Privacy

Data Privacy Statement of the Frechener Hof Hotelbetriebs GmbH

We are pleased that you are visiting our website, and we thank you for your interest in our Hotel. The protection of personal data is an important concern of ours. Therefore, the processing of personal data, for example, the name, address, email address or the telephone number of a data subject, ensues in accordance to the current European and national regulations.

In the event that the processing of personal data is required and there is no legal basis for such processing, we generally request the permission of the data subject. You can, of course, recant your declaration(s) of permission at any time with effect for the future. Please contact the controller to do so. You will find the contact information in the lower section of this Data Privacy Statement.

In the followinq, the Frechener Hof Hotelbetriebs GmbH (hereafter: „Hotel Frechener Hof“) would like to  inform the general public of the manner, scope and purpose of the personal data they process. Furthermore, the rights of the data subjects are explained in this Data Privacy Statement.

Definitions of Terms

The Data Privacy Statement of the Hotel Frechener Hof is based on the terms used by the European Directive Committee and Regulators as decreed by the EU General Data Protection Regulation (hereafter called „GDPR“). Our Data Privacy Statement should be easy to read and understand for both the general public and for our guests and business partners. To ensure this, we would like to first explain the terms used.

We use the following terms, among others, in this Data Privacy Statement and on our website:

Personal data shall mean any information relating to an identified or identifiable natural person (hereafter called „data subject“). A natural person is considered identifiable who can, directly or indirectly, be identified in particular through the assignment of an identifier such as a name, an identification number, location data, an online identification data or one or more specific features that express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.

Data subject is any identified or identifiable natural person whose personal data are processed by the controllers.

Processing is any operation or any such set of operations performed with or without the aid of automated means in connection with personal data such as the collection, recording, organisation, classification, storage,  adjustments or changes, selection, retrieval, use, publication through disclosure, dissemination or otherwise making available, the matching or linking, restriction, deletion or destruction.

Limiting the processing is the marketing of stored personal data with the aim of limiting the future processing of the data.

Profiling is any form of automated processing of personal data which consists of using this personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects regarding the job performance, economic status, health, personal preferences, interests, reliability, behaviour, residence or change of location of this natural person.

Pseudonymisation

is the processing of personal data in a manner in which the personal data can no longer be assigned to a specific natural person without additional information as long as this additional information is separately stored and is subject to technical and organisational measures that guarantee that the personal data cannot be assigned to an identified or identifiable natural person.

Controller

is the natural or legal person, authority, institution or other entity who solely or collaboratively makes decisions regarding the purposes and means of the processing of personal data. If the purposes or means of this processing is specified by European Union law or the laws of its member states, the controller(s) or the specific criteria of his/her appointment can be specified in accordance with the EU law or the laws of its member states.

Processor

is a natural or legal person, authority, institution or other entity that processes the personal data on behalf of the controller.

Recipient

is a natural or legal person, authority, institution or other entity to which the personal data is disclosed regardless of whether a third party is or is not involved. Authorities that possibly receive personal data within the framework of a specific inquiry in accordance with EU law or the laws of its member states are not considered recipients.

Third party

is a natural or legal person, authority, institution or other entity other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or processor, are authorised to process personal data.

Permission

is any expression of willingness in the form of a statement or any other clear action of confirmation voluntarily and unequivocally submitted in an informed state by the data subject for the specific case with which the data subject indicates that he/she agrees with the processing of the personal data relating to him/her.

Registration

The data subject has the opportunity to register on the website of the controller by submitting personal data. Which personal data should be submitted to the controller for the processing is revealed in the respective input mask used for the registration. The personal data entered by the data subject are exclusively for the internal processing which the controller collects and stores for its own purposes. The controller can arrange the disclosure to one or more processors (for example, a package service) which likewise uses personal data exclusively for internal purposes attributed to the controller.

In registering on the website of the controller, the IP address given to the data subject by the Internet Service Provider (IPS) as well as the date and the time of the registration are stored. The storage of these data occurs taking into consideration that the misuse of our services can only be prevented in this way and these data make it possible to detect offenses and copyright infringements should the situation arise. In this respect, the storage of these data is required for the protection of the controller. Principally, a disclosure of these data to third parties does not occur provided there is no legal obligation for disclosure or the disclosure is conducive to the
prosecution.

The registration of the data subject through voluntary submission of personal data serves the purposes of the controller by offering the data subject contents or services that can only be advertised to registered users due to the nature of the matter. The opportunity is open to registered persons to allow for the complete deletion of the personal data submitted for the registration from the database of the controller.

The controller provides information to any data subject upon request at any time about what type of personal data from the data subject has been stored. Furthermore, the controller corrects or deletes personal data at the request or notice of the data subject so far as there are no legal obligations for retention.

 

Contact

Personal data are also processed by the Hotel Frechener Hof if you supply us with this data. This occurs, for  example, each time you contact us. We use the personal data transferred in this way exclusively for the purpose  for which you have made the data available through the contact. A disclosure of this information expressly occurs  on a voluntary basis and with your permission. If this concerns information for communication channels (for example, email addresses, telephone numbers), you also give permission that we contact you through these  communication channels as well if necessary in order to answer your requests.

 

Online booking

To make it possible for you to book your room through our hompage, the booking system WebRes is integrated in our website. The provider of this system is webres software Lda.. The information you provide will be processed solely for the purpose of providing our contractual services and of course confidential. The privacy policy of the provider applies.

 

Security

The Hotel Frechener Hof meets many technical and organisational measures in order to protect your personal  data against unintentional and unlawful deletion, change or against loss and unauthorised disclosure or  inauthorised access.

Nevertheless, internet-based data transmissions, for example, can inherently have security vulnerabilities so that absolute protection cannot be guaranteed. For this reason, any data subject is free to also deliver personal data through alternative routes to us such as, for example, by telephone.

Links to Other Websites

This website contains links to other websites (so-called externallinks). The Hotel Frechener Hof as a supplier is responsible for its own content in accordance to the current European and national regulations. Links in the content provided by other providers must be distinguished from our own content. We cannot influence whether operators of other websites observe the current European and national legal regulations. Please read the  information provided on the data privacy statements on the respective websites. The Hotel Frechener Hof assumes no responsibility for external content that is made available for use through links and are specially labeled and do not make the content our own. Liability lies solely with the provider of the website referenced in the case of illegal, erroneous or incomplete content as well as for damages that ensue through the use or non-use of the information.

 

 

Social media plug-ins

The plug-in provider stores the data collected about you in the form of a user profile and uses the data for advertising and market research and/or to make any required changes in the design of its website. Such evaluation is performed particularly (also for users not logged in) enable ads tailored to user demand and to inform other users of the social network about your activities on our website. You have a right to object to the creation of such user profiles. To exercise such right, you must contact the plug-in provider by following the procedure as set out below. Through plug-ins we offer you the possibility of interacting with social networks and other users. In that way we can improve our offering and make it more attractive for you as user. The legal basis
for the user of plug-ins is the first sentence of Article 6{1 )(f) GDPR.

Data are disclosed regardless of whether you have an account with the plug-in provider and have logged in there. If you are logged in to the plug-in provider, your data collected from us are allocated directly to the account you hold with the plug-in provider. If you click on the activated button and e.g. link the page, the plug-in provider also stores this information in your user account and publicly discloses it to your contacts. As a rule, we  recommend logging off after using a social network, especially, though, before activating the button, since that allows you to avoid your data being allocated with your profile with the plug-in provider.

 

Facebook

The website uses social plug-ins (hereafter referred to as „plug-ins“) for the social network facebook.com, which is run by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (hereafter referred to as „Facebook“). The plug-ins display one of the Facebook logos (white „f“ on blue tile or „thumbs up“ symbol) or are designated with the comment „Facebook social plug-in“. A list and display of Facebook social plug-ins is available here: https://deve/opers.facebook.com/docs/plugins/.

When a user accesses a page of our website that contains such a plug-in, his/her browser establishes a direct link to the servers of Facebook. The content of the plug-in will be transmitted from Facebook directly to the user’s browser, which will integrate it into the web page. The provider therefore has no control over the extent of data which Facebook collects through this plug-in. Based on the Provider’s most recent knowledge, Facebook proceeds as folIows:

By imbedding of the plug-ins, Facebook receives the information that a user has accessed the respective web page of the Provider’s website. If the User is logged in to Facebook, Facebook may allocate the visit to the user’s Facebook account. If users interact with the plug-ins, for instance by clicking the „Like“ button or leaving a comment, this information will be sent from the user’s browser directly to Facebook where it will be stored. If a user is not a Facebook member, there is still a possibility that Facebook will register and store this user’s IP address. According to Facebook, in Germany only anonymised IP addresses are stored. For details on the purpose and scope of the data collection and further processing and use of the data by Facebook and users‘ rights and configuration options to protect their privacy, users are advised to refer to the privacy information of Facebook at https://www.facebook.com/aboutprivacy

If a user is a Facebook member and does not wish Facebook to collect data about him/her via the Provider’s website and to link this to the user’s member data stored at Facebook, the user must log out of Facebook before visiting the provider’s website. Likewise, it is possible to block the Facebook social plug-in with add-ons for the user’s browser, e.g. the „Facebook blocker“.

Google Maps

This website uses Google Maps to display maps and create directions. Google Maps is operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. By using this website, you consent to the coltection, processing and use by Google, one of its agents, or third parties of the information collected and entered by you. The Terms of Use for Google Maps can be found here: http://www.google.com/intlldede/help/termsmaps.html

YouTube

Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited.

If you’re logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.

Further information about handling user data, can be found in the data protection declaration of YouTube under https://www.google.de/intl/de/policies/privacy.

Google Web Fonts

For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

For this purpose your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.

If your browser does not support web fonts, a standard font is used by your computer.

Further information about handling user data, can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy at https://www.google.com/policies/privacy/.

Cookies

Numerous websites and servers use cookies. Many cookies contain a so-called cookie-IO. A cookie 10 is a unique identification of the cookies. It consists of a sequence of characters through which websites and servers can be assigned to the specific web browser where the cookie is saved. This enables the websites and servers visited to distinguish the individual browser of the data subject from other web browsers that contain other cookies. A specific web browser can be recognised again and identified by the distinct cookie-IO. This information helps
to recognise you again and make the navigation easier for you when you revisit the website from the same end device.

You can perform the permission and refusal of cookies – even for webtracking – in the settings of your web browser. You can configure your web browser in such a way that the acceptance of cookies is principally denied or that you are informed in advance when a cookie should be saved. In this case, the functionality of the website can, however, be aftected (for example, when placing orders). Your browser also ofters a function to delete cookies (for example, with „Oelete browser data“). This is possible in all current web browsers. Further information on this can be found in the operation manual or in the settings of your browser.

Collection of General Data and Information

The Hotel Frechener Hof website collects a series of general data and information with every access to the  Website by a data subject or an automated system. These general data and information are stored in the log files of the server. The following can be collected:

the types of browser and versions used
the operating system used by the accessing system
the website from which an accessing system reached our website (so-called referrer)
the sub-websites which are steered by an accessing system to our website
the date and time of an access to the website a web protocol address (IP address)
the internet service provider of the accessing system
other similar data and information that serve to divert dangers in the case of attacks to our IT systems

The Hotel Frechener Hof does not draw conclusions about the data subject in the use of these general data and information. Rather, this information is required to:

correctly deliver the contents of our website
optimise the contents of our website and the advertisement for this
ensure uninterrupted operability of our IT systems and the technology of our website
make necessary information for prosecution available to prosecution authorities in the event of a cyber attack

These anonymously recorded data and information are therefore statistically analysed by Hotel Frechener Hof with the aim of increasing the data protection and the privacy security in our company in order to ultimately guarantee an optimal level of protection for the personal data we process. The anonymous data from the server log files are stored separately from the personal data submitted by a data subject.

 

Routine Deletion and Blocking of Personal Data

The controller processes (also in the sense of: stores) personal data of the data subject only for the period of time required for the attainment of the storage purpose or inasmuch as this is stipulated by the European Directive Committee and Regulators or other legislative bodies in regulations or specifications to which the controllers are subject.

If the storage purpose should be omitted or the prescribed storage period of the European Directive Committee and Regulators or another authorised legislative body expires, the personal data are routinely blocked or deleted in accordance with the legal specifications.

Rights of the Data Subject

Right of Confirmation:
Every data subject has the right to request a confirmation from the controller if the relating personal data are processed. If a data subject would like to claim the right to confirmation, he/she can appeal to the controller for this at any time.

Right of Access to Information:
Every data subject with processed personal data has the right to receive information free of charge from the controller about his/her stored personal data and a copy of this information at any time. Furthermore, the European Directive Committee and Regulators has permitted the data subject access to details about the following information:

the processing purposes the categories of personal data that are processed the recipients or categories of recipients to whom the personal data has been disclosed or is still being disclosed, in particular, recipients in third world countries or in international organisations if possible, the intended period for which the personal data is stored or, if not possible, the criteria for the establishment of this period the existence of the right to rectify or delete personal data of the data subject or the right to limit the processing by the controller or a right of objection against this processing the existence of a right of repeal with a regulatory authority if the personal data are not recorded with the data subject: All available information on the origin of the data the existence of an automated decision-making including profiling according to article 22 sections 1 and 4 of the EU-GDPR and – at least in such cases – significant information about the involved logic as well as the consequences and intended effects of such processing for the data subject Furthermore, the data subject is entitled to a right of access to information about whether personal data have been sent to a third world country or an international  rganisation. Insofar as this is the case, the data subject also has the right to receive information about the appropriate guarantees in connection to the transfer of the data.

If a data subject would like to claim this right to information, he/she can appeal to the controller for this at any time.

Right to Rectify:

Every data subject with processed personal data has the right to request the immediate rectification of inaccurate personal data relating to him/her. Furthermore, the data subject is entitled to the right to request the completion of incomplete personal data – also by means of a supplementary statement – bearing in mind the purpose of the processing.

If a data subject would like to claim this right to rectify, he/she can appeal to the controller for this at any time.

Right to Deletion (Right to Be Forgotten):

Every data subject with processed personal data has the right to request from the controller that the personal  data relating to him/her be promptly deleted provided one of the following reasons pertains and if the processing is not necessary:

The personal data are recorded for such purposes or processed in another manner for which they are no longer necessary.

The data subject revokes his/her permission on which the processing is based in accordance with article 6 section 1 (a) of the EU-GDPR or article 9 section 2 (a) of the EU-GDPR, and another legal basis for the processing is lacking

The data subject files an objection against the processing in accordance with article 21 section 1 of the EU-GDPR, and there are no predominant legitimate reasons for the processing, or the data subject files an objection against the processing in accordance with article 21 section 2 of the EU-GDPR.

The personal data were unlawfully processed.

The deletion of personal data is necessary for the fulfillment of a legal obligation in accordance with European Union laws or the laws of its member states to which the controller is subject.

The personal data was recorded with regard to the information society services provided in accordance with article 8 section 1 of the EU-GDPR.

If one of the above-mentioned reasons pertains and a data subject would like to initiate the deletion of personal data that are stored with the Hotel Frechener Hof, he/she can appeal to the controller for this at any time. The data subject’s deletion request is then complied with immediately.

If the Hotel Frechener Hof release personal data and our company is obligated as a controller to delete personal data in accordance with article 17 section 1 of the EU-GDPR, Hotel Frechener Hof then meets appropriate measures, also of a technical nature, considering the available technology and the implementation costs to inform other controllers who process the released personal data that the data subject has requested the deletion of all links to this personal data or of copies or replications of this personal data by these other controllers if the processing is unnecessary. The controller will then arrange for what is necessary in the individual case.

Right to Limit the Processing:

Every data subject with processed personal data has the right to request the limitation of the processing from the controller if one of the following requirements is given:

The accuracy of the personal data is challenged by the data subject, and this is for a period that enables the controller to check the accuracy of the personal data.

The processing is illegal, the data subject declines the deletion of the personal data and instead requests limiting the use of the personal data.

The controller no longer requires the personal data for the purposes of the processing, the data subject, however, requires the data for the assertion, exercise or defence of legal claims.

The data subject has filed an objection to the processing in accordance to article 21 section 1 of the EU-GDPR, and it is still undetermined whether the legitimate reasons of the controller outweigh those of the data subject.

If one of the above-mentioned requirements is given and a data subject would like to request the limiting of the personal data that is stored with the Hotel Frechener Hof, the data subject can appeal to the controllers for this at any time. The limitation of the processing is arranged for immediately.

Right to Data Portability: Every data subject with processed personal data has the right to receive the personal data relating to him/her which were supplied to the controller by the data subject in a structured, current and machine-readable format. The data subject also has the right to transfer these data to another controller without interference from the controller to whom the personal data was submitted provided the processing is based on the permission in accordance to article 6 section 1 (a) of the EU-GDPR or article 9 section 2 (a) of the EU-GDPR
or based on a contract in accordance with article 6 section 1 (b) of the EU-GDPR. Moreover, the processing occurs with the aid of automated processes provided the processing is not necessary for the realisation of a task carried out in the public interest or in the exercise of official authority granted to the controller.

Furthermore, in exercising his/her right to data portability in accordance with article 20 section 1 of the EU-GDPR, the data subject is entitled to the situation in which the personal data are transferred directly from a controller to another controller if this is technically feasible and provided the rights and freedoms of other persons are not affected by this.

The data subject can appeal to the controllers for the assertion of the right of data portability at any time.

Right to Object: Every data subject with processed personal data has the right to file an objection at any time based on reasons arising from their particular situation against the processing of personal data relating to him/her which ensue in accordance with article 6 section 1 (e) or (f) of the EU-GDPR. This also applies to profiling based on these provisions.

The Hotel Frechener Hof no Ionger processes the personal data in the case of an objection unless we can prove compelling legitimate grounds for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves the assertion, exercise or defence of legal claims.

If the Hotel Frechener Hof is processing personal data in order to engage in direct advertising, the data subject then has the right to file an objection against the processing of personal data for the purpose of such advertising at any time. This also applies to the profiling provided it is connected to such direct advertising. If the data subject objects to the processing for the purposes of direct advertising by Hotel Frechener hof, the Hotel Frechener Hof will then no longer process the personal data for these purposes.

In addition, the data subject has the right to file an objection based on reasons arising from his/her situation against the processing of personal data relating to him/her that ensues at the Hotel Frechener Hof for the purposes of scientific or historical research or for statistical purposes in accordance with article 89 section 1 of the EU-GDPR unless such processing is necessary for the fulfilment of a task carried out in the public interest.

In exercising the right to objection, the data subject can directly appeal to the controller. Furthermore, the data subject is free to exercise his/her right to object by means of automated procedures in which technical  specifications are used in connection with the use of information society services notwithstanding Directive 2002/58/EG.

Automated Decisions in the Individual Case including Profiling: Every data subject with processing personal data shall have the right not to be subject to a decision exclusively based on automated processing – including profiling – that produces legal effects for him/her or considerably impairs him/her in a similar manner if the decision: is not required for the completion or fulfillment of a contract between the data subject and the controller or is admissible based on the legal specifications of the EU or its member states to which
the controller is subject and these legal specifications contain appropriate measures for the safeguarding of rights and freedoms as well as the warranted interest of the data subject or ensues with express permission of the data subject.

If the decision for the completion or fulfillment of a contract between the data subject and the controller is required or ensues with the express permission of the data subject, the Hotel Frechener Hof meets appropriate measures to safeguard the rights and freedoms as well as the warranted interests of the data subject to which belong at least the right to obtaining the management of a person on the side of the controller, to expressing an individual’s views and to challenge the decision.

If the data subject would like to claim rights referring to automated decisions, he/she can appeal to the controller for this at any time. Right to the Retraction of Data Privacy Permission: Every data subject with processed
personal data has the right to retract apermission for the processing of personal data at any time.

If the data subject would like to claim his/her right to the retraction of apermission, he/she can appeal to the controller for this at any time.

Data Privacy in Applications and in the Application Process

The controller collects and processes data from applicants for the purpose of execution of the application process. The processing can also take place by electronic means. This is particularly the case when an applicant sends appropriate application documents by electronic means, for example via email, to a controller. If the controller concludes an employment contract with an applicant, the data transferred for the purpose of the execution of the employment relationship are stored with consideration of the legal specifications. If the
controller does not conclude an employment contract with the applicant, the application documents are automatically deleted six months after the notification of the decision of refusal provided adeletion is not in opposition to any other warranted interests of the controllers. Other warranted interest in this sense is, for example, a burden of proof in a process based on the General Equal Treatment Act.

Video surveillance in the hotel

For security reasons, the following indoor and outdoor areas of the hotel will be recorded by video surveillance:

Main entrance, reception area, patio, underground car park

The video surveillance serves to protect the employees and the protection of the employer´s premises. The  recordings are saved in the connected area and deleted after 8 weeks.

Protection of minors

Personal information may only be provided under the age of 16 if we have the express consent of the legal guardian. These data are processed according to this privacy policy.

Amendments to the Data Protection Directive:

We reserve the right to amend our data protection practices and this directive in order to, if necessary, adapt them to amendments in relevant regulations or specifications or to better address your needs.

Possible amendments to our data protection practices are made known accordingly at this location. Please note the current version date of the Data Privacy Statement.

Name and Address of the Controller:

Controller in terms of the EU General Data Protection Regulation (EU-GDPR), other valid data protection regulations in the Member States of the European Union and other specifications with data protection character are the:

Frechener Hof Hotelbetriebs GmbH
Hotel Frechener Hof
Johann-Schmitz-Platz 22
50226 Frechen

Phone +49 (0) 2234 / 957 00-0
Fax +49 (0) 2234 / 957 00-66
webmaster@frechener-hof . de
www.frechener-hof.de

Manager: Dagmar Salem

Name and Address of the Data Protection Officers:

Hotel   Frechener Hof
Sascha Salem
Johann-Schmitz-Platz 22

Phone +49 (0) 2234 / 957 00 0
webmaster@frechener-hof.de

 

Frechen, April 2018