Privacy policy

1. Definitions

This privacy policy is based on the terminology used by the European legislator when adopting the General Data Protection Regulation (GDPR). Our aim is to ensure that this privacy policy is easy to read and understand for the general public, as well as for our customers and business partners. To achieve this, we would like to explain the terms used in advance.

In this privacy policy, we use, among others, the following terms:

a) Personal data
Personal data refers to any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

c) Processing
Processing is any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.

e) Profiling
Profiling refers to any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

f) Pseudonymisation
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

g) Controller or controller responsible for the processing
The controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

h) Processor
A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

i) Recipient
A recipient is a natural or legal person, public authority, agency or another body to whom personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

j) Third party
A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

k) Consent
Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

l) Operating companies of the Hommage Hotels
The operating companies of the Hommage Hotels are:

• Söl’ring Hof Betriebs GmbH
  Am Sandwall 1
  25980 Sylt/Rantum, Germany
  Tel: +49 221 48567-0
  Fax: +49 221 48567-148
  Email: info(at)hommage-hotels.com
  Web: www.hommage-hotels.com 

• HOMMAGE Hotel in Bremen Betriebs GmbH
  Aachener Straße 1051
  50858 Cologne, Germany
  (Same contact details as above)

• Hotel Nassauer Hof GmbH
  Aachener Straße 1053–1055
  50858 Cologne, Germany
  (Same contact details as above)

• Hotel Maison Messmer GmbH
  Aachener Straße 1051
  50858 Cologne, Germany
  (Same contact details as above)

• Grand Tirolia Kitzbühel GmbH
  Branch: Kitzbühel
  Headquarters: Cologne
  Aachener Straße 1051
  50858 Cologne, Germany
  (Same contact details as above)

• Hotel Kö59 Düsseldorf
  Königsallee 59
  40215 Düsseldorf, Germany
  Tel: +49 211 8285 0
  Fax: +49 211 8285 1111
  Email: info.koe59@hommage-hotels.com
  Web: www.hommage-hotels.com 

Under the management of:
5HALLS HOMMAGE HOTELS GmbH
Aachener Straße 1051
50858 Cologne, Germany

On behalf of and for the account of:
HON Hospitality Königsallee Düsseldorf GmbH
Aachener Straße 1053–1055
50858 Cologne, Germany

2. Name and Address of the Controller Responsible for Processing

The controller within the meaning of the General Data Protection Regulation (GDPR), as well as other applicable data protection laws in the Member States of the European Union and other regulations of a data protection nature, is as follows:

2.1 The following companies are joint controllers for the processing of the data specified below:

5HALLS HOMMAGE HOTELS GmbH
Aachener Straße 1051
50858 Cologne
Germany
Tel: +49 221 48567-0
Fax: +49 221 48567-148
Email: info(at)hommage-hotels.com
Web: www.hommage-hotels.com

HON-Service GmbH
Aachener Straße 1053–1055
50858 Cologne
Germany
Tel: +49 221 48901-1401
Fax: +49 221 48901-56
Email: info@honestis.ag
Web: www.honestis.ag

DHI Dorint Hospitality & Innovation GmbH
Aachener Straße 1051
50858 Cologne
Germany
Tel: +49 221 48567-0
Fax: +49 221 48567-148
Email: info(at)dorint.com
Web: www.dorint.com

Dorint GmbH
Aachener Straße 1051
50858 Cologne
Germany
(Same contact details as above)

Essential by Dorint GmbH
Aachener Straße 1051
50858 Cologne
Germany
(Same contact details as above)

Söl’ring Hof Betriebs GmbH
Am Sandwall 1
25980 Sylt/Rantum
Germany
(Same contact details as above)

Dorint Hotel in Bremen Betriebs GmbH
Aachener Straße 1051
50858 Cologne
Germany
(Same contact details as above)

Hotel Nassauer Hof GmbH
Aachener Straße 1053–1055
50858 Cologne
Germany
(Same contact details as above)

Hotel Maison Messmer GmbH
Aachener Straße 1051
50858 Cologne
Germany
(Same contact details as above)

Grand Tirolia Kitzbühel GmbH
Branch Office: Kitzbühel
Head Office: Cologne
Aachener Straße 1051
50858 Cologne
Germany
(Same contact details as above)

5HALLS HOMMAGE HOTELS GmbH is part of the Dorint Group, led by DHI Dorint Hospitality & Innovation GmbH, and works closely with the aforementioned companies—most of which belong to the same group—in all areas of personal data processing.

During the booking process, 5HALLS HOMMAGE HOTELS GmbH and the operating companies of the Hommage Hotels collect your data based on Article 6(1)(b) GDPR, insofar as the data is necessary for processing your booking and enabling your stay. Regardless of whether the booking and data collection takes place via www.hommage-hotels.com or through direct contact with one or more of the operating companies, your data will be stored in a database located within the EU/EEA. This database is managed by HON-Service GmbH on behalf of 5HALLS HOMMAGE HOTELS GmbH, the operating companies of the Hommage Hotels, DHI Dorint Hospitality & Innovation GmbH, Dorint GmbH, and Essential by Dorint GmbH. The data will be retained for the duration of your stay and for a further three years, unless longer statutory retention periods apply (e.g. under the German Fiscal Code or Commercial Code). All the aforementioned companies are joint controllers in this regard.

5HALLS HOMMAGE HOTELS GmbH and the operating companies also share guest data collected via www.hommage-hotels.com or through direct contact with one or more of the operating companies. This is necessary for contract fulfilment and is based on Article 6(1)(b) GDPR. The data is processed by 5HALLS HOMMAGE HOTELS GmbH and the relevant operating companies as required to complete the booking and facilitate your stay.

In accordance with Article 26(2) sentence 2 GDPR, we provide you with the key contents of our joint controller agreement:

The transfer of data to the jointly managed database is based on our legitimate interest under Article 6(1)(f) GDPR to plan and carry out group-wide tasks uniformly within the Dorint Group. This includes market analysis, revenue analysis, sales, marketing, brand development and promotion, advertising and public relations, loyalty programmes, etc. These activities are primarily carried out by DHI Dorint Hospitality & Innovation GmbH, but also by 5HALLS HOMMAGE HOTELS GmbH, Dorint GmbH, Essential by Dorint GmbH, and HON-Service GmbH.

If you provide us with your data based on consent under Article 6(1)(a) GDPR for other purposes (e.g. newsletter subscription), we will store it for the duration of your consent, which you may withdraw at any time with future effect. These data are also entered into and stored in the aforementioned jointly managed database.

Data transfers between the joint controllers also occur for the purpose of fulfilling contracts, particularly where the data is necessary to process bookings and enable your stay.

All data is handled in accordance with this privacy policy and applicable legal provisions. We expressly refer you to your rights under section 13 of this privacy policy. Your primary contact for all data subject rights is 5HALLS HOMMAGE HOTELS GmbH for matters and enquiries via www.hommage-hotels.com, and the operating companies of the Hommage Hotels for on-site contact or bookings. HON-Service GmbH, as the database operator, fulfils data subject rights in cooperation with the other controllers. However, you may contact any of the joint controllers, and each is responsible for handling your request regarding data subject rights.

Within the scope of joint responsibility, 5HALLS HOMMAGE HOTELS GmbH and the operating companies are responsible for collecting and ensuring the accuracy and lawfulness of your data. All joint controllers use your data as described above. Where your data is processed based on consent, the joint controllers are jointly responsible for the lawfulness of such processing.

2.2 For all other data collections described on this website, the controller is:

5HALLS HOMMAGE HOTELS GmbH
Aachener Straße 1051
50858 Cologne
Germany

3. Name and Address of the Data Protection Officer

The Data Protection Officer of 5HALLS HOMMAGE HOTELS GmbH, the controller responsible for data collection and processing on this website, is:

Dr Charlotte Lauser
Data Protection Officer
Dr Gerhard-Hanke-Weg 31
85221 Dachau
Germany
Email: datenschutz@lauser-nhk.de

Any data subject may contact our Data Protection Officer directly at any time with questions or suggestions regarding data protection.

4. Cookies

The website of the Hommage Hotels uses cookies. Cookies are text files that are stored and saved on a computer system via an internet browser.

Many websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters through which websites and servers can be assigned to the specific internet browser in which the cookie was stored. This allows visited websites and servers to distinguish the individual browser of the data subject from other internet browsers that contain different cookies. A specific internet browser can be recognised and identified using the unique cookie ID.

By using cookies, 5HALLS HOMMAGE HOTELS GmbH can provide users of this website with more user-friendly services that would not be possible without the cookie setting.

Cookies allow the information and offers on our website to be optimised with the user in mind. As mentioned, cookies enable us to recognise users of our website. The purpose of this recognition is to make it easier for users to utilise our website. For example, a user of a website that uses cookies does not have to re-enter their login details each time they visit the site, as this is handled by the website and the cookie stored on the user's computer system. Another example is the cookie of a shopping basket in an online shop. The online shop remembers the items that a customer has placed in the virtual shopping basket via a cookie.

The cookies mentioned are only set if you have previously given your consent to the use of such cookies. You may withdraw this consent at any time or prevent the setting of cookies via your internet browser settings. Additionally, already set cookies can be deleted at any time via an internet browser or other software programmes. This is possible in all common internet browsers. If the data subject deactivates the setting of cookies in the internet browser used, not all functions of our website may be fully usable. Tracking cookies are only used by the controller if you have previously given your consent.

5. Collection of General Data and Information

Each time the website of the Hommage Hotels is accessed by a data subject or an automated system, a series of general data and information is collected. These general data and information are stored in the server’s log files. The following may be recorded:
(1) browser types and versions used,
(2) the operating system used by the accessing system,
(3) the website from which an accessing system reaches our website (so-called referrer),
(4) the subpages accessed via an accessing system on our website,
(5) the date and time of access to the website,
(6) an Internet Protocol address (IP address),
(7) the internet service provider of the accessing system, and
(8) other similar data and information that serve to protect against threats in the event of attacks on our IT systems.

When using these general data and information, 5HALLS HOMMAGE HOTELS GmbH does not draw any conclusions about the data subject. Rather, this information is needed to
(1) deliver the content of our website correctly,
(2) optimise the content of our website and its advertising,
(3) ensure the long-term functionality of our IT systems and website technology, and
(4) provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.

These anonymously collected data and information are therefore evaluated statistically by 5HALLS HOMMAGE HOTELS GmbH and also with the aim of increasing data protection and data security within our company, ultimately to ensure an optimal level of protection for the personal data we process. The anonymous data from the server log files are stored separately from all personal data provided by a data subject

6. Registration on Our Website / Registration for the Dorint Card Bonus Programme

Data subjects have the opportunity to register on the website of the controller by providing personal data, for example, to participate in the Dorint Card Bonus Programme. By entering their data, the data subject consents to the processing of their personal data in accordance with the provisions outlined below. The data subject retains all rights listed under section 13 of this privacy policy, including the right to withdraw their consent to data processing. Please note that exercising such rights may result in exclusion from participation in the Dorint Card Bonus Programme.

The specific personal data transmitted to the controller depends on the input form used for registration. The personal data entered by the data subject is collected and stored exclusively for internal use by the controller and for its own purposes. The controller may arrange for the data to be shared with one or more processors, such as a parcel delivery service, who will also use the personal data solely for internal purposes attributable to the controller.

When registering on the website of the controller, the IP address assigned by the internet service provider (ISP), as well as the date and time of registration, are also stored. This data is stored to prevent misuse of our services and to enable the investigation of any criminal offences if necessary. Therefore, the storage of this data is required to safeguard the controller.

The voluntary registration of the data subject with personal data enables the controller to offer content or services that can only be provided to registered users. Upon request, the controller will inform any data subject at any time which personal data is stored about them. Furthermore, the controller will rectify or delete personal data at the request or indication of the data subject, provided that no statutory retention obligations apply. All employees of the controller are available to the data subject as contact persons in this regard.

For the processing of personal data in connection with registration for the Dorint Card Bonus Programme, the controller works with the processor Serenata Intraware. The operating company of Next Guest CRM / Serenata Intraware is Serenata Intraware GmbH, Neumarkter Str. 18, 81673 Munich, Germany.

7. Subscription to Our Newsletter

Users of the Hommage Hotels website are given the opportunity to subscribe to the Hommage Hotels newsletter. By entering their data, the data subject consents to the processing of their personal data in accordance with the provisions outlined below. The data subject retains all rights listed under section 13 of this privacy policy, including the right to withdraw their consent to data processing. Please note that exercising such rights may result in exclusion from receiving our newsletter.

The specific personal data transmitted to the controller when subscribing to the newsletter depends on the input form used. 5HALLS HOMMAGE HOTELS GmbH regularly informs its customers and business partners about company offers via a newsletter. The newsletter can only be received by the data subject if (1) they have a valid email address and (2) they register for the newsletter. For legal reasons, a confirmation email is sent to the email address entered by the data subject for the first time using the double opt-in procedure. This confirmation email is used to verify whether the owner of the email address has authorised receipt of the newsletter.

When registering for the newsletter, we also store the IP address assigned by the ISP to the computer system used by the data subject at the time of registration, as well as the date and time of registration. The collection of this data is necessary to trace any potential misuse of a data subject’s email address at a later date and therefore serves to legally safeguard the controller.

The personal data collected during newsletter registration is used exclusively for sending our newsletter. Subscribers may also be informed by email if necessary for the operation of the newsletter service or registration, such as in the event of changes to the newsletter offering or technical updates.

For newsletter registration and distribution, we use the newsletter service providers MailChimp and Serenata Intraware. Detailed information about these providers can be found in section 20 of this privacy policy.

The subscription to our newsletter may be cancelled by the data subject at any time. Consent to the storage of personal data provided for newsletter distribution may be withdrawn at any time. A corresponding link for withdrawal of consent is included in every newsletter. Additionally, it is possible to unsubscribe directly via the website of the controller or by contacting the controller through other means.

8. Newsletter Tracking

The newsletters of 5HALLS HOMMAGE HOTELS GmbH contain so-called tracking pixels. A tracking pixel is a miniature graphic embedded in emails sent in HTML format, enabling log file recording and analysis. This allows for statistical evaluation of the success or failure of online marketing campaigns. Using the embedded tracking pixel, 5HALLS HOMMAGE HOTELS GmbH can determine whether and when an email was opened by a data subject and which links within the email were clicked.

Personal data collected via tracking pixels in newsletters is stored and analysed by the controller to optimise newsletter delivery and better tailor future content to the interests of the data subject. Data subjects may withdraw their separate consent, given via the double opt-in procedure, at any time. We work with the newsletter service providers MailChimp and Serenata Intraware for this purpose. Detailed information about these providers can be found in section 20 of this privacy policy.

9. Contact via Website / Contact Form and Email

Due to legal requirements, the websites of Hommage Hotels contain information that enables quick electronic contact with our company and direct communication, including a general email address. Contact forms are provided for general enquiries, booking and reservation requests, restaurant table bookings, and brochure orders.

If a data subject contacts the controller via email or a contact form, the personal data transmitted is automatically stored. Such data, provided voluntarily by the data subject, is stored for the purpose of processing or contacting the data subject. When a user uses a contact form, the data entered into the form is transmitted to us and stored. This includes: first name, surname, telephone number and/or email address. At the time of submission, the following data is also stored: the user's IP address, date and time of registration. Consent for data processing is obtained during the submission process, and reference is made to this privacy policy.

Alternatively, contact may be made via the provided email address. In this case, the personal data transmitted with the email is stored. No personal data is passed on to third parties.

The legal basis for processing the data is Article 6(1)(a) GDPR if the user has given consent. If the data is transmitted via email, the legal basis is Article 6(1)(f) GDPR. If the email contact aims to conclude a contract, the additional legal basis is Article 6(1)(b) GDPR.

10. Comment Function in the Blog on the Website

5HALLS HOMMAGE HOTELS GmbH offers users the opportunity to leave individual comments on blog posts published on the controller’s website. A blog is a publicly accessible portal on a website where one or more individuals (bloggers or web bloggers) post articles or share thoughts in blog posts. These posts can usually be commented on by third parties.

If a data subject leaves a comment on the blog, the comment, the time of submission, and the username (pseudonym) chosen by the data subject are stored and published. Additionally, the IP address assigned by the ISP is logged. This is done for security reasons and in case the data subject violates the rights of third parties or posts unlawful content. The storage of this data is therefore in the legitimate interest of the controller to potentially exonerate itself in the event of legal violations. No personal data is passed on to third parties unless required by law or for legal defence.

11. Subscription to Blog Comments

Comments posted on the blog of 5HALLS HOMMAGE HOTELS GmbH can generally be subscribed to by third parties. In particular, a commenter may subscribe to follow-up comments on a specific blog post. The legal basis for processing your contact data in this case is Article 6(1)(a) GDPR.

If a data subject opts to subscribe to comments, the controller sends an automatic confirmation email to verify, via the double opt-in procedure, that the owner of the email address has authorised the subscription. The subscription to blog comments can be cancelled at any time.

12. Routine Erasure and Blocking of Personal Data

The controller processes and stores personal data of the data subject only for the period necessary to achieve the purpose of storage, or as provided by the European legislator or another competent legislator in laws or regulations to which the controller is subject.

If the purpose of storage no longer applies, or if a legally prescribed retention period expires, the personal data is routinely blocked or deleted in accordance with legal requirements.

13. Rights of the Data Subject

a) Right to Confirmation
Every data subject has the right, granted by the European legislator, to obtain confirmation from the controller as to whether personal data concerning them is being processed. If a data subject wishes to exercise this right of confirmation, they may contact a member of staff of the controller at any time.

b) Right of Access
Every data subject affected by the processing of personal data has the right, granted by the European legislator, to obtain at any time from the controller free information about the personal data stored about them and a copy of this information. Furthermore, the European legislator has granted the data subject access to the following information:

• the purposes of the processing
• the categories of personal data being processed
• the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations
• where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
• the existence of the right to request rectification or erasure of personal data, or restriction of processing, or to object to such processing
• the right to lodge a complaint with a supervisory authority
• where the personal data is not collected from the data subject: any available information as to its source
• the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and — at least in those cases — meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject

The data subject also has the right to know whether personal data has been transferred to a third country or an international organisation. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.

If a data subject wishes to exercise this right of access, they may contact a member of staff of the controller at any time.

c) Right to Rectification
Every data subject affected by the processing of personal data has the right, granted by the European legislator, to request the immediate rectification of inaccurate personal data concerning them. Furthermore, the data subject has the right, taking into account the purposes of the processing, to request the completion of incomplete personal data — including by means of a supplementary statement.

If a data subject wishes to exercise this right to rectification, they may contact a member of staff of the controller at any time.

d) Right to Erasure (‘Right to be Forgotten’)
Every data subject affected by the processing of personal data has the right, granted by the European legislator, to request from the controller the erasure of personal data concerning them without undue delay, where one of the following grounds applies and insofar as the processing is not necessary:

• The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
• The data subject withdraws consent on which the processing is based according to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, and there is no other legal ground for the processing.
• The data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.
• The personal data has been unlawfully processed.
• The personal data must be erased for compliance with a legal obligation under Union or Member State law to which the controller is subject.
• The personal data has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

If one of the above grounds applies and a data subject wishes to request the erasure of personal data stored by the controller, they may contact a member of staff of the controller at any time. The staff member shall ensure that the erasure request is complied with immediately.

Where the controller has made personal data public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, the controller shall, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested the erasure of any links to, or copies or replications of, that personal data, insofar as processing is not required. The staff member of the controller will take the necessary steps in each individual case.

e) Right to Restriction of Processing
Every data subject has the right, granted by the European legislator, to request the restriction of processing from the controller where one of the following conditions applies:

• The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
• The processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of its use instead.
• The controller no longer needs the personal data for the purposes of the processing, but the data is required by the data subject for the establishment, exercise or defence of legal claims.
• The data subject has objected to processing pursuant to Article 21(1) GDPR pending the verification of whether the legitimate grounds of the controller override those of the data subject.

If one of the above conditions is met and a data subject wishes to request the restriction of personal data stored by the controller, they may contact a member of staff of the controller at any time. The staff member will arrange for the restriction of processing.

f) Right to Data Portability
Every data subject has the right, granted by the European legislator, to receive the personal data concerning them, which was provided to a controller, in a structured, commonly used and machine-readable format. They also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, where the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, or on a contract pursuant to Article 6(1)(b) GDPR, and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising their right to data portability pursuant to Article 20(1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.

To assert the right to data portability, the data subject may contact a member of staff of the controller at any time.

g) Right to Object
Every data subject has the right, granted by the European legislator, to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them which is based on Article 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions.

The controller shall no longer process the personal data in the event of an objection, unless compelling legitimate grounds for the processing can be demonstrated which override the interests, rights and freedoms of the data subject, or the processing is for the establishment, exercise or defence of legal claims.

Where personal data is processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning them for such marketing. This also applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to processing for direct marketing purposes, the controller will no longer process the personal data for these purposes.

In addition, the data subject has the right, on grounds relating to their particular situation, to object to the processing of personal data concerning them for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

To exercise the right to object, the data subject may contact any member of staff of the controller or another employee directly. The data subject is also free to exercise their right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

h) Automated Individual Decision-Making Including Profiling

Every data subject has the right, granted by the European legislator, not to be subject to a decision based solely on automated processing — including profiling — which produces legal effects concerning them or similarly significantly affects them, unless the decision
(1) is necessary for entering into, or the performance of, a contract between the data subject and the controller,
(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or
(3) is based on the data subject’s explicit consent.

Where the decision
(1) is necessary for entering into or the performance of a contract with the data subject, or
(2) is based on the data subject’s explicit consent,
the controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express their point of view, and to contest the decision.

If the data subject wishes to exercise rights relating to automated decision-making, they may contact a member of staff of the controller at any time.

i) Right to Withdraw Consent

Every data subject has the right, granted by the European legislator, to withdraw consent to the processing of personal data at any time.

If the data subject wishes to exercise their right to withdraw consent, they may contact a member of staff of the controller at any time.

14. Data Protection Provisions Regarding the Use of the Customer Relationship Management System (CRM) by Next Guest CRM / Serenata Intraware

The controllers have integrated a Customer Relationship Management System (CRM) provided by Next Guest CRM / Serenata Intraware. A CRM system is used for customer care and refers to a company’s consistent focus on its customers and the systematic management of customer relationship processes. The documentation and administration of customer relationships is a key component of our business and enables deeper relationship marketing.

The customer data stored in the systems of Next Guest CRM / Serenata Intraware includes personal data, specifically contact, contract and payment details of guests or prospects, as well as employees, suppliers, service providers and other contractual partners of the customer or the hotels, including records of communications between these parties and the customer or the hotels.

The operating company of Serenata Intraware is Serenata Intraware GmbH, Neumarkter Str. 18, 81673 Munich, Germany, with whom the controllers have entered into a data processing agreement.

Personal data is processed during online bookings via the Hommage Hotels websites and during online registration for the Dorint Card Bonus Programme. The processing of personal data is carried out in accordance with Article 4(2) and Article 28 GDPR. The controllers have a legitimate interest in this data processing, and it is also necessary for the execution of online bookings. Therefore, the processing is based on Article 6(1)(b) GDPR and, where applicable, on Article 6(1)(f) GDPR.

The controllers will provide any data subject, upon request, with information about the personal data stored concerning them. Furthermore, the controller will rectify or delete personal data at the request or indication of the data subject, provided that no statutory retention obligations prevent this. All employees of the controller are available to the data subject as contact persons in this regard.

15. Data Protection Provisions Regarding the Use of HotelREZ

The controllers have integrated services provided by HotelREZ Limited. These services consist of software used to collect data for the creation and management of hotel stay reservations. On the website dorint.com, HotelREZ is used for the purpose of enabling direct online reservations. The type and scope of personal data requested are determined by the relevant input form. Personal data is collected, processed and used exclusively for the execution and fulfilment of the contractual relationship established through the reservation (accommodation contract) and the hotel stay. The legal basis for this is Article 6(1)(b) GDPR.

The operating company of HotelREZ, based in the United Kingdom, is HotelREZ Limited, Balderton Hall, Fernwood, Newark, Nottinghamshire NG24 3JR, United Kingdom, with whom the controllers have entered into a data processing agreement.

17. Data Protection Provisions Regarding the Use of an Internet Service Provider

For the purposes of website hosting and backup services, the controllers use the web hosting provider Mittwald, based in Germany. A hosting provider offers and operates internet services that are essential for the infrastructure of the controller’s website.

The operating company of Mittwald is Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4–6, 32339 Espelkamp, Germany, with whom the controllers have entered into a data processing agreement.

In the course of providing hosting services, access to personal data by the processor cannot be ruled out. Data processing takes place exclusively within a Member State of the European Union or another contracting state of the European Economic Area. The personal data transmitted typically includes user data such as IP addresses, log files, and records of user activity (e.g. visited pages, time of access, amount of data transferred in bytes, source/referrer, browser used, operating system used, IP address used).

The data collected via Mittwald is not used to identify the data subject without prior separate and explicit consent. This data is not merged with personal data or other data containing the same pseudonym.

18. Data Protection Provisions Regarding the Use of affilinet

5HALLS HOMMAGE HOTELS GmbH, as the controller for this website, has integrated components of the company affilinet. Affilinet is a German affiliate network offering affiliate marketing services.

Affiliate marketing is an internet-based form of distribution that allows commercial website operators (known as merchants or advertisers) to display advertising — usually compensated via click or sale commissions — on third-party websites operated by partners known as affiliates or publishers. The merchant provides advertising materials via the affiliate network, such as banners or other suitable online advertising tools, which are then embedded by affiliates on their own websites or promoted via other channels such as keyword advertising or email marketing.

The operating company of affilinet is affilinet GmbH, Sapporobogen 6–8, 80637 Munich, Germany, with whom the controller has entered into a data processing agreement.

Affilinet sets a cookie on the data subject’s IT system. The nature of cookies has already been explained above. The tracking cookie from affilinet does not store any personal data. It only stores the identification number of the affiliate (i.e. the partner referring the potential customer), as well as an order number of the visitor to the website and the clicked advertising material. The purpose of storing this data is to process commission payments between the merchant and the affiliate via the affiliate network, i.e. affilinet.

These cookies are only set if you have previously given your consent to the use of such cookies. You may withdraw this consent at any time or prevent the setting of cookies via your browser settings. Cookies already set by affilinet can also be deleted at any time via a browser or other software tools. Please note that this may result in limitations in the use of certain services on our website.

The applicable data protection provisions of affilinet can be accessed at: www.affili.net/de/footeritem/datenschutz 

19. Data Protection Provisions Regarding the Use of etracker

5HALLS HOMMAGE HOTELS GmbH, as the controller for this website, has integrated components of the company etracker. Etracker is a web analytics service. Web analytics involves the collection, gathering and evaluation of data about the behaviour of visitors to websites. A web analytics service collects, among other things, data on the website from which a data subject has accessed another website (known as a referrer), which subpages were accessed, how often and for how long a subpage was viewed. Web analytics is primarily used to optimise websites and to analyse the cost-effectiveness of online advertising.

The operating company of etracker is etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany, with whom the controller has entered into a data processing agreement.

Etracker sets a cookie on the data subject’s IT system. The nature of cookies has already been explained above. Each time a page of this website operated by the controller and containing an etracker component is accessed, the internet browser on the data subject’s IT system is automatically prompted by the etracker component to transmit data to etracker for marketing and optimisation purposes. Through this technical process, etracker gains knowledge of data that is subsequently used to create pseudonymised usage profiles. These usage profiles are used to analyse the behaviour of visitors to the controller’s website and are evaluated with the aim of improving and optimising the website. The data collected via the etracker component is not used to identify the data subject without prior, separate and explicit consent. This data is not merged with personal data or other data containing the same pseudonym.

These cookies are only set if you have previously given your consent to the use of such cookies. You may withdraw this consent at any time or prevent the setting of cookies via your browser settings. Cookies already set by etracker can also be deleted at any time via a browser or other software tools. Please note that this may result in limitations in the use of certain services on our website.

Furthermore, the data subject has the option to object to the collection of data generated by the etracker cookie relating to the use of this website and to prevent such processing. To do so, the data subject must click the cookie opt-out button at www.etracker.de/privacy, which sets an opt-out cookie. This opt-out cookie is stored on the data subject’s IT system. If cookies are deleted from the data subject’s system after an objection, the link must be accessed again and a new opt-out cookie set.

Please note that setting the opt-out cookie may result in limited usability of the controller’s website for the data subject.

The applicable data protection provisions of etracker can be accessed at: www.etracker.com/de/datenschutz.html 

20. Data Protection Provisions Regarding the Use of Email Marketing Systems by MailChimp and Serenata Intraware

The controllers use the email marketing components of MailChimp and Serenata Intraware to send newsletters.

MailChimp is a service provided by The Rocket Science Group, LLC, 512 Means Street, Suite 404, Atlanta, GA 30318, USA. The email marketing system of Serenata Intraware is provided by Serenata Intraware GmbH, Neumarkter Str. 18, 81673 Munich, Germany.

The data stored during newsletter registration via MailChimp (email address, IP address, date and time of registration) is transmitted to a server of The Rocket Science Group in the USA and stored there in compliance with the "EU-US Privacy Shield". Further information on data protection at MailChimp can be found at: mailchimp.com/legal/privacy

Further information on the "EU-US Privacy Shield" can be found at:
ec.europa.eu/justice/data-protection/international-transfers/eu-us-privacy-shield/index_en.htm

The data stored during newsletter registration via Serenata Intraware (email address, IP address, date and time of registration) is transmitted to a server of Serenata Intraware GmbH in Munich. The processing of personal data is carried out in accordance with Article 4(2) and Article 28 GDPR.

You may cancel your newsletter subscription and withdraw your consent to the storage of your data at any time with future effect. Details can be found in the confirmation email and in each individual newsletter.

Our newsletters contain so-called tracking pixels (web bugs), which allow us to determine whether and when an email was opened and which links were clicked by the personalised recipient.

This data is stored to help us tailor our newsletters to the preferences and interests of our subscribers. The data collected is therefore used to send personalised newsletters to each recipient. We ask for your consent to this as follows:
"I agree that my data and usage behaviour may be electronically stored through newsletter tracking in order to send me a personalised newsletter."

With the withdrawal of consent to receive the newsletter, consent to the aforementioned tracking is also withdrawn. Data processing for the purpose of contacting us is carried out in accordance with Article 6(1)(a) GDPR based on your voluntarily given consent. The personal data collected via the contact form will be automatically deleted once your enquiry has been dealt with.

21. Data Protection Provisions Regarding the Use of “eStandby Upgrade” Services by NOR1

The controllers also use “eStandby Upgrade” services, which are designed to offer suitable additional services to guests who have made hotel bookings. Data processing is carried out for the purpose of fulfilling contractual obligations and pre-contractual measures, as well as based on the legitimate interest of the controllers in informing guests about relevant services and upgrades. The legal bases for data processing are therefore Article 6(1)(b) and (f) GDPR.

For the processing of personal data in connection with “eStandby Upgrade” services, the controller works with the processor Nor1, Inc., a company registered in Delaware (USA), headquartered at 3255 Scott Blvd, Bldg 7 Suite 120, Santa Clara, CA 95054, United States of America. Further information on data protection at Nor1 can be found at: www.nor1.com/privacy_policy 

The following personal data is stored and processed in connection with “eStandby Upgrade” services: booking data such as the guest’s name and address or the name and address of the billing recipient, booked services, loyalty programme memberships (e.g. Dorint Card Bonus Programme), and data relating to the hotel-guest relationship.

Personal data is transferred to servers of Nor1, Inc. and its subcontractors in the USA and stored there in compliance with the "EU-US Privacy Shield". Further information on the "EU-US Privacy Shield" can be found at:
ec.europa.eu/justice/data-protection/international-transfers/eu-us-privacy-shield/index_en.htm

22. Data Protection Provisions Regarding the Use of Customer Alliance

The controllers have integrated services provided by Customer Alliance. Customer Alliance is used to analyse online customer reviews, actively gather feedback from customers, and generate new bookings. Customer Alliance collects, uses and processes personal data for this purpose. The nature and purpose of the processing of personal data by Customer Alliance is to contact customers of the controller with a request to review the services provided, to collect and evaluate these reviews, and to make the results available to the controller. The controllers have a legitimate interest in such measures to assess customer satisfaction, and the data processing is therefore based on Article 6(1)(f) GDPR.

The operating company of Customer Alliance is CA Customer Alliance GmbH, Ullsteinstraße 130, 12109 Berlin, Germany, with whom the controllers have entered into a data processing agreement.

Customer Alliance processes the following types/categories of data on behalf of the controller: name, title, gender, language, contract duration, email address, telephone number, address, service-related information (costs, revenue, number of service items), any available individual segmentation data, method of contract conclusion (internet, telephone, etc.), country of origin, service category or group, and customer ratings of the controller. The processing of personal data takes place exclusively within the territory of the Federal Republic of Germany, a Member State of the European Union, or another contracting state of the European Economic Area.

23. Data Protection Provisions Regarding the Use of Google Maps

5HALLS HOMMAGE HOTELS GmbH, as the controller for this website, has integrated services provided by Google Maps. The Google Maps API is used to visually display geographical information. When using Google Maps, Google also collects, processes and uses data about the use of map functions by visitors.

The operating company of Google Maps is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.

Google Maps sets a cookie on the data subject’s IT system. The nature of cookies has already been explained above. By setting the cookie, Google is able to recognise visitors to our website when they subsequently access other websites that are also part of the Google advertising network. Each time a page containing a Google Maps component is accessed, the data subject’s internet browser automatically identifies itself to Google. Through this technical process, Google becomes aware of personal data such as the IP address or browsing behaviour of the user, which Google uses, among other things, to display interest-based advertising.

Personal information, such as the websites visited by the data subject, is stored via the cookie. Each time our website is visited, personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the USA and may be passed on to third parties.

These cookies are only set if you have previously given your consent to the use of such cookies. You may withdraw this consent at any time or prevent the setting of cookies via your browser settings. Cookies already set by Google can also be deleted at any time via a browser or other software tools. Please note that this may result in limitations in the use of certain services on our website.

Furthermore, the data subject has the option to object to interest-based advertising by Google. To do so, the data subject must access the link www.google.de/settings/ads  from each internet browser they use and configure the desired settings.

Further information and the applicable data protection provisions of Google can be accessed at: www.google.de/intl/de/policies/privacy/ 

24. Data Protection Provisions Regarding the Use of Facebook

5HALLS HOMMAGE HOTELS GmbH, as the controller for this website, has integrated components of the company Facebook. As part of the consent process for the use of cookies, the data subject may agree to the data processing described here in connection with Facebook components, or refuse it. The following information regarding Facebook, particularly the data processing carried out by Facebook, applies only if you have given your consent to the use of cookies.

Facebook is a social network. A social network is an online meeting place, a virtual community that typically allows users to communicate and interact with each other. It can serve as a platform for sharing opinions and experiences or enable users to provide personal or business-related information. Facebook allows users to create personal profiles, upload photos, and connect via friend requests.

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject resides outside the USA or Canada, the controller responsible for processing personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Each time a page of this website operated by the controller and containing a Facebook component (Facebook plug-in) is accessed, the internet browser on the data subject’s IT system is automatically prompted by the Facebook component to download a representation of the corresponding Facebook component from Facebook. An overview of all Facebook plug-ins can be found at: developers.facebook.com/docs/plugins. Through this technical process, Facebook becomes aware of which specific subpage of our website was visited by the data subject. This process is only activated on our website if you have previously given your consent.

If the data subject is logged into Facebook at the same time, Facebook recognises which specific subpage of our website the data subject visits during the entire duration of their visit. This information is collected by the Facebook component and assigned by Facebook to the data subject’s personal Facebook account. If the data subject clicks on one of the Facebook buttons integrated into our website, such as the "Like" button, or submits a comment, Facebook assigns this information to the data subject’s personal Facebook account and stores the personal data.

Facebook receives information via the Facebook component whenever the data subject visits our website while logged into Facebook — regardless of whether the Facebook component is clicked or not. If the data subject does not wish this information to be transmitted to Facebook, they can prevent it by logging out of their Facebook account before accessing our website.

Facebook’s published data policy, available at de-de.facebook.com/about/privacy, provides information about the collection, processing and use of personal data by Facebook. It also explains the privacy settings Facebook offers to protect the data subject’s privacy. In addition, various applications are available that allow users to suppress data transmission to Facebook. These applications may be used by the data subject to prevent data transmission to Facebook.

25. Data Protection Provisions Regarding the Use of Google Remarketing

5HALLS HOMMAGE HOTELS GmbH, as the controller for this website, has integrated services provided by Google Remarketing. Google Remarketing is a feature of Google AdWords that enables companies to display advertisements to internet users who have previously visited the company’s website. The integration of Google Remarketing therefore allows a company to create user-specific advertising and display interest-based ads to internet users. The services of Google AdWords are only activated if you have previously given your consent to the use of cookies.

The operating company of Google Remarketing is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.

The purpose of Google Remarketing is to display interest-based advertising. Google Remarketing allows us to show advertisements via the Google advertising network or on other websites that are tailored to the individual needs and interests of internet users.

Google Remarketing sets a cookie on the data subject’s IT system. The nature of cookies has already been explained above. By setting the cookie, Google is able to recognise visitors to our website when they subsequently access other websites that are also part of the Google advertising network. Each time a website containing a Google Remarketing component is accessed, the data subject’s internet browser automatically identifies itself to Google. Through this technical process, Google becomes aware of personal data such as the IP address or browsing behaviour of the user, which Google uses, among other things, to display interest-based advertising.

Personal information, such as the websites visited by the data subject, is stored via the cookie. Each time our website is visited, personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the USA and may be passed on to third parties.

These cookies are only set if you have previously given your consent to the use of such cookies. You may withdraw this consent at any time or prevent the setting of cookies via your browser settings. Cookies already set by Google Remarketing can also be deleted at any time via a browser or other software tools. Please note that this may result in limitations in the use of certain services on our website.

Furthermore, the data subject has the option to object to interest-based advertising by Google. To do so, the data subject must access the link www.google.de/settings/ads from each internet browser they use and configure the desired settings.

Further information and the applicable data protection provisions of Google can be accessed at: www.google.de/intl/de/policies/privacy/ 

26. Data Protection Provisions Regarding the Use of Google+

5HALLS HOMMAGE HOTELS GmbH, as the controller for this website, has integrated the Google+ button as a component on this website. Google+ is a social network. A social network is an online meeting place, a virtual community that typically allows users to communicate and interact with one another. It can serve as a platform for sharing opinions and experiences or enable users to provide personal or business-related information. Google+ allows users to create personal profiles, upload photos, and connect via friend requests.

The operating company of Google+ is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.

Google+ is only activated if you have previously given your consent to the use of cookies.

Each time a page of this website operated by the controller and containing a Google+ button is accessed, the internet browser on the data subject’s IT system is automatically prompted by the Google+ button to download a representation of the corresponding Google+ button from Google. Further information about Google+ can be found at: developers.google.com/+/

If the data subject is logged into Google+ at the same time, Google recognises which specific subpage of our website the data subject visits during the entire duration of their visit. This information is collected by the Google+ button and assigned by Google to the data subject’s Google+ account.

If the data subject clicks on one of the Google+ buttons integrated into our website and thereby gives a Google+1 recommendation, Google assigns this information to the data subject’s personal Google+ account and stores the personal data. Google stores the Google+1 recommendation and makes it publicly available in accordance with the terms accepted by the data subject. A Google+1 recommendation made by the data subject on this website may subsequently be displayed together with other personal data, such as the name of the Google+ account used and the profile photo stored therein, in other Google services — for example, in search engine results, in the data subject’s Google account, or in other locations such as websites or advertisements. Furthermore, Google may link the visit to this website with other personal data stored by Google. Google also records this personal information for the purpose of improving or optimising its various services.

Google receives information via the Google+ button whenever the data subject visits our website while logged into Google+ — regardless of whether the Google+ button is clicked or not.

If the data subject does not wish personal data to be transmitted to Google, they can prevent such transmission by logging out of their Google+ account before accessing our website.

Further information and the applicable data protection provisions of Google can be accessed at: www.google.de/intl/de/policies/privacy/ 
Additional guidance from Google regarding the Google+1 button can be found at: developers.google.com/+/web/buttons-policy 

27. Data Protection Provisions Regarding the Use of Google AdWords

5HALLS HOMMAGE HOTELS GmbH, as the controller for this website, has integrated Google AdWords services. Google AdWords is an online advertising service that allows advertisers to display ads both in Google’s search engine results and across the Google advertising network. Google AdWords enables advertisers to define specific keywords in advance, so that ads are only shown in Google’s search results when the user retrieves a keyword-relevant result. Within the Google advertising network, ads are distributed across topic-relevant websites using an automated algorithm and the predefined keywords.

The operating company of Google AdWords is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.

Google AdWords is only activated if you have previously given your consent to the use of cookies.

The purpose of Google AdWords is to promote our website by displaying interest-based advertising on third-party websites and in Google’s search engine results, as well as to display third-party advertising on our own website.

If a data subject accesses our website via a Google ad, Google places a so-called conversion cookie on the data subject’s IT system. The nature of cookies has already been explained above. A conversion cookie expires after thirty days and is not used to identify the data subject. As long as the cookie has not expired, it is used to determine whether specific subpages — such as the shopping basket in an online shop — have been accessed on our website. Both we and Google can use the conversion cookie to determine whether a data subject who arrived via an AdWords ad has completed a purchase or abandoned the process.

The data and information collected through the use of the conversion cookie are used by Google to generate visit statistics for our website. We use these statistics to determine the total number of users referred to us via AdWords ads, to assess the success or failure of each AdWords ad, and to optimise our future AdWords campaigns. Neither our company nor other Google AdWords advertisers receive information from Google that could identify the data subject.

Personal information, such as the websites visited by the data subject, is stored via the conversion cookie. Each time our website is visited, personal data — including the IP address of the internet connection used by the data subject — is transmitted to Google in the United States of America. This personal data is stored by Google in the USA and may be passed on to third parties.

These cookies are only set if you have previously given your consent. You may withdraw this consent at any time or prevent the setting of cookies via your browser settings. Cookies already set by Google can also be deleted at any time via a browser or other software tools. Please note that this may result in limitations in the use of certain services on our website.

Furthermore, the data subject has the option to object to interest-based advertising by Google. To do so, the data subject must access the link www.google.de/settings/ads from each internet browser they use and configure the desired settings.

Further information and the applicable data protection provisions of Google can be accessed at: www.google.de/intl/de/policies/privacy/ 

28. Data Protection Provisions Regarding the Use of Instagram

5HALLS HOMMAGE HOTELS GmbH, as the controller for this website, has integrated components of the Instagram service. As part of the cookie consent process, the data subject may agree to the data processing described here in connection with Instagram components (Insta button), or refuse it. The following provisions apply only if consent has been given.

Instagram is a service that qualifies as an audiovisual platform, allowing users to share photos and videos and to distribute such content across other social networks.

The operating company of Instagram is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA.

Each time a page of this website operated by the controller and containing an Instagram component (Insta button) is accessed, the internet browser on the data subject’s IT system is automatically prompted by the Instagram component to download a representation of the corresponding Instagram element. Through this technical process, Instagram becomes aware of which specific subpage of our website was visited by the data subject.

If the data subject is logged into Instagram at the same time, Instagram recognises which specific subpage of our website the data subject visits during the entire duration of their visit. This information is collected by the Instagram component and assigned by Instagram to the data subject’s Instagram account. If the data subject clicks on one of the Instagram buttons integrated into our website, the data and information transmitted are assigned to the data subject’s personal Instagram account and stored and processed by Instagram.

Instagram receives information via the Instagram component whenever the data subject visits our website while logged into Instagram — regardless of whether the Instagram component is clicked or not. If the data subject does not wish this information to be transmitted to Instagram, they can prevent it by logging out of their Instagram account before accessing our website.

Further information and the applicable data protection provisions of Instagram can be accessed at:
help.instagram.com/155833707900388 
www.instagram.com/about/legal/privacy/ 

29. Data Protection Provisions Regarding the Use of LiveZilla

The controllers have integrated the LiveZilla component on this website. LiveZilla is a live support helpdesk software that enables direct real-time communication (so-called live chat) with visitors to the website. This allows customer support to be offered, which is a legitimate interest of the controllers; data processing is therefore based on Article 6(1)(b) and (f) GDPR.

The developer of the LiveZilla component is LiveZilla GmbH, Byk-Gulden-Straße 18, 78224 Singen, Germany.

Each time a page of our website equipped with a LiveZilla component is accessed, data is collected by this component for the purpose of operating and analysing the live chat system. Further information about LiveZilla can be found at: www.livezilla.net/home/de/

The LiveZilla component sets a cookie on the data subject’s IT system. The nature of cookies has already been explained above. As part of the cookie consent process, the data subject may agree to the data processing described here in connection with LiveZilla components, or refuse it. If consent is not given, the LiveZilla service may be limited or unavailable. The LiveZilla cookie may be used to create pseudonymised usage profiles. These profiles may be used by the controller to analyse visitor behaviour and ensure the proper operation of the live chat system. The analysis also serves to improve our services. The data collected via the LiveZilla component will not be used to identify the data subject without prior, separate and explicit consent. This data is not merged with personal data or other data containing the same pseudonym.

These cookies are only set if you have previously given your consent. You may withdraw this consent at any time or prevent the setting of cookies via your browser settings. This would also prevent the LiveZilla component from setting a cookie on the data subject’s IT system. Cookies already set by LiveZilla can also be deleted at any time via a browser or other software tools. Please note that this may result in limitations in the use of certain services on our website.

The applicable data protection provisions of LiveZilla GmbH can be accessed at: www.livezilla.net/disclaimer/de/

30. Data Protection Provisions Regarding the Use of Twitter

5HALLS HOMMAGE HOTELS GmbH, as the controller for this website, has integrated components of Twitter. As part of the cookie consent process, the data subject may agree to the data processing described here in connection with Twitter components, or refuse it. The following provisions apply only if consent has been given.

Twitter is a multilingual, publicly accessible microblogging service where users can publish and share short messages known as tweets, limited to 280 characters. These tweets are accessible to everyone, including individuals not registered with Twitter. Tweets are also displayed to the followers of the respective user. Followers are other Twitter users who follow a user’s tweets. Twitter also enables broad audience engagement through hashtags, links, and retweets.

The operating company of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

Each time a page of our website operated by the controller and containing a Twitter component (Twitter button) is accessed, the internet browser on the data subject’s IT system is automatically prompted by the Twitter component to download a representation of the corresponding Twitter element from Twitter. Further information about Twitter buttons can be found at: about.twitter.com/de/resources/buttons. Through this technical process, Twitter becomes aware of which specific subpage of our website was visited by the data subject.

The purpose of integrating the Twitter component is to enable users to share content from this website, increase its visibility in the digital space, and boost visitor numbers.

If the data subject is logged into Twitter at the same time, Twitter recognises which specific subpage of our website the data subject visits during the entire duration of their visit. This information is collected by the Twitter component and assigned by Twitter to the data subject’s Twitter account. If the data subject clicks on one of the Twitter buttons integrated into our website, the data and information transmitted are assigned to the data subject’s personal Twitter account and stored and processed by Twitter.

Twitter receives information via the Twitter component whenever the data subject visits our website while logged into Twitter — regardless of whether the Twitter component is clicked or not. If the data subject does not wish this information to be transmitted to Twitter, they can prevent it by logging out of their Twitter account before accessing our website.

The applicable data protection provisions of Twitter can be accessed at: twitter.com/privacy  

31. Data Protection Provisions Regarding the Use of YouTube

5HALLS HOMMAGE HOTELS GmbH, as the controller for this website, has integrated components of YouTube. YouTube is an online video portal that allows video publishers to upload video clips free of charge and enables other users to view, rate and comment on them, also free of charge. YouTube hosts all types of video content, including full-length films and TV shows, music videos, trailers, and user-generated content.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.

As YouTube stores user data in usage profiles for advertising, market research and/or the design of its website according to user needs, this component is only activated if you have previously given your consent. In that case, the following provisions apply.

Each time a page of this website operated by the controller and containing a YouTube component (YouTube video) is accessed, the internet browser on the data subject’s IT system is automatically prompted by the YouTube component to download a representation of the corresponding YouTube element from YouTube. Further information about YouTube can be found at: www.youtube.com/yt/about/de/ 

Through this technical process, YouTube and Google become aware of which specific subpage of our website was visited by the data subject.

If the data subject is logged into YouTube at the same time, YouTube recognises which specific subpage of our website the data subject visits. This information is collected by YouTube and Google and assigned to the data subject’s YouTube account.

YouTube and Google receive information via the YouTube component whenever the data subject visits our website while logged into YouTube — regardless of whether the YouTube video is clicked or not. If the data subject does not wish this information to be transmitted to YouTube and Google, they can prevent it by logging out of their YouTube account before accessing our website.

YouTube’s published privacy policy, available at www.google.de/intl/de/policies/privacy/ , provides information about the collection, processing and use of personal data by YouTube and Google.

32. Data Protection Provisions Regarding the Use of Tradedoubler

5HALLS HOMMAGE HOTELS GmbH, as the controller for this website, has integrated components of Tradedoubler. Tradedoubler is a German affiliate network offering affiliate marketing services. Affiliate marketing is an internet-based form of distribution that allows commercial website operators (known as merchants or advertisers) to display advertising — usually compensated via click or sale commissions — on third-party websites operated by partners known as affiliates or publishers. The merchant provides advertising materials via the affiliate network, such as banners or other suitable online advertising tools, which are then embedded by affiliates on their own websites or promoted via other channels, such as keyword advertising or email marketing.

As this component includes a tracking cookie, it is only activated if you have previously given your consent to the use of cookies.

The operating company of Tradedoubler is Tradedoubler GmbH, Herzog-Wilhelm-Straße 26, 80331 Munich, Germany.

Tradedoubler sets a cookie on the data subject’s IT system. The nature of cookies has already been explained above. The tracking cookie from Tradedoubler does not store any personal data. It only stores the identification number of the affiliate (i.e. the partner referring the potential customer), as well as the order number of the website visitor and the clicked advertising material. The purpose of storing this data is to process commission payments between the merchant and the affiliate via the affiliate network, i.e. Tradedoubler.

These cookies are only set if you have previously given your consent. You may withdraw this consent at any time or prevent the setting of cookies via your browser settings. This would also prevent Tradedoubler from setting a cookie on the data subject’s IT system. Cookies already set by Tradedoubler can also be deleted at any time via a browser or other software tools. Please note that this may result in limitations in the use of certain services on our website.

The applicable data protection provisions of Tradedoubler can be accessed at: www.tradedoubler.com/de/datenschutzrichtlinie/ 

33. Data Protection Provisions Regarding the Use of Matomo

The controller has integrated the Matomo component on this website. Matomo is an open-source software tool for web analytics. Web analytics involves the collection, gathering and evaluation of data about the behaviour of visitors to websites. A web analytics tool collects data such as the website from which a data subject arrived (known as the referrer), which subpages were accessed, how often and for how long they were viewed. Web analytics is primarily used to optimise websites and to analyse the cost-effectiveness of online advertising.

The software is operated on the controller’s own server, and all log files containing sensitive data are stored exclusively on this server.

The purpose of the Matomo component is to analyse visitor flows on our website. The controller uses the data and information obtained to evaluate usage and to compile online reports that show activity on our website.

Matomo sets a cookie on the data subject’s IT system. The nature of cookies has already been explained above. By setting the cookie, we are enabled to analyse the use of our website. Each time a page of this website is accessed, the internet browser on the data subject’s IT system is automatically prompted by the Matomo component to transmit data to our server for the purpose of online analysis. Through this technical process, we gain knowledge of personal data, such as the IP address of the data subject, which helps us trace the origin of visitors and clicks.

The cookie stores personal information such as access time, location from which access was made, and frequency of visits to our website. Each time our website is visited, this personal data, including the IP address of the internet connection used by the data subject, is transmitted to our server and stored. We do not pass this personal data on to third parties.

The data subject may prevent the setting of cookies by adjusting their browser settings accordingly, thereby permanently objecting to the setting of cookies. This would also prevent Matomo from setting a cookie on the data subject’s IT system. Cookies already set by Matomo can also be deleted at any time via a browser or other software tools.

Additionally, the data subject has the option to object to the collection of data generated by Matomo relating to the use of this website and to prevent such collection. To do so, the data subject must enable the “Do Not Track” setting in their browser.

Please note that setting an opt-out cookie may result in limited usability of the controller’s website for the data subject.

Further information and Matomo’s applicable privacy policy can be accessed at: https://matomo.org/privacy/ 

34. Data Protection Provisions Regarding the Use of PayPal as a Payment Method

5HALLS HOMMAGE HOTELS GmbH, as the controller for this website, has integrated components of PayPal. PayPal is an online payment service provider. Payments are processed via so-called PayPal accounts, which are virtual private or business accounts. PayPal also allows virtual payments via credit cards for users who do not hold a PayPal account. A PayPal account is managed via an email address, meaning there is no traditional account number. PayPal enables users to make online payments to third parties and to receive payments. PayPal also acts as a trustee and offers buyer protection services.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If the data subject selects “PayPal” as the payment option during the ordering process in our online shop, personal data of the data subject is automatically transmitted to PayPal. By selecting this payment method, the data subject consents to the transmission of personal data required for payment processing. The legal basis for processing this data is Article 6(1)(a) GDPR.

The personal data transmitted to PayPal usually includes first name, surname, address, email address, IP address, telephone number, mobile number, or other data necessary for payment processing. Also included are personal data related to the specific order.

The transmission of data is intended for payment processing and fraud prevention. The controller will transmit personal data to PayPal particularly if there is a legitimate interest in doing so. Personal data exchanged between PayPal and the controller may be transmitted by PayPal to credit reference agencies. This transmission is intended for identity and creditworthiness checks.

PayPal may pass on personal data to affiliated companies, service providers or subcontractors, insofar as this is necessary to fulfil contractual obligations or if the data is to be processed on behalf of PayPal.

The data subject may revoke consent to the handling of personal data at any time with PayPal. However, such revocation does not affect personal data that must be processed, used or transmitted for contractual payment processing.

PayPal’s applicable privacy policy can be accessed at: www.paypal.com/de/webapps/mpp/ua/privacy-full 

35. Data Protection Provisions Regarding the Use of Sofortüberweisung as a Payment Method

5HALLS HOMMAGE HOTELS GmbH, as the controller for this website, has integrated components of Sofortüberweisung. Sofortüberweisung is a payment service that enables cashless payments for products and services online. It provides a technical process through which the online merchant receives immediate payment confirmation, allowing goods, services or downloads to be delivered to the customer without delay.

The operating company of Sofortüberweisung is SOFORT GmbH, Fußbergstraße 1, 82131 Gauting, Germany.

If the data subject selects “Sofortüberweisung” as the payment method during the ordering process in our online shop, personal data is automatically transmitted to Sofortüberweisung. By selecting this payment option, the data subject consents to the transmission of personal data required for payment processing. The legal basis for this processing is Article 6(1)(a) GDPR.

During the purchase process via Sofortüberweisung, the buyer transmits their PIN and TAN to SOFORT GmbH. Sofortüberweisung then performs a technical check of the account balance and retrieves additional data to verify account coverage before executing the transfer to the online merchant. The execution of the financial transaction is then automatically communicated to the merchant.

The personal data exchanged with Sofortüberweisung typically includes first name, surname, address, email address, IP address, telephone number, mobile number, or other data necessary for payment processing. The transmission of data is intended for payment processing and fraud prevention. The controller may also transmit other personal data to Sofortüberweisung if there is a legitimate interest in doing so. Personal data exchanged between Sofortüberweisung and the controller may be transmitted by Sofortüberweisung to credit reference agencies for identity and creditworthiness checks.

Sofortüberweisung may pass on personal data to affiliated companies, service providers or subcontractors if necessary to fulfil contractual obligations or if the data is to be processed on behalf of Sofortüberweisung.

The data subject may revoke consent to the handling of personal data at any time with Sofortüberweisung. Such revocation does not affect personal data that must be processed, used or transmitted for contractual payment processing.

The applicable privacy policy of Sofortüberweisung can be accessed at: www.sofort.com/ger-DE/datenschutzerklaerung-sofort-gmbh

36. Data Protection Provisions Regarding the Use of Eye-Able

Eye-Able® is a software solution provided by Web Inclusion GmbH designed to ensure barrier-free access to online information for all users. The necessary files such as JavaScript, stylesheets and images are loaded from an external server. When functions are activated, Eye-Able® uses the browser’s local storage to save settings. All settings are stored locally and are not transmitted further.

To defend against attacks and provide the service in near real-time, Eye-Able® uses the Content Delivery Network (CDN) of BunnyWay d.o.o., Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia. The use of this service is based on the fulfilment of contractual obligations to our customers (Art. 6(1)(b) GDPR) and on our legitimate interest in providing a secure, fast and efficient online offering via a professional provider (Art. 6(1)(f) GDPR).

All transmitted data and servers remain within the EU to ensure GDPR-compliant processing. Web Inclusion GmbH does not collect or analyse personal user behaviour or other personal data at any time. To ensure GDPR-compliant processing, Web Inclusion GmbH has entered into data processing agreements with our hosting provider BunnyWay.

Further information can be found in the privacy policies:

• https://eye-able.com/datenschutz-eye-able/ 
• https://bunny.net/privacy 

37. Legal Basis for Processing

Article 6(1)(a) GDPR serves as the legal basis for processing operations for which we obtain consent for a specific purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party — for example, for the delivery of goods or the provision of services — the processing is based on Article 6(1)(b) GDPR. The same applies to processing operations required for pre-contractual measures, such as enquiries about our products or services.

If our company is subject to a legal obligation that requires the processing of personal data — for example, to fulfil tax obligations — the processing is based on Article 6(1)(c) GDPR.

In rare cases, processing may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured on our premises and their name, age, health insurance details or other vital information had to be passed on to a doctor, hospital or other third party. In such cases, processing would be based on Article 6(1)(d) GDPR.

Finally, processing operations may be based on Article 6(1)(f) GDPR. This legal basis applies to processing operations not covered by any of the aforementioned legal grounds, where processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not override this interest.

Such processing operations are particularly permitted because they have been specifically mentioned by the European legislator. The legislator considered that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47, Sentence 2 GDPR).

38. Data Protection Provisions Regarding the Use of WhatsApp as a Communication Channel

The controllers have included information on this website regarding communication via WhatsApp. WhatsApp is a social communication network and part of Facebook Inc.

A social network is an online meeting place, a virtual community that typically enables users to communicate and interact with one another. It can serve as a platform for sharing opinions and experiences or allow users to provide personal or business-related information. WhatsApp allows users to create private profiles, upload photos, and connect via telephone numbers.

The operating company of WhatsApp is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. If the data subject resides outside the USA or Canada, the controller responsible for processing personal data is WhatsApp Ireland Limited.

WhatsApp’s published privacy policy, available at www.whatsapp.com/legal, provides information about the collection, processing and use of personal data by WhatsApp. It also explains the privacy settings available to users.

39. Legitimate Interests in Processing Pursued by the Controller or a Third Party

Where the processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest is the conduct of our business activities for the benefit of the well-being of all our employees and shareholders.

40. Duration for Which Personal Data Is Stored

The criterion for the duration of storage of personal data is the respective statutory retention period. After the expiry of this period, the relevant data is routinely deleted, provided it is no longer required for the fulfilment of the contract or the initiation of a contract.

41. Statutory or Contractual Requirements for Providing Personal Data; Necessity for Contract Conclusion; Obligation of the Data Subject to Provide Personal Data; Possible Consequences of Failure to Provide

We inform you that the provision of personal data may be required by law (e.g. tax regulations) or may result from contractual arrangements (e.g. details of the contracting party). In some cases, it may be necessary for a data subject to provide us with personal data that must subsequently be processed by us in order to conclude a contract. For example, the data subject is obliged to provide us with personal data if our company enters into a contract with them. Failure to provide personal data would mean that the contract with the data subject could not be concluded.

Before providing personal data, the data subject must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of personal data is legally or contractually required, or necessary for the conclusion of a contract, whether there is an obligation to provide the personal data, and what the consequences of not providing the data would be.

42. Existence of Automated Decision-Making

As a responsible company, we do not use automated decision-making or profiling.

This privacy policy was generated using the privacy policy generator provided by the German Society for Data Protection and IT and Data Protection Lawyer Christian Solmecke.

Effective as of June 2025