Information on Data Protection
1. We take privacy seriously
Personal data is data about you. This data includes for example your name, address and email address.
The protection of your privacy when processing personal data is important to us. By default, when you visit our website, our web servers store the IP address of your Internet service provider, the website from which you visit us, the websites you visit, the date and duration of the visit. This information is mandatory for the technical transfer of websites and secure server operation. A personalized evaluation of this data does not take place.
2. Responsible body
Design Hotels AG
Stralauer Allee 2c
Phone: +49 (0) 30 884 940 000
Represented by: Peter Cole
3. Data protection officer
Design Hotels AG
Data Protection Officer
Stralauer Allee 2c
You do not have to expose any personal information in order to visit our website, except your IP address. In some cases we need your name and address as well as further information to offer you the desired service.
The same applies in the event that we supply you with information material on request or if we answer your inquiries. In these cases we will always point this out to you. In addition, we only store the data that you have sent to us automatically or voluntarily.
When you use one of our services, we usually only collect the data necessary to provide our service. We may ask you for more information, which is voluntary in nature. Whenever we process personal information, we do so to provide you with our service or to pursue our commercial goals.
The legal basis is Art. 13 para 1 lit (a) or (b) GDPR.
5. For what purposes do we use personal data and on which legal basis do we process?
5.1 Mandatory data
If you want to make a booking through our site or if you want to apply with us, you have to provide certain data within the scope of the contract to be concluded. In any other context, the provision of personal data is neither required by law nor by contract, nor are you required to provide personal information. However, the provision of personal data for the use of our services may also be partially required within the services we provide. In other words, if you do not provide us with the information, we specify to be necessary, we may not be able to provide you with the full scope of services. When you visit our website, we store certain information for administrative and technical reasons.
5.2 DESIGN HOTELS™ COMMUNITY MEMBERSHIP
You can register an account for the Design Hotels™ Community which will provide you various benefits. In this context and for your registration of such an account we will process personal data under a contract. The legal basis is Art. 13 para 1 lit. (b) GDPR. Our purpose is to fulfil this contract. When you register for such an account we will initially ask for your email address, to which a welcome email is sent to verify said email address and activate the account; after activation you are able to log in and provide further personal data voluntarily under “profile settings”. If you provide additional voluntary personal data, it will be used to prefill the personal details form upon making a booking, and/or be used to provide you with more refined topics in our communications, should you have opted in to any of our newsletters.
5.3 Hotel Bookings
If you make a booking via Design Hotels™, personal data such as full name, address and credit card details are required in order to process the booking(s) – required data is explicitly indicated during the booking process. We will process such data under the contract we enter with you. Obligatory and additional voluntarily submitted data – the extent of which can be extracted from the personal information form – is transferred to the respective member hotel for the arrangement of the contractual relationship. With each booking on designhotels.com the indicated email address will be automatically registered with an account that stores the booking, as well as the given email address, full name and address provided during the booking. In order to access the account, it must be activated by following the instructions of the welcome email (see paragraph above, “DESIGN HOTELS™ COMMUNITY MEMBERSHIP”). Our purpose is to fulfil this contract. The legal basis is Art. 13 para 1 lit. (b) GDPR.
When making a booking with Design Hotels™, as part of our contract with you, the required data needed to fulfil the accommodation contract is forwarded by Design Hotels™ to the individual contract partners, i.e. the member hotel(s). Your bookings will be recorded for the purpose of making the specific information accessible to you and the statistic information available to Design Hotels™. The processing is necessary for the purposes of the legitimate interests. Our interest is to provide relevant offers to our Community and to improve the user experience on Designhotels.com.
With your prior consent we send you newsletters for a term until you opt out or we terminate sending newsletters to you. We use the so-called double opt-in procedure, which means that we will only send you a newsletter by e-mail if you have previously explicitly confirmed to us that we should activate your account, where you can set the newsletter preferences. We will then send you a notification e-mail asking you to confirm that you wish to receive our newsletter by clicking on a link in this e-mail. When you sign up for our newsletter, we store your IP address and the date of registration. This storage alone serves as proof in the event that a third party misuses your e-mail address without your knowledge or your authorization to sign up for the newsletter. The purpose of newsletter send-outs is to inform Community members about updates and relevant offers. The legal basis is your consent, Art. 13 para 1 lit. (a) GDPR.
If we have obtained your email address from you in connection with the sale of goods or services, we may, under a legitimate interest based on Art. 6 para 1 lit. f) GDPR, promote our services and therefore use your email address to send you newsletters to advertise own similar goods or services if you have not objected to such use.
If you no longer wish to receive newsletters from us later, you can object to them at any time without incurring any costs other than the transmission costs according to the basic rates.
5.5 Website technologies and tracking
When you visit our website, we may store information on your computer in the form of cookies. Cookies are small files that are transferred from an Internet server to your browser and stored on its hard disk. This information, which is stored in the cookies, allows us to automatically recognize you the next time you visit our website, which will facilitate your use of the same.
5.5.2 Auto Log in
If you choose to stay logged in on our website, we will store your login information in a cookie on your computer so that you do not have to authenticate upon return to our website but will be automatically logged in ("auto log in"). The cookie and thereby the auto log in expires automatically after 60 days.
We use technology of ADFORM (Hovedvagtsgade 6, 1103 Kopenhagen, Danmark). In this context a cookie is stored on your computer as part of so called conversion tracking, if you have clicked on an ad from or have accessed our website through an ad. This allows us to analyse the behaviour of users on our website, that have accessed our website through ads, in order to adapt our ads and the website to user needs. You will find more information about adform and can opt out from the collection of data by Adform at: http://site.adform.com/privacy-policy/en/.
On our website we use different services provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043 USA, hereafter "Google".
Google is Privacy Shield certified and thus an adequate level of protection exists according to the Implementing Decision of the Commission (EU) 2016/1250 (http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016D1250&from=DE). The certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
22.214.171.124 Google Tag Manager
126.96.36.199 Google Analytics with anonymization function
We use Google Analytics, a web analytics service provided by Google. Hereby cookies are stored on your computer and thereby allow an analysis of the use of the website by you.
We use Google Analytics on our website with the addition "_gat. anonymizeIp". In this case, your IP address will already be shortened and thus anonymised by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.
Google will use this information to evaluate your use of our site, to compile reports on our website activity, and to provide other services related to website activity and internet usage. Google may also transfer this information to third parties if required by law or as far as third parties process this data on behalf of Google.
If you've consented to Google linking your web and app browsing history to your Google Account and using information from your Google Account to personalize your ads, Google will use your data with Google Analytics data to provide audience lists to create cross-device remarketing. To do this, Google Analytics will initially track your Google-authenticated ID associated with your Google Account (that is, personally identifiable information) on our website. Afterwards, Google Analytics will temporarily link your ID with your Google Analytics data to optimize our audiences.
If you do not agree, you can opt-out of this through the "My Account" section of your Google Account.
188.8.131.52 Google Remarketing
This website uses the Google Remarketing feature. The feature is designed to present interest-based ads to web page visitors within the Google Network. The technology allows us to post automatically generated, targeted ads after you visit our website. The advertisements are based on the products and services you clicked on the last visit to our website. For this purpose, a cookie is stored in the browser of the website visitor, which makes it possible to recognize the visitor when he calls web pages belonging to the advertising network of Google. Google usually stores information such as your web request, IP address, browser type, browser language, and the date and time of your request. This information is used to associate the web browser with a particular computer. On the pages of the Google Network, advertisers can then be presented with ads related to content that the visitor previously viewed on web pages that use Google's remarketing feature.
If you visited https://www.google.com/settings/u/0/ads/authenticated you agree to linking your browsing history of Google with your Google Account, and information from your Google Account is used for ad personalization, as well as the remarketing feature across devices. Google collects your Google ID and uses it for cross-device discovery.
According to Google's own account, Google does not collect any personal data during this process. However, if you do not wish to use Google Remarketing, you can disable it by following Google ads settings here: https://adssettings.google.com/authenticated.
You can also prevent the storage of cookies by setting your browser software accordingly; however, we point out that in this case you may not be able to use all functions of this website in full.
184.108.40.206 Google SiteSearch (Google AJAX Search API)
220.127.116.11 Google Googleadservices / Google AdWords Conversion
If you would like to know more about these methods, or if you would like to know what you can do to prevent this information from being used by Google, click here: https://www.google.com/settings/u/0/ads/authenticated.
5.5.5 New Relic
If you are a member of New Relic and you do not want New Relic to collect information about you on our sites in order to associate it with your member data stored on New Relic, you must log out of New Relic before visiting our pages. You can also prevent data transfer by clicking on Opt-Out.
NewRelic is Privacy Shield certified and thus an adequate level of protection exists according to the Implementing Decision of the Commission (EU) 2016/1250 (http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016D1250&from=DE). The certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt0000000TNPiAAO&status=Active.
5.5.6 Microsoft Bing Ads
On our pages, we use conversion tracking from the Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft Bing Ads places a cookie on your computer if you have accessed our website via a Microsoft Bing ad. Microsoft Bing aswell as ourselves can thus recognize that someone clicked on an ad, was redirected to our website and reached a previously determined landing page (conversion page). We only get to know the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No personal information about the identity of the user is given.
If you do not want information about your behavior to be used by Microsoft as explained above, you can refuse the necessary setting of a cookie - for example, via a browser setting that generally disables the automatic setting of cookies. In addition, you may prevent the collection of data generated by the cookie and related to your use of the website as well as the processing of this data by Microsoft by using the following link: http://choice.microsoft.com/de-DE/opt-out and objecting to the use of these cookies. For more information about privacy and cookies used by Microsoft and Bing Ads, visit the Microsoft Web site at https://privacy.microsoft.com/de-de/privacystatement.
Microsoft is Privacy Shield certified and thus an adequate level of protection exists according to the Implementing Decision of the Commission (EU) 2016/1250 (http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016D1250&from=DE). The certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active.
On our website we use different services provided by Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA ("Facebook").
Facebook is Privacy Shield certified and thus an adequate level of protection exists according to the Implementing Decision of the Commission (EU) 2016/1250 (http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016D1250&from=DE). The certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
18.104.22.168 Facebook Social Plugins
Our website uses social plugins ("plugins") provided by Facebook. The plugins are marked with a Facebook logo or the addition "Facebook Social Plugin".
If you visit a part of our website that contains such a plugin, your browser establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser and through it incorporated into the website.
By integrating the plugins Facebook receives the information that you have accessed the corresponding page of our website. If you are logged in to Facebook, Facebook can assign the visit to your Facebook account. If you interact with the plugins, for example, press the "Like" button or leave a comment, the corresponding information is transmitted from your browser directly to Facebook and stored there.
22.214.171.124 Facebook Impressions
In this context we use the function Facebook Impressions. Through this feature information about the frequency with which a post of our site is displayed is gathered. Here the frequency of the page views is recorded by the visitors of our website.
The information generated by these cookies, such as time, location and frequency of your website visit, including your IP address, will be transferred to the Facebook servers in the United States.
126.96.36.199 Facebook Custom Audiences Pixels
To promote interest-based advertisements to visitors to our website while visiting Facebook, we use Custom Audiences Pixel from Facebook. It connects to the Facebook servers when visiting our website. The information that you have visited our website is transmitted to the Facebook server and Facebook assigns this information to your personal Facebook user account.
This website uses Mouseflow, a web analytics tool of Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark, to collect randomly selected individual visits (using an anonymous IP address only). The mouse movements, mouse clicks and keyboard interactions are logged at random, along with the intention of individual visits to this site as so-called session replays to reproduce and evaluate the so-called heat maps and determine potential improvements for this site. The data collected by Mouseflow are non-personal and will not be disclosed to third parties. The storage and processing of the collected data takes place within the EU. If you do not want to be tracked by Mouseflow on any websites using this cookie, you may object to this at the following link: https://mouseflow.de/opt-out/
6. Who will receive personal data?
As explained above we will share your personal data with the hotels if you make a booking and we will use external parties as data processors as explained in section 5.5 Website technologies and tracking. We will also use the following data processors:
• Dailypoint, provided by Toedt, Dr. Selk & Coll. GmbH, Augustenstraße 79, 80333 Munich for the purposes of customer relationship management and the sending of emails.
• Emarsys Interactive Services GmbH, Stralauer Platz 34, 10243 Berlin, Germany for the purposes of customer relationship management and the sending of emails.
• A reservation system for bookings provided by Sabre GLBL Inc., 3150 Sabre Drive, Southlake, TX 76092 USA, whom we have entered a contract under the standard contractual clauses (https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087&from=EN) with, that guarantees an adequate level of data protection.
• GetWebCraft Limited, Klimentos 41-43, Klimentos Tower, Flat/Office 25, 1061, Nicosia, Cyprus, operating as getsidecontrol, who provide smart widgets for website optimization.
• Squarespace, Inc., 225 Varick Street, 12th Floor, New York, New York 10014, USA for ecommerce purposes, Squarespace is Privacy Shield certified and thus an adequate level of protection exists according to the Implementing Decision of the Commission (EU) 2016/1250 (http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016D1250&from=DE). The certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt0000000GnjcAAC&status=Active.
• Stripe, Inc., California, 185 Berry Street, Suite 550, San Francisco, California 94107, USA that is used by Squarespace for payment services. Stripe is Privacy Shield certified and thus an adequate level of protection exists according to the Implementing Decision of the Commission (EU) 2016/1250 (http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016D1250&from=DE). The certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt0000000TQOUAA4&status=Active.
Accordingly, these may receive personal data.
7. Rights of the individuals affected
Every person affected has the right of access according to Art. 15 GDPR, the right to rectification according to Art. 16 GDPR, the right to erasure according to Article 17 GDPR, the right to restriction of processing according to GDPR Art. 18, the right to object from Art. 21 GDPR, as well as the right to data portability from Art. 20 GDPR. In case of the right of access and the right to erasure, restrictions apply pursuant to § 34 and 35 BDSG.
Furthermore, you have the right to complain to the responsible data-protection supervisory authority about the processing of your personal data by us.
You can withdraw any consent to the processing of personal data at any time with respect to us. This also applies for the revocation of consent declarations which have been made before the validity of the basic data protection regulation (before 25th May 2018) with respect to us. Please note that the withdrawal effects the future. Any processing implemented prior to the withdrawal is not affected by this.
In accordance with Art. 21 Sect. 2 GDPR, you have the right to make an objection at any time to the processing of personal data concerning you. In case of your objection to processing for purposes of direct advertising, we will not process your personal data for these objectives any longer. Please note that the objection comes into effect for the future only. Any processing implemented prior to the objection is not affected by this.
As far as we base the processing of your personal data on a weighting of interests, you can make an objection to the processing. In case of the exercise of such an objection, we request that you explain the reasons why we should not process your personal data as described. In case of your reasonable objection, we check the state of affairs and will either cease or adapt the data processing, or explain to you our compelling reasons worth being protected.