Data privacy

 

Controller

Quality Reservations Deutschland GmbH
Ostpassage 11
30853 Langenhagen
Tel. 0511 – 726 96 23
E-Mail: info(at)qr-hotels.com
www.qr-hotels.com

Managing director with the power of representation: Carolin Brauer

Contact details of the data protection officer

Tel. 0511 – 7269618
E-Mail: datenschutz(at)qr-hotels.com

Contractual services

We process the data of our contractual partners and prospective customers, as well as other clients, customers or contractual partners (hereinafter collectively referred to as “Contractual Partners”) in accordance with Art. 6 (1) b. GDPR, in order to provide our contractual or precontractual services for them. The data processed in this context and the nature, scope, purpose and necessity of the data processing shall be determined on the basis of the underlying contractual relationship.

The processed data shall include the master data of our Contractual Partners (e.g. names and addresses), as well as contract data (e.g. services used, contract content, contractual communications, names of contacts) and payment data (e.g. bank details).

We shall not process special categories of personal data, unless these form part of a commissioned or contractual processing of data.

We shall process data that is necessary for the justification and fulfilment of the contractual services and shall indicate the necessity of providing this data if this is not evident to the Contractual Partners. The data shall only be disclosed to external persons or companies if this is necessary within the framework of a contract. When processing the data that has been provided to us in the context of an order, we shall act according to the instructions of the clients and the statutory requirements.

When our online services are used, we can store the IP address and the time of the respective user activity. This data shall be stored on the basis of our legitimate interests, as well as those of the users, in protection against misuse and other unauthorised use. This data shall not be passed on to third parties, unless this is necessary in order to pursue our claims in accordance with Art. 6 (1) f. GDPR or there is a legal obligation to do so in accordance with Art. 6 (1) c. GDPR.

The data shall be deleted if it is no longer necessary for the fulfilment of contractual or statutory duties of care or for the handling of any warranty obligations or comparable obligations, whereby the necessity of the data storage shall be reviewed every three years; in other respects, the statutory provisions shall apply.

Registration function

Users can create a user account. During registration, the users will be informed of the mandatory information that is required and this will be processed on the basis of Art. 6 (1) b. GDPR for the purpose of providing the user account. The processed data particularly includes the login information (name, password and e-mail address). The data entered during registration shall be used for the purpose of using the user account and fulfilling its objective.

The users can be informed about information that is relevant to their user account, e.g. technical changes, by e-mail. If users have terminated their user account, their data relating to the user account shall be deleted, subject to a statutory storage obligation. The users are responsible for securing their data in the event of a termination before the end of the contract. We are entitled to permanently delete all of the user’s data that is stored during the term of the contract.

When our registration and login functions and the user account are used, the IP address and the time of the respective user activity shall be stored. This data shall be stored on the basis of our legitimate interests, as well as the those of the users, in protection against misuse and other unauthorised use. This data shall not be passed on to third parties, unless this is necessary for pursuing our claims or there is a legal obligation to do so in accordance with Art. 6 (1) c. GDPR. The IP address shall be anonymised or deleted after 7 days at the latest.

Hosting

The hosting services used by us shall provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we shall use to operate this website.

We, or our hosting provider, shall process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, prospective customers and visitors to this website, on the basis of our legitimate interests in an efficient and secure provision of this website in accordance with Art. 6 (1) f. GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing contract).

Collection of access data and log files

We, or our hosting provider, shall, on the basis of our legitimate interests in terms of Art 6. (1) f. GDPR, collect data about any access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, the file, the date and time of the access, the data volume transferred, a report on successful access, the browser type and version, the user’s operating system, the referrer URL (the page visited immediately prior to our website), the IP address and the requesting provider.

For security reasons (e.g. to investigate misuse and fraud), log file information shall be stored for a maximum of 7 days and then deleted. Data whose continued storage is necessary for evidentiary purposes shall be excluded from deletion until the incident has been finally resolved.

Cookies

Cookies are very small text files used by websites that are stored on your computer by your browser and can send certain information to us or a third party.

Transient cookies are automatically deleted when you close the browser. These include session cookies in particular. These store a so-called session ID, which can be used to assign different requests from your browser to the collective session. They enable your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.

Persistent cookies are automatically deleted after a specified period that can differ depending on the cookie. In contrast to transient cookies, persistent cookies are not automatically deleted when you close the browser. However, you can also delete the cookies at any time in your browser’s security settings.

Cookies that are absolutely necessary for providing a service that is expressly desired by the user (“necessary cookies”) shall be processed by us for the provision and operation of the website, within the framework of our legitimate interests on the basis of Art 6 (1) Sentence 1 f. GDPR. The necessary cookies shall be indicated to you when you visit our website (under “necessary”).

In addition, further information on your device which is not absolutely necessary shall be stored or accessed, in order to provide a service that is expressly desired by the user. This data shall only be stored or accessed if you give your consent to this. Later in this data privacy statement, you can find details regarding the type of information, the purpose of the processing, the storage period for the information and the possible recipients of the data.
You can revoke your consent to the processing of data by means of cookies at any time by re-selecting the cookies that you want to accept.

Renew or amend your cookie consent

You can set your browser not to accept these cookies at all or only to store or not to store certain cookies. You can find further information about this in your browser’s help system. If your browser rejects all cookies, it is possible that you will not be able to use all the functions of this website.

Visitor Analytics

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economical operation of our website in terms of Art. 6 (1) f. GDPR), we use Visitor Analytics, a web analysis service of Visitor Analytics GmbH (“Twipla”). Twipla uses cookies. The information about the users’ use of this website generated by the cookie is usually transferred to a Hetzner server in Germany, where it is stored.

Twipla guarantees the data protection-compliant processing of the data via a standard contractual clause and thereby provides a guarantee that it will meet the European level of data protection. (HTTPS://WWW.TWIPLA.COM/DE/SUPPORT/RECHTLICHES-DATENSCHUTZ-ZERTIFIKATE/STANDARDINTEGRATION/DATENVERARBEITUNGSVERTRAG-COOKIE-INFORMATIONEN)

Twipla will use this information on our behalf, in order to analyse the use of our website by the users, to compile reports on the activities within the website and to provide other services associated with the website use and internet use to us. Pseudonymous user profiles can be created for the users from the processed data.

We shall only use Visitor Analytics with IP anonymisation activated. This means that the users’ IP-address will be shortened by Twipla within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address will only be transmitted to a server of Hetzner in Germany and shortened there in exceptional cases.

The IP address transmitted from the user’s browser will not be merged with other Twipla data. The users can prevent the storage of cookies by making a corresponding setting in their browser software. The users can also prevent the recording of the data generated by the cookie and related to their use of the website and its transmission to Twipla, as well as the processing of this data by Twipla, by downloading and installing the browser plugin available under the following link: (HTTPS://WWW.TWIPLA.COM/DE/SUPPORT/RECHTLICHES-DATENSCHUTZ-ZERTIFIKATE/STANDARDINTEGRATION/OPT-OUT-/-NICHT-VERFOLGEN)

You can find further information on Twipla’s use of data, settings and opt-out options in Twipla’s data privacy statement (HTTPS://WWW.TWIPLA.COM/DE/SUPPORT/RECHTLICHES-DATENSCHUTZ-ZERTIFIKATE/100-DSGVO-KONFORMITAET/DSGVO-KONFORMITAET-UEBERSICHT).

The users’ personal data shall be deleted or anonymised after 14 months.

Online presence in social media

We maintain an online presence within social networks and platforms so that we can communicate with customers, prospective customers and users who are active there and inform them about our services there. When users access the relevant networks and platforms, the terms and conditions and the data processing policies of their respective operators shall apply.

Unless otherwise stated in our data privacy statement, we shall process the users’ data if they communicate with us within the social networks and platforms, e.g. by leaving posts on our pages there or by sending us messages.

Meta pixel, custom audiences and Meta conversion

Within our website, on the basis of our legitimate interest in the analysis, optimisation and economical operation of our website and for these purposes, we use the “Meta pixel” provided by the social network Facebook (Meta), which is operated by Meta Platforms, Inc., Willow Road 1601, Menlo Park, CA 94025, USA, or, if you are based in the EU Meta Platforms Technologies Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland.

Meta guarantees the data protection-compliant processing of the data via a standard contractual clause and thereby provides a guarantee that it will meet the European level of data protection.

HTTPS://DE-DE.FACEBOOK.COM/PRIVACY/POLICY/

With the help of the Meta pixel, Meta is able to specify the visitors to our website as a target group for displaying advertisements (“Meta ads”). Accordingly, we shall use the Meta pixel to display the Meta ads placed by us only to those Facebook (Meta) users who have shown an interest in our website or have certain characteristics (e.g. an interest in particular topics or products, which is determined on the basis of the websites they have visited), which we shall communicate to Meta (“custom audiences”). With the help of the Meta pixel, we would also like to ensure that our Meta ads correspond to the potential interest of the users and do not appear obtrusive. With the help of the Meta pixel, we can also trace the effectiveness of the Meta ads for statistical and marketing purposes, as it tells us whether users have been redirected to our website after clicking on a Meta ad (“conversion”).

Data shall be processed by Meta within the framework of Meta’s data use policy. Accordingly, Meta’s data use policy provides information on Meta ads: (HTTPS://DE-DE.FACEBOOK.COM/PRIVACY/POLICY/.). You can find specific information and details about the Meta pixel and how it works in Meta’s Help section: (HTTPS://DE-DE.FACEBOOK.COM/BUSINESS/HELP/742478679120153?ID=1205376682832142).

You can opt out of recording by the Meta pixel and of your data being used to display Meta ads. To control the kind of advertisements you can see within Meta, you can call up the page set up by Meta and there follow the instructions to adjust the settings for usage-based advertising: HTTPS://WWW.FACEBOOK.COM/HELP?REF=WWW.META.COM%2FHELP The settings are platform-independent, i.e. they shall be applied for all devices, such as desktop computers or mobile devices.

You can also opt out of the use of cookies that are used to measure reach and that serve advertising purposes via the opt-out page of the network advertising initiative (HTTP://OPTOUT.NETWORKADVERTISING.ORG/) and also the US webpage (HTTP://WWW.ABOUTADS.INFO/CHOICES) or the European webpage (HTTP://WWW.YOURONLINECHOICES.COM/UK/YOUR-AD-CHOICES/).

Twitter

Functions and services of the service Twitter, offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, can be integrated within our website. These may, for example, include contents such as images, videos or texts, and buttons, which users can use to announce that they like the contents or to subscribe to the creators of the content or our contributions. If the users are members of the platform Twitter, Twitter can assign the contents and functions that they access to the users’ profiles there. (HTTPS://WWW.PRIVACYSHIELD.GOV/PARTICIPANT?ID=A2ZT0000000TORZAAO&STATUS=ACTIVE). Data privacy statement: HTTPS://TWITTER.COM/DE/PRIVACY, Opt-Out: HTTPS://TWITTER.COM/PERSONALIZATION.

Instagram (Meta)

When you visit our website, you can access functions and contents of the service Instagram (Meta), offered by Meta Platforms, Inc., Willow Road 1601, Menlo Park, CA 94025, USA and use them on your own responsibility. This particularly applies to the use of the interactive functions (e.g. comment, share, rate).  If users are members of the platform Instagram, Instagram (Meta) can assign the contents and functions that they access to the users’ profiles. You can find Instagram’s data   privacy statement at: HTTPS://PRIVACYCENTER.INSTAGRAM.COM/POLICY/?ENTRY_POINT=IG_HELP_CENTER_DATA_POLICY_REDIRECT

 

Facebook (Meta)

When you visit our website, you can access functions and contents of the service Facebook (Meta), offered by Meta Platforms, Inc., Willow Road 1601, Menlo Park, CA 94025, USA and use them on your own responsibility. This particularly applies to the use of the interactive functions (e.g. comment, share, rate).  If users are members of the platform Facebook. Facebook (Meta) can assign the contents and functions that they access to the users’ profiles. You can find Meta’s data privacy statement at: HTTPS://WWW.FACEBOOK.COM/HELP?rREF=WWW.META.COM%2FHELP

Use of Facebook social plugins

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economical operation of our website in terms of Art. 6 (1) f. GDPR), we use social plugins (“plugins”) of the social network facebook.com, which is operated by Meta Platforms Technologies Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland (“Meta”). The plugins can be interactive elements or contents (e.g. videos, graphics or text posts) and can be recognised by one of the Facebook logos (white “f” on a blue tile, the word “Like” or a “thumbs up” sign) or are indicated with the phrase “Meta social plugin”. The list of Meta social plugins and their appearance can be viewed here: HTTPS://DEVELOPERS.FACEBOOK.COM/DOCS/PLUGINS/?LOCALE=DE_DE

Meta guarantees the data protection-compliant processing of the data via a standard contractual clause and thereby provides a guarantee that it will meet the European level of data protection (HTTPS://DE-DE.FACEBOOK.COM/PRIVACY/POLICY/).
If a user accesses a function on our website that contains such a plugin, their device will establish a direct connection to the Meta servers. The contents of the plugin shall be transmitted directly by Meta to the user’s device, which will integrate it into the website. User profiles can be created for the users from the processed data. Therefore, we have no influence on the scope of the data collected by Meta with the help of this plugins, and therefore provide the users with information according to our current level of knowledge.

The integration of plugins means that Facebook (Meta) shall be informed that a user has called up the corresponding page on our website. If the user is logged into Facebook, they (Meta) can assign the visit to the user’s Facebook account. If users interact with the plugins, for example by clicking on the “Like” button or by entering a comment, the corresponding information from their device will be transmitted directly to Meta and stored there. If a user is not a member of Facebook, it is still possible that Meta will find out and store their IP address. According to Meta, only an anonymised IP address will be stored in Germany.

Users can find information on the purpose and scope of data collection and the further processing and use of the data by Meta, as well as the users’ rights in this respect and settings options for protecting their privacy, in the Facebook privacy policy: HTTPS://DE-DE.FACEBOOK.COM/PRIVACY/POLICY/.

If a user is a member of Facebook (Meta) and does not want Meta to collect data about them via this website and to link it to their member data stored with Meta, they must log out of Facebook (Meta) and delete their cookies. Further settings or opt-outs relating to the use of data for advertising purposes are possible within the Facebook profile settings: HTTPS://WWW.FACEBOOK.COM/SETTINGS?TAB=ADS  or via the US American page HTTP://WWW.ABOUTADS.INFO/CHOICES/  or the EU page HTTP://WWW.YOURONLINECHOICES.COM/. The settings are platform-independent, i.e. they shall be applied for all devices, such as desktop computers or mobile devices.

 

Xing

Functions and services of the service Xing, offered by XING AG., Dammtorstrasse 29-32, 20354 Hamburg, Germany, can be integrated within our website. These may, for example, include contents such as images, videos or texts, and buttons, which users can use to announce that they like the contents or to subscribe to the creators of the content or our contributions. If the users are members of the platform Xing, Xing can assign the contents and functions that are accessed to the users’ profiles there. Xing data privacy statement:(HTTPS://PRIVACY.XING.COM/DE/DATENSCHUTZERKLAERUNG/DRUCKVERSION).

LinkedIn

Functions and services of the service Linked-In, offered by Linked In Inc., 1000 W Maude Sunnyvale, CA 94085, USA, can be integrated within our website. These may, for example, include contents such as images, videos or texts, and buttons, which users can use to announce that they like the contents or to subscribe to the creators of the content or our contributions. If the users are members of the platform Linked-In, Linked-In can assign the contents and functions that are accessed to the users’ profiles there. Linked-In is certified under the Privacy Shield Agreement and thereby provides a guarantee that it will comply with European data privacy law. Linked In data privacy statement: (HTTPS://WWW.LINKEDIN.COM/LEGAL/PRIVACY-POLICY?TRK=HOMEPAGE-BASIC_FOOTER-PRIVACY-POLICY).

 

Right to lodge a complaint

You have the right to lodge a complaint about how your personal data is processed by us with a data protection authority. A list of the state data protection commissioners and their contact details can be found under the following link https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html or you can contact our company data protection officers.

Your rights as a “data subject” in terms of GDPR

  • Right of access to information about the processing of your personal data (cf. Art. 15 GDPR)
  • Right to rectification of incorrect personal data relating to you and, taking the purposes of the processing into consideration, the right to complete incomplete personal data (cf. Art. 16 GDPR)
  • Right to erasure (“right to be forgotten”) of personal data relating to you, especially if the data is no longer necessary for the purpose for which it has been processed or if you have revoked your consent (cf. Art. 17 GDPR)
  • Right to restriction of processing (blocking), especially when the accuracy of the data is disputed by you, for a period which allows us to verify the accuracy of the personal data (cf. Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR): you have the right to receive the personal data relating you, which you have provided to us, in a structured, commonly used and machine-readable format, and the right to transmit this data to another controller without hindrance from us, provided that the processing is based on consent or on a contract or the processing is carried out by automated means.
  • Right to object to the processing of personal data, especially in the event of processing for direct marketing purposes (Art. 21 GDPR)
  • Automated individual decision-making, including profiling (Art. 22 GDPR): you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision is necessary for the conclusion or performance of a contract between the you and us, is permitted on the basis of statutory regulations and these regulations contain suitable measures for the protection of your rights and freedoms and your legitimate interests, or is based on your explicit consent.

Consent

You have the right to revoke your consent at any time for the future, without stating reasons, by informing QR Quality Reservations Deutschland GmbH that you are revoking your consent to the processing of your personal data by post to Ostpassage 11, 30853 Langenhagen or by e-mail to datenschutz(at)qr-hotels.com.