1. Purpose, Controller
1.1. This Privacy Policy explains the manner and extent to which data is collected and used in connection with our website and our online offering, the purposes for which this is done, and how cookies are used.
Provider/Controller as defined in data protection law:
Company: Frühlings-Hotel GmbH
Address: Bankplatz 7, 38100 Braunschweig, Germany
Telephone: +49 (0)531 243210
Email:
1.2. The legal basis for data protection ensues from the EU General Data Protection Regulation (GDPR), the German Act to Adapt Data Protection Law (Bundesdatenschutzgesetz, BDSG-neu), and the German Telemedia Act (Telemediengesetz, TMG).
2. Basic Information on Data Processing
2.1. We collect, process and use the data of our users exclusively in compliance with relevant data protection regulations. This means that users’ data is only used if there is a legal requirement to do so, or if consent has been granted.
2.2. We implement organisational and technical security measures and make contractual arrangements in order to ensure compliance with statutory data protection regulations, protect the data we handle against accidental or intentional manipulation, loss or destruction, and prevent said data from being accessed by unauthorised parties.
3. Collection, Processing and Use of Personal Data
3.1. Our users’ personal data is used for the following purposes:
- for providing the services we offer to users;
- for ensuring effective customer relations; when we are contacted, we store the personal details so that we can process the request and in case any subsequent queries arise;
- for sending newsletters and other advertising materials, provided the recipient has granted us consent to do so.
3.2. We transfer the data to third parties whenever this is necessary for provision of the service, for billing purposes, or for performance of our contractual obligations towards the user.
4. Sending Information by Email
Whenever we send email circulars containing advertising messages about our business and the services we offer, we only do so with the express consent of the respective recipient. Users can unsubscribe from our email circulars at any time.
5. Collection of Access Data
5.1. We collect data each time the server on which our offering is stored is accessed (known as a “server log”). The access data collected includes: the name of the website visited; the file name; the time and date of the visit; the quantity of data transferred; notification that the visit has taken place; the browser used including the version; the user’s operating system; the referrer URL (the preceding page visited); the IP address; and the requesting provider.
5.2. As is required by law, we use this log data without attributing it to the user personally or for profiling of any kind. We use it solely for statistical analyses aimed at ensuring the operation and security of our offering and ways of enhancing it. However, we reserve the right to verify the log data later if there are reasonable grounds for suspecting that unlawful usage has taken place.
6. Cookies, Reach Measurement
6.1. Cookies are information that is transferred from our webserver or third-party webservers to users’ web browsers, where it is stored for retrieval later on. This Privacy Policy informs users about the use of cookies in connection with pseudonymous reach measurement.
6.2. Our website can still be viewed even if cookies have been excluded. Any user who does not want cookies to be stored on their computer is asked to deactivate the relevant option in their web browser settings. Cookies already stored can be deleted likewise in the browser settings. If cookies are excluded, this may restrict the functions of the Internet offering.
7. Provision of Information, Withdrawal of Consent, Modifications, Rectifications and Updates
7.1. Users have the right to receive information free of charge on request about which of their personal data we have stored. Our contact details are provided in the legal notice.
7.2. Moreover, users have the right to have incorrect data rectified, to withdraw their consent, and to have their personal data blocked and/or erased to the extent that we are not obliged to retain it by law.
8. Amendments to this Privacy Policy
8.1. We reserve the right to amend this Privacy Policy in order to bring it in line with new legislation, or if we alter our services and data processing.
8.2. Users are therefore requested to inform themselves about its content at regular intervals.
9. Data Protection Officer
We have appointed a data protection officer in accordance with Sect. 38 of the Act to Adapt Data Protection Law:
Herr Kent F. Schwirz von derProtekto Data Fuse GmbH
Wendenstraße 279
20537 Hamburg
Tel. 040-42236924
10. Data protection information for data subjects
If you book or request a hotel room directly with us or via a third-party provider (e.g. a hotel reservation portal), we process your personal data for the purpose of implementing an accommodation contract. The legal basis for this is Article 6 para.1 lit. b) DSGVO.
The recipient of the personal data is Frühlings-Hotel GmbH. Within Frühlings-Hotel GmbH, the data is received by those offices that need it to fulfill our contractual and legal obligations.
We process your personal data in accordance with the provisions of the European Data Protection Regulation (EU-DSGVO) and the Federal Data Protection Act (BDSG new).
The legal basis for the processing of personal data is basically - unless there are still specific legal provisions - Art. 6 DSGVO. In particular, the following possibilities come into consideration here:
- Consent (Art. 6 para. 1 lit. a) DSGVO
- Data processing for the fulfillment of contracts (Art. 6 para. 1 lit. b) DSGVO
- Data processing for the fulfillment of a legal obligation (Art. 6 para. 1 lit. c) DSGVO
- Data processing on the basis of a balance of interests (Art. 6 para. 1 lit. f) DSGVO
If personal data is processed on the basis of your consent, you have the right to revoke your consent to us at any time with effect for the future. To do so, please contact the above-mentioned responsible party.
If we process data on the basis of a balance of interests, you as the data subject have the right to object to the processing of personal data, taking into account the requirements of Art. 21 DSGVO.
In order to process your data within the framework of data protection order processing, we use external service providers in accordance with Art. 28 EU-DSGVO, who are responsible for the technical operation of our booking systems, among other things, or are commissioned with the implementation of the accommodation contract in the hotel in accordance with data protection law.
Data transfer to third countries only takes place in the case of the channel manager Hotel Spider, which has its servers in Switzerland. Switzerland is assessed as a so-called safe third country with a sufficiently high level of data protection. The data transfer only takes place as far as it is necessary for the execution of your orders. A privacy policy will be shown to you during the online booking with all information by Hotel Spider. In addition, we have concluded the prescribed order processing contract and verify compliance with the technical organizational measures.
The personal data that we have stored from you will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligation or if the processing is based on consent and this is revoked. Retention obligations arise in particular for reasons of commercial and tax law. According to legal requirements, storage is for 6 years in accordance with § 257 para. 1 HGB, and for 10 years in accordance with § 147 para. 1 AO.
In addition, the storage period is assessed according to the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB), are usually 3 years, but can also be up to 30 years in certain cases.
Data from the registration form will be destroyed within 3 months after 1 year of mandatory storage in accordance with §30 BMG.
11. Your rights as a data subject
You have the right to information about the personal data we process about you. In the case of a request for information that is not made in writing, we ask for your understanding that we may then require evidence from you that proves that you are the person you claim to be.
Furthermore, you have a right to correction or deletion or to restriction of processing, insofar as you are entitled to this by law.
Furthermore, you have a right to object to processing within the scope of the law. The same applies to a right to data portability.
In particular, you have a right of objection in accordance with Art. 21 (1) and (2) DSGVO.
Insofar as your personal data has been collected on the basis of legitimate interests of the controller (Art. 6 para. 1 lit. f DSGVO), you have the right to object to the processing.
To exercise your right, simply send an e-mail to:
In addition, you have the right to lodge a complaint with a competent data protection supervisory authority.
Automated processing for the purpose of profiling within the meaning of Art. 22 DSGVO does not take place.