Protezione dati
Data protection Best Western Hotel Arabellapark, Munich
General information about the processing of your data
We are legally obliged to inform you about the processing of your personal data (hereinafter referred to as “data”) when you use our website. We take the protection of your personal data very seriously. This data protection notice informs you about the details of the processing of your data and your legal rights in this regard. For terms such as “personal data” or “processing”, the legal definitions from Art. 4 GDPR are authoritative. We reserve the right to adapt the privacy policy with effect for the future, in particular in the event of further development of the website, the use of new technologies or changes to the legal basis or the corresponding case law. We recommend that you read the privacy policy from time to time and take a printout or copy for your records.
Scope of application
The privacy policy applies to all pages of www.hotel-arabellapark.de. It does not extend to any linked websites or internet presences of other providers.
Controller
Responsible for the processing of personal data within the scope of this privacy policy is
Best Western Hotel Arabellapark
B.W. Hotel am Arabellapark Munich GmbH
Arabellastr 15
81925 Munich
Phone: +49 89 380 336 0 / Fax: +49 89 380 33
E-Mail: info@arabellapark.bestwestern.de
Questions about data protection
If you have any questions about data protection with regard to our company or our website, please contact our data protection officer:
SPIRIT LEGAL Fuhrmann Hense Partnerschaft von Rechtsanwälten
Lawyer and data protection officer
Peter Hense
Postal address:
Data Protection Officer
c/o B. W. Hotel am Arabellapark München GmbH, Arabellastr 15, 81925 Munich, Germany
Contact via the encrypted online form:
Contact data protection officer
Data security
We have taken comprehensive technical and organizational precautions to protect your personal data from unauthorized access, misuse, loss and other external interference. To this end, we regularly review our security measures and adapt them to the state of the art.
Your rights
You have the following rights with regard to the personal data concerning you, which you can assert against us:
– Right to information: You can request information in accordance with Art. 15 GDPR about your personal data that we process.
– Right to rectification: If the information concerning you is not (or no longer) accurate, you can request rectification in accordance with Art. 16 GDPR. If your data is incomplete, you can request that it be completed.
– Right to erasure: You can request the erasure of your personal data in accordance with Art. 17 GDPR.
– Right to restriction of processing: In accordance with Art. 18 GDPR, you have the right to request the restriction of your personal data.
– Right to object to processing: You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Art. 6 para. 1 sentence 1 lit. e) or lit. f) GDPR in accordance with Art. 21 para. 1 GDPR. In this case, we will no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, including where the processing serves the establishment, exercise or defense of legal claims (Art. 21 (1) GDPR). In addition, according to Art. 21 para.2 GDPR, you have the right to object at any time to the processing of personal data concerning you for the purpose of direct marketing; this also applies to any profiling, insofar as it is associated with such direct marketing. We draw your attention to the right to object in this privacy policy in connection with the respective processing.
– Right to withdraw your consent: If you have given your consent for processing, you have the right to withdraw your consent in accordance with Art. 7 (3) GDPR.
– Right to data portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format (“data portability”) and the right to transmit this data to another controller if the requirements of Art. 20 para. 1 lit. a, b GDPR are met (Art. 20 GDPR).
You can assert your rights by notifying us using the contact details provided in the “Controller” section or by contacting the data protection officer appointed by us.
If you believe that the processing of your personal data violates data protection law, you also have the right to lodge a complaint with a data protection supervisory authority of your choice in accordance with Art. 77 GDPR. This also includes the data protection supervisory authority responsible for the controller: The State Commissioner for Data Protection of Lower Saxony, P.O. Box 221, 30002 Hanover, Tel.: 0511/120-4500, Fax: 0511 120-4599, e-mail: poststelle@lfd.niedersachsen.de.
Use of our website
In principle, you can use our website for purely informational purposes without disclosing your identity. When accessing the individual pages of the website in this sense, only access data is transmitted to our web space provider so that the website can be displayed to you. The following data is processed:
– Browser type/browser version,
– Operating system used,
– Language and version of the browser software,
– Date and time of access,
– Host name of the accessing end device,
– IP address,
– Content of the request (specific website),
– Access status/HTTP status code,
– Websites accessed via the website,
– Referrer URL (the previously visited website),
– Message as to whether the request was successful,
– time zone difference to GMT and
– amount of data transferred.
The temporary processing of this data is necessary to technically enable the course of a website visit and delivery of the website to your end device. The access data is not used to identify individual users and is not merged with other data sources. Further storage in log files takes place in order to ensure the functionality of the website and the security of the information technology systems. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interests lie in ensuring the functionality of the website and the integrity and security of the website. Storing access data in log files, in particular the IP address, for a longer period of time enables us to detect and prevent misuse. This includes, for example, the defense against requests that overload the service or any bot usage. The access data is deleted as soon as it is no longer required to achieve the purpose for which it was processed. In the case of the collection of data for the provision of the website, this is the case when you end your visit to the website. The log data is always stored directly and only accessible to administrators and is deleted after seven days at the latest. After that, they are only available indirectly via the reconstruction of backup tapes and are deleted after a maximum of four weeks.
You can object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the “Controller” section.
Tracking
In addition to the aforementioned access data, so-called cookies, pixels, browser fingerprinting or other tracking technologies are used when using the website. Cookies are small text files with a sequence of numbers that are stored locally in the cache of the browser used. Pixels are one-pixel images that are not transparent or are created in the background color of the website and are therefore not visible to the user. The pixel also records information about your user behavior on the website. Fingerprinting technologies generate a unique fingerprint based on the browser settings and thus identify an individual browser. Using a script that every Internet browser automatically executes, information such as the screen resolution, fonts used, operating system, hardware information and integrated browser plug-ins can be collected, which in their specific combination can ultimately be traced back to a specific user. Tracking technologies are used to make our website more user-friendly. The use of tracking technologies may be technically necessary.
Technically necessary elements
Some elements of our website require that the accessing browser can be identified even after a page change. The following data is processed in the technically necessary elements, such as cookies or similar methods of terminal device access in particular, for the purpose of carrying out or facilitating electronic communication and providing an information society service requested by the user:
– Language settings,
– Items in the shopping cart,
– log-in information.
The user data collected by technically necessary elements are not processed to create user profiles. We also use so-called “session cookies”, which store a session ID that can be used to assign various requests from your browser to the joint session. “Session cookies” are necessary for the use of the website. In particular, they allow us to recognize the device you are using when you return to the website. We use this cookie to recognize you on subsequent visits to the website. The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interests in the processing are to provide the aforementioned special functionalities and thereby make the use of the website more attractive and effective. The “session cookies” are deleted when you close the browser, depending on which browser you are using and which browser settings you have made.
You can object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the “Controller” section.
Tracking that is not technically necessary
We also use cookies, pixels, browser fingerprinting and other tracking technologies on the website to enable an analysis of users’ surfing behavior. For example, the following data is stored and processed
– Frequency of page views,
– use of website functions.
The legal basis for this processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR. Cookies, pixels and other tracking technologies that are not technically necessary are automatically deleted after a specified period, which may vary depending on the tracking method. Insofar as we integrate third-party cookies or pixels and similar tracking technologies into our website, we will inform you of this separately below.
You can withdraw your consent to the processing of the respective provider at any time by moving the slider back in the “Individual data protection settings” of the consent tool. The lawfulness of the processing remains unaffected until the revocation is exercised.
Consent management tool “Borlabs Cookie”
In order to obtain consent on our website for the processing of your end device information and personal data using cookies or other tracking technologies, we use the consent tool “Borlabs Cookie” from the provider “Borlabs – Benjamin A. Bornschein” (Rübenkamp 32, 22305 Hamburg, Germany). With the help of “Borlabs Cookie”, you have the option of consenting to or rejecting the processing of your end device information and personal data by means of cookies or other tracking technologies for the purposes listed in the “Borlabs Cookie” tool. Such processing purposes may include the integration of external elements, the integration of streaming content, statistical analysis, reach measurement or personalized advertising. You can use “Borlabs Cookie” to give or refuse your consent for all processing purposes or to give or refuse your consent for individual purposes or individual third-party providers. You can also change the settings you have made at a later date. The purpose of integrating “Borlabs Cookie” is to allow you as a user of our website to decide on the setting of cookies and similar functionalities and to offer you the opportunity to change settings already made during the further use of our website. In the course of using “Borlabs Cookie”, we process personal data and information about the end devices used. Your data will also be sent to “Borlabs Cookie”. The information about the settings you have made is also stored on your device.
The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. c) GDPR in conjunction with Art. 7 para. 1 GDPR. Art. 7 para. 1 GDPR, insofar as the processing serves to fulfil the legally standardized obligations to provide evidence for the granting of consent. Otherwise, Art. 6 para. 1 sentence 1 lit. f) GDPR is the relevant legal basis. Our legitimate interests in the processing lie in the storage of user settings and preferences in relation to the use of cookies and the evaluation of consent rates. 1 year after the user settings have been made, consent is requested again. The user settings made will then be stored again for this period, unless you delete the information about your user settings in the terminal device capacities provided for this purpose yourself beforehand.
You can object to the processing insofar as the processing is based on Art. 6 para. 1 sentence 1 lit. f) GDPR. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the “Controller” section.
Contacting our company
When you contact our company, e.g. by email or via the contact form on the website, the personal data you provide will be processed by us in order to respond to your inquiry. It is mandatory to provide a first name and surname or a pseudonym and a valid e-mail address in order to process inquiries via the contact form on the website. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f) GDPR or Art. 6 para. 1 sentence 1 lit. b) GDPR if the contact is aimed at concluding a contract. If the request is aimed at concluding a contract, the provision of your data is necessary and mandatory for the conclusion of a contract. If the data is not provided, it will not be possible to conclude or execute a contract in the form of establishing contact or processing the inquiry. The processing of personal data from the input screen is solely for the purpose of processing the contact. If contact is made by email, this also constitutes the necessary legitimate interest in processing the data. The other data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems. No data is passed on to third parties in this context. We delete the data arising in this context after the processing is no longer necessary – usually two years after the end of the communication – or, if necessary, restrict the processing to compliance with the existing mandatory statutory retention obligations.
You can object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the “Controller” section.
Processing for contractual purposes
We process your personal data if and insofar as this is necessary for the initiation, establishment, execution and/or termination of a legal transaction with our company. The legal basis for this results from Art. 6 para. 1 sentence 1 lit. b) GDPR. The provision of your data is then necessary for the conclusion of the contract and you are contractually obliged to provide your data, e.g. if you wish to register as a guest or speaker for an event at our company. If you do not provide your data, it will not be possible to conclude and/or execute a contract. Once the purpose has been achieved (e.g. execution of the contract), the personal data will be blocked for further processing or deleted, unless we are authorized to further processing on the basis of consent given by you (e.g. consent to the processing of the e-mail address for the sending of electronic advertising mail), a contractual agreement, a legal authorization (e.g. authorization to send direct advertising) or on the basis of legitimate interests (e.g. retention for the enforcement of claims).
Your personal data will be passed on to third parties if
– it is necessary for the establishment, execution or termination of legal transactions with our company (e.g. when passing on data to a payment service provider/shipping company to process a contract with you), (Art. 6 para. 1 sentence 1 lit. b) GDPR), or
– a subcontractor or vicarious agent that we use exclusively in the context of providing the offers or services requested by you requires this data (unless you are expressly informed otherwise, such auxiliary persons are only authorized to process the data to the extent that this is necessary for the provision of the offer or service), or
– there is an enforceable official order (Art. 6 para. 1 sentence 1 lit. c) GDPR), or
– there is an enforceable court order (Art. 6 para. 1 sentence 1 lit. c) GDPR), or
– we are obliged to do so by law (Art. 6 para. 1 sentence 1 lit. c) GDPR), or
– processing is necessary in order to protect the vital interests of the data subject or of another natural person (Art. 6 para. 1 sentence 1 lit. d) GDPR), or
– it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority (Art. 6 para. 1 sentence 1 lit. e) GDPR), or
– we rely on our overriding legitimate interests or those of a third party to pass on the data.
Your personal data will not be passed on to other persons, companies or bodies unless you have effectively consented to such a transfer. The legal basis for processing is then Art. 6 para. 1 sentence 1 lit. a) GDPR. We will inform you of the respective recipients in the context of this data protection information with regard to the respective processing procedure.
Online booking
If you would like to book a hotel room on our website in our online booking system, we process your first and last name, your address, your e-mail address, your travel dates and the desired room category. To initiate and conclude the contract, it is necessary and mandatory for you to provide personal data such as your name, address, the duration of the trip, payment details and your e-mail address. The mandatory information required for booking and contract processing is marked separately; other information is provided voluntarily. We process your data to process the booking and for this purpose we will in particular
payment data to the payment service provider you have chosen or to our house bank. We use the booking system of BWH Hotel Group Central Europe GmbH (Frankfurter Straße 10 -14, 65760 Eschborn; hereinafter: Best Western). By using the online booking system on the website, “Best Western” receives the information required to process the booking (e.g. length of stay, reservation number, accommodation). The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b) GDPR. The provision of your data is necessary and mandatory for the conclusion or execution of the contract. If you do not provide your data, it will not be possible to conclude and/or execute the contract. To prevent unauthorized third parties from accessing your personal data, the booking process on the website is encrypted using SSL technology. We delete the data collected in this context after storage is no longer required, or restrict processing if there are statutory retention obligations. Due to mandatory commercial and tax regulations, we are obliged to store your address, payment and booking data for a period of up to ten years. Two years after termination of the contract, we restrict processing and reduce processing to compliance with existing legal obligations. Further information on data processing you find under https://www.bestwestern.de/agb-datenschutz.html.
Processing of personal data in accordance with Section 30 of the Federal Registration Act (BMG)
Accommodation establishments, in particular hotels, are obliged under Section 30 of the Federal Registration Act (BMG) to collect the following data from the guest on the day of arrival and to have the guest sign the registration form by hand or to have the data collected electronically confirmed by special authentication procedures in accordance with Section 29 (5) BMG:
– Date of arrival and expected departure,
– surnames,
– first names,
– date of birth,
– nationalities,
– address,
– number of fellow travelers and their nationality in the cases of Section 29 (2) sentences 2 and 3 BMG,
– serial number of the recognized and valid passport or passport replacement document for foreign persons,
– other data for the collection of tourist and spa taxes.
For tour groups of more than 10 people, however, only the personal data of the tour guide is required. The tour guide must state the number of fellow travelers and their nationality. We are obliged to collect, process and pass on this data within the framework of the BMG. The legal basis for the processing results from Art. 6 para. 1 sentence 1 lit. c) GDPR in conjunction with. § 30 para. 1, para. 4, § 29 para. 2 to 5 BMG. As our guest, you are legally obliged to provide your data. If you do not provide your data, the conclusion or execution of the contract in the form of accommodation is impossible. The completed registration forms must be kept by us as an accommodation facility for submission to the responsible local regulatory authorities in order to fulfill their duties. We delete the data processed by you 1 year and 3 months after the day of your arrival or restrict the processing as soon as it is permitted under the provisions of the BMG and provided that there is no consent on your part pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR and no other legitimate interest on our part in the continued processing.
Voucher shop
If you would like to purchase a voucher in our voucher store on the website, it is necessary and mandatory for the initiation and conclusion of the contract that you provide personal data such as your first and last name, your address and your e-mail address. The mandatory information required for order and contract processing is marked separately, other information is provided voluntarily. If you do not provide this information, it will not be possible to conclude a contract in the form of purchasing a voucher via the voucher store. In addition, we also process the message you may have noted as part of the voucher purchase as well as any data you may have provided in order to display it on the voucher. We process the data you provide in this context for order processing and fulfillment. For this purpose, we will in particular forward payment data to the payment service provider you have chosen or to our house bank. We use the “VoucherBooking” ordering system of the provider HotelNetSolutions (Hotel Net Solutions GmbH, Genthiner Str. 8, 10785 Berlin; hereinafter referred to as “VoucherBooking”) for the voucher store: VoucherBooking) in order to provide you with an optimal ordering process. Your order data is processed on the VoucherBooking servers. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b) GDPR. In order to prevent unauthorized third parties from accessing your personal data the ordering process on the website is encrypted using SSL technology. We delete the data collected in this context after storage is no longer required, or restrict processing if there are statutory retention obligations. Due to mandatory commercial and tax regulations, we are obliged to store your address, payment and order data for a period of up to ten years. Two years after termination of the contract, we restrict processing and reduce processing to compliance with existing legal obligations.
E-mail marketing
Advertising to existing customers
We reserve the right to use the e-mail address provided by you when booking a hotel room or registering for an event in accordance with the statutory provisions in order to send you the following content by e-mail during or following the booking, provided that you have not already objected to this processing of your e-mail address:
– Information about your stay and other travel-related offers from our hotel,
– Information about current special offers,
– Information about our hotel and other services,
– Individual guest advice and support,
– Guest satisfaction inquiries following your stay / event visit,
– Overview of possible leisure activities and events at our hotel,
– Information on arrival and departure in preparation for your stay,
– invitations to events organized by our company.
If the sending of electronic information is necessary for the execution of the contract, the processing is based on the legal basis of Art. 6 para. 1 sentence 1 lit. b) GDPR. In these cases, you are contractually obliged to provide your data. If you do not provide your data, it will not be possible to send electronic information by email as part of the execution of the contract.
If the sending of electronic information via email is not necessary for the execution or implementation of the contract (e.g. email for information purposes), the processing of your data is based on the legal basis of Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interests in the aforementioned processing lie in the improvement and optimization of our services, the sending of direct advertising and ensuring guest satisfaction. We delete your data when you end the usage process, but no later than three years after the end of the contract.
We use the services of BWH Hotel Group Central Europe GmbH (Frankfurter Straße 10 -14, 65760 Eschborn; hereinafter: Best Western) to send e-mails, in particular guest satisfaction surveys by e-mail. If you have made a booking via the online booking system, the personal data you provide, in particular your name, the duration of your stay, the name of the hotel and your e-mail address, will be processed by Best Western in order to send you a guest satisfaction survey following your stay. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interest lies in the use of a service provider for the optimization and targeted sending and management of guest feedback. Further information, including on the storage period, can be found in the privacy policy of “Best Western” under ttps://www.bestwestern.de/agb-datenschutz.html.
We would like to point out that you can object to the receipt of direct advertising and processing for the purpose of direct advertising at any time without incurring any costs other than the transmission costs according to the basic rates. You have a general right to object without giving reasons (Art. 21 (2) GDPR). To do this, click on the unsubscribe link in the respective email or send us your objection to the contact details given in the “Controller” section.
Payment service provider (PSP)/ payment service provider
PayPal
On our website we offer you payment via “PayPal”. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: “PayPal”). To pay you must log in to your PayPal account. Your payment data provided to PayPal will be processed by PayPal for the purpose of payment processing. Further information on data processing by PayPal can be found here: https://www.paypal.com/de/webapps/mpp/ua/privacy-full. In order to be able to assign your payment, we process your delivery/billing address, e-mail address and the selected payment method. We delete the data collected in this context after storage is no longer necessary, or restrict processing if there are statutory retention obligations. Due to mandatory commercial and tax regulations, we are obliged to store your address, payment and order data for a period of up to ten years. Two years after the termination of the contract, we restrict the processing and reduce the processing to compliance with existing legal obligations.