Data Privacy Notice

The protection of your data is important to us. We will therefore only process your data within the limits of current data privacy laws and protect them using the latest technology. More information about the processing of your personal data and your rights in accordance with data privacy laws is provided below. You will find further information about the processing of your customer data at www.vilavitahotels.com/en/datenschutz.

1.1 Controller and data protection officer

VILA VITA HOTEL UND TOURISTIK GMBH

Wilhelm-Leuschner-Straße 24

60329 Frankfurt am Main

Phone: 069/2384-0

E-mail: info@vilavitahotels.com 

You can also contact our data protection officer at the address provided above, citing the reference "Data Protection Officer" or at datenschutz@vilavitahotels.com

 

1.2. General information about data processing and your rights

2.1.   Data processed and their origin

We mainly process personal data that we have received or collected from the data subjects as part of the booking process or obtained from enquiries made via our website. Moreover, we also process personal data obtained from publicly accessible sources (e.g. the press, the Internet), in as far as this is required and permitted for marketing or customer service purposes. We also process personal data lawfully forwarded to us by other companies in the VILA VITA group (VILA VITA HOTEL and TOURISTIK GmbH, Hotel und Residenz Rosenpark GmbH, VILA VITA Marburg GmbH, VILA VITA Gastronomie- und Handelsgesellschaft mbH, Congresszentrum Marburg GmbH & Co. KG) or by third parties (e.g. information about criminal offences).

The personal data processed by us within this context consist of personal particulars (name, address and other contact data, date and place of birth, nationality), medical data relevant to the person's stay with us (e.g. severe disabilities or dietary requirements) and identification data (e.g. identity card data). In addition, data resulting from your orders placed with us may be collected (e.g. payment order), as well as data resulting from meeting our contractual obligations (e.g. accommodation agreement) and other data comparable to the categories mentioned.

2.2.   Relevant legal basis for data processing

Where the legal basis is not explicitly mentioned in this Data Privacy Notice, the following legal basis applies. Where we have obtained your consent to data processing, Article 6 Paragraph 1 (a) and Article 7 of the GDPR serve as a legal basis for data processing. Where data processing takes place in order to provide our services and comply with contractual requirements, as well as to answer enquiries, Article 6 Paragraph 1 (b) of the GDPR will be the legal basis for data processing. Where data processing takes place in fulfilment of a legal obligation, Article 6 Paragraph 1 (c) of the GDPR is the legal basis. Examples are the fulfilment of the specifications of the Federal Registration Act (Bundesmeldegesetz), commercial archiving periods or to meet tax (archiving) obligations.

The companies of the VILA VITA Group are obliged to adhere to EU data privacy regulations and to take appropriate steps to ensure data security when exchanging data with each other, as per their Inter-Group Agreement. In addition, the Inter-Group Agreement mainly deals with the fact that the companies of the VILA VITA Group cooperate and mutually exchange data equally with regard to advertising and marketing, in the process adhering to data subjects' rights (their rights as data subjects, right to information, etc.) and the fact that VILA VITA Marburg GmbH, with its registered offices in Marburg, is primarily responsible for these tasks.

Where processing personal data is required to protect the legitimate interests of our company or a third party, we make use of Article 6 Paragraph 1 (f) of the GDPR as a legal basis. Legitimate interests particularly include the guarantee of IT security and IT operation, the institution of any legal claims and representation in legal disputes, advertising and marketing for the services and products provided by the VILA VITA Group, business management actions and the development of products and services, the prevention and detection of criminal offences, video monitoring to ensure adherence to house regulations and to collect evidence in the event of burglary or theft (also see Section 4 of the Federal Data Protection Act, [Bundesdatenschutzgesetz]), activities to ensure the safety of buildings and installations (e.g. access control), activities to implement house regulations as well as market and opinion surveys carried out by the aforementioned parties, where there has been no objection to direct marketing.

2.3.Your rights

You have the right to

□      access in accordance with Article 15 of the GDPR

□      rectification in accordance with Article 16 of the GDPR

□      erasure in accordance with Article 17 of the GDPR

□      restriction of processing in accordance with Article 18 of the GDPR

□      data portability in accordance with Article 20 of the GDPR

 

The restrictions of Sections 34 and 35 of the GDPR apply to the rights to access and erasure. In addition, in accordance with Section 77 of the GDPR you have the right to submit a complaint to a data protection supervisory authority in accordance with Section 19 of the Federal Data Protection Act.

Any consent you grant us with regard to processing personal data may be withdrawn by you at any time with effect for the future.

2.4.   Storage period

Where not otherwise stated in this Data Privacy Notice, personal data will only be stored for as long as necessary to fulfil the relevant purpose, or our contractual or legal obligations. We are subject to various storage and documentation obligations. These particularly result from the Commercial Code (Handelsgesetzbuch), the Fiscal Code (Abgabenordnung) and the Money-Laundering Act (Geldwäschegesetz). The periods stipulated in these cases may be up to 10 years.

2.5.   Transfer of personal data

Where we forward personal data to other persons or companies, this will only take place on the basis of your consent, a legal permit, a legal obligation (e.g. to public offices and institutions such as supervisory or financial authorities) or on the basis of an agreement on order processing in terms of Article 28 of the GDPR. Other recipient categories may be found in this Data Privacy Notice.

2.6.   Transfer of data to third countries

Processing of personal data outside the European Economic Area will only take place where a third country has been confirmed by the European Commission as having appropriate data privacy laws according to Articles 44 et seqq. of the GDPR or other appropriate guarantees regarding the protection of personal data.

2.7.   Automatic decision-making

Some of your data will be automatically processed in order to evaluate certain personal aspects (profiling), for marketing and advertising purposes and to send you personalised advertisements by e-mail or post.

Legal and regulatory provisions for combating money laundering, the financing of terrorism and financial crime are also binding for us. Data analysis will also be carried out within this context.

1.3.     Data privacy information for newsletter

Some of our websites permit you to subscribe to a free newsletter. Written subscription is also possible at some of our outlets. We use this newsletter to inform you about the VILA VITA Group and its products and services. If you would like to receive this newsletter, we require you to provide us with a valid e-mail address and information that allows us to verify that you are the owner of the e-mail address you have provided or that its owner agrees to receive the newsletter. No other data will be collected. These data will only be used to send the newsletters and will not be forwarded to any third parties outside the VILA VITA Group. When you subscribe to the newsletter, we will store the date of your application and your IP address if you should subscribe via a website. This storage will only be for the purposes of providing evidence in the event that a third party should make fraudulent use of an e-mail address and subscribe to the newsletter without the knowledge of the authorised person. However, we will only statistically evaluate reading behaviour to the extent that it can be determined whether the recipient has opened the newsletter and clicked on the links. This is a function that we only use to verify user activities and to be able to implement appropriate optimisations. The newsletter also contains a so-called "web beacon", a file that is downloaded from our server when opening the newsletter. Your consent to store the data, the e-mail address and its use to forward the newsletter can be withdrawn at any time. Such withdrawal can take place via a link in the newsletters themselves, on the website or by notifying the aforementioned contact persons.

1.4.     Amendments

We reserve the right to amend this Data Privacy Notice with future effect.

PART II - Website use

1.1.     More information about data processing for users of our websites

1.1.   Cookies

Our websites make use of cookies. These are small data packages that are stored on the customer's terminal device. In addition to so-called session cookies, which are automatically deleted as soon as you log out or close the browser, so-called permanent cookies that recognise a repeat user are also used. These cookies are automatically deleted after a specified period.

It is possible to object to the placement of cookies at any time by changing your Internet browser settings. You can delete cookies already placed at any time. When you deactivate cookies, it is possible that not all our website functions will be fully utilisable. The legal basis for setting a cookie is to protect the aforementioned legitimate interests according to Article 6 Paragraph 1 (f) of the GDPR.

1.2.   Collection of general data and compilation of protocol data

When you call up our website, general data and information are automatically collected and stored in a server protocol. The following data may be collected:

□      Information about the browser type and version

□      Information about the user's operating system

□      Information about the user's service provider

□      The Internet protocol address (IP address) of the user or the calling system

□      Date and time of access

□      The website via which you reached us (referrer URL)

□      Websites called up via our website by the user's system

Processing of these data is used to provide our websites, to guarantee the functionality of our IT systems and to optimise our website. Such data and information are always anonymously collected and are statistically evaluated by us with the aim of ensuring data privacy and data security. In these cases the log file data are always stored separately from other personal data we may have collected and are generally not forwarded to third parties. These data are automatically deleted on expiry of the specified period. The legal basis for temporary processing of the data is to protect the aforementioned legitimate interests according to Article 6 Paragraph 1 (f) of the GDPR.

1.3. Contact form and e-mail contact

Some of our websites provide a contact form and an e-mail address that enables you to contact us electronically, for example to make a booking. When you use one of these channels to contact us, the personal data you forward to us will be automatically stored. Storage and further processing of these data only serves the purpose of processing your contact request and subsequently making contact with you. They will never be forwarded to third parties outside the VILA VITA Group. The data forwarded by you will be deleted once the process is complete, provided that their deletion is not subject to any contractual or statutory storage periods. In such a case, the data for which storage is required will be deleted once the storage period expires. The legal basis for processing these data is Article 6 Paragraph 1 (f) of the GDPR.

1.4.   Use of Google Analytics

Some of our websites use the analysis tool Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. Web analysis involves the collection and evaluation of information about the behaviour of website users. This would include information about the website from which you reached us, the website sections you accessed and the length of time for which you viewed such sections. Cookies are used for this purpose. Cookies are text files that are placed and stored on a computer system via an Internet browser. The information collected by the cookie is transmitted to a server of Google Inc. in the USA. In addition to website use information, this also includes your IP address. However, we use Google Analytics with the supplement "AnonymizeIP". This means that your IP address will be truncated and anonymised by Google if you call up our website within a member state of the European Union or in other countries that are signatory states of the Agreement on the European Economic Area. The IP address transmitted will also not be combined with other Google data. The purpose of such data processing is to evaluate visitor flows and the use of the website by visitors. We have commissioned Google to compile online reports for us in this regard. We make use of the information thus collected to optimise our website.  The legal basis for data processing is Section 15 Paragraph 3 of the Telemedia Act or Article 6 Paragraph 1 (f) of the GDPR. The aforementioned purposes are legitimate interests. The valid data privacy conditions and terms and conditions of Google Analytics may be found at https://www.google.com/analytics/terms/us.html and https://policies.google.com.

You can prevent the placement of cookies by our website at any time by making an appropriate setting in the Internet browser, thus permanently objecting to the placement of cookies. In addition, cookies already placed by Google can be deleted at any time via an Internet browser or other software program.

Furthermore you have the option of objecting to and preventing the collection of the data created by the cookie and related to the use of this website, as well as the processing of these data by Google. To do this, you must download and install a browser add-on. You will find the download here: https://tools.google.com/dlpage/gaoptout. The add-on prevents your data from being collected and processed in future.

1.5.   Use of Google marketing services

Some of our websites use the marketing and remarketing services of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. The Google marketing services (including Google Adwords, Google Conversion Tracking, Google Optimize and Google Double Click) allow us to show more targeted advertisements for and on our website in order to present users with advertisements that are potentially in line with their interests.

When our and other websites using Google marketing services are called up, Google executes a code, incorporating so-called (re)marketing tags into the website. They are used to place a cookie on the user device (comparable technologies may be used instead of cookies), with the cookies being placed by various domains (including google.com, doubleclick.net, etc.) This file contains information about the websites the user has visited, the content he was interested in and the products he has clicked on. It also tracks technical information about the browser and operating system, referring websites, the duration of the visit and other information about how the online services are used. The user's IP address is recorded, but is truncated within the member states of the European Union or in other signatory states of the Agreement on the European Economic Area and will only be transferred to a Google server in the USA in full and truncated there in exceptional cases. The IP address is not combined with user data within other Google products.

The information above may also be combined with such information from other sources by Google. If the user subsequently visits other websites, he may be shown targeted advertising in accordance with his interests. User data are processed in pseudonymised form as part of Google's marketing services, i.e. without storing and processing the name or e-mail address of the users. This does not apply if a user explicitly permits Google to process the data without pseudonymisation. The information collected about the user by Google's marketing services is transmitted to Google and stored on Google's servers in the USA.

The Google marketing services we use also include the online advertising software Google AdWords. Each AdWords customer receives a so-called conversion cookie. The information obtained with the aid of cookies is used to compile conversion statistics for AdWords customers who have decided to make use of conversion tracking. AdWords customers are informed of the total number of users who have clicked on their advertisement and been transferred to a website equipped with a conversion tracking tag. However, they do not receive any information with which they could personally identify users.

The legal basis for data processing is Section 15 Paragraph 3 of the Telemedia Act or Article 6 Paragraph 1 (f) of the GDPR. The aforementioned purposes are legitimate interests.  The valid data privacy conditions and terms and conditions of Google Marketing Services may be found at https://policies.google.com/technologies/ads.

You can prevent the placement of cookies by our website at any time by making an appropriate setting in the Internet browser, thus permanently objecting to the placement of cookies. In addition, cookies already placed by Google can be deleted at any time via an Internet browser or other software program.

If you wish to object to targeted advertising by Google Marketing Services, you can make use of the options provided by Google at http://www.google.com/ads/preferences.

1.2.     Incorporation of third-party services and content (social plug-ins, etc.)

Some of our websites make use of the services and content of third-party providers. This particularly applies to so-called "social plug-ins", videos or fonts. This only takes place on the basis of our legitimate interest (Article 6 Paragraph 1 (f) of the GDPR) in the provision and dissemination of our content, in analysis, in optimisation and in the operation of our website. Our websites may thus incorporate the services and content of the following third-party providers:

□      Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (when personal data is processed, if a data subject lives outside the USA or Canada, then the controller is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)

□      Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA

□      YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA

□      XING AG, Gänsemarkt 43 – 20354 Hamburg – Germany

□      Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA

□      Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA

□      LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA (for data privacy matters outside the USA: LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland)

□      Pinterest Inc., 808 Brannan St, San Francisco, CA 94103, USA

Where a website makes use of social plug-ins, we make use of the "Shariff" solution to protect your data. This means that social plug-ins will only be incorporated into our website as graphics. There will thus be no direct link to the website of the plug-in provider. When you click on an image, you will be taken directly to the relevant provider. Your data will only be forwarded to the provider at this stage. If you do not click on the image, no data will be exchanged with the providers of the incorporated social plug-ins. Additional information about the use of your data may be found in the terms and conditions and data privacy notices of the relevant providers. Information and advice about the Shariff solution used by us may be found here: http://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html

Further data privacy information, and advice about the social plug-ins used by us, as well as the services of third-party providers:

2.1.   Data privacy information for Facebook components

Some of our websites make use of the social plug-ins and components of the social network Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If the data subject lives outside the USA or Canada, the controller is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

When you make use of Facebook plug-ins, your web browser establishes a direct link to the Facebook servers. The content of the plug-in is sent directly from Facebook to your browser and is integrated into the website by the browser. We thus have no influence on the range of data collected by Facebook with the aid of this plug-in and thus also no information about the data collected by Facebook. However, Facebook can find out that you have visited our website from your IP address when you make use of the plug-in. This is particularly the case if you are logged into your Facebook profile. Moreover, if you click on the Facebook "Like" button, you will link content from our website to your Facebook profile, allowing Facebook to assign your visit to our website to you. The same applies to other Facebook plug-ins we use.

An overview of all Facebook plug-ins may be found at https://developers.facebook.com/docs/plugins. You will find the Facebook data privacy policy at https://facebook.com/about/privacy/. This will provide you with additional information about the collection, processing and use of personal data by Facebook and the settings options offered by Facebook to protect your personal data.

2.2.   Data privacy information for Google+1 button

Some of our websites use the Google+1 button of the social network Google+. This component is provided and operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ("Google").

When you make use of the Google+1 button, your web browser establishes a direct link to the Google servers. The content of the plug-in is sent directly from Google to your browser and is integrated into the website by the browser. We thus have no influence on the range of data collected by Google with the aid of this plug-in and thus also no information about the data collected by Google. However, Google can find out that you have visited our website from your IP address when you make use of the plug-in. This is particularly the case if you are logged into Google+ with your Google+ profile. Moreover, if you click on the Google+1 button, you will link content from our website to your Google+ profile, allowing Google to assign your visit to our website to you. More detailed information about the Google+ button and the use of your data by Google may be found at https://developers.google.com/+/web/buttons-policy.

2.3.   Data privacy information for YouTube videos

Videos from the YouTube Internet portal have been embedded into some of our websites. These videos are made available by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (YouTube). YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043- 1351, USA.

When you call up a website that incorporates a YouTube component or when you play an embedded video, your web browser establishes a direct link to the YouTube servers. The content is streamed directly to your browser by YouTube or downloaded and played. We have no influence on the range of data collected by YouTube during this process and thus also no information about the data collected by YouTube. However, YouTube can find out that you have visited our website from your IP address when you download the video. This is particularly the case if you are logged into YouTube with your YouTube profile. More detailed information about data privacy and the use of your data by YouTube may be found at http://www.google.de/intl/policies/privacy/.

2.4.   Data privacy information for Instagram components

Some of our websites make use of plug-ins of the social network Instagram, e.g. the Insta button. These components are provided and operated by Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA (Instagram).

 

When you make use of Instagram plug-ins, such as the Insta button, your web browser establishes a direct link to the Instagram servers. The content of the plug-in is sent directly from Instagram to your browser and is integrated into the website by the browser. We thus have no influence on the range of data collected by Instagram with the aid of this plug-in and thus also no information about the data collected by Instagram. However, Instagram can find out that you have visited our website from your IP address when you make use of the plug-in. This is particularly the case if you are logged into Instagram with your Instagram profile. Moreover, if you click on the Insta button, you will link content from our website to your Instagram profile, allowing Instagram to assign your visit to our website to you. More detailed information about the Insta button and other plug-ins of this provider, as well as the use of your data by Instagram, may be downloaded from https://help.instagram.com/155833707900388 and  https://www.instagram.com/about/legal/privacy.

2.5.   Data privacy information for LinkedIn plug-ins

Some of our websites use the LinkedIn plug-in of the social network LinkedIn. This component is provided and operated by the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, United States (LinkedIn). LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible for data privacy matters outside the USA.

When you make use of the LinkedIn button, your web browser establishes a direct link to the LinkedIn servers. The content of the plug-in is sent directly from LinkedIn to your browser and is integrated into the website by the browser. We thus have no influence on the range of data collected by LinkedIn with the aid of this plug-in and thus also no information about the data collected by LinkedIn. However, LinkedIn can find out that you have visited our website from your IP address when you make use of the plug-in. This is particularly the case if you are logged into LinkedIn with your LinkedIn profile. Moreover, if you click on the LinkedIn button, you will link content from our website to your LinkedIn profile, allowing LinkedIn to assign your visit to our website to you. More detailed information about the LinkedIn button and other plug-ins of this provider, as well as the use of your data by LinkedIn, may be downloaded from https://www.linkedin.com/legal/privacy-policy and https://www.linkedin.com/legal/cookie-policy.

2.6.   Data privacy information for Twitter

Some of our websites make use of plug-ins and components of the microblogging service Twitter. These components are provided and operated by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (Twitter).

When you make use of the Twitter button or Twitter components, your web browser establishes a direct link to the Twitter servers. The content of the plug-in or the component is sent directly from Twitter to your browser and is integrated into the website by the browser. We thus have no influence on the range of data collected by Twitter with the aid of this plug-in and thus also no information about the data collected by Twitter. However, Twitter can find out that you have visited our website from your IP address when you make use of the plug-in. This is particularly the case if you are logged into Twitter with your Twitter profile. By clicking on the Twitter button, you will link content from our website with your Twitter profile or transmit data and information to Twitter or other users of Twitter, with Twitter and other Twitter users being able to assign the visit to our website to you. More detailed information about the Twitter button and other plug-ins of this provider, as well as the use of your data by Twitter, may be downloaded from https://twitter.com/privacy and https://about.twitter.com/resources/buttons.

2.7.   Data privacy information for the Xing Share button

Some of our websites use the Share button of the social network Xing. This component is provided and operated by XING SE, Dammtorstraße 30, 20354 Hamburg, Germany (Xing).

When you make use of the Share button, your web browser establishes a direct link to the Xing servers. The content of the plug-in or the component is sent directly from Xing to your browser and is integrated into the website by the browser. We thus have no influence on the range of data collected by Xing with the aid of this plug-in and thus also no information about the data collected by Xing. However, Xing can find out that you have visited our website from your IP address when you make use of the plug-in. This is particularly the case if you are logged into Xing with your Xing profile. Moreover, if you click on the Xing button, you will link content from our website to your Xing profile or transmit data and information to Xing, allowing Xing to assign your visit to our website to you. More detailed information about the Xing button and other plug-ins of this provider and the use of your data by LinkedIn can be downloaded from https://www.xing.com/privacy and https://www.xing.com/app/share?op=data protection.

2.8.   Data privacy information for Google Maps and Google Fonts

Some of our websites make use of the map service "Google Maps" and the fonts of the "Google Webfonts" service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We use the Google Maps API for the visual depiction and incorporation of geographical information on some websites. When Google Maps is used, Google also processes data about the use of the map functions. In addition, we use the font libraries of Google Webfonts. During this process, font libraries are transferred to the cache of your browser. If your browser settings do not permit this or if your browser does not support the fonts, written content is shown in a standard font. In order to transfer the font libraries to your cache, a connection to the service provider is automatically established.

Further information about data processing by Google may be found here: https://www.google.com/policies/privacy/.

2.9.   Data privacy information for Pinterest components

Some of our websites use the plug-ins and components of the social network Pinterest. These components are provided and operated by Pinterest Inc., 808 Brannan St, San Francisco, CA 94103, USA.

When you make use of the Pin it button or Pinterest components, your web browser establishes a direct link to the Pinterest servers. The content of the plug-in or the component is sent directly from Pinterest to your browser and is integrated into the website by the browser. We thus have no influence on the range of data collected by Pinterest with the aid of this plug-in and thus also no information about the data collected by Pinterest. However, Pinterest can find out that you have visited our website from your IP address when you make use of the plug-in. This is particularly the case if you are logged into Pinterest with your Pinterest profile. By clicking on the Pin it button, you will link content from our website with your Pinterest profile or transmit data and information to Pinterest or other users of Pinterest, with Pinterest and other Pinterest users being able to assign the visit to our website to you. More detailed information about the Pin it button and other plug-ins of this provider and the use of your data by Pinterest can be downloaded from: http://pinterest.com/about/privacy/.

 

Additional Data Protection Statement for Applicants