Google and its representatives. The applicable data protection provisions can be found at www.google.de/intl/de/policies/privacy/. They provide information about the collection, processing and use of personal data by YouTube and Google. Opt-out: https://www.google.com/settings/ads/.
9.4 Google AdWords
We also use Google Conversion Tracking for the purpose of optimizing our website and to statistically record the use of our website. The provider of Google AdWords is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The applicable data protection provisions can be found at www.google.de/intl/de/policies/privacy/.
If you access our website via a Google ad, Google Adwords will place a cookie (see section 5.2) on your computer. These cookies lose their validity after 30 days. They are not used for personal identification. If you then visit our website again and the cookie has not yet expired, it will be recognized that the user clicked on the ad and was redirected to this page. Each Adwords customer receives a different cookie. Cookies can therefore not be tracked via the websites of Adwords customers. The information collected using the conversion cookie is used to generate conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers find out the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information with which users can be personally identified. If you do not wish to participate in the tracking process, you can also refuse the setting of a cookie required for this - for example, by using a browser setting that generally deactivates the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the domain “www.googleadservices.com”. You can find Google's privacy policy on conversion tracking here (https://services.google.com/sitestats/de.html).
9.5 Property Management System (PMS) of Gubse AG
We use the SIHOT.PMS hotel software, a property management system (PMS) from GUBSE AG, Bahnhofstraße 26-28, 66578 Schiffweiler, Germany, to manage our hotels. This is an information and management system for controlling hotel processes, in which all front office, reservation and property management functions are combined in one interface. Interfaces connect SIHOT.PMS with all known applications, from the telephone system and energy management to Internet reservations, Internet bookings and external financial accounting.
Your data can therefore be stored and processed in the software system we use. According to information from Gubse AG and to our knowledge, SIHOT does not have access to the personal data collected in this way. However, Gubse AG would be and is itself obliged to comply with the EU level of data protection. You can find the link to the privacy policy here: https://www.sihot.com/rechtliche-informationen/
9.6 Payment service provider, payments by credit card or Girocard:
(1) We use the services of the payment provider SIX Payment Services AG, Hardturmstrasse 201 (P.O. Box 1521), CH-8021 Zurich, for the processing of payments or for the provision of security by girocard or credit card.
According to information from SIX Payment Services AG and to our knowledge, the data collected in this way (only the credit card number is read in according to SIX) is not accessed because the data collected and transmitted is not personal. Nevertheless, we oblige SIX Payment Services AG to comply with the EU level of data protection. You can find the link to the privacy policy here: https://www.six-payment-services.com/de/services/legal/privacy-statement.html
(2) However, if a chargeback of credit card payments is made, it may be necessary to transmit certain booking details to the payment provider and the respective financial institutions for clarification in order to process the chargeback request. This may, for example, be a copy of the booking confirmation or the IP address that was used for the booking.
9.7 Instagram:
Facebook Ireland Ltd. processes (personal) data when using Facebook products - including when visiting the Instagram page of - even of persons who are not registered with any of the Facebook services. Facebook describes what (personal) data this is in detail, how, for what purposes and on what legal basis it is processed in its data policy (https://help.instagram.com/519522125107875?helpref=page_content), which applies to all Facebook products. Information on how to contact Facebook and the settings options for advertisements, cookies, etc. can also be found there. The data may be transferred to countries outside the European Union.
Facebook provides more information about the cookies that Instagram sets when an Instagram account exists, Facebook products (including the website and apps) are used or other websites and apps are visited that use Facebook products (including the “Like” button or other Facebook technologies) in the cookie policy (https://www.facebook.com/policies/cookies/). You can also find information on how to manage information about you at this link: https://www.facebook.com/policies/cookies/.
When you visit the Instagram page, Facebook records your IP address, among other things. Together with other information that Facebook receives through cookies, Facebook provides Fibona GmbH, as the operator of the Instagram page, with statistical information about the use of this Instagram page (so-called page insights). This is summarized data that shows how users interact with the page. These Page Insights may be based on personal data collected by Facebook in connection with a visit or interaction of users on or with the Instagram page of the Federal President and its content. Facebook provides more information on this here: https://www.facebook.com/about/privacy.
Fibona GmbH can use Page Insights to anonymously evaluate the reach, page views, time spent on video posts, actions (likes, comments, sharing posts) and by age, gender and location (as specified by users in their respective Instagram profiles). Settings can be made for the evaluation of the reach or corresponding filters can be set with regard to the selection of a time period, the viewing of a specific post and demographic groupings (e.g. female, 20-30 years old). This data is anonymized, aggregated and abstracted. These settings therefore do not allow Fibona GmbH to draw any conclusions about individuals. The evaluation serves to optimize the offer on the Instagram page of the Federal President for the purpose of public relations.
9.8 Other services:
(1) We have integrated functions of the Google+ service on our website, offered by the third-party provider Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. As the provider of our website, we have no knowledge of the content of the transmitted data or its use by Google+. You can find the link to the privacy policy here: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
(2) We have integrated functions of the Instagram service on our website, offered by Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA. As the provider of our website, we have no knowledge of the content of the transmitted data or its use by Instagram. You can find the link to the privacy policy here: http://instagram.com/about/legal/privacy/.
(3) We have integrated functions of the Facebook network on our website, offered by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The operating company of Facebook is Facebook, Inc, 1 Hacker Way, Menlo Park, CA 94025, USA. As the provider of our website, we do not receive any knowledge of the content of the transmitted data or its use by Facebook.
You can find the link to the privacy policy here: https://www.facebook.com/about/privacy/.
Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee that it will comply with European data protection law even when transferring and storing data in the USA (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
Further information on the “EU-US Privacy Shield” can be found at The Federal Commissioner for Data Protection and Freedom of Information ec.europa.eu/justice/data-protection/international-transfers/eu-us-privacy-shield/index_en.htm
10. data protection for applications and in the application process
We collect and process the personal data of applicants for the purpose of handling the application process. If an employment relationship is established following the application process, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no employment relationship is concluded with the applicant, the application documents will be automatically deleted two months after notification of the rejection decision, provided that no other legitimate interests prevent deletion, for example in the case of proceedings under the General Equal Treatment Act (AGG).
We have commissioned YOURCAREERGROUP GmbH, Kaiserswerther Straße 282, 40474 Düsseldorf, Germany, to carry out the application process. A link on our website takes the applicant directly to the YOURCAREERGROUP's HOTELCAREER website. There the applicant can provide the information required for the application, which will then be forwarded to Fibona GmbH.
11. Your rights
You naturally have rights in relation to the collection of your data. We are legally obliged to inform you of these rights. The exercise and implementation of these rights is free of charge for you.
Right of withdrawal (Art. 7 para. 3 GDPR)
You have the right to withdraw your declaration of consent under data protection law at any time by notifying Fibona GmbH. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. If you wish to exercise your right of withdrawal, simply send an e-mail to datenschutz@legere-hotelgroup.com.
Right to object (Art. 6 para. 1 GDPR)
You have the right to object at any time to the processing of personal data concerning you in accordance with Art. 6 para. 1 lit. f GDPR.
We will then no longer process your personal data unless there are legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If you wish to exercise your right to object, simply send an email to datenschutz@legere-hotelgroup.com.
Right to data portability (Art. 20 GDPR)
You have the right to request the transfer of your data from us to another body at any time.
The right to data portability requires that
personal data within the meaning of 4 para. 1 GDPR are affected,
the personal data must have been provided to the controller by the data subject
the processing of the personal data must be based on consent or a contract in accordance with 6 para. 1 lit. b GDPR and
the data processing is carried out by automated means.
Right to information (Art. 15 GDPR)
You have the right to request confirmation from us as to whether and how we obtain personal data from you. This right is implemented by this privacy policy. You can also request information electronically.
The right to rectification (Art. 16 GDPR)
If data processing is carried out with incorrect personal data of the data subject, the data subject has the right to rectification without undue delay. However, the purpose of the processing must be taken into account.
Right to erasure (Art. 17 GDPR)
You have the right to have your data erased (right to be forgotten). The data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay.
Right to restriction of processing (Art. 18 GDPR)
The data subject has the right to restriction of processing, i.e. to “stop” processing. This right applies if
the data subject questions the accuracy of the data
the processing is unlawful,
the data is required to assert legal claims after the purpose of the data processing has ceased to exist, or
the data subject has lodged an objection in accordance with Art. 21 GDPR.
Right to lodge a complaint (Art. 77 GDPR)
You have the right to lodge a complaint with a supervisory authority or a competent body if you have a reason for complaint.
Competent supervisory authority:
The Hessian Commissioner for Data Protection and Freedom of Information
Gustav-Stresemann-Ring 1
65189 Wiesbaden
or
P.O. Box 31 63,
65021 Wiesbaden
Telephone: +49 (0) 611 1408 0
Fax: +49 (0) 611 1408 611
Internet: http://www.datenschutz.hessen.de
To exercise this right and the two aforementioned rights, you can also contact the contact persons listed at the beginning of this privacy policy.
Right to object
If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f. GDPR. GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation. If you wish to exercise your right of revocation or objection, simply send an email to datenschutz@legere-hotelgroup.com.
12. data security
We take organizational, contractual and technical security measures in accordance with the state of the art. We thus ensure that the provisions of the data protection laws are complied with. We thus protect the data processed by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons.
We maintain various security measures within the meaning of Art. 32 GDPR (technical and organizational measures) to protect your personal data.
To ensure secure transmission of the data you send to us, we offer SSL/TLS encryption on our website using the current TLS v1.1 and TLS v1.2 encryption protocols. We would like to point out that the comprehensive encryption of the transmission path also depends on your Internet browser. We therefore recommend that you keep your Internet browser up to date so that TLS v1.1. or TLS v1.2 encryption is automatically set up when you visit our website.
If you contact us by e-mail, we would like to point out that the confidentiality of the information transmitted is not guaranteed. The content of e-mails may be viewed by third parties. We therefore recommend that you send us confidential information by post.
In the case of applications, at least the attachment should be encrypted with 7Zip. The password can then be forwarded to the future employer by telephone.
13. deletion of data
The stored data will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it must be retained for reasons of commercial or tax law, for example, its processing will be restricted. The data will then be blocked and not processed for other purposes.
14. Amendment of the privacy policy
We reserve the right to amend this data protection declaration if the legal situation or this online offer or the type of data collection changes. However, this only applies to declarations on data processing. If the user's consent is required or components of the privacy policy contain a regulation of the contractual relationship with users, the privacy policy will only be amended with the user's consent.
Therefore, please inform yourself regularly about this privacy policy as required, especially if you provide personal data.
You can access and print out the current privacy policy at any time on the following websites at www.legere-hotels-online.com/datenschutz, at www.charlys-house.de/datenschutz and, with regard to the websites with limited functionality, www.fibona.de/hotels_resorts/legere-hotels and www.fibona.de/hotels_resorts/charlys-house at www.fibona.de/datenschutz.
Status: June 2018