Data privacy

 

Controller

Quality Reservations Deutschland GmbH
Ostpassage 11
30853 Langenhagen
Tel. 0511 – 726 96 23
Fax 0511 – 726 96 28
E-Mail: info(at)qr-hotels.com
www.qr-hotels.com

Managing director with the power of representation: Carolin Brauer

Contact details of the data protection officer

Tel. 0511 – 7269618
E-Mail: datenschutz(at)qr-hotels.com

Contractual services

We process the data of our contractual partners and prospective customers, as well as other clients, customers or contractual partners (hereinafter collectively referred to as “Contractual Partners”) in accordance with Art. 6 (1) b. GDPR, in order to provide our contractual or precontractual services for them. The data processed in this context and the nature, scope, purpose and necessity of the data processing shall be determined on the basis of the underlying contractual relationship.

The processed data shall include the master data of our Contractual Partners (e.g. names and addresses), as well as contract data (e.g. services used, contract content, contractual communications, names of contacts) and payment data (e.g. bank details).

We shall not process special categories of personal data, unless these form part of a commissioned or contractual processing of data.

We shall process data that is necessary for the justification and fulfilment of the contractual services and shall indicate the necessity of providing this data if this is not evident to the Contractual Partners. The data shall only be disclosed to external persons or companies if this is necessary within the framework of a contract. When processing the data that has been provided to us in the context of an order, we shall act according to the instructions of the clients and the statutory requirements.

When our online services are used, we can store the IP address and the time of the respective user activity. This data shall be stored on the basis of our legitimate interests, as well as those of the users, in protection against misuse and other unauthorised use. This data shall not be passed on to third parties, unless this is necessary in order to pursue our claims in accordance with Art. 6 (1) f. GDPR or there is a legal obligation to do so in accordance with Art. 6 (1) c. GDPR.

The data shall be deleted if it is no longer necessary for the fulfilment of contractual or statutory duties of care or for the handling of any warranty obligations or comparable obligations, whereby the necessity of the data storage shall be reviewed every three years; in other respects, the statutory provisions shall apply.

Registration function

Users can create a user account. During registration, the users will be informed of the mandatory information that is required and this will be processed on the basis of Art. 6 (1) b. GDPR for the purpose of providing the user account. The processed data particularly includes the login information (name, password and e-mail address). The data entered during registration shall be used for the purpose of using the user account and fulfilling its objective.

The users can be informed about information that is relevant to their user account, e.g. technical changes, by e-mail. If users have terminated their user account, their data relating to the user account shall be deleted, subject to a statutory storage obligation. The users are responsible for securing their data in the event of a termination before the end of the contract. We are entitled to permanently delete all of the user’s data that is stored during the term of the contract.

When our registration and login functions and the user account are used, the IP address and the time of the respective user activity shall be stored. This data shall be stored on the basis of our legitimate interests, as well as the those of the users, in protection against misuse and other unauthorised use. This data shall not be passed on to third parties, unless this is necessary for pursuing our claims or there is a legal obligation to do so in accordance with Art. 6 (1) c. GDPR. The IP address shall be anonymised or deleted after 7 days at the latest.

Hosting

The hosting services used by us shall provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we shall use to operate this website.

We, or our hosting provider, shall process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, prospective customers and visitors to this website, on the basis of our legitimate interests in an efficient and secure provision of this website in accordance with Art. 6 (1) f. GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing contract).

Collection of access data and log files

We, or our hosting provider, shall, on the basis of our legitimate interests in terms of Art 6. (1) f. GDPR, collect data about any access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, the file, the date and time of the access, the data volume transferred, a report on successful access, the browser type and version, the user’s operating system, the referrer URL (the page visited immediately prior to our website), the IP address and the requesting provider.

For security reasons (e.g. to investigate misuse and fraud), log file information shall be stored for a maximum of 7 days and then deleted. Data whose continued storage is necessary for evidentiary purposes shall be excluded from deletion until the incident has been finally resolved.

Cookies

Cookies are very small text files used by websites that are stored on your computer by your browser and can send certain information to us or a third party.

Transient cookies are automatically deleted when you close the browser. These include session cookies in particular. These store a so-called session ID, which can be used to assign different requests from your browser to the collective session. They enable your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.

Persistent cookies are automatically deleted after a specified period that can differ depending on the cookie. In contrast to transient cookies, persistent cookies are not automatically deleted when you close the browser. However, you can also delete the cookies at any time in your browser’s security settings.

Cookies that are absolutely necessary for providing a service that is expressly desired by the user (“necessary cookies”) shall be processed by us for the provision and operation of the website, within the framework of our legitimate interests on the basis of Art 6 (1) Sentence 1 f. GDPR. The necessary cookies shall be indicated to you when you visit our website (under “necessary”).

In addition, further information on your device which is not absolutely necessary shall be stored or accessed, in order to provide a service that is expressly desired by the user. This data shall only be stored or accessed if you give your consent to this. Later in this data privacy statement, you can find details regarding the type of information, the purpose of the processing, the storage period for the information and the possible recipients of the data.

You can revoke your consent to the processing of data by means of cookies at any time by re-selecting the cookies that you want to accept.

Renew or amend your cookie consent

You can set your browser not to accept these cookies at all or only to store or not to store certain cookies. You can find further information about this in your browser’s help system. If your browser rejects all cookies, it is possible that you will not be able to use all the functions of this website.

Google Tag Manager

Google Tag Manager is a solution that enables us to manage website tags via an interface (and thus to integrate Google Analytics and other Google marketing services into our website, for example). The Tag Manager itself (which implements the tags) shall not process any personal data of the users. With regard to the processing of the users’ personal data, we refer you to the following information about the Google services.
Use policy: https://www.google.com/intl/de/tagmanager/use-policy.html.

Google Analytics

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economical operation of our website in terms of Art. 6 (1) f. GDPR), we use Google Analytics, a web analysis service of Google LLC (“Google”). Google uses cookies. The information about the users’ use of this website generated by the cookie is usually transferred to a Google server in the USA, where it is stored.

Google guarantees the data protection-compliant processing of the data via a standard contractual clause and thereby provides a guarantee that it will meet the European level of data protection. (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google will use this information on our behalf, in order to analyse the use of our website by the users, to compile reports on the activities within the website and to provide other services associated with the website use and internet use to us. Pseudonymous user profiles can be created for the users from the processed data.

We shall only use Google Analytics with IP anonymisation activated. This means that the users’ IP-address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address will only be transmitted to a server of Google in the USA and shortened there in exceptional cases.

The IP address transmitted from the user’s browser will not be merged with other Google data. The users can prevent the storage of cookies by making a corresponding setting in their browser software. The users can also prevent the recording of the data generated by the cookie and related to their use of the website and its transmission to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

You can find further information on Google’s use of data, settings and opt-out options in Google’s data privacy statement (https://policies.google.com/technologies/ads) and in Google’s ad settings (https://adssettings.google.com/authenticated).

The users’ personal data shall be deleted or anonymised after 14 months.

Online presence in social media

We maintain an online presence within social networks and platforms so that we can communicate with customers, prospective customers and users who are active there and inform them about our services there. When users access the relevant networks and platforms, the terms and conditions and the data processing policies of their respective operators shall apply.

Unless otherwise stated in our data privacy statement, we shall process the users’ data if they communicate with us within the social networks and platforms, e.g. by leaving posts on our pages there or by sending us messages.

Facebook pixel, custom audiences and Facebook conversion

Within our website, on the basis of our legitimate interest in the analysis, optimisation and economical operation of our website and for these purposes, we use the “Facebook pixel” provided by the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Facebook guarantees the data protection-compliant processing of the data via a standard contractual clause and thereby provides a guarantee that it will meet the European level of data protection.

(https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active)

With the help of the Facebook pixel, Facebook is able to specify the visitors to our website as a target group for displaying advertisements (“Facebook ads”). Accordingly, we shall use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have shown an interest in our website or have certain characteristics (e.g. an interest in particular topics or products, which is determined on the basis of the websites they have visited), which we shall communicate to Facebook (“custom audiences”). With the help of the Facebook pixel, we would also like to ensure that our Facebook ads correspond to the potential interest of the users and do not appear obtrusive. With the help of the Facebook pixel, we can also trace the effectiveness of the Facebook ads for statistical and marketing purposes, as it tells us whether users have been redirected to our website after clicking on a facebook ad (“conversion”).

Data shall be processed by Facebook within the framework of Facebook’s data use policy. Accordingly, Facebook’s data use policy provides information on Facebook ads: https://www.facebook.com/policy.php. You can find specific information and details about the Facebook pixel and how it works in Facebook’s Help section: https://www.facebook.com/business/help/742478679120153?id=1205376682832142.

You can opt out of recording by the Facebook pixel and of your data being used to display Facebook ads. To control the kind of advertisements you can see within Facebook, you can call up the page set up by Facebook and there follow the instructions to adjust the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e. they shall be applied for all devices, such as desktop computers or mobile devices.

You can also opt out of the use of cookies that are used to measure reach and that serve advertising purposes via the opt-out page of the network advertising initiative (https://optout.networkadvertising.org) and also the US webpage (http://www.aboutads.info/choices) or the European webpage (https://www.youronlinechoices.com/uk/your-ad-choices/).

Twitter

Functions and services of the service Twitter, offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, can be integrated within our website. These may, for example, include contents such as images, videos or texts, and buttons, which users can use to announce that they like the contents or to subscribe to the creators of the content or our contributions. If the users are members of the platform Twitter, Twitter can assign the contents and functions that they access to the users’ profiles there. (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Data privacy statement: https://twitter.com/de/privacy, opt-out: https://twitter.com/settings/account/personalization.

Instagram

When you visit our website, you can access functions and contents of the service Instagram, offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, and use them on your own responsibility. This particularly applies to the use of the interactive functions (e.g. comment, share, rate). If users are members of the platform Instagram, Instagram can assign the contents and functions that they access to the users’ profiles. You can find Instagram’s data privacy statement at: https://www.instagram.com/about/legal/privacy/.

Facebook

When you visit our website, you can access functions and contents of the service Facebook, offered by Facebook Inc., 1 Hacker Way, Menlo Park, CA, 94025, USA, and use them on your own responsibility. This particularly applies to the use of the interactive functions (e.g. comment, share, rate). If users are members of the platform Instagram, Instagram can assign the contents and functions that they access to the users’ profiles. You can find Facebook’s data privacy statement at: https://www.facebook.com/policy.php/?ref=c

Use of Facebook social plugins

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economical operation of our website in terms of Art. 6 (1) f. GDPR), we use social plugins (“plugins”) of the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins can be interactive elements or contents (e.g. videos, graphics or text posts) and can be recognised by one of the Facebook logos (white “f” on a blue tile, the word “Like” or a “thumbs up” sign) or are indicated with the phrase “Facebook social plugin”. The list of Facebook social plugins and their appearance can be viewed here: https://developers.facebook.com/docs/plugins/.

Facebook guarantees the data protection-compliant processing of the data via a standard contractual clause and thereby provides a guarantee that it will meet the European level of data protection (https://www.facebook.com/about/privacy).

If a user accesses a function on our website that contains such a plugin, their device will establish a direct connection to the Facebook servers. The contents of the plugin shall be transmitted directly by Facebook to the user’s device, which will integrate it into the website. User profiles can be created for the users from the processed data. Therefore, we have no influence on the scope of the data collected by Facebook with the help of this plugins, and therefore provide the users with information according to our current level of knowledge.

The integration of plugins means that Facebook shall be informed that a user has called up the corresponding page on our website. If the user is logged into Facebook, Facebook can assign the visit to the user’s Facebook account. If users interact with the plugins, for example by clicking on the “Like” button or by entering a comment, the corresponding information from their device will be transmitted directly to Facebook and stored there. If a user is not a member of Facebook, it is still possible that Facebook will find out and store their IP address. According to Facebook, only an anonymised IP address will be stored in Germany.

Users can find information on the purpose and scope of data collection and the further processing and use of the data by Facebook, as well as the users’ rights in this respect and settings options for protecting their privacy, in the Facebook privacy policy: https://www.facebook.com/about/privacy/.

If a user is a member of Facebook and does not want Facebook to collect data about them via this website and to link it to their member data stored with Facebook, they must log out of Facebook and delete their cookies. Further settings or opt-outs relating to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US American page http://www.aboutads.info/choices/ or the EU page https://www.youronlinechoices.com. The settings are platform-independent, i.e. they shall be applied for all devices, such as desktop computers or mobile devices.

Xing

Functions and services of the service Xing, offered by XING AG., Dammtorstrasse 29-32, 20354 Hamburg, Germany, can be integrated within our website. These may, for example, include contents such as images, videos or texts, and buttons, which users can use to announce that they like the contents or to subscribe to the creators of the content or our contributions. If the users are members of the platform Xing, Xing can assign the contents and functions that are accessed to the users’ profiles there. Xing data privacy statement: https://privacy.xing.com/de/datenschutzerklaerung/druckversion.

LinkedIn

Functions and services of the service Linked-In, offered by Linked In Inc., 1000 W Maude Sunnyvale, CA 94085, USA, can be integrated within our website. These may, for example, include contents such as images, videos or texts, and buttons, which users can use to announce that they like the contents or to subscribe to the creators of the content or our contributions. If the users are members of the platform Linked-In, Linked-In can assign the contents and functions that are accessed to the users’ profiles there. Linked-In is certified under the Privacy Shield Agreement and thereby provides a guarantee that it will comply with European data privacy law. Linked In data privacy statement: https://www.linkedin.com/legal/privacy-policy?trk=homepagebasic_ footer-privacy-policy.

Right to lodge a complaint

You have the right to lodge a complaint about how your personal data is processed by us with a data protection authority. A list of the state data protection commissioners and their contact details can be found under the following link https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html or you can contact our company data protection officers.

Your rights as a “data subject” in terms of GDPR

  • Right of access to information about the processing of your personal data (cf. Art. 15 GDPR)
  • Right to rectification of incorrect personal data relating to you and, taking the purposes of the processing into consideration, the right to complete incomplete personal data (cf. Art. 16 GDPR)
  • Right to erasure (“right to be forgotten”) of personal data relating to you, especially if the data is no longer necessary for the purpose for which it has been processed or if you have revoked your consent (cf. Art. 17 GDPR)
  • Right to restriction of processing (blocking), especially when the accuracy of the data is disputed by you, for a period which allows us to verify the accuracy of the personal data (cf. Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR): you have the right to receive the personal data relating you, which you have provided to us, in a structured, commonly used and machine-readable format, and the right to transmit this data to another controller without hindrance from us, provided that the processing is based on consent or on a contract or the processing is carried out by automated means.
  • Right to object to the processing of personal data, especially in the event of processing for direct marketing purposes (Art. 21 GDPR)
  • Automated individual decision-making, including profiling (Art. 22 GDPR): you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision is necessary for the conclusion or performance of a contract between the you and us, is permitted on the basis of statutory regulations and these regulations contain suitable measures for the protection of your rights and freedoms and your legitimate interests, or is based on your explicit consent.

Consent

You have the right to revoke your consent at any time for the future, without stating reasons, by informing QR Quality Reservations Deutschland GmbH that you are revoking your consent to the processing of your personal data by post to Ostpassage 11, 30853 Langenhagen or by e-mail to datenschutz(at)qr-hotels.com.