Data Protection Declaration
1. Data protection at a glance
Analytical tools and tools from third-party providers
When visiting our website, your browsing behaviour may undergo statistical analysis. This takes place primarily using cookies and so-called analysers. Your browsing behaviour is generally analysed anonymously; browsing behaviour cannot be traced back to you. You can object to this analysis or prevent it by avoiding the use of certain tools. Detailed information on this can be found in the following data protection declaration. You can object to this analysis. In this data protection declaration, we will provide information regarding the means by which to object.
2. General notes and mandatory information
Note regarding the responsible body
The responsible body for data processing on this website is: Hotel Bellevue GmbH Hilden / AMBER HOTELS Schwanenstraße 27 D-40721 Hilden Telephone: +49 2103 503-0 Email: email@example.com The responsible body is the physical person or legal entity that, either alone or working together with others, decides on the purposes and means by which personal data is processed (e.g. names, email addresses etc.).
We process these data
We process personal data that we receive from you in the course of our business relationship. In addition, we process – insofar as necessary for the provision of our services – personal data that we have permissibly received from other companies of Hotel Bellevue GmbH Hilden, Zeno Grundstücksverwaltungs-GmbH, ECONTEL Economy Hotel Verwaltungs-GmbH, Amber Hotel Plaza Betriebsgesellschaft mbH, Amber Hotel Panorama Betriebsgesellschaft mbH, Econtel München Hotelbetriebsgesellschaft mbH, Obotritia Hotel Alken Betriebsgesellschaft mbH or other third parties (e.g. trade fair and training organisers, credit agencies, etc.). Furthermore, we process personal data that we have obtained from public sources (e.g. land registers, press, Internet) and are permitted to process.
Relevant personal data are among others: Customer and supplier master data (e.g. contact person, e-mail address, postal address, other contact data), billing data, contract data, advertising and sales data and other data comparable to the categories mentioned.
Purpose and legal basis of the data processing
We collect and process personal data for the following purposes:
- Necessary for the fulfilment of a contract or the implementation of pre-contractual measures. The legal basis is Article 6 paragraph 1 lit. b) DSGVO.
- Direct advertising for our own products or services. The legal basis is Article 6 para. 1 lit. f) DSGVO, whereby our legitimate interest is to provide you with information about our own products and services for the purpose of direct advertising.
- Customer data analysis for the purpose of creating tailor-made product offers. The legal basis is Article 6 Paragraph 1 lit. f) DSGVO, whereby our legitimate interest is to continuously improve our own services and products and to be able to offer you tailor-made products in line with your needs.
- Your personal data will only be processed for purposes other than those mentioned above if you have given us your consent to process them. The legal basis is Article 6 paragraph 1 lit. a) DSGVO.
Recipient of the data
Within our company, access to your data is granted to those entities that need it to fulfil our contractual and legal obligations. Our service managers and vicarious agents (contract processors as defined in Art. 4 No. 8 DSGVO) may also receive data for these purposes, provided that they maintain confidentiality and comply with our instructions under data protection law. These are essentially companies from the categories listed below: Credit agencies, debt collection, telephone, billing, printing and IT service providers, network operators, metering point operators and specialist companies. Your personal data will only be passed on to third parties if this is necessary to achieve the above-mentioned purposes.
Where data are transferred to a third country or to an international organisation
Your personal data will not be passed on to recipients outside the European Union or the European Economic Area (so-called third countries) or international organisations.
How long will my data be stored.
We process and store your personal data at least until the purpose for which it was collected has been achieved, generally for the duration of an existing contractual relationship. We will also store and process your postal address beyond the end of the existing business relationship for a maximum period of 24 months after termination of the business relationship for the purpose of direct advertising for some products. Your personal data will be deleted once the purpose has been achieved, provided that all mutual claims arising from the business relationship have been met and the temporary storage of the data is no longer required for the following purposes:
- Compliance with commercial and tax law retention periods (this can be up to ten years from the end of the existing contractual relationship)
- Preservation of evidence within the framework of the legal statute of limitations (in individual cases this can be up to 30 years, with the regular limitation period being three years)
Is there an obligation for me to provide data
Within the scope of our business relationship, you must provide us with the personal data required for the establishment and execution of a business relationship and the fulfilment of the associated contractual obligations. Without this data, we will generally have to refuse to conclude the contract or execute the order or will no longer be able to execute an existing contract and may have to terminate it.
To what extent is there automated decision making (including profiling)
As a matter of principle, we do not use a fully automated decision-making process in accordance with Article 22 of the DSGVO to establish and implement the business relationship. Should we use these procedures in individual cases, we will inform you of this separately.
Right of objection
You can object to the processing of your personal data for the purposes of direct advertising and/or market research at any time without giving reasons. After receipt of your objection, we will no longer process the personal data for the purposes of direct advertising and/or market research and will delete the data if processing is not required for other purposes (e.g. to fulfil the contract).
You can also object to other processing which we base on a legitimate interest within the meaning of Art. 6 Para. 1 f) DSGVO at any time by stating these reasons. In the event of a justified objection, we will in principle no longer process personal data for the purposes concerned and will delete the data unless we can prove compelling reasons for processing which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.
The objection should be addressed directly to the company concerned:
- Hotel Bellevue GmbH Hilden, Schwanenstraße 27, 40721 Hilden, Telefon: +49 2103 503-0, E-Mail: info(at)amber-hotels.de
- Zeno Grundstücksverwaltungs-GmbH, Am Münster, 83435 Bad Reichenhall, Telefon: +49 8651 776-0, E-Mail: firstname.lastname@example.org
- ECONTEL Economy Hotel Verwaltungs-GmbH, Sömmeringstraße 24-26, 10589 Berlin, Telefon: +49 30 34681-0, E-Mail: email@example.com
- Amber Hotel Plaza Betriebsgesellschaft mbH, Wildparkstraße 6, 09247 Chemnitz-Röhrsdorf, Telefon: +49 3722 513-0, E-Mail: firstname.lastname@example.org
- Amber Hotel Panorama Betriebsgesellschaft mbH, Römerstraße 102, 71229 Leonberg, Telefon: +49 7152 303-3, E-Mail: email@example.com
- Econtel München Hotelbetriebsgesellschaft mbH, Bodenseestraße 227, 81243 München, Telefon: +49 89 87189-0, E-Mail: firstname.lastname@example.org
- Obotritia Hotel Alken Betriebsgesellschaft mbH, Moselstraße 10-11, 56332 Alken, Telefon: +49 2605 4443, E-Mail: email@example.com
The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and according to statutory data protection regulations, as well as in accordance with this data protection declaration. When you use this website, various pieces of personal data are collected. Personal data is data by which you can be personally identified. This data protection declaration explains which data we collect and what we use it for. It also explains how and to what purpose we collect data. We hereby point out that data transfer via the Internet (e.g. during communication by email) may involve gaps in security. Absolute protection of data against access by third parties is not possible.
Revocation of your consent to data processing
Many data processing processes are only possible with your express consent. You can withdraw already granted consent at any time. In order to withdraw consent, all that is required is that you send us an email. The lawfulness of the data processing that has taken place prior to revocation will remain unaffected by the revocation.
Right of appeal to the competent supervisory authority
In the case of data protection violations, the affected party has a right to appeal to the competent supervisory authority. The competent supervisory authority in matters pursuant to data protection law is the State Data Protection Officer of the Federal State in which our company has its head office. A list of the data protection officers and their contact details can be found via the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Right to data portability
You have the right to have data that we automatically process on the basis of your consent or within the scope of the fulfilment of a contract issued to you or to a third party in a standard, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only take place insofar as is technically feasible.
SSL or TLS encryption
For security reasons and to protect confidential content, such as orders or queries that you send to us within our capacity as site operators, this site uses SSL or TLS encryption. You can recognise an encrypted connection in that the address bar of the browser changes from “http://” to “https://”, and by the lock symbol in your browser line. If SSL or TLS encryption is activated, then the data that you send to us cannot be read by third parties.
Encrypted payment transactions on this website
Following the conclusion of a fee-based contract, if there is an obligation to send us your payment details (e.g. account number with direct debit authorisation), this data will be required for the processing of payment. Payment transactions using standard means of payment (Visa/MasterCard, direct debit) take place exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection in that the address bar of the browser changes from “http://” to “https://”, and by the lock symbol in your browser line. During encrypted communication, the payment details that you send to us cannot be read by third parties.
Access to, blocking and deletion of information
Within the scope of the applicable statutory provisions, you have the right to access your stored personal data at all times and at no cost, and to know its origin, recipients and the purpose of data processing, and if applicable you also have a right to demand the correction, blocking or deletion of this data. Questions regarding this and other matters relating to the topic of personal information can be submitted to us at any time using the address stated in the Legal Notice.
Note regarding external links
This website contains links to external websites of third parties, on whose content we have no influence. For this reason, no guarantee can be assumed for these external contents. The contents of external websites to which links are provided here do not reflect the opinion of the website operator, but are merely intended to provide information and present context. The respective provider or operator of the pages is always responsible for the contents of the linked pages. The linked pages were checked for possible legal violations at the time of linking. At the time of linking, illegal contents were not discernible. A permanent control of the contents of the linked pages is not reasonable without concrete evidence of an infringement. As soon as we become aware of any legal infringements, we will remove such links immediately.
3. Data Protection Officer
Legally prescribed Data Protection Officer
We have appointed a data protection officer for our company.
4. Data recording on our website
In some instances, our web pages use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies help us to make our website more user-friendly, efficient and secure. Cookies are small text files that are placed on your computer and that your browser stores. The majority of the cookies we use are so-called “session cookies”. They are deleted automatically when your visit is over. Other cookies remain saved on your end device until you delete them. These cookies allow us to recognise your browser the next time you visit us. You can configure your browser in such a way that you are informed of the placing of cookies and only allow cookies in individual cases, exclude the acceptance of cookies in certain cases or generally, and activate the automatic deletion of cookies when you close your browser. If cookies are disabled, the functionality of this website may be impaired. Cookies that are required in order to execute the electronic communication process or for the provision of certain desired features (e.g. shopping cart feature) are stored on the basis of Art. 6(1) (f) GDPR (General Data Protection Regulation). The website operator has a legitimate interest in the storing of cookies, with a view to ensuring the technically flawless and optimised provision of his services. Insofar as other cookies (e.g. cookies for the analysis of your browsing behaviour) are saved, these are addressed separately in this data protection declaration.
Server log files
The website provider automatically collects and stores information in so-called server log files, which your browser sends to us automatically. This includes:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
This data is not combined with data from other sources. The legal basis for the processing of this data is Art. 6(1) (f) GDPR. Our legitimate interest results from the following reasons for data collection: system security and stability.
When you submit queries to us using the contact form, your details from the query form, including the contact details you provide there, will be stored by us for the purpose of the processing of the query and for the event of follow-up queries. We will not pass this data on without your consent. The data provided in the contact form will only be processed subject to your consent (Art. 6(1) (a) GDPR). You can withdraw this consent at any time. In order to withdraw consent, all that is required is that you send us an email. The lawfulness of the data processing that has taken place prior to the revocation shall remain unaffected by the revocation. The data you enter in the contact form will remain stored by us until you request that it be deleted, withdraw your consent to its being stored or until the purpose for which the data is being stored is no longer applicable (e.g. once your query has finished being processed). Mandatory statutory provisions – in particular storage terms – shall remain unaffected.
Processing of data (customer and contractual data)
We collect, process and use personal data only insofar as this is required for the establishment, definition with respect to content or amendment of the legal relationship (inventory data).
This takes place on the basis of Art. 6(1) (b) GDPR, which authorises the processing of data for the fulfilment of a contract or pre-contractual measures.
We only collect, process and use personal data provided through the use of our website (usage data) insofar as this is necessary to allow the user to avail of the service, or to bill him for it.
In order to process our online bookings, we use a service provided by Hotelnetsolutions GmbH (HNS), Genthiner Str. 8 in 10785 Berlin.
If you book or reserve a room online, then your personal data will be transmitted to “HNS”. 14 days after your departure, we will delete this personal data from the servers of Hotelnetsolutions GmbH.
The processing of the booking takes place on the basis of Art. 6(1) (b) GDPR, which authorises the processing of data for the fulfilment of a contract or pre-contractual measures. You also have the option to register during the booking process. The data entered there will also be stored by HNS and allows you to use the data you have entered for future bookings. For important changes, for example to the scope of the services offered or in the event that technical changes are required, we use the email address you have entered during registration to keep you informed.
The data entered during registration is processed subject to your consent (Art. 6(1) (a) GDPR). You can withdraw your granted consent at any time.
In order to withdraw consent, all that is required is that you send us an email. The lawfulness of the data processing that has already taken place shall remain unaffected by the revocation. The data recorded during registration will be stored by us for as long as you are registered with our website and thereafter will be deleted. Legal storage periods remain unaffected.
We have concluded a contract with HNS for order data processing.
Collected customer data will be deleted following the completion of the order or the termination of the business relationship. Legal storage periods remain unaffected.
5. Analytical tools and advertising
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. Google Analytics uses so-called cookies. These are text files that are stored on your computer and enable the analysis of your use of the website. The information that the cookie generates regarding your use of this website (including your IP-address) is generally transferred to and stored on a server operated by Google in the USA. The storage of Google Analytics cookies takes place on the basis of Art. 6(1) (f) GDPR. The website operator has a legitimate interest in the analysis of user behaviour, with a view to optimising both his website and his advertising.
We have activated the IP anonymisation function on this website. This means that your IP address will be truncated by Google within an EU member state or other EEA state before being transmitted to the US. Only in exceptional cases is the full IP address sent to a Google server in the USA and truncated there. On behalf of the website provider, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and Internet usage to the website provider. Google will not associate your IP address transmitted within the scope of Google Analytics with any other data held by Google. The data of users will be deleted after 14 months.
Objection to Data Collection
You can object to the use of Google Analytics by clicking on the following link. An opt-out cookie will be placed on the computer, which prevents the future collection of your data when visiting this website: Disabling Google Analytics.
Processing of order data
We have concluded a contract with Google concerning the processing of order data and fully comply with the strict provisions issued by the German Data Protection Authorities when using Google Analytics.
Demographic characteristics with Google Analytics
This website uses the “Demographic Characteristics” feature of Google Analytics. This enables the generation of reports containing statements regarding the age, gender and interests of the visitors to the website. This data is derived from interest-based advertising by Google as well as from visitor data from third-party providers. This data cannot be attributed to any identifiable person. You can disable this feature at any time via the ad settings in your Google Account, or you can prohibit the collection of your data by Google Analytics in general, as outlined in the “Opposition to Data Collection” section.
Google Tag Manager
We use “Google Tag Manager” on our website, a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (hereafter referred to as “Google”). Google Tag Manager allows us as marketers to manage web page tags from one interface. The Google Tag Manager tool that implements the tags is a cookie-free domain and does not collect personally identifiable information. Google Tag Manager triggers other tags that may collect data under certain circumstances. Google Tag Manager does not access this data. If disabled at the domain or cookie level, it will remain effective for all tracking tags implemented with Google Tag Manager.
Google has now submitted to and is certified according to the Privacy Shield Agreement between the European Union and the United States. As a result, Google agrees to comply with the standards and regulations of European data protection law. You can find additional information in the following linked entry: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Third-party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
More information about data protection can be found on Google’s following websites:
- Privacy notice: http://www.google.de/intl/de/policies/privacy
- FAQ Google Tag Manager: https://www.google.com/intl/de/tagmanager/faq.html
Our website uses the analysis service etracker. The provider is etracker GmbH, Erste Brunnenstraﬂe 1, 20459 Hamburg, Germany. User profiles can be created from the data under pseudonyms. Cookies may be used to this end. Cookies are small text files that are stored in the visitor’s local browser cache. They make it possible for your browser to be recognised again. The data compiled with the etracker technologies will not be used to personally identify visitors to this website and will not be associated with personal data regarding the bearer of the pseudonym without the express permission of the respective individual.
etracker cookies remain on your end device until you delete them.
The storage of etracker cookies takes place on the basis of Art. 6(1) (f) GDPR. The website operator has a legitimate interest in the analysis of user behaviour, in order to optimise both his website and his advertising.
You can object to the collection and storage of date at any time with future effect.
To object to the collection and storage of your user data with future effect you can acquire an opt-out cookie from etracker via the following link. This will ensure that in future no visitor data from your browser will be collected and stored by etracker: https://www.etracker.de/privacy?et=V23Jbb.
If browser notifications for this website are activated via the “signalize” service by you, a function of your Internet browser is used to provide the notifications. Only anonymous or pseudonymous data is transmitted for the purpose of sending messages. These can include the following, depending on the configuration of the website:
- Pseudonymous User ID: a randomly generated value (example: 108bf9a85547edb1108bf9a85547edb1) stored in a tracking cookie ID
- Pseudonymous digital fingerprints, pseudonymous mobile device codes and where required pseudonymous Cross-Device Identifiers
This information will only be used to deliver the notifications you have subscribed to and to configure notification-related settings. We ask for your consent to store this data. The legal basis for data processing in this case is Art. 6 Para. 1 lit. a GDPR. You can object to the receipt of notifications at any time via the settings of your browser. Information about unsubscribing to Web Push notifications for the respective browsers can be found here. You can unsubscribe on your mobile device directly in your device settings for the app or wallet card.
In order to be able to design the browser notifications in a way that makes sense for you in terms of content, we use the preferences collected on the basis of a pseudonymous user profile by means of tracking pixels and combine your notification ID with the user profile of the website for the sole purpose of sending personalised messages. Tracking technology is also used for the statistical evaluation of notifications on our behalf. In this way it can be determined whether a notification has been delivered and whether it has been clicked. The data generated as a result is processed and saved on our behalf by etracker GmbH exclusively in Germany and is thus subject to strict German and European data privacy laws and standards. etracker has been independently audited and certified in this respect and is entitled to bear the data privacy seal ePrivacyseal to bear.
Data processing for the statistical analysis of the notifications and also to allow us to better adapt future notifications to the interests of the recipients is based on our legitimate interest in personalised direct advertising pursuant to Art. 6 Para. 1 lit. f GDPR. Since the privacy of our visitors is very important to us, the data that may allow a reference to an individual person, such as the IP address, login or device IDs, is anonymised or pseudonymised as soon as possible. The possibility to link the information to a specific person is thus excluded. The data is not used for other purposes or passed on to third parties.
You can object to the data processing described above at any time.
Conclusion of a contract regarding the processing of order data
We have concluded a contract with etracker concerning the processing of order data and fully comply with the strict provisions issued by the German Data Protection Authorities when using etracker.
If you would like to receive the newsletter offered on this website, we require that you provide an email address as well as information enabling us to check that you are the holder of the email address indicated and your consent to the receipt of the newsletter. No other data will be collected, or such data will only be collected on a voluntary basis. We will only use this data to send you the required information and will not forward it to third parties. The processing of the data entered in the newsletter registration form will only take place on the basis of your consent (Art. 6(1) (a) GDPR). Your issued consent to the storage of your data, your email address and its use for the sending of the newsletter can be withdrawn at any time, for instance using the “Unsubscribe” link in the newsletter. The lawfulness of the data processing that has taken place prior to the revocation shall remain unaffected by the revocation.
The data you store with us for the purpose of the newsletter subscription will be stored by us until you unsubscribe from the newsletter, at which point it will be deleted. Data that we hold stored for other purpose (e.g. email addresses for the membership area) shall remain unaffected.
Please understand that for legal reasons our newsletter may only be subscribed to by persons over the age of 16 years.
7. Plugins and tools
Google Web Fonts
This website uses the technical platform provided by empaction GmbH for the sending of newsletters. The provider is empaction GmbH, Marktstrasse 33-35, 60388 Frankfurt am Main, Germany. empaction is a technology provider with which the sending of newsletters can be organised and analysed, alongside other services. The data you enter for the purpose of newsletter subscription will be stored on the empaction servers in Germany. If you do not wish for analysis to be performed by empaction, you must unsubscribe from the newsletter. To this end, we provide a corresponding link in every newsletter message.
Data analysis by empaction
For the purposes of analysis, emails sent with empaction contain a so-called “tracking pixel”, which connects to the empaction servers when the email is opened and enables personalised tracking. It can thus be determined whether or not a newsletter message has been opened. Furthermore, using empaction we can determine whether and which links in the newsletter message have been clicked on. All links in the email are so-called tracking links, with which your clicks can be counted. More detailed information can be found at https://empaction.com/de/start.html and https://empaction.com/de/wissen.html.
Data is processed subject to your consent (Art. 6(1) (a) GDPR). You can withdraw this consent at any time. The lawfulness of the data processing that has taken place prior to the revocation shall remain unaffected by the revocation.
The data you store with us for the purpose of newsletter subscription will be stored by us until you unsubscribe from the newsletter, at which point it will be deleted from both our servers and empaction’s servers.
Conclusion of a contract regarding commissioned data processing
We have concluded a contract with empaction in which we oblige empaction to protect our customers’ data and to refrain from passing it on to third parties.
9. Social networks
Data processing by social networks
We maintain publicly available profiles on social networks. You will find a list of the social networks we use below.
Social networks such as Facebook, Google+ etc. can generally analyse user behaviour comprehensively when their website or a website with integrated social media content (such as buttons or advertising banners) is accessed. When you visit our social media pages, numerous data protection-relevant processing operations are triggered.
If you are logged on to your social media account and visit our social media pages, the operator of the social media platform can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media platform. In this case, the data is collected, for example, via cookies that are stored on your terminal device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media platforms can create user profiles in which your preferences and interests are stored. In this way, interest-related advertising can be displayed inside and outside the respective social media pages. If you have an account with the relevant social network, interest-based advertising can be displayed on all devices on which you are logged in or were logged in.
Our social media sites are designed to ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be stated by the operators of the social networks (for example consent pursuant to Art. 6 (1) (a) GDPR).
Controller and assertion of rights
If you visit one of our social media pages (such as Facebook), we, together with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can exercise your rights (to information, correction, deletion, restriction of processing, data portability and to lodge a complaint) both with us as well as with the operator of the respective social media platform (for example with Facebook).
Please note that despite our joint responsibility with the social media platform operators, we do not have full control over the data processing operations of the social media platforms. Our possibilities depend to a large extent on the corporate policy of the respective provider.
The data collected directly from us via the social media pages will be deleted from our systems as soon as the purpose for their storage lapses, you ask us to delete it, you revoke your consent to the storage or the purpose for the data storage lapses. Stored cookies remain on your device until you delete them. Mandatory statutory provisions – in particular legal retention periods – remain unaffected.
Social networks in detail
We have a profile on Facebook. Provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook is certified under the EU-US Privacy Shield.
We have concluded an agreement with Facebook on a joint responsibility for the processing of data (Controller Addendum). This Agreement sets out the data processing operations that we or Facebook are responsible for when you visit our Facebook fan page.
You can view this agreement at the following link:
You can adjust your advertisement settings independently in your user account. Click on the following link and log in: