1. Controller for processing, operational data protection officer
Fibona GmbH, Central Hotels & Resorts
Local court (Amtsgericht) Wiesbaden, HRB 7373
Managing Director: Sven Köllmann
Data protection officer:
2. About this data protection statement
The protection of your privacy is important to us at Fibona GmbH. We therefore urge you to read the following summary about how our websites www.legere.online and www.legere-hotelgroup.com as well as - though with limitations - www.fibona.de/hotels_resorts/legere-hotels and the website www.fibona.de/hotels_resorts/charlys-house work with care.
The data protection statement given here complies with the directives of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (Bundesdatenschutzgesetz; BDSG). It is to provide information about the type, scale and purpose of processing of personal data by the website operator (Fibona GmbH) and the associated websites, functions and contents.
In this respect, our data protection statement also uses the terms and definitions of the General Data Protection Regulation (GDPR) and the BDSG. For more details, see there or in the following item 4 of this data protection statement. The terms used here, such as "personal data" or "processing", are defined and explained there in more detail. In this regard, we refer in particular to Article 4 of the General Data Protection Regulation (GDPR).
Although our site is equipped with various protection measures, we cannot guarantee complete protection of your data. Security gaps cannot be excluded on the Internet. If you have any questions regarding your data, you will find the corresponding contact details of our contact persons at the beginning of this text.
3. Legal basis relating to processing of personal data
Within the framework of using our online services, we ask you to provide us with information that is necessary for us to be able to provide these online services, for example to find and book appropriate accommodation or events. This necessary information includes your name (first and last name), your address, further contact details such as phone number or email address, the name of the guests travelling with you, your payment details, i.e. for instance details of your credit card or the account details in the case of an agreed direct debit procedure. All this information is necessary within the meaning of point (b) of Article 6(1), alternative 1 GDPR, because this is the only way to book hotel rooms on this channel. We therefore require your personal details in order to support, complete, manage and implement your bookings and in order to ensure that we can provide the best possible service by contacting you, answering and clarifying inquiries and sending you the latest offers.
You can, of course, freely decide not to provide us with this information. However, booking inquiries cannot be answered, hotel bookings cannot be made and services thus cannot be rendered by us without this information.
When you visit our website, we collect additional information about the end device you are using, such as your internet protocol address, the browser you are using, etc. This is necessary to ensure the function of our websites and to ensure both IT security of our offers and your personal data.
We process personal data exclusively in compliance with the relevant provisions on data protection. The data of the users will only be processed if permitted by law, in particular if processing activities are necessary for provision of our contractual service (for example processing of booking requests) or required by law, based on consent or our legitimate interest.
As far as we acquire the consent of the data subject for processing activities concerning personal data, point (a) of Article 6(1) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
Point (b) of Article 6(1) GDPR is the legal basis for processing of personal data of the data subject, if collection and use of these are necessary for compliance with a contract with the data subject. This also applies to processing activities that are necessary to carry out pre-contractual measures.
Point (c) of Article 6(1) GDPR is the legal basis for processing of personal data required to comply with a legal obligation on our end.
If any vital interests of the data subject or any other natural person require processing of personal data, point (d) of Article 6(1) GDPR is the legal basis.
If processing is required to maintain a legitimate interest of our undertaking or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not override the former interest, point (f) of Article 6(1) GDPR is the legal basis for processing.
Our legitimate interest is in the analysis, optimisation, commercial operation and security of our online offer in the sense of point (f) of Article 6(1) GDPR, in particular for measuring reach, creating profiles for advertising and marketing purposes and collecting access details and using third-party services.
4. Personal data
The term "personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or by one or more factors specific to the physical, physiological, genetic, mental, commercial, cultural or social identity of that natural person.
The term "processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated procedures, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transfer, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
We receive personal data directly from you, e.g. within the context of general inquiries or reservation and booking inquiries, inquiries for table bookings in restaurants or bars, within the context of bookings, orders for brochures or newsletter subscriptions, within the context of existing business relationships or through personal contact with our employees. In accordance with the GDPR, we process your personal data only to the extent necessary for the provision of our service.
We process, among other things, the following data:
- Contract data (first name, last name, address, phone number and email address, services used, contact details, payment details, forwarding of such payment details to payment service providers)
- Master data for establishing contact (e.g. first and last names, address, contact details)
- Order and correspondence data (e.g. within the context of order transactions)
- Advertising and sales data (e.g. about potentially interesting products)
- Data for the initiation and carrying-out of our business relationships (e.g. newsletters, payment processing)
For further details on these processed data, see the explanations under item 3 above, in which the information and data are specifically listed.
We use the information we collect to provide the products and services you request, to inform you about other products and services we offer, to manage our websites and services, and to respond to our legal rights and obligations regarding data processing.
The data are processed to fulfil a contract with you or to carry out pre-contractual measures based on your inquiry. The purposes of processing activities depend in detail on the specific business relation or the specific order placed by you.
In accordance with applicable rules, these data will only be collected and stored for the time necessary to provide our services. The statutory erasure provisions are observed.
5. Further data collection
We also collect other general data and information (for instance your browser type and version, the operating system used, from which website you accessed our website, date and time of access to our website, the relevant Internet protocol address (internet protocol address), and other information used to protect from danger) every time you access our website:
5.1 Log files
When calling up our website, the browser used by you will automatically send information to the server of our website. This information is temporarily stored in a log file. Such a log file is created in the scope of an automatic log of the processing computer system. This means that information regarding the device you are using is stored as a log file on a server.
We also perform a log file analysis. We as a website provider or the provider charged by us to do this logs:
- Access to the page: Date, time, frequency
- How you got to the page (previous page, hyperlink, etc.)
- Amount of data sent
- Which browser and which version of it you use
- Your internet protocol address
The collected data are only used to improve our offer here as well. Additionally, smooth establishment of a connection with the website as well as comfortable use are to be ensured. The data named will also be processed for evaluation and review of system security and system stability, as well as for other administrative purposes. We or our provider must only store, publish or subsequently access server log files for a longer period of time if this is permitted by law (e.g. if we suspect illegal activities).
You have the option of blocking the setting of cookies and deleting cookies that have already been set. In such a case, we must point out that certain features on the site either no longer work or only work to a limited extent.
5.3 Newsletters and subscriptions
If you register for an offered newsletter to receive our promotional information, your email address along with first and last name and other information that allow us to review that you are the owner of the email address provided and agree to receive the newsletter, will be stored by us.
By sending a registration email with a confirmation link, our registration system ensures that you actually desire the selected newsletter (double opt-in procedure).
If you have explicitly consented in accordance with point (a) of the first sentence of Article 6 (1) GDPR, we will then use your email address to send you our newsletter at regular intervals. Indicating an email address will be sufficient to receive the newsletter.
Your data will be processed exclusively for the desired newsletter. Your data will not be used further for other purposes will not take place. We will not pass your data on to any third parties either.
We use the mailing service "MailChimp" of the US company The Rocket Science Group to collect the data and to send the newsletter. These personal data will be processed on servers in the USA within the framework of and in compliance with the "EU-US Privacy Shield". With the decision of the European Commission (2016/1250) of 12 July 2016 on the EU-U.S. Privacy Shield, this basis has been available for data transfers to the USA since 1 August 2016. MailChimp is certified under the US-EU data protection convention "EU-US Privacy Shield" and commits to complying with the EU data-protection rules. For further details on MailChimp, please refer to the following information under item 8.2 paragraph (8).
You can unsubscribe from the newsletter at any time if you no longer wish to receive it. There is an unsubscription link at the bottom of the newsletter that will remove your email address from our mailing list without undue delay.
If you contact us directly (using the contact form on our website, by email, letter, phone, messenger service, etc.), your details will be used to handle the contact request and process it in accordance with point (b) of Article 6(1) GDPR. We also have the right to do this based on our legitimate interest (efficient and speedy processing of user inquiries).
We use the hotel software cbooking of HotelNetSolutions GmbH (HNS) to collect data on our website and for online bookings. These personal data will be processed within the context of contract-based processing in accordance with Article 28 GDPR.
These data are then transferred, stored and processed via an interface to the Property Management System (PMS) used by us, the hotel software SIHOT.PMS of GUBSE AG. According to Gubse AG and our knowledge, the personal data collected in this way will not be accessed. However, Gubse AG would and may be obliged to comply with the level of the protection of personal data in the EU in turn.
7. Comments and contributions
Even if you leave comments or other contributions, your respective internet protocol address will be stored for 7 days based on our legitimate interests within the meaning of point (f) of Article 6(1) GDPR. This is necessary if illegal, in particular unlawful, in particular punishable content is left in comments and contributions (for instance insults, prohibited political propaganda, etc.). In such a case, we may be liable for the comment or contribution and must therefore at least be able to establish the identity of the author.
8. Data transfer to third parties
Your data will, in principle, not be passed on to third parties. Apart from this, we take appropriate measures and carry out regular controls to ensure that the data we collect cannot be viewed by third parties and that no access to these data is possible.
8.1 Data transfer to external service providers
An exception from the above rules shall be service partners, provided that they work on our order and support Fibona GmbH in provision of its services. Such service partners are, for instance, the provider of this website or the hotel software used for the bookings. This may also be the case when sending advertising content or processing payment transactions, for instance by credit cards. Data are always only passed on within the framework of the statutory stipulations. We will only pass on the data to third parties if you have given your explicit consent in accordance with point (a) of the first sentence of Article 6(1) GDPR or if it is, for example, necessary for contractual purposes based on point (b) of Article 6(1) GDPR or based on legitimate interests in a commercial and effective operation in accordance with point (f) of Article 6(1) GDPR.
As far as external service providers come into any contact with your personal data, we have also taken legal, technical and organisational measures and perform regular controls to ensure that these service providers also comply with applicable data-protection rules. Fibona GmbH has committed these service providers to the applicable level of the protection of personal data according to the GDPR and BDSG and continuously monitors their compliance.
8.2 The following list provides an overview of such external service providers
(1) Our hosting provider, i.e. for the hosting of the websites as well as for the back-up, is Hetzner Online GmbH, Industriestr. 25, D-91710 Gunzenhausen. This hosting provider operates the Internet services required for the necessary infrastructure of the website. You can find the link to the data protection statement here: https://www.hetzner.de/rechtliches/datenschutz
(2) Our booking machine is the hotel software cbooking of HotelNetSolutions GmbH (HNS), Genthiner Str. 8, D-10785 Berlin. When you book through our website, you will enter your details in our software system, where they will be stored and processed. You can find the link to the data protection statement here: https://www.hotelnetsolutions.de/Datenschutz
We also use the hotel softwareSIHOT.PMS, a property management system (PMS) from GUBSE AG, Bahnhofstraße 26-28, D-66578 Schiffweiler, to manage our hotels. It is an information and management system for controlling the processes in the hotel. It combines all functions of the front office, reservation and property management areas in a single interface. For more information on this, see item 9 below.
(3) Our global distribution system (GDS) with which travel agencies request information and booking options, in particular about prices, availability and booking options, are systems of our partner Supranational Hotels Ltd., in particular the local CRS (Central Reservation System). This makes it possible for clients and guests to book online internationally as well via the affiliated travel agencies and travel service providers. Supranational is a trademark of Reconline AG, Staldenstrasse 58, CH-3920 Zermatt, Switzerland. The link to the data protection statement can be found here: http://www.reconline.com/d/index.html#
(4) We use the product TRUSTYOU of TrustYou GmbH, Steinerstrasse 15, D-81369 Munich, as a guest feedback platform and evaluation tool. For this, the hotel will email a direct link to TRUSTYOU to clients, where they can fill in online questionnaires with client data. The completed questionnaires with customer data are evaluated and processed by TRUSTYOU and then made available to the hotel. You can find the link to the data protection statement here: https://www.trustyou.com/wp-content/uploads/2018/06/2018-05-24-trustyou-DSE.pdf
(5) Only the Légère Hotel Luxembourg permits booking a table in the restaurant and other food & beverage services online. This is done using a table booking tool from Luxtable artipub s.à r.l., 13, rue Edmond Reuter, L-5326 Contern. The client can enter his name, contact details and the number of seats required
(6) Our advertising agency, which is also responsible for the creation and sending of the newsletter, is the advertising agency Münch Impact GmbH, Humboldtstraße 6, D-65189 Wiesbaden, Germany. Link to its data protection statement: https://muenchimpact.com/datenschutz/
(7) When advertising vacancies, we link applicants who wish to apply via our website directly to the HOTELCAREER website of our partner YOURCAREERGROUP GmbH, Kaiserswerther Straße 282, D-40474 Düsseldorf. The applicant can then enter the required information on the HOTELCAREER website, which HOTELCAREER will forward to us. You can find the link to the data protection statement here: https://www.hotelcareer.de/datenschutzerkl%C3%A4rung
(8) The newsletter will be sent via "MailChimp", a newsletter distribution platform of the US provider The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.
Your data stored during the newsletter registration via MailChimp (first and last name, email address, internet protocol address, date as well as the time of your registration) will be transferred to a server of The Rocket Science Group in the USA and stored there in compliance with the "EU-US Privacy Shield". The link to the data protection statement with further information on data protection at MailChimp is available at: mailchimp.com/legal/privacy/
Further information on the EU-US Privacy Shield can be found at: The Federal Commissioner for Data Protection and Freedom of Information ec.europa.eu/justice/data-protection/international-transfers/eu-us-privacy-shield/index_en.htm
(9) Credit assessment: Form of payment methods associated with payment default risks for us due to the provision of advance services or the possibility of a chargeback, i.e. payment by credit card or payment in cash or with Giro card at the end of the hotel stay, we will occasionally check your current and previous payment behaviour towards us and your creditworthiness, based on the necessity and the overriding legitimate interest to avoid payment defaults and to protect our customers from identity abuse. This has the legal basis of and takes place in line with the regulation in point (a) of Article 22 (1) GDPR and points (b) and (f) of Article 6(1) GDPR. For this purpose, cooperate with Creditreform, specifically the Verband der Vereine Creditreform e.V., Hellersbergstraße 12, D-41460 Neuss, from which we receive the necessary data. You can find the link to the data protection statement here: https://www.creditreform.de/eu-GDPR.html
Your personal data will be processed by charged service providers within the framework of order processing in accordance with Article 28 GDPR, tough only to the extent necessary, i.e. to the extent that such service providers gain or are able to gain access to relevant personal information.
Such service providers will only have access – if at all – to personal data that are necessary for the performance of the respective activity and must only use the personal data in accordance with our instructions. The service providers must not pass on your personal data or use them for any other purposes, in particular for their own advertising purposes.
As far as external service providers come into any contact with your personal data, we have taken legal, technical and organisational measures and perform regular controls to ensure that these service providers also comply with applicable data-protection rules. Fibona GmbH has committed these service providers to the level of the protection of personal data in Germany and continuously monitors their compliance.
Finally, we may be required by law to disclose personal data to the competent authorities for law enforcement purposes.
If a chargeback of credit card payments takes place, certain booking details may also need to be transferred to the payment provider and the respective financial institutions for clarification in order to process the chargeback request. This can be, for instance, a copy of the booking confirmation or the internet protocol address used for the booking.
Your personal data will not be commercially forwarded to any other undertakings.
Finally, we integrate use of some social media into our websites, involving us in the collection of your personal data or providing the social media provider with some of your information. Further details are listed below.
9. Integration of services and third-party contents
We incorporate content or service offerings from third parties to submit a comprehensive, convenient service offering to you that meets your expectations. In order for you to be able to use this service, your internet protocol address must be forwarded to these third parties because they would not be able to send the content to your browser without it.
Third parties may also use pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. "Pixel tags" can be used to evaluate information, for instance visitor traffic on the pages of this website.
The following presentation provides an overview of the third-party providers involved by us as well as their content, and – as far as possible – links to their data protection statements that contain further information on the processing of data and opposition possibilities (opt-out):
9.1 Google Analytics web analysis services
This website uses functions of the web analysis service Google Analytics. This service is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and thus enables us to track the use of our website by creating reports that help us tailor our offerings to users' needs. We are legally required to inform you about the functioning of this service.
Google Analytics uses its own cookies. The data recorded in this manner will, as a rule, be transferred to a server in the USA and stored there. Google-Analytics cookies are stored based on point (f) of Article 6(1) GDPR. The website operator has a legitimate interest in analysis of the user behaviour in order to optimise both its web offer and its marketing.
Data generated by Google Analytics:
- Browser type and version
- the operating system you use,
- How long you stay on our site
- The website visited before
- Your internet protocol address
Google is certified under the Privacy Shield Agreement, which safeguards compliance with European data protection laws.
We have also adapted Google Analytics to comply with applicable statutory data protection rules. If you have anonymised your internet protocol address, it will, as a rule, be shortened before leaving the European Economic Area.
If you would like to deactivate the relevant cookies, you will find an appropriate browser plug-in under the following link https://tools.google.com/dlpage/gaoptout?hl=de.
If you do not want Google Analytics to collect your information at all, you can use the following link to set an opt-out cookie to prevent future collection of information https://tools.google.com/dlpage/gaoptout?hl=
We activated the function IP anonymization on this website. This way, your internet protocol address will be abbreviated first by Google within member states of the European Union or in other contracting states of the convention on the European Economic Area before transfer to the USA. Only in exceptional circumstances will your full internet protocol address be transmitted to a server of Google in the USA and abbreviated there. On the order of the provider of this website, Google will use this information to evaluate your use of the website, in order to compile reports on the website activities and to provide further services connected to website use and internet use towards the website operator. Google will not combine the internet protocol address transmitted by your browser within the context of Google Analytics with any other personal data.
You may prevent storage of the cookies by making the corresponding settings in your browser software; however, note that you may be unable to fully use all functions of the website in such a case. You may furthermore prevent recording of the data generated by the cookie and referring to your use of the website (incl. your Internet Protocol address) and processing of these personal data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
Objection to data collection
You may prevent recording of your data by Google Analytics by clicking the following link: Deactivate Google Analytics
An opt-out cookie will be set that will permanently prevent recording of your data during future visits to this website. For more information on handling user data by Google Analytics, see the data protection statement of Google: https://support.google.com/analytics/answer/6004245?hl=de.
Demographic features at Google Analytics
This website uses the function "demographic features" of Google Analytics. This permits compilation of reports that contain statements on age, gender and interests of the visitors to the pages. These data originate from interest-related advertising of Google and visitor data of third-party providers. These data cannot be associated with any specific person. You may deactivate this function at any time via the advertisement settings in your Google account or generally forbid collection of your data by Google Analytics as described in the item "Objection to data collection".
9.2 YouTube videos
We have integrated YouTube videos on our website, which are stored on the servers of the provider YouTube and embedded on our website to be played back there. The embedding of the videos is done with the extended privacy option enabled. When you play such videos, YouTube cookies and DoubleClick cookies are stored on your computer and may transfer data to Google Inc., Amphitheater Parkway, Mountain View, CA 94043, USA, as the YouTube provider.
When playing videos stored on YouTube, at least the following data will be transferred to Google Inc. as the YouTube provider and provider of the DoubleClick network: Internet protocol address and cookie, the specific address of the page called up by us, system date and time of the call, identification of your browser.
This information will be transferred independently of whether you have a Google account that you are logged in to or whether you do not have a user account. If you are so signed in, Google may associate this information directly with your account. If you do not wish association with your profile, you need to log out before you activate the play button for the video.
YouTube or Google Inc. may record these data in usage profiles and use them for the purpose of advertising, market research and/or demand-oriented design of its websites. Such evaluation shall in particular take place (even for users who are not logged in) in order to provide demand-oriented marketing and in order to inform other users of your activities on our website. You have a right to object to the generation of these user profiles. In order to exercise this right, you must contact Google as the provider of YouTube.
Further information on the purpose and scale of data collection and processing by Google is available on that information page. The following provisions on data protection that are published under www.google.de/intl/de/policies/privacy/ provide information on the collection, processing and use of personal data by YouTube and Google.
9.3 Google Maps
Our website uses the map software Google Maps by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using this website, you consent to the collection, processing and use by Google and its representatives of any data that may be collected automatically. The applicable provisions on data protection are available at www.google.de/intl/de/policies/privacy/ can be retrieved. They inform about the collection, processing and use of personal data by YouTube and Google.
Opt out: https://www.google.com/settings/ads/.
9.4 Google AdWords
We also use Google Conversion Tracking to optimise our website and to statistically record the use of our website. The provider of Google AdWords is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The applicable provisions on data protection are available at www.google.de/intl/de/policies/privacy/ can be retrieved.
If you access our website via a Google ad, Google Adwords will place a cookie (see item 5.2) on your computer. These cookies are valid for 30 days. They are not used for personal identification. If you visit our website again before the cookie expires, it will be recognised that the user has clicked the display and was forwarded to this site. Every Adwords client will receive a different cookie. Cookies cannot thus be tracked via the websites of Adwords clients. The information collected by the conversion cookie is used to compile conversion statistics for Adwords clients who have decided to use conversion tracking. The AdWords clients learn the total number of users who have clicked their ad and have been forwarded to a site supplied with a conversion tracking tag. However, they will not receive any information with which the users can be identified in person. If you do not want to participate in the tracking procedure, you may also refuse the setting of a cookie that is necessary for this – for example by making the settings in your browser that generally deactivate automatic setting of cookies. You may also deactivate cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com". Google's data protection information on conversion tracking can be found here (https://services.google.com/sitestats/de.html).
9.5 Property Management System (PMS) of Gubse AG
We use the hotel software SIHOT.PMS, a property management system (PMS) from GUBSE AG, Bahnhofstraße 26-28, D-66578 Schiffweiler to manage our hotels. It is an information and management system for controlling the processes in the hotel. It combines all functions of the front office, reservation and property management areas in a single interface. Interfaces connect SIHOT.PMS with all known applications, from phone systems and energy management to internet reservations, internet bookings or external financial accounting.
Your data can thus be stored and processed in this software system used by us. According to Gubse AG and our knowledge, SIHOT will not access the personal data collected in this way. However, Gubse AG would and may be obliged to comply with the level of the protection of personal data in the EU in turn. You can find the link to the data protection statement here: https://www.sihot.com/rechtliche-informationen/
9.6 Payment service provider, payments by credit card or Giro card:
(1) We use the services of the payment provider SIX Payment Services AG, Hardturmstrasse 201 (P.O. Box 1521), CH-8021 Zurich for processing of payments or the provision of securities by Giro card or credit card.
According to information provided by SIX Payment Services Ltd, access to the data recorded in this way (only the credit card number is read in according to information provided by SIX) does not take place according to our knowledge because the data recorded and transferred are not personal data. However, SIX Payment Services Ltd is committed by us to comply with the EU data protection level irrespective of this. You can find the link to the data protection statement here: https://www.six-payment-services.com/de/services/legal/privacy-statement.html
(2) If, however, credit card payments are reversed, certain booking details may have to be transmitted to the payment provider and the respective financial institutions for clarification in order to process the reversal request. This can be, for instance, a copy of the booking confirmation or the internet protocol address used for the booking.
9.7 Other services:
(1) We have integrated functions of the Google+ service on our website, offered by the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We as provider of our websites do not have any knowledge of the content of the transmitted personal data and their use by Google+. You can find the link to the data protection statement here: https://www.google.com/policies/privacy/, opt-out https://www.google.com/settings/ads/.
(2) We have integrated functions of the service Instagram, offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, on our website. We as provider of our websites do not have any knowledge of the content of the transmitted personal data and their use by Instagram. You can find the link to the data protection statement here: http://instagram.com/about/legal/privacy/.
(3) We have integrated functions of the network Facebook, offered by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, on our website. The operator company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. We as provider of our websites do not have any knowledge of the content of the transmitted personal data and their use by Facebook.
You can find the link to the data protection statement here: https://www.facebook.com/about/privacy/.
Facebook is certified under the Privacy Shield Agreement and thus offers a safeguard that it will also comply with European data protection law when transferring and storing data in the USA (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
Further information on the EU-US Privacy Shield can be found at: The Federal Commissioner for Data Protection and Freedom of Information ec.europa.eu/justice/data-protection/international-transfers/eu-us-privacy-shield/index_en.htm
10. Data privacy in case of applications and the application procedure
We collect and process the personal data of applicants for the purpose of processing the application procedure. If we conclude an employment contract after the application procedure, the transmitted data will be stored for the purpose of the employment, under observation of the statutory rules. If no employment relationship is concluded with the applicant, the application documents will automatically be erased two months after notification of the rejection, provided that no other legitimate interests prevent erasure, for example in the case of proceedings under the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz; AGG).
We have charged YOURCAREERGROUP GmbH, Kaiserswerther Straße 282, D-40474 Düsseldorf, Germany, with carrying out the application process. A link on our website will take the applicant directly to the HOTELCAREER website of the YOURCAREERGROUP. The applicant can provide the information necessary for the application there, which will then be forwarded to Fibona GmbH.
11. Your rights
Of course, you have rights in relation to the collection of your data. We are legally obligated to inform you about these. The exercise and enjoyment and implementation of these rights is free of charge for you.
Revocation rights (Article 7(3) GDPR)
You have the right at any time to revoke your declaration of consent under data protection law by declaration towards Fibona GmbH. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. If you want to exercise your revocation right, simply send an email to email@example.com.
Right to object (Article 6(1) GDPR)
You have the right to object to processing of the personal data concerning you in accordance with point (f) of Article 6 (1) GDPR at any time.
We will then no longer process the personal data concerning you except if any compelling legitimate grounds for processing override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. If you want to exercise your right to object, simply send an email to firstname.lastname@example.org.
Right to data portability (Article 20 GDPR)
You have the right to request a transfer of your data from us to another controller at any time.
The right to data portability requires that
- personal data within the meaning of Article 4(1) GDPR are concerned,
- personal data have been provided to the controller by the data subject
- processing of personal data must be based on consent or a contract in accordance with point (b) of Article 6 (1) GDPR, and
- processing activities are carried out by means of an automated procedure.
Right of access (Article 15 GDPR)
You have the right to demand our confirmation of whether and how we receive any personal data concerning you. This right is realised by this data protection statement. You can also request electronic information.
Right to rectification (Article 16 GDPR)
If a data processing with incorrect personal data of the data subject takes place, then this has a right to rectification without undue delay. However, the purpose of the processing must be taken into account.
Right to erasure (Article 17 GDPR)
You have the right to have your data erased (right to be forgotten). The data subject has the right to demand that the controller erase the personal data concerned without undue delay.
Right to restriction of processing (Article 18 GDPR)
The data subject has the right to limit the processing, i.e. to "stop" the processing. This right applies if
- the data subject questions accuracy of the data,
- processing is unlawful,
- the data are required for assertion of legal claims after the purpose of the data processing has been met, or
- the data subject has lodged an objection in accordance with Article 21 GDPR.
Right to lodge a complaint (Article 77 GDPR)
You have the right to lodge a complaint with a supervisory authority or a competent body if you have a reason for complaint.
Competent supervisory authority:
The Hessian Commissioner for Data Protection and Freedom of Information Gustav-Stresemann-Ring 1
PO box 31 63
Phone: +49 (0) 611 1408 0
Telefax: +49 (0) 611 1408 611
To exercise this right and the two rights named before, you may also contact the persons listed at the beginning of this data protection statement.
Right to object
If your personal data are processed based on legitimate interests in accordance with point (f) of sentence 1 Article 6(1) GDPR, you have the right to object to processing of your personal data in accordance with Article 21 GDPR as far as there are grounds for this that result from your particular situation or the objection is targeted against direct marketing. In the latter case, you have a general right to object that will be implemented by us without any indication of a particular situation. If you want to exercise your withdrawal right or right to object, simply send an email to: email@example.com.
12. Data security
We take organisational, contractual and technical security measures in accordance with the state of the art. This ensures that the rules of the data protection laws are complied with. We thus protect the data processed by us against accidental or intentional manipulation, loss, destruction or access by unauthorised persons.
We maintain various security measures in the sense of Article 32 GDPR (technical and organisational measures) for the protection of your personal data.
We offer SSL/TLS encryption on our website with the current encryption protocols TLS v1.1. and TLS v1.2 for secure transmission of the data you send to us. We would like to point out that the comprehensive encryption of the transmission path also depends on your internet browser. We therefore recommend that you keep your internet browser updated so that TLS v1.1 or TLS v1.2 encryption is automatically established when you access our website.
If you want to contact us by email, note that confidentiality of the information transmitted cannot be ensured. The content of the emails may be viewed by third parties under certain circumstances. We therefore recommend that you send confidential information by mail.
At least the enclosure should be encrypted with 7Zip for applications. The password can then be forwarded to the future employer by phone.
13. Erasure of your data
The stored data will be erased as soon as they are no longer needed for their intended purpose and there are no legal obligations to archive them. If the data are not erased because they must be archived, e.g. for commercial or tax-related grounds, their processing is restricted. The data will then be blocked and not processed for any other purposes.
14. Amendment of this data protection statement
We reserve the right to change this data protection statement if the legal situation or this online offering or the type of data collection changes. However, this shall only apply to statements on processing activities. If user consent is necessary or if components of the data protection statement contain any provisions on the contractual relationship with users, the amendment of the data protection statement shall only take effect after consent of the user.
Therefore, please check this data protection statement periodically, especially if you communicate personal data.
You can view and print the current data protection statement at any time on the following websites at www.legere-hotelgroup.com/datenschutz, www.legere-hotelgroup.com/bielefeld/datenschutz, www.legere-hotelgroup.com/leipzig/datenschutz, www.legere-hotelgroup.com/tuttlingen/datenschutz as well as regarding the functionally limited websites www.fibona.de/hotels_resorts/legere-hotels and www.fibona.de/hotels_resorts/charlys-house at www.fibona.de/datenschutz.
As of June 2018