1. We take privacy seriously
The protection of your privacy when processing personal data is important to us. In the following, we therefore inform you about the details of the processing of your personal data and your related rights.
By default, when you visit our website, our web servers store the IP address of your internet service provider, the website from which you visit us, the websites you visit, the date and duration of the visit. This information is mandatory for the technical transfer of websites and secure server operation. A personalized evaluation of this data does not take place.
2. Data Controller and data Protection Officer
For all processing activities of your personal data in connection with the use of this website (except for hotel bookings and cancellations as pointed out under No. 4.5 below), we are a "data controller" within the meaning of Art. 4 No. 7 GDPR. In relation to hotel bookings and cancellations, we collect your personal data as a “processor” within the meaning of Art. 4 No. 8 GDPR on behalf of the respective member hotels which act as “data controllers”.
You can contact us as follows:
Design Hotels GmbH
Stralauer Allee 2c
10245 Berlin, Germany
Tel: +49 (0) 30 884 940 000
Email: [email protected]
Legal representative: Jennifer Benzaquen, Michel Miserez
You can contact our Data Protection Officer as follows:
BDO Legal Rechtsanwaltsgesellschaft mbH
T: +49 40 30293-945
F: +49 40 30293-331
3. Type and scope of data processing
3.1 Server log files
You can browse our website without having to provide any personal data. We only store the following types of access data in so-called server log files, such as:
The IP address can be regarded as personal data, since, under certain conditions and with additional information provided by the respective Internet service provider, it allows to obtain the identity of the subscriber of the Internet connection.
The data within the server log files is used by us exclusively to ensure the smooth operation of the website for which we have a legitimate interest in the sense of Art. 6 para. 1 lit. f) GDPR. Your IP address will be deleted within 26 months.
3.2 Inquiries by you
We offer you the opportunity to contact us by email. In this case, we process the personal data you voluntarily provide to us when contacting us which includes at least your email address. We will only process these data for the correspondence with you and for the purpose for which you have given us the data in the course of this communication, such as to contact you at your request. In this case, processing takes place on the basis of your consent in the sense of Art. 6 para. 1 lit. a) GDPR. Insofar as processing is necessary for the performance of a contract to which you are party or in order to take, at your request, steps prior to entering into a contract, processing is based on Art. 6 para. 1 lit. b) GDPR. After completing your request, your data will be erased in compliance with statutory retention periods, unless you have explicitly consented to a further use of your data or we have a right to store your data otherwise.
4. For what purposes do we use personal data and on which legal basis do we process?
4.1 Mandatory data
If you want to make a booking through our site or if you want to apply with us, you have to provide certain data within the scope of the contract to be concluded. In any other context, the provision of personal data is neither required by law nor by contract, nor are you required to provide personal information. However, the provision of personal data for the use of our services may also be partially required within the services we provide. In other words, if you do not provide us with the information, we specify to be necessary, we may not be able to provide you with the full scope of services. When you visit our website, we store certain information for administrative and technical reasons.
On our website, you can subscribe to our email newsletter. In this case, we process the following data from:
The e-mail address is required to send you our newsletter, the legal basis for the processing therefore stems from your consent, Art. 6 para. 1 lit. a) GDPR. Regarding the other types of data, we have a legitimate interest to document your granting of consent to receive the newsletter in order to be able to prove this in case of doubt, Art. 6 para 1 lit. f) GDPR. In order to obtain your consent, we use the so-called double opt-in procedure, which means that we will only send you a newsletter by email if you have previously explicitly confirmed to us that we should activate your account. After entering your email address into the input mask, we will send you a notification email asking you to confirm that you wish to receive our newsletter by clicking on a link in this email.
Alternatively, we may send you our newsletter, if
We will send you newsletters for an indefinite period of time until you unsubscribe, or we decide to stop sending newsletters to you. If you no longer wish to receive newsletters from us, you can object to them at any time without costs arising by virtue thereof, other than transmission costs pursuant to the basic rates.
4.3 Design Hotels Community membership
You can register an account for the Design Hotels Community which will provide you various benefits. When you register for such an account, we will initially ask for your email address, to which a welcome email is sent to verify said email address and activate the account. The legal basis is Art. 6 para. 1 lit. b) GDPR.
After activation you are able to log in and provide further personal data voluntarily under “profile settings”. If you provide additional voluntary personal data, it will be used to prefill the personal details form upon making a booking, and/or be used to provide you with more refined topics in our communications, should you have opted in to any of our newsletters. The legal basis in these cases is Art. 6 para. 1 lit. a) GDPR.
We will store your data as long as you have an active Design Hotels Community Membership. When you cancel your membership, we will store your data in accordance with statutory retention periods and erase it afterwards unless you have explicitly consented to a further use of your data or we have a right to store your data otherwise.
4.4 Design Hotels Pro
You can additionally register an account for the Design Hotels Pro – The Portal for Travel Professionals. When you register for such an account, we will ask for the following data:
The legal basis is Art. 6 para. 1 lit. b) GDPR.
We will store your data as long as you have an active Design Hotels Pro Membership. When you cancel your membership, we will store your data in accordance with statutory retention periods and erase it afterwards unless you have explicitly consented to a further use of your data or we have a right to store your data otherwise.
4.5 Hotel bookings and cancellations
You can book a hotel stay in our member hotels via our website. In this case, we process the following data:
These data are collected on behalf of our member hotels and transferred via our reservation system to the respective hotel for the arrangement of the contractual relationship.
In case you cancel your booking, we will process above data.
4.6 Guest profiles
Should you wish so, with each booking on our website, the indicated email address and the associated booking information will be automatically registered with an account that stores the booking, such as the given email address, full name, and address provided during the booking (see previous paragraph for more details). In order to access the account, it must be activated by following the instructions of the welcome email (see paragraph above, “Design Hotels Community Membership”). In any case, the legal basis is Art. 6 para 1 lit. b) GDPR.
Your bookings will be recorded for the purpose of making the specific information accessible to you and the statistic information available to us. This is necessary due to our legitimate interests of providing relevant offers to our customers and improving the user experience of our website, Art. 6 para. 1 lit. f) GDPR.
We will store such data in accordance with statutory retention periods.
4.7 Website and newsletter personalisation
We aim for the best user experience on designhotels.com. Therefore, when you register to our newsletter, Design Hotels Community, Further, or Design Hotels Pro – The Portal for Travel Professionals, we will personalize content based on what pages you visit to show you the information that interests you the most. We will not create a personalised user profile. The underlying data is anonymised.
4.8 Application as member hotel
You can submit an application to become a member hotel via our website. In this case, we ask for the following data:
The legal basis is Art. 6 para. 1 lit. a) GDPR.
The data will only be used to decide whether to accept your hotel into our membership portfolio. It will be forwarded internally only to the responsible contact persons who will decide on the admission. All data will be erased in accordance with statutory retention periods erased, unless you have explicitly consented to a further use of your data or we have a right to store your data otherwise.
By using our online shop, we process the following data:
We disclose these data to third parties only in the context of extradition, payment, or in the context of legal permissions and obligations.
Possible categories of recipients are
The data will only be processed to countries outside the EU/EEA, if necessary, for the performance of the contract. Where data are processed to a third country, we make sure that there exists an adequacy decision by the Commission or appropriate or suitable safeguards in the sense of Art. 46, 47 GDPR or derogations in the sense of Art. 49 GDPR or inform you otherwise in this Policy.
Processing is for the purpose of providing our contractual services, billing, delivery and customer care. The legal basis derives from Art. 6 para. 1 lit. b) GDPR as far as execution of order transaction is concerned and from Art. 6 para. 1 lit. c) as far as retention periods are concerned.
All data will be erased in accordance with statutory retention periods erased, unless you have explicitly consented to a further use of your data or we have a right to store your data otherwise.
4.10 Applicants data
In the event that you apply for a job via our website, you first need to register with an account. We collect the following data:
You may additionally add you LinkedIn or Xing profile and other documents.
Your data will only be used for the decision on whether to establish an employment relationship with you. It will be forwarded internally to the responsible contact persons only who will decide on the staffing of the position you are interest in. In case you do not apply for a specific vacancy, we will use your data with regard to all positions vacant at the moment of your application that meet your requirements.
The legal basis for the processing is Art. 88 GDPR in conjunction with section 26 para. 1 German Federal Data Protection Act.
We will erase your data after completion of the application process upon expiry of a six months retention period.
4.11 Website technology and tracking
4.12.1 Auto Log in
If you choose to stay logged in on our website, we will store your login information in a cookie on your computer so that you do not have to authenticate upon return to our website but will be automatically logged in ("auto log in"). The cookie and thereby the auto log in expire automatically after 60 days.
We use technology of ADFORM (Hovedvagtsgade 6, 1103 Kopenhagen, Danmark). In this context a cookie is stored on your computer as part of so called conversion tracking, if you have clicked on an ad from or have accessed our website through an ad. This allows us to analyse the behaviour of users on our website, that have accessed our website through ads, in order to adapt our ads and the website to user needs. You will find more information about adform and can opt out from the collection of data by Adform at: https://site.adform.com/privacy-policy/en/.
On our website we use different services provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043 USA, hereafter "Google".
Google is Privacy Shield certified and thus an adequate level of protection exists according to the Implementing Decision of the Commission (EU) 2016/1250 (https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016D1250&from=EN). The certification can be viewed at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
188.8.131.52 Google Tag Manager
184.108.40.206 Google Analytics with anonymization function
Your IP address will not be merged with other data provided by Google. You can prevent the storage of cookies in your browser settings. You can also prevent the storage of cookies by installing a browser plug-in which can be downloaded here: https://tools.google.com/dlpage/gaoptout?hl=en.
Your personal data will be erased after 26 months. If you do not agree, you can opt-out of this through the "My Account" section of your Google Account.
220.127.116.11 Google Remarketing
This website uses the Google Remarketing feature. The feature is designed to present interest-based ads to web page visitors within the Google Network. The technology allows us to post automatically generated, targeted ads after you visit our website. The advertisements are based on the products and services you clicked on the last visit to our website. For this purpose, a cookie is stored in the browser of the website visitor, which makes it possible to recognize the visitor when he calls web pages belonging to the advertising network of Google. Google usually stores information such as your web request, IP address, browser type, browser language, and the date and time of your request. This information is used to associate the web browser with a particular computer. On the pages of the Google Network, advertisers can then be presented with ads related to content that the visitor previously viewed on web pages that use Google's remarketing feature.
If you visited https://www.google.com/settings/u/0/ads/authenticated you agree to linking your browsing history of Google with your Google Account, and information from your Google Account is used for ad personalization, as well as the remarketing feature across devices. Google collects your Google ID and uses it for cross-device discovery.
If you do not wish to use Google Remarketing, you can disable it by following Google ads settings here: https://adssettings.google.com/authenticated.
18.104.22.168 Google SiteSearch (Google AJAX Search API)
22.214.171.124 Google Googleadservices / Google AdWords Conversion
4.12.4 Microsoft Bing Ads
On our website, we use the conversion and tracking tool "Bing Ads" of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft is certified under the Privacy Shield Agreement, which is why it guarantees to comply with European data protection law. Microsoft Bing Ads places a cookie on your device if you have accessed our website via a Microsoft Bing ad. Microsoft Bing as well as we can thus recognize that someone clicked on an ad, was redirected to our website and reached a previously determined landing page (conversion page). We only get to know the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No personal information about the identity of the user will be shared. If you do not want information about your behaviour to be used by Microsoft as explained above, you can refuse the cookies in your browser settings. In addition, you may prevent the collection of data generated by the cookie and related to your use of the website as well as the processing of this data by Microsoft by using the following link: http://choice.microsoft.com/en-EN/opt-out and objecting to the use of these cookies. For more information about privacy and cookies used by Microsoft and Bing Ads, visit the Microsoft Web site at https://privacy.microsoft.com/en-us/privacystatement.
126.96.36.199 Facebook Impressions
In this context we use the function Facebook Impressions. Through this feature information about the frequency with which a post of our site is displayed is gathered. Here the frequency of the page views is recorded by the visitors of our website. The information generated by these cookies, such as time, location and frequency of your website visit, including your IP address, will be transferred to the Facebook servers in the United States.
188.8.131.52 Facebook Custom Audiences Pixels
To promote interest-based advertisements to visitors to our website while visiting Facebook, we use Custom Audiences Pixel from Facebook. It connects to the Facebook servers when visiting our website. The information that you have visited our website is transmitted to the Facebook server and Facebook assigns this information to your personal Facebook user account.
4.12.6 Microsoft Clarity
This website uses Microsoft Clarify, a web analytics tool of Microsoft Corporation , One Microsoft Way, Redmond, WA 98052, U.S.A, to collect individual visits (using an anonymous IP address only). The mouse movements and mouse clicks are logged, along with the intention of individual visits to this site as so-called session replays to reproduce and evaluate the so-called heat maps and determine potential improvements for this site. The data collected by Microsoft Corporation are non-personal and will not be disclosed to third parties outside the Microsoft network. For more information about the features of Microsoft Clarity, please visit: https://privacy.microsoft.com/de-de/privacystatement
4.13 Facebook Lead Ads
We use Facebook Lead Ads and collect your email address to send you newsletters. The rules set out in Section 4.2 apply to registration, unsubscription, and dispatch details.
4.14 Design Hotels Community Rate
The Design Hotels Community Rate is offered in cooperation with various member hotels. You can subscribe to the Design Hotels Community Rate on the websites of participating member hotels. If you subscribe you will receive our newsletter and the newsletter of the respective member hotel. For this purpose your email address and information on the time and date of your subscription is shared with the respective member hotel.
With regard to the subscription process we and the respective member hotel process personal data as joint controllers. As such we and the respective member hotel are jointly responsible for the data processing. In an agreement on joint controllership pursuant to Art. 26 GDPR Design Hotels and the respective member hotel have determined how the responsibilities in the processing of personal data are structured and who fulfills which data protection obligations. In particular the agreement determines how an appropriate level of security and your rights as a data subject can be ensured how the information duties under data protection law can be fulfilled jointly and how potential data protection incidents can be monitored. This also includes ensuring that reporting and notification obligations are fulfilled.
If you want to exercise your data protection rights with regard to the processing of personal data in joint controllership you can reach out to Design Hotels or any jointly responsible member hotel. In accordance with the aforementioned agreement under Art. 26 GDPR Design Hotels and the respective member hotel will coordinate to respond to your request and ensure your rights as a data subject.
Below you will find an overview of the member hotels that have entered into an agreement on joint controllership pursuant to Art. 26 GDPR.
5. Recipients of data
As explained above we will share your personal data with the hotels if you make a booking and we will use external parties as data processors as follows:
6. Your rights
In connection with the processing of your personal data, you have the following rights. These can be basically exercised free of charge. However, where your requests for the rights set out in numbers 2 to 5 are manifestly unfounded or excessive, in particular because of their repetitive character, we may either
- charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or
- refuse to act on the request.
6.1 Withdrawal of consent
You have the right to withdraw any consent you have given us for processing your data. However, this will only effect future processing. The lawfulness of processing carried out on the basis on your original consent will not be affected.
6.2 Confirmation and access
You have the right to request confirmation as to whether your person data is being processed. If this is the case, you are entitled to have access to the personal data in the sense of Art. 15 GDPR.
6.3 Rectification and erasure
You have the right to demand rectification of incorrect personal data and the completion of incomplete data (Art. 16 GDPR) as well as, under the conditions of Art. 17 GDPR, erasure of your data.
6.4 Restriction of processing
You have the right to restrict the processing of your personal data under the conditions of Art. 18 GDPR.
6.5 Right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without our hindrance. However, this right exists only insofar as the processing is based on your consent pursuant to Art. 6 para. 1 lit. a) or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 lit. b); and the processing is carried out by automated means.
This right is precluded as far as rights and freedoms of other persons (in particular personal data of third parties, business or company secrets existing on our parts, copyrights) are concerned.
6.6 Obligation to provide data
There is no obligation for you to provide your personal information. However, if you do not provide the data required according to this privacy statement, you may not be able to use certain services or features in whole or in part.
6.7 Right to lodge a complaint
Insofar as you believe that we do not properly comply with the obligations stipulated in data protection law, you have the right to lodge a complaint with a supervisory authority.
The competent supervisory authority would be:
7. Right to object
On grounds relating to your particular situation and where processing is based on Art. 6 para. 1 lit. e) or lit. f) GDPR, you may object to the processing of your personal data at any time. We then will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
New legal or regulatory requirements or new features on our website may require an update of this Privacy Notice. In these cases, we will provide further information here. It is therefore recommended to periodically review this Policy for any changes. The latest version of this Policy can be found as conclusion.