Who is responsible for collecting the data?
As the operator of this website (Imprint), we are responsible for the data collected during your visit on this website because we are responsible for the technologies used on the website and for their purposes.
How do we collect data?
On the one hand, your data is collected when you communicate it to us. This happens when, for example, you enter data into a contact form. Other data is collected automatically by our IT systems when you visit the website. This is mainly technical data (for example, the internet browser and operating system being used, or time of the page call). This data is collected automatically the moment you enter our website.
What do we use the data for?
Some of the data is collected to ensure that the website is displayed free of error. Other data can be used to analyse your user behaviour and to improve our services to you.
What rights do you have in regard to your data?
At any time, and free of charge, you have the right to obtain information about the origin, recipient, and purpose of your stored personal data. You also have the right to request that this data be corrected, blocked, or deleted. Furthermore, you have the right to appeal to the responsible supervisory authority. You can contact us at any time at the address given in the Imprint for further information concerning your rights and the subject of data protection.
SSL and TLS EncryptionOur website uses SSL or TLS encryption in order to ensure security and to protect the transmission of confidential content, such as, for example, the orders or inquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://”. You will also see a padlock icon in your browser’s address bar. Whenever SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Analysis tools and tools from third-parties
2. General information and mandatory information
Note on the responsible website operatorThe website operator responsible, according to Art. 4 (7) GDPR, for data processing on this website can be found in the Imprint.
3. Contact to our data-protection officer
We have appointed www.mb-datenschutz.de to serve as our data protection officer. You can address your questions regarding data protection to: firstname.lastname@example.org. For all other inquiries, please use our Contact Form or the following e-mail: email@example.com
3. Data collection on our website:
Server log filesOur website’s provider automatically collects and stores information in the so-called server log files, which your browser automatically transmits to us. The data of the log files include:
• Referring URL (the address of the website you came from.)
• Browser type, version, and language
• The operating system you’re using and its user interface• IP address (anonymized)
• The time of the server request• Http status code—access status
• The amount of data transferred
• The storage period is 7 days
This data is not merged with other data sources.
The legal basis for data processing is Art. 6 Para. 1 (f) of the GDPR, which authorizes the processing of data for optimal presentation and security of the website on the basis of our legitimate interest, except where these interests are overridden by the interests or fundamental rights and freedoms of the data subject.
4. visitor interaction of the website
Contact formWhenever you send us enquiries via the contact form, we will store your details from the contact form, including the contact data you provided, for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass this data on to third parties without your consent.
Processing the data entered in the contact form usually takes place in accordance with Art. 6 Para. 1 (b) of the GDPR (entering into a contract and performance of a contract). Your data remain with us until you request us to delete them or until the purpose for storing the data no longer applies (for example, after your request has been processed—but only if we do not have to comply with any retention periods).
The comment function at this websiteWhen posting comments on this web page, in addition to your comment, the information regarding the time the comment was created, your e-mail address, and, if you do not post anonymously, the user name you have chosen will be stored.
Our comment function stores the IP addresses of users who post comments until the commented content has been completely deleted or until the comments have to be deleted for legal reasons (for example, when comments are offensive). Despite the fact that we review the comments on our site before they are posted, we need this data to be able to take action against the author in the event of legal infringements. According to Art. 6 Para. 1 (f) of the GDPR, the legal basis is our legitimate interest. Should investigating authorities request that we disclose data as a result of comments that violate the law, this is done in compliance with the legal basis of Art. 6 Para. 1 (c), according to which we are subject to the legal obligation to disclose.
Subscribing to commentsAs a user of the site, after registering you can subscribe to comments until you revoke your subscription. Here we use the double opt-in process on the legal basis of Art. 6 Abs. 1 (f)—our legitimate interest. We record the time of your individual registration for verification purposes. You can cancel the subscription to comments at any time, using the link in our info mails. In this case, the data you entered when subscribing to comments will be deleted; however, if you have sent this data to us elsewhere for other purposes (for example, for our newsletter subscription), they will remain with us. The legal basis for the comment subscription is Art. 6 Para. 1 (a). As described, you can revoke your consent at any time.
5 Our Newsletter
You can subscribe to the newsletter on our website (the legal basis for this is Art. 6 Para. 1 (a) of the GDPR) and revoke your subscription later. Data that you make available to us during registration will be used in order to address relevant content to you. We do not share your data with third parties. We store your newsletter data until you unsubscribe from our newsletter; thereafter, your data will no longer be processed for this purpose.
In the registration process, we use the double opt-in procedure in accordance with the legal provisions of Art. 6 Para. 1 (f) of the GDPR (our legitimate interest). We record the time of your individual registration for verification purposes.
If you are already our customer and if we have received your email address in this regard, you will receive our newsletter even without your own registration, in accordance with the legal basis of Art. 6 Para. 1 (f) of the GDPR (our legitimate interest in direct advertising) in conjunction with § 7 Para. 3 UWG (the ‘Law against Unfair Competition’). You can revoke the newsletter subscription at any time via the unsubscribe link in each newsletter.
Also due to our legitimate interest in efficient advertising pursuant to Art. 6 Para. 1 (f) of the GDPR, we analyse our newsletter campaigns by carrying out statistical surveys, which provide us with information on how many recipients have opened the newsletter message and how often each link was clicked in the newsletter. Conversion tracking can also be used to analyse whether a predefined action (for example, the purchase of a product on our website) has taken place after clicking the link in the newsletter. You can only avoid these analyses by unsubscribing from our newsletter.
This website uses the services of MailChimp to send our newsletters. The service provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. MailChimp is a service that can be used to organize and analyse newsletter sending. If you enter data in order to subscribe to our newsletter (for example, your email address), it will be stored on MailChimp’s servers in the USA.MailChimp has been certified in accordance with the “EU-US Privacy Shield”. This “Privacy Shield” is an agreement between the European Union (EU) and the USA that is intended to ensure compliance with European data protection standards in the USA. You can find more information about this here:
With the help of MailChimp, we can analyse our newsletter campaigns. Whenever you open an email sent by MailChimp, a file contained in the e-mail (a so-called web beacon) connects to the servers of MailChimp in the USA. This allows us to determine whether a newsletter message has been opened and which links have been clicked. Moreover, technical information (for example, the time of retrieval, the IP address, the browser type, and the operating system) is recorded. However, this information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of the newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients. If you do not want your data to be analysed by MailChimp, you must unsubscribe from the newsletter. In order to do so, we provide you with an unsubscribe link in every newsletter message. You can also unsubscribe from the newsletter directly on our website.
Data processing is carried out either on the basis of your consent in accordance with Art. 6 Para. 1 (a) of the GDPR, or on the basis of Art. 6 Para. 1 (f) of the GDPR. You can revoke subscriptions to our product information at any time by unsubscribing our newsletter (using the convenient unsubscribe link in each newsletter). The legality of all previous data processing operations remains unaffected by the revocation.
We store your newsletter data until you unsubscribe from our newsletter, whereupon it will no longer be processed for this purpose. You can find more details on MailChimp’s data protection regulations at:https://mailchimp.com/legal/terms
Our data processing agreement
We have reached a “Data Processing Agreement” with MailChimp, whereby MailChimp is obligated to protect our customers’ data and to not share such data with third parties. This contract can be viewed here:https://mailchimp.com/legal/data-processing-addendum/
6. Payment provider
On our website, you can pay for services via PayPal. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereafter “PayPal”).
If you choose to pay using PayPal, the payment details you enter will be sent to PayPal.
The communication of your data to PayPal takes place in accordance with Art. 6 Para. 1 (b) of the GDPR (performance of a contract).
You can also use Klarna’s services for payment on our website. The provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereafter referred to as “Klarna”).
Your data is transmitted to Klarna within the provisions of Art. 6 Para. 1 (b) of the GDPR (performance of a contract).
7. Registration on this website
Registration with Facebook Connect
Rather than registering directly on our website, you can use Facebook Connect to register with us. This service is provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. If you choose to register through Facebook Connect by clicking on the “Login with Facebook” / “Connect with Facebook” button, you will automatically be redirected to the Facebook platform. There you can log in with your user data. This links your Facebook profile to our website and services. The link gives us access to the data stored on Facebook. The data includes above all:
• Your Facebook name
• Your Facebook profile and cover picture
• Your Facebook profile photo
• The email address stored on Facebook• Your Facebook ID
• Your Facebook friend lists• Your Facebook Likes (the “like” information)
• Your birthday
Google Web Fonts
This page uses “Web Fonts” provided by Google in order to ensure that the fonts are displayed uniformly. Whenever you access a page, your browser loads the web fonts required into your browser’s cache in order to display the texts and fonts correctly. These fonts remain stored there for 1 year in order to improve loading times. Moreover, both the administrative effort and error sources for font updates via Google are minimized.To this end, your browser must connect to Google’s servers. This will allow Google to know that your IP address (including browser and system data) has accessed our website. The use of Google Web Fonts is in the interest of offering a uniform and appealing presentation of our online services. This constitutes a legitimate interest within the provisions of Art. 6 Para. 1 (f) of the GDPR.Should your browser not support Web Fonts, a standard font on your computer will be used.
Google MapsOur website uses map material from Google Maps via an API. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.When using the functions of Google Maps, your IP address it shard to a Google server.
Our website uses plugins from the YouTube site operated by Google. The site’s operator is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.
Whenever you visit one of our pages equipped with a YouTube plug-in, no connection is established to YouTube’s servers. This is possible because the video is embedded using “www.youtube-nocookie.com”. However, if you copy the video link and watch the video directly on YouTube, you will leave the “protected” area.
This means that if you are then logged on to your YouTube account, you may enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.YouTube is used in the interest of offering an appealing presentation to our online services. This constitutes a legitimate interest within the provisions of Art. 6 Para. 1 (f ) of the GDPR.
Further information regarding the handling of user data can be found in YouTube’s data protection declaration at: https://www.google.de/intl/de/policies/privacy.
10. Sharing social-media content via plugins (Facebook, Twitter & Co.)
The content on our web pages can be shared on social networks such as Facebook, Twitter & Co. in compliance with data protection regulations. As a rule, you can easily recognize the plugins by their respective social-media logos. In order to share content with social media, this page uses the following tool: ................. This tool establishes direct contact between you and the networks only when you choose to click on one of these buttons. Each click on a social media button constitutes consent within the provisions of Art. 6 Para. 1 (a) of the GDPR.
The tool we use does not automatically transfer your user data to the operators of other platforms. If you are already registered with one of the social networks, an information window will appear when you click on the social-network buttons of Facebook, Twitter & Co., after which you can confirm the sharing of the text before sending it. You can share the contents of this page in social networks in accordance with data protection regulations without divulging your complete surfing profile to its network operators.
Facebook plugins (Like & Share buttons)
Integrated into our pages are plugins of the social network Facebook, whose provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. You will recognize the Facebook plugins by the Facebook logo or the “Like” button on our page. You can find an overview of the Facebook plugins here: https://developers.facebook.com/docs/plugins/.
In order to use these social media functions, they must first be activated by visitors to our website. To achieve this, we have installed the following plugin:https://www.e-recht24.de/erecht24-safe-sharing.html
Only when you activate the respective plugin by clicking on its corresponding button will a direct link to the provider’s server be established (the click implies consent). As soon as you activate the plugin, the respective provider receives the information that you have visited our site with your IP address. If you are logged into your respective social media account at that time, the respective provider can assign your visit to our pages to your user account.
Functions of the service Instagram are integrated into our web pages. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.
To use Instagram’s social media functions, they must first be activated by the visitor to our website. To perform this function, we have installed the following plugin:https://www.e-recht24.de/erecht24-safe-sharing.htmlOnly when you activate the respective plugin by clicking on the corresponding button will a direct connection to the provider’s server be established (implying your consent). As soon as you activate the plugin, the respective provider will receive the information that you have visited our site with your IP address.
Our website uses the functions of the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.To use these social media functions, they must first be activated by the visitor to our website. In order to achieve this, we have installed the following plugin:https://www.e-recht24.de/erecht24-safe-sharing.htmlOnly when you activate the respective plugin by clicking on the corresponding button will a direct connection to the provider’s server be established (implying consent). As soon as you activate the plugin, the respective provider receives the information that you have visited our website with your IP address. If you are logged into your respective social media account at that same time, that respective provider can assign your visit to our web pages to your user account.The next time you access one of our pages that contains XING functions, a connection is established to XING servers. To the best of our knowledge, personal data is not stored. In particular, no IP addresses are stored, nor is the user’s behaviour evaluated.
Our website uses functions of the network LinkedIn. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
On our website we use the plugins of the social network Pinterest, which is operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103-490, USA (“Pinterest”).
In order to use their social media functions, they must first be activated by the visitor. To perform this task, we have installed the following plugin:https://www.e-recht24.de/erecht24-safe-sharing.htmlOnly when you activate the respective plugin by clicking on the corresponding button will a direct connection to the provider’s server be established (implying consent).
11. Company pages in social media
The goals of our webpage at https://www.facebook.com/kpmhotel are:
• facilitating the direct contact to our online visitors with the aim of customer acquisition and retention, and with the use of associated services of modern communication channels,
• publicizing information about our posts and offers,
• obtaining statistical analyses for our own market-research purposes.
According to Art. 6 Para. 1 (f) of the GDPR, the use of this social media channel is within our legitimate interest. Nevertheless, it is important for us to inform you, as far as possible, and transparently, about aspects relevant to data protection, for which we are actively co-responsible.
12. What rights do you have under the EU’s GDPR?
The aim of the EU-GDPR is to ensure that you, as the person affected, have the greatest possible control over your personal data. All data that can be directly or indirectly related to you as a person is regarded as personal data. In order for you to exercise effective control over your data, you have the following rights vis-à-vis us:
• the right to be informed according to Article 15 of the EU-GDPR, • the right to rectification under Article 16 of the EU Block Exemption Regulation, • the right to cancellation under Article 17 of the EU Block Exemption Regulation, • the right to restrict processing under Article 18 of the EU Block Exemption Regulation • the right to object under Article 21 of the EU Block Exemption Regulation.
Moreover, you have the right to appeal to a data-protection supervisory authority pursuant to Article 77 of the EU-GDPR if you are of the opinion that we are processing your data unlawfully. You can find out how to address your complaints to data-protection authorities here:https://www.bfdi.bund.de/EN/DataProtection/Subjects/Complaints/Complaints.html
The right to data transfer pursuant to Art. 20 is only relevant when you visit our website if you yourself create a profile (for example, an applicant profile, a member profile, etc.) or if you enter relevant information about yourself.http://kpmhotel.de/datenschutz.html.
13. Analytics tools and advertising
Google AnalyticsThis website uses the services of Google Analytics to analyse web traffic. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The analysis of website usage includes aspects of “location,” “internet browser”, “orders,” “movement behaviour,” “previous website,” and the “time of server request.” Google Analytics stores “cookies” with random client ID in your Internet browser for this purpose. This allows you to be recognised again when you return to our website, and advertising measures can be optimised in your interest. The information generated by the cookie about your use of this website will generally be transmitted to a Google server in Ireland, and possibly the USA, and stored there for 26 months. Google Analytics cookies are stored on the basis of Art. 6 Para. 1 (f) of the GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise its services and advertising. An anonymized evaluation is carried out using randomly generated pseudonymous client IDs. Google Analytics is subject to the “EU-US Privacy Shield”. See also:https://support.google.com/analytics/answer/7105316?hl=en.
IP AnonymizationWe have activated the IP anonymization function on this website. This will cause Google to abbreviate your IP address within member states of the European Union or within other states that are signatories to the Agreement in the European Economic Area before it is transmitted to the United States. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics is not aggregated with other data from Google.
Opting out of data collectionYou can prevent Google Analytics from collecting your data by clicking on the following link: https://tools.google.com/dlpage/gaoptout?hl=en. An opt-out cookie is stored that prevents the collection of your data on future visits to this website. In order to opt out on mobile devices, please use the following link: (own opt-out link)
Processing ordersWe have concluded a contract with Google for processing order data that fully implements the strict requirements of the German data protection authorities when using Google Analytics.
Demographic characteristics of Google Analytics
This website uses the function “demographic features” of Google Analytics. This function generates reports that contain information about the age, gender and interests of site visitors. The data comes from Google’s interest-related advertising and visitor data from third parties. This information cannot be associated with any specific individual. You can deactivate this function at any time via the ad settings in your Google Account or generally prohibit Google Analytics from collecting your data as described under “Opting out of data collection.”
Google Adwords — Conversion TrackingTo improve goal-driven navigation (“short advertising paths”) of our website, we carry out “conversion tracking.” The legal basis for this is a justified interest in the analysis of user behaviour (movement behaviour) in order to optimise both our website and our advertising. “Conversion cookies” are stored on the basis of Art. 6 Para. 1 (f) of the GDPR. Cookies are small text files that your Internet browser stores on your computer. These cookies lose their validity after 30 days and do not serve to personally identify the user.
Google Tag ManagerThis website uses the Google Tag Manager: a service for collecting and forwarding data (but not personal data) to Google Analytics of Google Inc. (“Google”). The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.Google Tag Manager uses “code snippets” that are integrated into the website. The tag manager makes it possible, for example, to offer a Google Analytics opt-out link for the website visitor. We mention this service here for reasons of transparency.
Information for hotel guests
Information regarding data protection and the collection of personal data while you are staying at our hotel, including your booking
Dear hotel guest, dear prospective customer:
With the advent of the European General Data Protection Regulation (EU-GDPR), new information duties are imposed on us, the person responsible for the data processing of personal data. According to Art. 13 and 14 of the EU-GDPR, we duly inform you of the following
KPM Hotel & Residences GmbH, Englische Straße 6, 10587 Berlin, represented by the Managing Director Tobias Berghäuser
Data Protection Officer:
firstname.lastname@example.org www.mb-datenschutz.deThe legal basis for the processing of your data:
• EU-GDPR Art. 6 Para. 1 (a) allows us to process your data on the basis of your consent for certain purposes such as, for example, the subscription to our newsletter
• EU-GDPR Art. 6 Para. 1 (b) covers the data processing required for the performance of a contract as well as for entering into a contract.
• EU-GDPR Art. 6 Para. 1 (c) allows us to process your data on the basis of legal obligation, such as the obligation to store data under financial and tax law.
• Art. 6 Para. 1 (f) of the EU-GDPR allows us to process your personal data if we or a third party have a legitimate interest in this processing and insofar as your interests, fundamental rights or fundamental freedoms are not in conflict, such as, for example:
your preferences during your stay at our hotel (e.g.: certain room categories)• Prevention of damage and/or liability of the company through appropriate measures• Assertion, exercise or defence of legal claims• Video surveillance in exercise of our householder rights
Duration of data storage:
Generally, your personal data will be deleted after the purpose for which the data processing was undertaken has ceased to apply and the statutory retention periods have expired. As a rule, companies have 6- or 10-year retention obligations.
If the storage is based on your consent, we will delete your personal data if you revoke your consent.
Recipients of your personal data:
At our company, only the employees who need to have access to your personal data in order to fulfil their tasks are given access to this data to the extent necessary.
External service providers can receive your data to fulfil their described purposes if they fulfil the data protection confidentiality requirements. This may be the case, for example, for companies in the categories: IT services, printing and shipping services, market research companies, call centres, logistics companies, and data erasure. These service providers are so-called AV service providers (contract processors) who are particularly contractually bound by legal requirements.
Banking/banking service providers
Service providers for credit assessment
Public social insurance institutions and tax offices receive your personal data within the framework of social insurance and tax contributions.
Your data will not be sent outside the EU/EEA.
Data that we receive about you from others:
Your data protection rights:
You have the right to informational access under Article 15 of the EU-GDPR, the right to rectification under Article 16 of the EU-GDPR, the right to erasure of your data under Article 17 of the EU-GDPR, the right to restriction of the processing of your data under Article 18 of the EU-GDPR, and the right to object under Article 21 of the EU-GDPR. In addition, you have the right to right to lodge a complaint with a supervisory authority pursuant to Article 77 of the EU-GDPR.http://kpmhotel.de/datenschutz.html
Information for job applicants
Data protection informationregarding the collection of personal dataas part of applicant management
With the advent of European General Data Protection Regulation (EU-GDPR) we, as the party responsible for the processing of personal data, are obliged to provide the following information.
According to Art. 13 & 14 of the EU-GDPR we would like to inform you about the following points:
The responsible party:
KPM Hotel & Residences GmbH, Englische Straße 6, 10587 Berlin, represented by the Managing Director Tobias Berghäuser
Data protection officer/contact person:
Purposes for processing your personal data:
Legal basis for the processing of personal data:
§ 26 BDSG (1) covers data processing that is necessary for the establishment, execution and termination of an employment relationship as well as for the detection of criminal offences in the employment relationship.
§ 26 BDSG (2) allows us to process your data on the basis of your voluntary—and, in future, revocable—written consent, which does not result in any disadvantages for you in our employment relationship. This includes, for example, adding your application documents to our applicant pool.
§ 26 BDSG (3) allows us to process your sensitive data (for example, health data, trade union membership) if it is necessary in order to exercise our rights or fulfil our legal obligations under labour law, social security law, and social protection law, insofar as this does not conflict with your interests, which are deemed worthy of protection.
Art. 6 Para. 1 (f) of the EU-GDPR allows us to process your personal data if we or a third party have a legitimate interest in this processing and your interests, fundamental rights or fundamental freedoms do not conflict with it, such as, for example:
• Video surveillance of our company premises to protect our domestic rights,
• Assertion, exercise or defence of legal claims.
Duration of data storage:
Generally, your personal data will be deleted after the purpose for processing such data has ceased to apply and the statutory retention periods have expired. As a rule, companies have a 6- to 10-year storage obligation (assuming consent).
Application documents will be deleted 6 months after rejection at the latest.
If the storage of your data takes place on the basis of your consent, we will delete your personal data if you revoke your consent.
Recipient of your personal data:
In our company, only the employees who need to have access to your personal data in order to fulfil their tasks will be given access to this data to the extent necessary.
Service providers can receive your data to fulfil the described purposes if they fulfil the data protection confidentiality requirements. In this case, this is the applicant portal operator.
Public social insurance institutions and tax offices receive your personal data as part of social insurance and tax contributions.
Your data will not be passed on outside the EU/EEA.
Data that we receive about you from third parties:
In the event that you have been referred to us by a personnel service provider as a potential employee, we will receive your application documents from them.
Your data protection rights:
You have the right of access pursuant to Article 15 of the EU-GDPR, the right to rectification pursuant to Article 16 of the EU-GDPR, the right to erasure pursuant to Article 17 of the EU-GDPR, the right to restriction of processing pursuant to Article 18 of the EU-GDPR, the right of data portability pursuant to Article 20 of the EU-GDPR, and the right to object pursuant to Article 21 of the EU-GDPR. In addition, you have the right to lodge a complaint with a supervisory authority pursuant to Article 77 of the EU-GDPR.