Data Protection Information

(within the meaning of GDPR Articles 13, 15 and 21)

We hereby inform you about processing of your personal data by Welcome Hotels and the claims and rights you have under the regulations on data protection.

Responsibility and contact for processing:

GHG Beteiligungs GmbH

Kuhwaldstraße 46

D-60824 Frankfurt am Main

Controller:

Karl Schattmaier

Management

Dr. Christoph Scherk

Management

Phone: +49 (0) 69-870025-555

Email: info@welcome-hotels.com

Contact details of the external data protection officer:

Robin Parker

EU data protection officer (DESAG Cert)

Phone: +49 (0) 203-511711-11

Email: datenschutz@welcome-hotels.com

Data protection coordinator:

Elke Stahlmecke

Director HR & QM

Phone: +49 (0) 69-870025-540

Email: e.stahlmecke@welcome-hotels.com

Data origin and sources:

We process personal data that we receive from you in the scope of our business relationship or business initiation. Where this is required for rendering of our services ore meeting of contracts, we process any data admissibly received from third parties (e.g. Schufa, Creditreform). We also process personal data that we have admissibly acquired from publicly accessible sources (e.g. debtor directors, land registers, trade and association registers, press and other media) and that we may process. Relevant personal data may specifically be:

  • Master data (personal data) such as name, date of birth, etc.
  • Contact details such as address, phone numbers, email addresses, etc.
  • Settlement-relevant bank data such as IBAN, PIC, credit card, etc.
  • Data from your information on accommodation preferences
  • Data on your use of digital media, such as the time of your call of a website, session information (cookies), etc.

Data recipients:

Within the company or the group, those offices that require them for meeting the contractual and/or statutory obligations will receive your data. Your data shall only be transmitted to any other external offices :

  1. for contract processing (possible for passing on payment data to payment service providers),
  2. based on statutory obligations (e.g. passing on to tax authorities, registration authority),
  3. for processing the data as a service from external persons based on an order (processing for postal services, archiving/document management, IT services (incl. safety), waste/data carrier/document disposal, marketing or settlement services),
  4. to clarify situations by experts (e.g. lawyers, experts) or support of authorities within the scope of criminal prosecution,
  5. based on your direct consent to transmission to third parties that we have received from you.

If your data are processed by third parties based on an order, your data will be subject to guaranteed safety standards there (data processing contract). Your order may lead to processing activities within the meaning of transfer.

Transfer to third countries

Your data will be transferred to any third countries (outside of the EU or the EEA) only and with the promise of suitable guarantees as far as this:

  • is required to perform your orders or meet the (pre-) contractual measures
  • required by law and
  • legitimated by your consent or
  • the company's interest in processing overrides the need of protection of your data (point (f) of Article 6(1) GDPR).

Legality of processing:

We process personal data on the basics stipulated in the GDPR and the BDSG, new version.

  1. To meet contractual obligations or perform pre-contractual measures (point (b) of Article 6(1) GDPR):
    a) Contact form: Collection of contact details
    b) Offer request: Collection of contact, company master, business and financial data
    c) Accommodation and hospitality -b)+ Settlement information, preferences
  2. In the scope of consideration of interests (point (f) of Article 6(1), GDPR):
    a) Analysis for marketing-technical evaluation Processing based on a contract: Google Inc. Ireland
  3. Based on statutory provisions (point (c) of Article 6(1) GDPR):
    a) Finance and tax authorities, principles of proper accounting
    b) Registration law
  4. Based on your consent (point (a) of Article 6(1) GDPR):
    No data are processed based on consent.​​​​​​​​​​​​​​

Periods for storage, erasure and blocking of your data:

As far as necessary, we will process and store your personal data for the duration of our business relationship, which also comprises the initiation and processing of a business process.

We are also subject to various storage and documentation obligations that result, among others, from the

  • Commercial Code (HGB),
  • Tax Code (AO),
  • Credit Management Act (KWG),
  • Money Laundering Act (GwG),
  • German Civil Code (BGB) and
  • Federal Registration Act (BMG).

The deadlines stipulated there for storage or documentation are between two and ten years, or within the scope of the BGB three to 30 years. Blocking of your data against viewing by our regular employees or erasure of the data records shall take place based on the principles of reconciliation of interests after termination of the business relationship or the end of the retention periods.

Your rights:

In accordance with the GDPR, you have a right to:

  • Information (Article 15 GDPR)
  • Rectification (Article 16 GDPR) if your personal data are incorrect
  • Erasure (Article 17 GDPR) if, among other things, no statutory archiving obligations oppose this
  • Restriction of processing (Article 18 GDPR)
  • Objection (Article 21 GDPR)
  • Data portability (Article 20 GDPR) if data are concerned that were provided by you

Complaint (Article 77 GDPR) to the following competent data protection supervision authority:

The Hessian data protection officer

Address:

Gustav-Stresemann-Ring 1

D-65189 Wiesbaden

PO Box 31 63 D-65021

Wiesbaden

Phone: +49 (0) 611 14080

Fax: +49 (0) 611 1408 - 900

Email: poststelle@datenschutz.hessen.de

Internet: www.datenschutz.hessen.de

Necessity of data provision:

In the scope for the business relationship, you only need to provide the personal data that are necessary for starting and performing the business relationship or to the collection of which we are obligated by law (e.g. personnel data). Without these data, it generally is not possible to conclude, execute or terminate any contract.

Scoring and profiling:

Within the scope of fraud prevention, fight against money laundering and risk management, scoring values based on accepted mathematically-statistical methods and tried and tested methods may be used and/or calculated in order to minimise risks. This shall specifically apply to the following data:

  • Payment behaviour (debtor balances, etc.)
  • Profit and loss, as well as turnover figures
  • Customer data, including company name and industry
  • Ongoing contractual relationships (if appl. with third parity)

Sensitive data (in accordance with Article 9 GDPR) in this context are not processed.

Automated decision making in an individual case:

We generally do not use any automated decision-making (in accordance with Article 22 GDPR).

Objection rights:

If your situation leads to any reasons that oppose processing of your personal data (in accordance with point (f) of Article 6(1) GDPR), you have the right of objection.

If you object, we will subsequently no longer process your personal data, provided that we cannot document any mandatory reasons to be protected that override your interests, rights and freedoms or that (further) processing serves the assertion, exercise or defence of legal claims or compliance with statutory or contractual obligations.

Your data will also be processed for marketing purposes. If you do not want to be informed about news and campaigns for marketing, you have an objection right at any time in order to object to use of your personal data for marketing purposes.

You may address your objection to the controller.

Further information on use of this website

Anonymous surfing:

You may generally surf anonymously on the websites of www.welcome-hotels.com. If you visit our website, our web server will store certain technical data (access data) in log files, such as the:

  • Name of the file called up
  • Date and time of the call
  • Internet protocol address of the accessing computer
  • Browser type and version
  • Operating system used by the user
  • URL of the last page previously called by the user
  • Amount of data transmitted
  • Status of the call (successful: yes/no)

The internet protocol addresses recorded din our log files serve only the purpose of better analysing and remedying faults in availability of the website provided on our servers and editorially improving them, as well as for possible forensic analysis.

No statistical evaluations and/or user profiles are compiled based on the data stored in the log files.

Online booking machine:

The provider of our booking machine (Trust) has the following data protection directive:

Trust International Hotel Reservation Services GmbH (Trust) puts great value on protection of personal data. All personal data are processed on servers in Germany and will not be stored for any longer than necessary.

The Trust Website places no cookies. When calling this website, statistical data on the access (date, time, page viewed, duration of stay, origin URL, web browser used, etc.) will be stored and evaluated in order to improve the website. The internet protocol number will not be evaluated and no geo analysis tool will be used. Passing on to third parties for commercial or non-commercial purposes will not take place.

Trust operates a booking system for hotels. If you book an offer in one of these hotels, your name, address or payment details will be stored on the order of the hotel chosen by you. Google Analytics is used there as well.

Trust will not use your personal data for any other purpose than for processing in accordance with the instructions of the hotel and will not pass on your personal data to any third parties.

Apart from the Tracking Cookies, Trust will not install any further ones on your computer. In order to make your booking easier, Trust will store the data you have submitted to prepare for your booking temporarily within the Trust hotel reservation system for a maximum duration of 30 (thirty) minutes thereafter. Temporary storage will enable you to move back and forward in the Trust hotel booking system without having to enter your travel details and personal data again when you return to a previously completed form.

According to the state of the art, Trust will go to all technical and organisational effort to protect your customer data from loss, falsification or disclosure to unauthorised parties. Your personal data and all other information that you submit to this website will be encrypted by SSL encryption (Secure Socket Layer).

Feel free to submit your questions on processing of your personal data to the operational data protection officer of Trust under email address dataprotection@trustinternational.com.

Google Analytics:

Google Analytics is a web analysis service of Google Ireland Limited, headquartered in Gordon House, Barrow Street, Dublin 4, Irland (Google). www.welcome-hotels.com uses Google Analytics only with the function "anonymizeIP". This function removes the last octet of the internet protocol address. This makes it absolutely impossible for everyone to identify your internet connection securely. Individual assignment therefore is impossible for this reason as well. Google Analytics uses cookies (on cookies, see above) that permit analysis of use of the website www.welcome-hotels.com by you. The information generated by the cookie concerning your visit to www.welcome-hotels.com (visit times and the referring sources, details on the system configurations and your provider, including your abbreviated IP address) will be transferred to a server of Google in the USA and stored there.

Google will use the information named in order to evaluate your use of the website, to compile reports on the website activities for us, and to render other services connected to website use and internet use. Google will also transfer this information to third parties if this is required by law or as far as third parties process these personal data based on a contract with Google. In no case will Google combine your internet protocol address with any other personal data of Google.

For more information on Google Inc. and Google Analytics, see: www.google.com. For the data protection statement of Google, see: www.google.com/intl/de/privacypolicy.html

You may prevent the acceptance of new cookies by making the corresponding setting in your browser (see above, lit. b). In addition to this, you may object to data collection, storage and use by Google Analytics otherwise at any time as well. In order to object to data collection by Google Analytics and to thus deactivate it, you need a browser add-on. The add-on informs the JavaScript of Google Analytics that you do not wish information on your website visit to be transmitted to Google Analytics. You need to download and install the add-on. For more information on how you can deactivate Google Analytics and further information on the download of the add-on, see tools.google.com/dlpage/gaoptout. Web analysis will remain deactivated for as long as the Google add-on is deactivated or deleted by you. Therefore, please do not delete the add-on while you do not desire web analysis to take place. The add-on is set per browser and computer. If you call www.welcome-hotels.com with different browsers, you need to add the add-on to each separately.

Storage of personal data:

When using various online deals, our website will collect the following of your personal data:

  • Registration for the individual customer area
  • Subscription/unsubscription of newsletter
  • Participation in lotteries
  • Contact by contact form
  • Online table reservation in the hotel restaurant or bistro
  • Booking a hotel stay
  • Use of the online form for applications
  • Ratings of the hotel stays

The user will be informed of the scope of any consent to be granted in connection with registration for the respective service in a transparent manner. We will record your consent. If necessary, we will inform you when and how you have consented. If you do not consent, we ask you to understand that you may be unable to use the respective service from case to case.

Beyond this, we will use your email address with you consent or as far as permitted by law in order to inform you about our deals and products or news in our Welcome Hotels (e.g. in our newsletter). You are able, at any time, to object to this use of your email address effective for the future. We will inform you of the possibility of unsubscribing in the individual emails as well.

Data security:

We use technical and organisational safety measures in order to ensure that he personal data of the users are protected from loss, inaccurate changes or unauthorised access by third parties. In any case, only authorised persons will have access to your personal data on our side, and only as far as this is required in the scope of the purposes named above.

The transfer of certain sensitive data shall take place encrypted. For this, we use the Transport-Layer-Security transfer (TCS). All information transferred with this secure method will be encrypted before being sent to us. The conversion into code will encrypt your personal data such as your name and address by the security server software. This way, such data cannot be read by unauthorised persons during transfer through the internet. Most newer browsers already support this secure transmission technology.

All employees of Welcome Hotels GHG Beteiligungs GmbH and their servants are, as far as they handle personal data, committed to data secrecy and instructed accordingly.

Cookies:

We use cookies on our website in order to make it attractive and to permit use of certain functions. Cookies are text files that the user's browser stores temporarily or permanently on his computer. Temporary cookies ensure consistency of the communication process. Permanent cookies serve to recognise a user again. For example, such a permanent cookie is used when the user chooses the function "Stay logged in on this computer". A cookie will then let the website recognise during a later call of the page that the computer is the same one to be logged in automatically. You can determine whether your browser uses cookies or not. All browser programs permit deactivation or deletion of cookies. Functions that require recognition of your computer, however, will then not be available, or only within limitations. The function of the website therefore is impaired if cookies are deactivated; among other things, the possibility to log in as a user may be limited.

Social Media:

If you surf on www.welcome-hotels.com and use links to social media channels via our website, a direct connection may be established with the social media platform, independently of the respective provider, and the button may be loaded from there. The information that the corresponding page of www.welcome-hotels.com was called may be submitted to the platform then.

Check at the respective social media channel for how and which data precisely are stored there. You can usually edit the safety settings in the user/safety profiles directly.

Links to other websites:

www.welcome-hotels.com links to websites of other providers not affiliated with us (third parties). Once you click such links, www.welcome-hotels.com no longer has any influence on which data are collected and used by that provider. More detailed information on data collection and use can be found in the data protection statement of the respective provider. Since data collection and processing by third parties naturally is outside of our control, we cannot assume any responsibility for this.

Cash collection review:

We will submit your data (name, address, email address, information on the company and any contract and claims data) for the purpose of creditworthiness review and verification of the ability to deliver to the indicated address, as well as for the process of each collection processing, to IHD Gesellschaft für Kredit und Forderungsmanagement mbH, Augustinusstr. 11 B, D-50226 Frechen, and possibly to other cooperating rating agencies, in case of a creditor risk (name, address, email address, indication of the company and any applicable contract and claims data). The legal basis for this transfer are points (b) and (f) of Article 6(1) GDPR. Transmissions based on point (f) of Article 6(1) GDPR are only permitted as far as this is required to perform legitimate interests of our company and as long as the interests or fundamental rights and freedoms of the data subject that require protection of the personal data are not overriding.