Privacy Policy for the Hotel Prinzregent Munich

Data Privacy for our website visitors

We are pleased that you visit our homepage and thank you for your interest in our company. Dealing with our customers and prospects is a matter of trust. The trust placed in us is very important to us and therefore the importance and obligation to handle your data carefully and to protect it from misuse. In order to make you feel safe and comfortable when visiting our website, we take the protection of your personal data and its confidential treatment very seriously. That is why we act in accordance with the applicable legislation on the protection of personal data and data security.

For us, data protection is a high priority issue and we only work with partners who can also demonstrate a corresponding level of data protection in their processing framework. Your data will only be processed if you have given us your consent. This consent relates to a contract or pre-contractual measures on a service basis, provided that the relevant laws permit or oblige data processing.

With this information on data protection, we inform you that we collect, store and process the data in accordance with the applicable national legal framework as well as the requirements of the EU General Data Protection Regulation (EU GDPR) valid throughout Europe from 25.05.2018. For the protection of your personal data, we orientate ourselves to the Telemedia Act (TMG) of the Federal Republic of Germany.
The following data protection declaration explains which data is collected on our websites and which data we process and use.

1. Name and address of the person responsible

The controller within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the Member States, as well as other data protection regulations, is:

Biermann Hotelbetrieb Messe München GmbH
General Manager: Christian Biermann
Riemer Straße 350
D-81829 Munich

Phone: +49 89 945 39 0
Fax: +49 89 945 39 566
E-Mail: zuhause@prinzregent.de
Website: www.prinzregent.de/en/

Responsible for web contents:
Jasmin Hentschel
jhentschel@prinzregent.de
+49 89 945 39 537

2. Name and address of the Data Protection Supervisor

MS Hotelmanagement - Datenschutz Manfred Schachermayr
Heimstettner Weg 18
D-85609 Aschheim

Phone: +49 89 959 518 19
Mobil: +49 151 270 600 70
E-Mail: datenschutz@schachermayr.de

3. General information on data processing

1. Scope of processing of personal data
You can generally visit our websites without telling us who you are. Our web servers automatically store information of a general nature. This includes the type of web browser, the operating system used, the domain name of your Internet service provider, the website from which you visit us, the websites you visit with us, and the date and duration of your visit. This is only information that does not allow conclusions to be drawn about yourself. We evaluate this data only for statistical purposes and only in anonymous form. The collection and use of personal data of our users takes place regularly only with the consent of the user. An exception applies in cases where prior consent is not possible for factual reasons and the processing of the data is permitted by legal regulations.

2. Legal basis for the processing of personal data
For processing of personal data, we obtain the consent of the data subject. The legal basis for processing is Article 6 (1) lit b of the GDPR.
In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Article 6 (1) lit b of the GDPR.
If a legal obligation to process personal data is required, Article 6 (1) lit b of the GDPR.
In the event that vital interests of the data subject or another natural person require the processing of personal data, the legal basis for processing is Article 6 (1) lit b of the GDPR.
If the processing is necessary to safeguard the legitimate interests of our company or a third party and the interests, fundamental rights and freedoms of the person concerned do not outweigh the first interest, Article 6 (1) lit f, shall apply, according the GDPR as the legal basis for processing.

3. Data erasure and storage
As soon as the purpose of the storage is not needed anymore, personal data of the data subject will be deleted or blocked. Storage may also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. The data shall also be blocked or deleted if a storage period prescribed by the above-mentioned standards expires, unless there is a need for further storage of the data for the conclusion of a contract or a performance of the contract.

4. Obligation to provide data

As part of our contractual relationship, you must provide the personal data that is necessary for the establishment and execution of the accommodation contract or which we are legally obliged to collect. Without this data, we will generally not be able to conclude or execute the contract with you. In particular, we are obliged to collect certain personal data about you within the scope of the registration certificate in accordance with Section 30 (3) of the Federal Registration Act. If you do not provide us with the necessary information, we may not be able to provide the services you require or may not be able to provide them in full.

5. Automated decision-making and profiling

When establishing and conducting our contractual relationship, you will not be obliged on automated processing, including profiling, in accordance with Article 22 EU DS GVO.

6. Additional information on your right to object pursuant to Article 21 GDPR

You have the right to object to the processing of your personal data at any time, which is based on Art 6 sec. 1 lit. e, GDPR (data processing in the public interest) or Article 6(1), lit.f GDPR (data processing on the basis of a balance of interests) to object; this also applies to profiling based on that provision in accordance with Article 4(4) of the GDPR. In the event of an objection, your personal data will no longer be processed unless we can prove compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves the purpose of the Assertion, exercise and defense of legal claims. If we process your personal data for direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is related to such direct marketing. The objection is possible without form and should be addressed to our data protection officer. Contact details can be found under contact details mentioned in section II.

7. Video surveillance

If we carry out video surveillance of the hotel you are visiting, the following applies to the accompanying processing of personal data:
(a) Purpose of data processing: performance of domestic law, prevention of criminal data (e.g. damage to property or theft), safeguarding of prosecution.
(b) Legal basis for data processing: Article 6 (1), lit. f GDPR, Section 4 (1) p. 1 No. 2 and 3 BDSG n. The predominant legitimate interests of our company are, to ensure a safe stay for our guests in the hotel and our interest in enforcing our material and intangible claims and the exercise of our right and to defend against unjustified claims.
(c) Categories of recipients of personal data: Potential recipients of the data are law enforcement authorities as well as persons or companies that we entrust with the exercise of our rights (such as lawyers). The personal data will not be transmitted to third countries or international organizations.
(d) Duration of storage of personal data: If a recording of the surveillance recordings takes place, the relevant recordings shall be deleted after 72 hours; after this storage period, only data that is needed for the investigation of specific incidents or for the enforcement of claims based on a specific event (e.g. criminal offence) will be stored. After the purpose is omitted, this data will also be deleted.

8. Contact form

We offer you the possibility to send us messages directly via a contact form. This requires an e-mail address where we can reach you. We also ask for your name to contact you. The mandatory fields are marked as such. We process the data you provide in the contact form to respond to your request. The legal basis for the data processing described is Article 6(1) of the lit. b GDPR. The data collected when using the contact form will be automatically deleted after full processing of your request, unless we still need your request to fulfil contractual or legal obligations.

9. Newsletter

With the e-mail newsletter we regularly inform you about the offers and services of the Hotel Prinzregent as well as about the offers of our partner company beach38°, according to the preferences you have given.
If you would like to receive the e-mail newsletter, we need a valid e-mail address from you. To subscribe to our newsletter, we use the so-called double-opt-in procedure. This means that after your registration we will send you an e-mail to the e-mail address provided, in which we ask you to confirm that you wish to send the newsletter. If you do not confirm your registration within 2 weeks, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and times of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to clarify any misuse of your personal data.
As a subscriber to the e-mail newsletter, you can revoke your consent to the processing of your e-mail address for sending the e-mail newsletter at any time. The revocation can be made via the relevant link in any e-mail newsletter or by e-mail with the subject "Unsubscribe" to marketing@prinzregent.de.
The legal basis of the aforementioned processing is your consent in accordance with Art.6, lit a, GDPR.

10. Use of cookies

In some areas of our pages, so-called cookies are used. A cookie is a small text file that is placed on your hard drive by a website. Cookies do not cause any damage to your computer and do not contain viruses. The cookies on our websites do not collect any personal data. We use the information contained in cookies to facilitate your use of our pages and to tailor them to your needs.

Of course, you can also view our website without cookies. If you do not want cookies to be stored on your computer, you can deactivate the corresponding option in the system settings of your browser. You can delete stored cookies at any time in your browser's system settings. However, if you do not accept cookies, this may lead to functional limitations of our offers.

The following data is stored and transmitted in the cookies:

  • Language
  • Log- In – Information
  • Items in a shopping cart

We also use cookies on our website to analyse users' browsing behaviour.
In this way, the following data can be transmitted:

  • Entered search terms
  • Frequency of page views
  • Date of access
  • Visited Internet URL's
  • Shopping cart (booking data, booked services, amount of shopping cart, currency)
  • Use of website functions

The data of the users collected in this way are pseudonymized by technical precautions. Therefore, it is no longer possible to assign the data to the calling user. The data is not stored together with other personal data of the users.

The data used by cookies are for the purpose of safeguarding our legitimate interests as well as those of third parties in accordance with Art. 6 sec 1, lit. f, GDPR. Cookies are stored only if you agree.

Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. However, the complete disabling of cookies may result in you not being able to use all the functions of our website. If you only want to accept cookies from Hotel Prinzregent but do not want to accept cookies from partners, please select the "Block third-party cookies" in your browser. In the menu bar of your web browser we will display you via the help function, how you can reject new cookies and turn off already received ones.

You can find a detailed overview here.

11. Integration of third-party services and content (e.g. YouTube and Google Maps)

Within the website, third-party content, such as videos from YouTube and map material from Google Maps (hereinafter referred to as "third party providers") is integrated. For the use of such content, the transmission of the IP address of the user to the respective third-party provider is technically necessary. Without the IP address, the third-party providers would not be able to send the content integrated into the website to the browser of the respective user. We have no influence on whether a third-party provider stores the IP address, e.g. for statistical purposes, or uses it otherwise.

(a) Data protection for Google Analytics and Google Remarketing
This website uses Google Analytics, Google Tags and Google Manager. These are services provided by Google Inc. ("Google"). Google uses so-called "cookies", text files that are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of this website (including your IP address) is transmitted to a Google server in the USA and stored there. The IP address is then shortened by Google by the last three digits, a clear assignment of the IP address is therefore no longer possible. Google complies with the privacy policy of the U.S. Safe Harbor Agreement and is registered with the U.S. Department of Commerce's Safe Harbor program.

Google will use this information for the purpose of evaluating your use of the website, compile reports on website activity for website operators and providing other services related to website and internet usage. Google may also transfer this information to third parties if required to do so by law or if third parties process this data on Google's behalf.

Third-party vendors, including Google, run ads on websites on the Internet. Third-party providers, including Google, use stored cookies to display ads based on a user's previous visits to this website.
Under no circumstances will Google associate your IP address with any other data held by Google. The collection and storage of data can be objected to at any time with effect for the future. You can deactivate the use of cookies by Google by visiting the page to disable Google advertising. Alternatively, users can disable the use of cookies by third parties by visiting the deactivation page of the network advertising initiative. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: tools.google.com/dlpage/gaoptout. However, we would like to point out that in this case you may not be able to use all functions of this website to the full extent. By using this website, you consent to the processing of the data collected about you by Google in the manner and for the purposes described above. The collection and storage of data can be objected to at any time with effect for the future.

(b) Privacy policy on the use of Facebook Ads
We use communication tools of the social network Facebook, in particular the product Custom Audiences and website Custom Audiences. In principle, a non-reversible and non-personal checksum (hash value) is generated from your usage data, which can be transmitted to Facebook for analysis and marketing purposes. For the product website Custom Audiences, the Facebook cookie is addressed. For more information about the purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as your settings options for protecting your privacy, please refer to Facebook's privacy policy, which can be found on www.facebook.com/ads/website_custom_audiences/ and www.facebook.com/privacy/explanation, among others. If you wish to object to the use of Facebook Website Custom Audiences, you can do so at www.facebook.com/ads/website_custom_audiences/.

11.1. Legal basis for the processing of personal data
The legal basis for the processing of users' personal data is Article 6(1) lit. f, GDPR.

11.2. Purpose of data processing
The processing of the personal data of the users enables us to analyze the surfing behaviour of our users. Through the evaluation of the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. In these purposes, our legitimate interest lies in the processing of the data in accordance with Art. F, GDPR. By anonymising the IP address, the interest of users in the protection of personal data is sufficiently taken into account.

11.3. Duration of storage
The data will be deleted as soon as it is no longer needed for our recording purposes. This is limited to 38 months.

11.4. Possibility of appeal
Cookies are stored on the user's computer and transmitted by the user to our site. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, all functions of the website may not be able to be used in full.

We offer our users on our website the possibility of an opt-out process. To do this, you must follow the appropriate link. In this way, another cookie is set on their system, which signals to our system not to store the data of the user. If the user deletes the corresponding cookie from his own system in the meantime, he must set the opt-out cookie again.

We also use the following plugins on our websites:

  • Facebook
  • hubspot.de
  • doubleclick.net (Google Marketing Platform)
  • hospitality-optimizer.com
  • cbooking.de
  • sojern.com

If you do not want social networks to collect data about you via active plugins, you can either disable the social plugins with a click on our websites or select the "Block third-party cookies" feature in your browser settings. The browser then does not send cookies to the server for embedded content from other providers. With this setting, however, other cross-page functions may no longer work besides the plugins.

Facebook
We use plugins of the social network facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). Facebook's privacy policy can be found here: https://www.facebook.com/about/privacy/b

Hubspot
We use plugins of the social network Hubspot, which is operated by HubSpot, Inc. 25 First Street, 2nd Floor Cambridge, MA 02141, USA. Hubspot's privacy policy can be found here: https://legal.hubspot.com/de/privacy-policy

Doubleclick
We use plugins of the social network, which is operated by the Google Marketing Platform Google LLC ("Google"), Amphitheatre Parkway, Mountain View, CA 94043, USA. The link to the Google Marketing Platform Privacy Policy can be found at: https://policies.google.com/privacy?hl=de

Hospitality Opimizer
We use plugins of the social network P.O Box: 5423 Dubai, UAE, the link to the privacy policy can be found at: hotel-optimizer@farnek.com

HotelNetSolutions
We use plugins of the social network cbooking.de, which is operated by HotelNetSolutions GmbH, Genthiner Str. 8, 10785 Berlin. The link to The HotelNetSolutions Privacy Policy can be found at: https://www.hotelnetsolutions.de/Datenschutz

Sojern
We use plugins of the social network sojern.com, which is operated by Sojern, Inc, 255 California Street, Suite 1000, San Francisco, CA 94111, USA. The link to Sojern's privacy policy can be found at: https://www.sojern.com/privacy/

12. Rights of the data subject

Pursuant to Art.15 DS-Gvo i.V.m. Section 34 of the German Data Protection Act (BDSG), you have the unrestricted right to free information about your data stored by us and the right to erasure or blocking of inadmissible data or the right to rectification of incorrect data in accordance with Section 35 of the German Data Protection Act (BDSG). Upon request, we are happy to inform you in writing whether and what personal data we have stored about you. Where possible, we will take appropriate measures to update or correct your data stored by us at short notice.

Any requests for information, requests for information or contradictions to data processing should be sent directly to our data protection officer by e-mail, stating your complete postal address. If personal data is processed, you can control your data. You have the following rights:

1. Right of access
You may request confirmation as to whether personal data concerning you is processed by us. If such processing is available, you can request the following information: - the purposes for which the personal data are processed; the categories of personal data that are processed; - the recipients or categories of recipients to whom the personal data concerning you has been or is still being disclosed; - the planned duration of the storage of the personal data concerning you or, if specific information is not possible, criteria for determining the retention period; - the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing; - the existence of a right of appeal with a supervisory authority; - any available information on the origin of the data if the personal data are not collected from the data subject; - the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) GDPR and, at least in these cases, meaningful information on the logic involved, as well as the scope and intended impact of such processing on the data subject. You have the right to request information on whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees under Article 46 GDPR in connection with the transmission.

2. Right to rectification
You have a right to rectification and/or completion to the controller if the personal data processed concerning you is incorrect or incomplete. The person responsible shall make the correction without delay.

3. Right to restrict processing
You may request the restriction of the processing of personal data concerning you under the following conditions:
- if the accuracy of the processing personal data is unlawful, you can verify the accuracy of the personal data;
- the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data;
- the controller no longer needs the personal data for the purposes of the processing, but you need it to assert, exercise or defend legal claims, or
- if you have objected to the processing in accordance with Article 21(1) GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your reasons.
If the processing of personal data concerning you has been restricted, such data may only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State. If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

4. Right to erasure
(a) Obligation to delete
You may request that the personal data concerning you be deleted immediately, and the controller is obliged to delete this data immediately, provided that one of the following reasons applies:
The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed. You revoke your consent, which is the basis for the processing in accordance with Art. A GDPR and there is no other legal basis for processing. You object to the processing in accordance with Article 21 sec. 1 GDPR and there are no primary legitimate reasons for the processing, or you object to the processing in accordance with Article 21 sec. 2 GDPR. The personal data concerning you have been processed unlawfully. The erasure of personal data concerning you is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject. The personal data concerning you have been collected in relation to information society services offered in accordance with Article 8 (1) GDPR.

(b) Information to third parties
If the controller has made the personal data concerning you public and is obliged to delete it in accordance with Article 17(1) GDPR, he shall take appropriate measures, taking into account the available technology and the implementation costs, also of a technical nature in order to inform data controllers who process the personal data that you, as a data subject, have requested that you, as a data subject, delete all links to such personal data or to copies or replications of the requested personal data.

(c) Exceptions
The right to erasure does not exist to the extent that the processing is necessary: the exercise of the right to freedom of expression and information;
to fulfil a legal obligation requiring processing under the law of the Union or of the Member States to which the controller is subject, or to perform a task which is in the public interest or in the exercise of official authority delegated to the controller for reasons of public interest in the field of public health in accordance with Article 9(2) of the Lit. h and i and Article 9(3) GDPR;
for archival purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Article 89(1) GDPR, insofar as the law referred to in section (a) is likely to achieve the objectives of such processing impossible or seriously impaired, or for the assertion, exercise or defence of legal claims.

5. Right to information
If you have asserted the right to rectification, deletion or restriction of the processing, the controller is obliged to make this correction or correction to all recipients to whom the personal data concerning you have been disclosed. Erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of these recipients.

6. Right to data portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another controller without hindrance by the controller to whom the personal data has been provided, provided that:
(1) processing on consent in accordance with Art. a GDPR or Art. a GDPR or on a contract pursuant to Art. b GDPR is based and

(2) the processing is carried out using automated procedures. In exercising this right, you also have the right to obtain that the personal data concerning you are transferred directly by one controller to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected by this. The right to data portability shall not apply to the processing of personal data necessary for the performance of a task which is in
the public interest or carried out in the exercise of official authority delegated to the controller.

7. Right to object
You have the right, for reasons arising from your particular situation, to oppose the processing of personal data concerning you at any time, which is based on Article 6(1) lit. e or f GDPR to appeal; this shall also apply to profiling based on these provisions.
The controller will no longer process the personal data concerning you, unless he can prove compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is related to such direct marketing.
If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility to exercise your right of opposition in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

8. Right to revoke the declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

9. Automated decision on a case-by-case basis, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, that has legal effect on you or similarly significantly affects you. This does not apply if the decision necessary for the conclusion or performance of a contract between you and the controller, is permitted by Union or Member State legislation to which the controller is subject and that legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or with your express consent.
However, such decisions may not be based on specific categories of personal data under Article 9(1) GDPR, unless Article 9(2) lit. a or g and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.
With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures to safeguard the rights and freedoms and your legitimate interests, including at least the right to the person responsible for the intervention of the controller, to express his or her point of view and to challenge the decision.

10. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, place of work or place of alleged infringement, if you believe that the processing of personal data concerning you is in breach of the GDPR. The supervisory authority to which the complaint was lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

13. Protection of minors

In principle, children and young people with limited legal ability may not transmit personal data to our websites without the consent of the parents or the supervisor. In no case will Biermann Hotelbetrieb Messe München GmbH collect or use in any way or disclose to third parties personal data obtained knowingly from children or young people with limited legal capacity.

14. Data protection - Information pursuant to Article 13 GDPR

Name and address of the Data Protection Officer

Biermann Hotel betrieb Messe München GmbH
Riemer Straße 350
D-81829 Munich
Phone: +49 89 945 39 0
Fax: +49 89 945 39 566
E-Mail: zuhause@prinzregent.de

AGB Biermann Hotelbetrieb Messe München GmbH