1.1 Objective and responsibility 1.2 Legal basis 1.3 Rights of data subjects 1.4 Data erasure and storage duration 1.5 Security of processing 1.6 Data transfer to third parties, subcontractors and third-party providers
2 Specific data processing
2.1 Collection of information on the use of the online offer 2.2 Amazon CloudFront CDN 2.3 Contact by e-mail 2.4 Links to other websites
3 Processing for the purpose of carrying out our business processes
3.1 Reservation 3.2 Vouchers
4.1 General information 4.2 Cookie overview, objection options
1 GENERAL INFORMATION
1.1 Objective and responsibility
1.1.2 Details on data processing for the purpose of carrying out our business processes are described in section 3.
1.1.3 Hotelite Berlin Betriebsgesellschaft mbH (Potsdamer Straße 180, 10783 Berlin) – hereinafter referred to as “provider”, “we” or “us” – is the provider of the online offer and responsible under data protection law.
1.1.4 Our online offer is provided by ALL-INKL.COM (Hauptstraße 68, D-02742 Friedersdorf). The server location is Germany.
1.1.5 Our data protection officer is: Sven Meyzis – IT.DS Beratung (phone: 0049 40-21091514 / e-mail: firstname.lastname@example.org).
1.1.6 The term “user” includes all customers and visitors to the online offer.
1.2 Legal basis
We collect and process personal data based on the following legal bases:
a. Consent pursuant to Article 6 (1) lit. – General Data Protection Regulation (GDPR). Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
– Necessity for the fulfilment of the contract or the implementation of preparatory measures pursuant to Article 6 (1) lit. b. GDPR, i.e. the data is required so that we can fulfil our contractual obligations towards you or we need the data to prepare the conclusion of a contract with you.
c. Processing to fulfil a legal obligation pursuant to Article 6(1)(c) GDPR, i.e. processing of the data is required by law or other regulations.
d. Processing for the purposes of the legitimate interests pursued in accordance with Article 6(1) lit. f. GDPR, i.e. processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.
1.3 Rights of data subjects
You are entitled to the following rights with regard to data processing by us:
a. Right to lodge a complaint with a supervisory authority pursuant to Article 13(2)(a) d) GDPR and Article 14(2) letter e) GDPR.
b. Right of access pursuant to Article 15 GDPR
c. Right to rectification pursuant to Article 16 GDPR
d. Right to erasure (“right to be forgotten”) pursuant to Article 17 GDPR
e. Right to restriction of processing pursuant to Article 18 GDPR
f. Right to data portability pursuant to Article 20 GDPR
g. Right to object pursuant to Article 21 GDPRg. Right to object pursuant to Article 21 GDPR Note: Users can object to the processing of their personal data in accordance with the legal requirements at any time with effect for the future. The objection may be made in particular against processing for direct marketing purposes.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
1.4 Data erasure and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
1.5 Security of processing
1.5.1 We have implemented appropriate and state-of-the-art technical and organisational security measures (TOMs). This protects the data processed by us against accidental or intentional manipulation, loss, destruction and unauthorised access.
1.5.2 The security measures include in particular the encrypted transmission of data between your browser and our server.
1.6 Data transfer to third parties, subcontractors and third-party providers
1.6.1 Personal data will only be transferred to third parties within the framework of legal requirements. We only pass on user data to third parties if this is necessary, e.g. for billing purposes or for other purposes if the transfer is necessary to fulfil contractual obligations towards the users.
1.6.2 If we use subcontractors for our online offering, we have taken suitable contractual precautions and appropriate technical and organisational measures with these companies.
1.6.3 If we use content, tools or other means from other companies (hereinafter collectively referred to as “third-party providers”) and their registered office is located in a third country, it can be assumed that data will be transferred to the countries in which the third-party providers are based. We will only transfer personal data to third countries if there is an adequate level of data protection, user consent or other legal authorisation.
2 SPECIFIC DATA PROCESSING
2.1 Collection of information on the use of the online offer
2.1.1 When using the online offer, information is automatically transmitted to us by the user’s browser; this includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.
2.1.2 This information is processed on the basis of legitimate interests in accordance with Article 6 (1) lit. f GDPR (e.g. optimisation of the online offer) and to ensure the security of processing in accordance with Article 5 (1) lit. f GDPR (e.g. for the defence against and investigation of cyber attacks).
2.1.3 The information is deleted automatically and no later than 30 days after the end of the connection – i.e. use of the online offer – provided that there are no other retention periods to the contrary.
2.1.4 The collection of data and the storage of data in log files is absolutely necessary for the provision of the online offer. The user therefore has no right to erasure, objection or rectification.
2.2 Amazon CloudFront CDN
2.2.1 Wir nutzen das Content Delivery Network (CDN) Cloudfront. The provider is Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxembourg (hereinafter “Amazon”). Amazon acts as a subcontractor for Webflow.
2.2.2 Amazon CloudFront CDN is a globally distributed content delivery network. The information transfer between your browser and our website is technically routed via the Content Delivery Network. This enables us to increase the global accessibility and performance of our website.
2.2.3 The use of Amazon CloudFront CDN is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 para. 1 lit. f GDPR).
2.2.4 Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details finden Sie hier: https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/.
2.2.5 Further information on Amazon CloudFront CDN can be found here: https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice__German_Translation.pdf.
2.3 Contact by e-mail
2.3.1 When contacting us by e-mail, the data provided by the user will be processed exclusively for the purpose of processing the enquiry and handling it.
2.3.2 The data will only be used for other purposes with the user’s consent.
2.4 Links to other websites
2.4.1 While using some of our services, you will be automatically redirected to third-party websites.
3 PROCESSING FOR THE PURPOSE OF CARRYING OUT OUR BUSINESS PROCESSES
3.1.1 When you call up the navigation point “Reservation”, you will be redirected to the website https://www.opentable.de/r/layla-by-meir-adoni-berlin. The service provider of the reservation portal is OpenTable, Inc. (1 Montgomery St., Suite 700, San Francisco, CA 94104, USA).
3.1.3 Please assert your rights in accordance with Section 1.3 “Data subject rights” of this data protection agreement directly against the service provider in relation to the use of the above-mentioned website.
3.2.1 When you access the “Voucher” navigation point, you will be redirected to the website https://app.atento.me/marketplace_merchants/27-layla-by-meir-adoni. The service provider of the voucher shop is Atento Technology Germany GmbH (Rheinsberger Straße 76/77, 10115 Berlin)
3.2.3 Please assert your rights in accordance with Section 1.3 “Data subject rights” of this data protection agreement directly against the service provider in relation to the use of the above-mentioned website.
4.1 General information
4.1.1 Cookies are information that is transferred from our web server or third-party web servers to the user’s web browser and stored there for later retrieval. Cookies can be small files or other types of information storage.
4.1.2 If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
4.2 Cookie overview, objection options
No cookies are currently used.
5.1 We reserve the right to amend this data protection declaration with regard to data processing in order to adapt it to changed legal situations, changes to the online offer or data processing.