Data protection

1. Name and address of the person responsible
The person responsible within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

Parkhotel Obertshausen

Britta Döbert
Münchener Str. 10-14
63179 Obertshausen
Email: geschaeftsleitung@parkhotel-obertshausen.com
Website: www.Parkhotel-Obertshausen.de

Subject of data protection
The subject of data protection is personal data.
According to the Federal Data Protection Act (BDSG), personal data are all individual details about personal or factual circumstances of a specific or identifiable natural person. The GDPR also defines "personal data" as all information that relates to an identified or identifiable natural person; A natural person is regarded as identifiable who can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data or an online identifier.

The data subject is any identified or identifiable natural person whose personal data is processed by the person responsible for processing.

Processing is any process carried out with or without the help of automated procedures or any such series of processes in connection with personal data such as the collection, recording, organization, ordering, storage, adaptation or change, reading, querying, use, Disclosure through transmission, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction.

3. General information on data processing
3.1 Scope of the processing of personal data

In principle, we only collect and use personal data of our users insofar as this is necessary to provide a functional website and our content and services. The collection and use of personal data of our users takes place regularly only with the consent of the user. An exception applies in those cases in which prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

3.2 Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data that is required to fulfill a contract to which the data subject is a party, Article 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6 Paragraph 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) (d) GDPR serves as the legal basis.

If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.

3.3 Deletion of data and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

4. Provision of the website and creation of log files
4.1 Description and scope of data processing

Every time our website is called up, our system automatically collects data and information from the computer system of the calling computer.

The following data is collected:

Information about the browser type and the version used
The user's operating system
The user's internet service provider
The anonymized IP address of the user
Date and time of access
Websites from which the user's system reached our website
Websites that are accessed by the user's system via our website
Entered search terms
Information about the type of device used
language settings
Frequency of page views
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

4.2 Legal basis for data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 Para. 1 lit.f GDPR.

4.3 Purpose of data processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the anonymized IP address of the user must remain stored for the duration of the session.

The storage in log files takes place in order to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. Our legitimate interest in data processing according to Art. 6 Para. 1 lit.f GDPR also lies in these purposes.

4.4 Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. If the data is stored in log files, this is the case after seven days at the latest. Any further storage is possible. In this case, the users' IP addresses are deleted or alienated so that they can no longer be assigned to the accessing client.

4.5 Objection and removal options

The collection of the data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no possibility of objection on the part of the user.

5. Use of cookies
5.1 Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user calls up a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be clearly identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can also be identified after changing pages.

The following data is stored and transmitted in the cookies:

language settings
Information on the expanded status of the quick booking mask
Session cookie (for the duration of the browser session) to temporarily save filter selections made or information on completed forms
We also use cookies on our website that enable an analysis of the surfing behavior of the users.

In this way, the following data can be transmitted:

Information about the browser type and the version used
The user's operating system
The user's internet service provider
The anonymized IP address of the user
Date and time of access
Websites from which the user's system reached our website
Websites that are accessed by the user's system via our website
Entered search terms
Information about the type of device used
language settings
Frequency of page views
The user data collected in this way is pseudonymised by technical precautions. It is therefore no longer possible to assign the data to the calling user. The data is not stored together with other personal data of the user. When you visit our website, an information banner informs you about the use of cookies for analysis purposes and refers you to this data protection declaration. In this context, there is also an indication of how the storage of cookies can be prevented in the browser settings. In YourOnlineChoices preference management, you can object to usage-based online advertising by individual or all companies.

5.2 Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 Para. 1 lit. f GDPR.

The legal basis for the processing of personal data using cookies for analysis purposes is Article 6 Paragraph 1 lit.

5.3 Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For this it is necessary that the browser is recognized even after changing pages.

We need cookies for the following applications:

shopping cart
language settings
Information on the unfolded status of the quick booking box
Session cookie (for the duration of the browser session) to temporarily save filter selections made or information on completed forms
The user data collected by technically necessary cookies are not used to create user profiles.

Analysis cookies are used to improve the quality of our website and its content. Analysis cookies tell us how the website is being used and so we can continuously optimize our offer.
Our legitimate interest in the processing of personal data in accordance with Art. 6 Para. 1 lit. f GDPR lies in these purposes.

5.4 Duration of storage, objection and removal options

Cookies are stored on the user's computer and transmitted to our site from there. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all functions of the website can be used to their full extent.

6. Newsletter
6.1 Description and scope of data processing

You can subscribe to a free newsletter on our website. When registering for the newsletter, the data from the input mask is transmitted to us:

E-mail address of the user
In addition, the following data is collected when you register:

IP address of the calling computer
Date and time of registration
For the processing of the data, your consent is obtained as part of the registration process and reference is made to the data protection declaration.

We use the so-called double opt-in procedure to document the newsletter consent and to prevent misuse of your data. This process ensures that the recipient also wants to receive our newsletter. After registering, you will receive an email asking you to confirm your newsletter registration. We will only send you our newsletter after the confirmation.

The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes storing the time of registration and confirmation, as well as the IP address. Changes to your saved data are also logged.

If you purchase goods or services on our website and enter your e-mail address, this can then be used by us to send a newsletter. In such a case, only direct advertising for your own goods or services will be sent via the newsletter. In connection with the data processing for the dispatch of newsletters, the data is not passed on to third parties. The data will only be used to send the newsletter.

The newsletter is sent via the web-based dailypointTM marketing software, a marketing platform from the provider Toedt, Dr. Selk & Coll. GmbH, Augustenstr. 79, 80333 Munich, Germany.

The e-mail addresses of our newsletter recipients, as well as their other data described in this notice, are stored on the servers of Toedt, Dr. Selk & Coll. GmbH in Germany.

Toedt, Dr. Selk & Coll. GmbH uses this information to send and evaluate the newsletter on our behalf. Furthermore, Toedt, Dr. Selk & Coll. GmbH use this data according to their own information to optimize or improve their own services, e.g. for the technical optimization of the dispatch and the presentation of the newsletter. Toedt, Dr. Selk & Coll. GmbH does not use the data of our newsletter recipients to write them down or to pass them on to third parties.

Furthermore, with Toedt, Dr. Selk & Coll. GmbH concluded an "order processing agreement". This is a contract in which Toedt, Dr. Selk & Coll. GmbH is obliged to protect the data of our users, to process it on our behalf in accordance with its data protection regulations and, in particular, not to pass it on to third parties. Toedt, Dr. Selk & Coll. GmbH can be viewed here.

6.2 Legal basis for data processing

The legal basis for processing the data after the user has registered for the newsletter is Article 6 (1) (a) GDPR if the user has given their consent.

The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG.

6.3 Purpose of data processing

The collection of the user's email address is used to deliver the newsletter. The collection of other personal data during the registration process serves to prevent misuse of the services or the email address used.

6.4 Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. The user's email address and the date and time of registration are therefore stored for as long as the subscription to the newsletter is active. The other personal data collected during the registration process are usually deleted after a period of seven days.

6.5 Opposition and removal option

The user concerned can cancel the subscription to the newsletter at any time. There is a corresponding link in every newsletter for this purpose. This also enables you to withdraw your consent to the storage of the personal data collected during the registration process.

6.6 Statistical Survey and Analysis

The newsletters contain a so-called "web beacon", ie a pixel-sized file that is sent to the Toedt, Dr. Selk & Coll. GmbH is retrieved. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of retrieval, are initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times.

The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our aim nor that of Toedt, Dr. Selk & Coll. GmbH to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

Consent to sending email addresses is given on the basis of Art. 6 Paragraph 1 (a), Art. 7 GDPR and Section 7 Paragraph 2 No. 3 or Paragraph 3 UWG. The use of the shipping service provider Toedt, Dr. Selk & Coll. GmbH, the implementation of statistical surveys and analyzes as well as the logging of the registration process are carried out on the basis of our legitimate interests in accordance with Art. 6 Paragraph 1 (f) GDPR. We are interested in the use of a user-friendly and secure newsletter system that serves both our business interests, such as direct mail, and meets the expectations of users.

If we use your personal data for direct marketing, you can object to this at any time by notifying us, in accordance with Art. 21 GDPR.

7. Registration and booking
7.1 Description and scope of data processing

A booking engine is available on our website that enables our users to make online bookings in Maritim Hotels. If a user makes use of this option, the data entered in the input mask will be transmitted to us and to our software partner Pegasus Solutions Companies, 4 Aston Avenue, Harrow, Middlesex HA3 0DB, GB and saved.

These data are:

Salutation of the user
First name and last name of the user
E-mail address of the user
Telephone number of the user
Booking data of the user
Full postal address of the user
Country of the user
Title of the booked guest
First name and last name of the booked guest
Purpose of the stay (professional or private)
Further information / messages to the hotel - if completed
Payment method of the user
Credit card details of the user
To facilitate and speed up future booking processes, the user is still able to register online with a profile and save a personal password. This password will not be sent to us.

These data are:

Salutation of the user
First name and last name of the user
E-mail address of the user
Telephone number of the user
Booking data of the user
Full postal address of the user
Country of the user
Title of the booked guest
First name and last name of the booked guest
Purpose of the stay (professional or private)
Further information / messages to the hotel - if completed
Payment method of the user
Credit card details of the user
7.2 Legal basis for data processing

If the user has given his / her consent, the legal basis for processing the data is Article 6 (1) (a) GDPR.

7.3 Purpose of data processing

The processing of the personal data from the input mask serves us only to process the online booking and to handle the stay in the hotel. In the case of an online booking via our website, this is also the necessary legitimate interest in processing the data. The other personal data processed during the sending process serve to prevent misuse of the online booking and to ensure the security of our information technology systems.

We have also concluded an "order processing agreement" with Pegasus Solutions Companies. This is a contract in which Pegasus Solutions Companies undertakes to protect the data of our users, to process it on our behalf in accordance with their data protection regulations and, in particular, not to pass them on to third parties. You can view the data protection regulations of Pegasus Solutions Companies here.

7.4 Duration of storage

The data is stored for the duration of the session and then deleted if the user does not complete a booking. When booking online, all data entered by the user are saved and transmitted to the hotel for reservation and invoicing.

In general, personal data is stored by Maritim Hotelgesellschaft mbH and Pegasus Solutions Companies, 4 Aston Avenue, Harrow, Middlesex HA3 0DB, GB only for the period necessary to achieve the storage purpose or if this is done by the European directives and regulators or a other legislators have been provided for in laws or regulations to which the controller is subject.

If the purpose of storage no longer applies or if a storage period prescribed by the European directives and regulations or another responsible legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

7.5 Opposition and removal option

The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, it is not possible to make an online booking via the Maritim website.

In the event that you would like to object to the processing of your personal data by us, please send an email to contradiction@maritim.de.

In this case, all personal data stored in the course of the online booking will be deleted.

8. Contact form and email contact
8.1 Description and scope of data processing

A contact form is available on our website that can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and saved.

These data are:

Salutation of the user
reference
First name and last name of the user
Full postal address of the user
E-mail address of the user
Country of the user
Message from the user
User title - not a mandatory field
Telephone number of the user - no mandatory field
Company of the user - no mandatory field
At the time the message is sent, the following data is also stored:

The IP address of the user
Date and time of registration
Salutation of the user
reference
First name and last name of the user
Full postal address of the user
E-mail address of the user
Country of the user
Message from the user
User title - if filled in
Telephone number of the user - if filled in
Company of the user - if filled in
For the processing of the data, your consent is obtained as part of the sending process and reference is made to this data protection declaration. Alternatively, you can contact us using the email address provided. In this case, the user's personal data transmitted with the email will be saved. In this context, the data will not be passed on to third parties. The data will only be used to process the conversation.

8.2 Legal basis for data processing

If the user has given his / her consent, the legal basis for processing the data is Article 6 (1) (a) GDPR.

The legal basis for the processing of the data that is transmitted in the course of sending an email is Article 6 (1) (f) GDPR. If the aim of the e-mail contact is to conclude a contract, the additional legal basis for processing is Art. 6 Para. 1 lit. b GDPR.

8.3 Purpose of data processing

The processing of the personal data from the input mask serves us only to process the contact. If you contact us by e-mail, there is also the necessary legitimate interest in processing the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

8.4 Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those that were sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been finally clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

8.5 Objection and removal options

The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

In the event that you would like to object to the processing of your personal data by us, please send an email to contradiction@maritim.de.

In this case, all personal data stored in the course of contacting us will be deleted.

9. Inquiry form and e-mail request for quotation
9.1 Description and scope of data processing

A form for requesting offers is available on our website, which can be used to request an electronic offer. If a user makes use of this option, the data entered in the input mask will be transmitted to us and saved.

These data are:

Salutation of the user
First name and last name of the user
E-mail address of the user
Message from the user
Complete postal address of the user - no mandatory field
Telephone number of the user - no mandatory field
Company of the user - no mandatory field
At the time the message is sent, the following data is also stored:

The IP address of the user
Date and time of registration
Salutation of the user
First name and last name of the user
E-mail address of the user
Message from the user
Full postal address of the user - if filled in
Telephone number of the user - if filled in
Company of the user - if filled in
For the processing of the data, your consent is obtained as part of the sending process and reference is made to this data protection declaration. Alternatively, you can contact us using the email address provided. In this case, the user's personal data transmitted with the email will be saved. In this context, the data will not be passed on to third parties. The data will only be used to process the request for quotation.

9.2 Legal basis for data processing

If the user has given his / her consent, the legal basis for processing the data is Article 6 (1) (a) GDPR.

The legal basis for the processing of the data that is transmitted in the course of sending an email is Article 6 (1) (f) GDPR. If the aim of the e-mail contact is to conclude a contract, the additional legal basis for processing is Art. 6 Para. 1 lit. b GDPR.

9.3 Purpose of data processing

The processing of the personal data from the input mask serves us only to process the offer request. If you contact us by e-mail, there is also the necessary legitimate interest in processing the data. The other personal data processed during the sending process serve to prevent misuse of the request form and to ensure the security of our information technology systems.

9.4 Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the inquiry form and those that were sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been finally clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

9.5 Opposition and removal option

The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

In the event that you would like to object to the processing of your personal data by us, please send an email to contradiction@maritim.de.

In this case, all personal data stored in the course of the request for quotation will be deleted.

10. Brochure request form and email brochure request
10.1 Description and scope of data processing

There is an inquiry form on our website for ordering brochures, which can be used for electronic brochure inquiries. If a user makes use of this option, the data entered in the input mask will be transmitted to us and saved.

These data are:

First name and last name of the user
Full postal address of the user
E-mail address of the user
Country of the user - no mandatory field
Company of the user - no mandatory field
At the time the message is sent, the following data is also stored:

The IP address of the user
Date and time of registration
First name and last name of the user
Full postal address of the user
E-mail address of the user
Country of the user - if filled in
Company of the user - if filled in
For the processing of the data, your consent is obtained as part of the sending process and reference is made to this data protection declaration. Alternatively, you can contact us using the email address provided. In this case, the user's personal data transmitted with the email will be saved. In this context, the data will not be passed on to third parties. The data will only be used to process the prospectus order.

10.2 Legal basis for data processing

If the user has given his / her consent, the legal basis for processing the data is Article 6 (1) (a) GDPR.

The legal basis for the processing of the data that is transmitted in the course of sending an email is Article 6 (1) (f) GDPR. If the aim of the e-mail contact is to conclude a contract, the additional legal basis for processing is Art. 6 Para. 1 lit. b GDPR.

10.3 Purpose of data processing

We only process the personal data from the input mask to process the prospectus request. If you contact us by e-mail, there is also the necessary legitimate interest in processing the data. The other personal data processed during the sending process serve to prevent misuse of the prospectus request form and to ensure the security of our information technology systems.

10.4 Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the prospectus request form and those that were sent by email, this is the case when the respective prospectus request has been processed. Processing is completed when the ordered brochures have been posted to the post office or have been sent as a PDF by e-mail or, if they have been sent regularly, the guest objects to their being sent.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

10.5 Objection and removal options
The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the prospectus request cannot be processed.

In the event that you would like to object to the processing of your personal data by us, please send an email to contradiction@maritim.de.

In this case, all personal data stored in the course of the prospectus request will be deleted.

11. Meeting request form and email meeting request
11.1 Description and scope of data processing

There is a form on our website for inquiries about conferences, which can be used for electronic conference inquiries. If a user makes use of this option, the data entered in the input mask will be transmitted to us and saved.

These data are:

Company of the user
First name and last name of the user
Full postal address of the user
Telephone number of the user
E-mail address of the user
Message from the user
Mobile phone number of the user - no mandatory field
Fax of the user - no mandatory field
At the time the message is sent, the following data is also stored:

The IP address of the user
Date and time of registration
Company of the user
First name and last name of the user
Full postal address of the user
Telephone number of the user
E-mail address of the user
Message from the user
Mobile phone number of the user - if filled in
Fax of the user - if filled in
For the processing of the data, your consent is obtained as part of the sending process and reference is made to this data protection declaration. Alternatively, you can contact us using the email address provided. In this case, the user's personal data transmitted with the email will be saved. In this context, the data will not be passed on to third parties. The data will only be used to process the conference request.

11.2 Legal basis for data processing

If the user has given his / her consent, the legal basis for processing the data is Article 6 (1) (a) GDPR.

The legal basis for the processing of the data that is transmitted in the course of sending an email is Article 6 (1) (f) GDPR. If the aim of the e-mail contact is to conclude a contract, the additional legal basis for processing is Art. 6 Para. 1 lit. b GDPR.

11.3 Purpose of data processing

The processing of the personal data from the input mask serves us only to process the conference request. If you contact us by e-mail, there is also the necessary legitimate interest in processing the data. The other personal data processed during the sending process serve to prevent misuse of the conference request form and to ensure the security of our information technology systems.

11.4 Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the conference request and those that were sent by e-mail, this is the case when the user has received an offer or a contract has been concluded. The conference request is ended when it can be inferred from the circumstances that the matter in question has been finally clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

11.5 Objection and removal options

The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the conference request cannot be processed.

In the event that you would like to object to the processing of your personal data by us, please send an email to contradiction@maritim.de.

In this case, all personal data stored in the course of the conference request will be deleted.

12. Catering request form and email catering request
12.1 Description and scope of data processing

Our website has a form for inquiring about catering, which can be used for electronic catering inquiries. If a user makes use of this option, the data entered in the input mask will be transmitted to us and saved.

These data are:

First name and last name of the user
Full postal address of the user
Telephone number of the user
E-mail address of the user
Message from the user
Company of the user - no mandatory field
Mobile phone number of the user - no mandatory field
Fax of the user - no mandatory field
At the time the message is sent, the following data is also stored:

The IP address of the user
Date and time of registration
First name and last name of the user
Full postal address of the user
Telephone number of the user
E-mail address of the user
Message from the user
Company of the user - if filled in
Mobile phone number of the user - if filled in
Fax of the user - if filled in
For the processing of the data, your consent is obtained as part of the sending process and reference is made to this data protection declaration. Alternatively, you can contact us using the email address provided. In this case, the user's personal data transmitted with the email will be saved. In this context, the data will not be passed on to third parties. The data will only be used to process the catering request.

12.2 Legal basis for data processing

If the user has given his / her consent, the legal basis for processing the data is Article 6 (1) (a) GDPR.

The legal basis for the processing of the data that is transmitted in the course of sending an email is Article 6 (1) (f) GDPR. If the aim of the e-mail contact is to conclude a contract, the additional legal basis for processing is Art. 6 Para. 1 lit. b GDPR.

12.3 Purpose of data processing

The processing of the personal data from the input mask serves us only to process the catering request. If you contact us by e-mail, there is also the necessary legitimate interest in processing the data. The other personal data processed during the sending process serve to prevent misuse of the catering request form and to ensure the security of our information technology systems.

12.4 Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the catering request and those that were sent by e-mail, this is the case when the user has an offer or a contract has been concluded. The catering request is ended when it can be inferred from the circumstances that the matter in question has been finally clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

12.5 possibility of objection and removal

The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the catering request cannot be processed.

In the event that you would like to object to the processing of your personal data by us, please send an email to contradiction@maritim.de.

In this case, all personal data stored in the course of the catering request will be deleted.

13. SME contract request form and email SME contract request
13.1 Description and scope of data processing

A form for inquiring about SME contracts is available on our website, which can be used for electronic SME contract inquiries. If a user makes use of this option, the data entered in the input mask will be transmitted to us and saved.

These data are:

Salutation of the user
Company of the user
First name and last name of the user
Full postal address of the user
Telephone number of the user
E-mail address of the user
Country of the user
Message from the user
User title - not a mandatory field
At the time the message is sent, the following data is also stored:

The IP address of the user
Date and time of registration
Salutation of the user
Company of the user
First name and last name of the user
Full postal address of the user
Telephone number of the user
E-mail address of the user
Country of the user
Message from the user
User title - not a mandatory field
For the processing of the data, your consent is obtained as part of the sending process and reference is made to this data protection declaration. Alternatively, you can contact us using the email address provided. In this case, the user's personal data transmitted with the email will be saved. In this context, the data will not be passed on to third parties. The data will only be used to process the SME contract request.

13.2 Legal basis for data processing

If the user has given his / her consent, the legal basis for processing the data is Article 6 (1) (a) GDPR.

The legal basis for the processing of the data that is transmitted in the course of sending an email is Article 6 (1) (f) GDPR. If the aim of the e-mail contact is to conclude a contract, the additional legal basis for processing is Art. 6 Para. 1 lit. b GDPR.

13.3 Purpose of data processing

The processing of the personal data from the input mask serves us only to process the SME contract request. If you contact us by e-mail, there is also the necessary legitimate interest in processing the data. The other personal data processed during the sending process serve to prevent misuse of the SME contract request form and to ensure the security of our information technology systems.

13.4 Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the SME contract request and those that were sent by e-mail, this is the case when the user has a contract offer or a contract has been concluded. The SME contract request is ended when it can be inferred from the circumstances that the matter in question has been finally clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

13.5 Objection and removal options

The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the SME contract request cannot be processed.

In the event that you would like to object to the processing of your personal data by us, please send an email to contradiction@maritim.de.

In this case, all personal data stored in the course of the SME contract request will be deleted.

14. Goose order form and e-mail request for gastronomic services
14.1 Description and scope of data processing

A form for ordering geese or other gastronomic services is available on our website, which can be used for electronic orders. If a user makes use of this option, the data entered in the input mask will be transmitted to us and saved.

These data are:

Salutation of the user
First name and last name of the user
Full postal address of the user
E-mail address of the user
Message from the user
Company of the user - no mandatory field
Telephone number of the user - no mandatory field
At the time the message is sent, the following data is also stored:

The IP address of the user
Date and time of registration
Salutation of the user
First name and last name of the user
Full postal address of the user
E-mail address of the user
Message from the user
Company of the user - no mandatory field
Telephone number of the user - no mandatory field
For the processing of the data, your consent is obtained as part of the sending process and reference is made to this data protection declaration. Alternatively, you can contact us using the email address provided. In this case, the user's personal data transmitted with the email will be saved. In this context, the data will not be passed on to third parties. The data will only be used to process the order.

14.2 Legal basis for data processing

If the user has given his / her consent, the legal basis for processing the data is Article 6 (1) (a) GDPR.

The legal basis for the processing of the data that is transmitted in the course of sending an email is Article 6 (1) (f) GDPR. If the aim of the e-mail contact is to conclude a contract, the additional legal basis for processing is Art. 6 Para. 1 lit. b GDPR.

14.3 Purpose of data processing

The processing of the personal data from the input mask serves us only to process the order. If you contact us by e-mail, there is also the necessary legitimate interest in processing the data. The other personal data processed during the sending process serve to prevent misuse of the order form and to ensure the security of our information technology systems.

14.4 Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the order form and those that were sent by email, this is the case when the user has received an order confirmation or the order has been picked up at the hotel or delivered to the user. The order for geese and / or other gastronomic services is terminated when it can be inferred from the circumstances that the matter in question has been finally clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

14.5 Opposition and removal option

The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the order cannot be processed.

In the event that you would like to object to the processing of your personal data by us, please send an email to contradiction@maritim.de.

In this case, all personal data stored in the course of ordering geese and / or other gastronomic services will be deleted.

15. Inquiry form and e-mail request for quotation from the Maritim Hotel Travel Service
15.1 Description and scope of data processing

A form from the Maritim Hotel Travel Service, Külpstraße 2, 64293 Darmstadt, is available on our website for inquiring about offers, which can be used for electronic inquiries. If a user makes use of this option, the data entered in the input mask will be transmitted to us and saved.

These data are:

Salutation of the user
Name of the user
E-mail address of the user
Message from the user
Travel date of the user
Complete postal address of the user - no mandatory field
Telephone number of the user - no mandatory field
At the time the message is sent, the following data is also stored:

The IP address of the user
Date and time of registration
Salutation of the user
Name of the user
E-mail address of the user
Message from the user
Travel date of the user
Full postal address of the user - if filled in
Telephone number of the user - if filled in
For the processing of the data, your consent is obtained as part of the sending process and reference is made to this data protection declaration. Alternatively, you can contact us using the email address provided. In this case, the user's personal data transmitted with the email will be saved. In this context, the data will not be passed on to third parties. The data will only be used to process the request for quotation.

15.2 Legal basis for data processing

If the user has given his / her consent, the legal basis for processing the data is Article 6 (1) (a) GDPR.

The legal basis for the processing of the data that is transmitted in the course of sending an email is Article 6 (1) (f) GDPR. If the aim of the e-mail contact is to conclude a contract, the additional legal basis for processing is Art. 6 Para. 1 lit. b GDPR.

15.3 Purpose of data processing

The processing of the personal data from the input mask serves us only to process the offer request. If you contact us by e-mail, there is also the necessary legitimate interest in processing the data. The other personal data processed during the sending process serve to prevent misuse of the request form and to ensure the security of our information technology systems.

15.4 Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the inquiry form and those that were sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been finally clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

15.5 Objection and removal options

The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.

In the event that you would like to object to the processing of your personal data by us, please send an email to contradiction@maritim.de.

In this case, all personal data stored in the course of the request for quotation will be deleted.

16. Maritim PartnerCard application form
16.1 Description and scope of data processing

A form for applying for a Maritim PartnerCard is available on our website. The Maritim PartnerCard is the central customer loyalty tool of the Maritim Hotelgesellschaft mbH. The form, which has been printed out and filled out in advance by the applicant, must have an original signature. Therefore, the actual application is made offline by post and not online. The data collected offline can be viewed at www.maritim.de/partnercard.

The data will only be used to process the application and to operate the Maritim Hotelgesellschaft card system. All data that you have given us as part of your membership in the Maritim PartnerCard will be processed and stored by our partner arvato systems Perdata GmbH, Brook 1, 20457 Hamburg, Germany.

On behalf of the Maritim Hotelgesellschaft, arvato systems Perdata GmbH takes on the processing, storage and archiving of customer master data as well as the evaluation of this data at the hotel company's request. All of the data described in this information is stored on the servers of arvato systems Perdata GmbH in Germany.

arvato systems Perdata GmbH uses this information to communicate with our Maritim PartnerCard members within the framework of the existing contracts on our behalf. arvato systems Perdata GmbH does not use the data of our Maritim PartnerCard holders to write them down themselves or to pass them on to third parties.

Furthermore, we have concluded an "order processing agreement" with arvato systems Perdata GmbH. This is a contract in which arvato systems Perdata GmbH undertakes to protect the data of our users, to process it on our behalf in accordance with its data protection regulations and, in particular, not to pass it on to third parties. You can view the data protection regulations of arvato systems Perdata GmbH here.

16.2 Legal basis for data processing

If the user has given his / her consent, the legal basis for processing the data is Article 6 (1) (a) GDPR.

16.3 Purpose of data processing

The processing of the personal data from the application form is used to process the application and to continue operating the card system.

16.4 Duration of storage

Personal data is only stored by Maritim Hotelgesellschaft mbH and arvato systems Perdata GmbH for the period necessary to achieve the storage purpose or if this is specified by the European directives and ordinances or another legislator in laws or regulations which govern the processing Responsible is subject, was provided.

If the purpose of storage no longer applies or if a storage period prescribed by the European directives and regulations or another responsible legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

16.5 possibility of objection and removal

The user has the option at any time to cancel his Maritim PartnerCard and to revoke his consent to the processing of personal data. If the user contacts us by email, he can also object to the storage of his personal data at any time. In such a case, participation in the Maritim Hotelgesellschaft customer card system cannot be continued.

In the event that you would like to object to the processing of your personal data by us, please send an email to contradiction@maritim.de.

In this case, all personal data stored in the course of participating in the Maritim Hotelgesellschaft customer card system will be deleted.

17. Statistical evaluations and plugins
For individual services provided by our company, we collect additional data for statistical purposes, for example. In order to create the basis for our media data, we determine, for example, how often pages are accessed or which of our online offers are particularly in demand. Plugins / add-ons such as Facebook are also integrated on some of our websites.

17.1 Google Analytics Universal

This website uses Google Analytics Universal, a web analysis service from Google Inc. ("Google"). Google Analytics also uses "cookies", text files that are stored on your computer and that enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. We expressly point out that this website uses Google Analytics with the extension "anonymizeIp" and therefore IP addresses are only processed in abbreviated form in order to exclude direct personal reference. The full IP address will only be transmitted to a Google server in the USA and shortened there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by setting your browser software accordingly; we would like to point out, however, that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install. As an alternative to the browser add-on or within browsers on mobile devices, please click this link to prevent Google Analytics from collecting data on this website in the future (the opt-out only works in the respective browser and only for this domain) . An opt-out cookie will be stored on your device. If you delete cookies in the respective browser, you have to click this link again.

By default, sessions end after 30 minutes of inactivity and campaigns after six months. The time limit for campaigns can be a maximum of two years. You can find more information on terms of use and data protection at: https://www.google.com/analytics/terms/de.html

17.2 Hot Jar
This website uses Hotjar, an analysis software from Hotjar Ltd. ("Hotjar") (www.hotjar.com, 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe). With Hotjar it is possible to measure and evaluate usage behavior (clicks, mouse movements, scrolling heights, etc.) on our website. The information generated by the "tracking code" and "cookie" about your visit to our website is transmitted to the Hotjar server in Ireland and stored there. You can prevent Hotjar from collecting the data by clicking on the following Click the link and follow the instructions there.

17.3 Google Tag Manager
The Google Tag Manager is used on our website to manage our website tags via an interface. The Tag Manager itself is a cookie-free domain that does not collect any personal data. The task of the tool is to trigger other tags, which in turn may collect data under certain circumstances. However, Google Tag Manager does not access this data. Of course, it is possible to obtain further information about this and, if necessary, to use the service. to deactivate. Click here to be excluded from the collection via the Google Tag Manager.

17.4 Google Maps

We use maps from Google Maps on the website to make it easier for you to find your way around. Google Maps is a service provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google"). When you call up the contact pages, your web browser is instructed to load the necessary functions and map data directly from the Google server. These servers can be located in the USA or other countries in the world. We have no control options and do not receive any information from Google as to whether you exchanged corresponding map information when you visited our site. We do not know whether Google only provides you with the technically necessary information or whether it saves and evaluates further data about you or your system, such as IP addresses, information about your browser or the like. Google publishes a privacy policy that also applies to Google Maps. We would like to point out in particular that Google processes the following categories of data: device-related information, IP address, hardware settings, browser type, browser language, date and time of your request and referral URL, cookies (in the browser - Settings can be blocked by you, see also above), location-related information. Google can link the data with other data from you and uses the data collected as part of the services to provide, maintain, protect and improve Google services, to develop new services and to protect Google and its users. Google also uses this data to offer you tailor-made content - for example, to provide you with more relevant search results and advertising. With the help of data collected via cookies and other technologies such as pixel tags, Google improves your user experience and the overall quality of Google services. For example, Google allows you to save your preferred language setting in order to display services in your preferred language. Before Google uses information for purposes other than those listed in Google's data protection declaration, Google will ask for your consent. With your consent, for order data processing operations and for legal reasons, Google also transfers data to third parties. You can also change data protection-relevant settings on Google when you log in there. Google also adheres to several self-regulatory obligations, including the EU-US Privacy Shield Agreement, and processes complaints.

17.5 Google AdWords

When using the Google AdWords ("AdWords") advertising program from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google"), so-called conversion tracking is used to analyze the campaign performance on this website. The information that is obtained using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Here, customers find out the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information with which users can be personally identified.

If you click on an advertisement placed by Google, a cookie will be placed on your computer. Conversion statistics are created using the information that the AdWords cookie collects. The cookies used for conversion tracking lose their validity after 30 days, do not contain any personal data and are therefore not used for personal identification. If our website is accessed before the deadline, Google and we can use the cookie to understand that the user clicked on the ad and was redirected to this page. Every Google AdWords customer receives a different cookie. This means that there is no way that cookies can be tracked via the websites of AdWords customers.

If you do not want to take part in the tracking process, you can also refuse the setting of a cookie required for this - for example via a browser setting that generally deactivates the automatic setting of cookies.
You can permanently deactivate the use of cookies by Google by changing the following link and the settings for managing cookies accordingly:

http://www.google.com/policies/technologies/managing/
http://www.google.com/policies/technologies/ads/
17.6 Google Remarketing

On this website we also use the remarketing function from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google"). This function makes it possible to address visitors to the website in a targeted manner with personalized, interest-based advertising. Interest-based advertising is displayed to the visitor as soon as he searches for something on Google or on the websites of search network partners.

In order to carry out an analysis of website usage, Google uses cookies, which form the basis for creating interest-based advertisements. Website visits and anonymised data on website use are recorded via the cookie. However, personal data is not stored. When you subsequently visit other websites in the Google search network, advertisements are then displayed which, with a high degree of probability, take into account the product and information areas previously called up by the page visitor.

However, if you do not want Google's remarketing function, you can always deactivate it by making the appropriate settings under the following link.

17.7 Facebook

The website uses social plugins (hereinafter referred to as "plugins") from the social network facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (hereinafter referred to as "Facebook") . The plugins can be recognized by one of the Facebook logos (white “f” on a blue tile or a “thumbs up” sign) or are marked with the addition “Facebook social plugin”. The list and the appearance of the Facebook social plugins can be viewed here.

When a user calls up a page on this website that contains such a plugin, his browser establishes a direct connection with the Facebook servers. The content of the plug-in is transmitted directly from Facebook to the user's browser, which integrates it into the website. The provider therefore has no influence on the amount of data that Facebook collects using this plug-in. According to the current state of knowledge of the provider, Facebook proceeds as follows:

By integrating the plugins, Facebook receives the information that a user has called up the corresponding page on the provider's website. If the user is logged in to Facebook, Facebook can assign the visit to his Facebook account. If users interact with the plugins, e.g. press the so-called Like button or leave a comment, the corresponding information is transmitted directly from the user's browser to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will find out his IP address and save it. According to Facebook, only an anonymized IP address is saved in Germany.

The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as the related rights and setting options to protect the privacy of users can be found in Facebook's data protection information.

If a user is a member of Facebook and does not want Facebook to collect data about them via the provider's website and link it to their member data stored on Facebook, they must log out of Facebook before visiting the website. It is also possible to block Facebook social plugins with add-ons for the user's browser, e.g. with the "Facebook blocker".

17.8 XING

We would like to inform you here about the processing of personal data via the function of the XING share button.

The "XING Share Button" is used on this website. When you visit this website, your browser will establish a short-term connection to the XING SE ("XING") servers with which the "XING Share Button" functions (in particular the calculation / display of the counter value) are performed. XING does not save any of your personal data when you access this website. In particular, XING does not save any IP addresses. There is also no evaluation of your usage behavior via the use of cookies in connection with the "XING Share Button". The current data protection information on the "XING Share Button" and additional information can be found on the website.

17.9 Youtube

Our site uses the provider YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA for the integration of videos.
Normally, when you visit a page with embedded videos, your IP address is sent to YouTube and cookies are installed on your computer. However, we have integrated our YouTube videos with the extended data protection mode. In this case, YouTube will still contact Google's Double Click service, but according to Google's privacy policy, personal data will not be evaluated.

According to the information provided by YouTube, only data is transmitted to the YouTube server in the "- extended data protection mode -", in particular which of our websites you have visited when you watch the video. If you click on the video, your IP address will be sent to YouTube and YouTube will find out that you have viewed the video. If you are logged into YouTube at the same time, this information will be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting our website.

We have no knowledge of the possible collection and use of your data by YouTube, nor do we have any influence on it. For more information, see the YouTube privacy policy. In addition, we refer to our general presentation in this data protection declaration for the general handling and deactivation of cookies.

17.10 Twitter

This website uses Twitter buttons. The buttons are offered by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (hereinafter referred to as "Twitter"). They can be recognized by terms such as "Twitter" or "Follow" combined with a stylized blue bird. With the help of the Twitter buttons it is possible to share a post or a page of this website on Twitter or to follow the provider on Twitter.

When a user calls up a page on this website that contains such a Twitter button, his browser establishes a direct connection with the Twitter servers. The content of the Twitter buttons is transmitted directly from Twitter to the user's browser. The provider therefore has no influence on the amount of data that Twitter collects with the help of this plugin. According to Twitter, only the IP address of the user and the URL of the respective website are transmitted when the Twitter button is used; this data is only used to display the Twitter button.

Further information on the Twitter service and the Twitter buttons can be found in Twitter's data protection declaration.

11/17 Google Plus

The website uses the " 1" button of the social network Google Plus, which is operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Google"). The button can be recognized by the " 1" symbol on a white or colored background.

When a user calls up a page on this website that contains such a button, the browser establishes a direct connection to the Google servers. The content of the " 1" button is transmitted directly from Google to its browser, which then integrates it into the website. The provider therefore has no influence on the amount of data that Google collects with the button no personal data is collected without a click on the " 1" button; personal data such as the IP address of Google are only collected and processed for logged-in members of Google .

The users can find out about the purpose and scope of the data collection and the further processing and use of the data by Google as well as about the setting options for the protection of privacy in Google's data protection information for the " 1" button here.

17.12 retargeting

On our websites and in online offers, AdRoll technology (AdRoll, 972 Mission Street, San Francisco, CA 94103, USA) evaluates completely anonymous information on the surfing behavior of visitors to our websites for internal marketing purposes. With the help of this technology, recommendations and advertising messages that match the interests of our users can be displayed when third-party websites are visited. Cookies are used for this. What cookies are has already been explained under point 5. It is impossible to personally identify the user from this data. The data collected by AdRoll are only used to provide the users of our websites and online offers with relevant content. Users of our website can prevent the setting of cookies by our website, as already shown above, at any time by means of a corresponding setting in the Internet browser used and thus permanently object to the setting of cookies or under AdRoll.

17.13 Matomo (formerly PIWIK)

We use the open source software tool Matomo (formerly PIWIK) on our website to analyze the surfing behavior of our users. The software places a cookie on the user's computer (see above for cookies). If individual pages of our website are called up, the following data is stored:

Two bytes of the IP address of the calling system of the user
The accessed website
The website from which the user came to the accessed website (referrer)
The sub-pages that are accessed from the accessed website
The length of stay on the website
The frequency with which the website is accessed
The software runs exclusively on the servers of our website. The user's personal data is only stored there. The data will not be passed on to third parties.
The software is set so that the IP addresses are not saved in full, but 2 bytes of the IP address are masked (e.g. 192.168.xxx.xxx). In this way, it is no longer possible to assign the shortened IP address to the calling computer.

17.14 Google Fonts

We use Google Fonts on our website. This enables us to integrate certain fonts into our website. Google Fonts is a service provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google"). The fonts are provided by Google via servers in the USA. When you visit our website, the visitor's browser establishes a direct connection to these servers. Among other things, the visitor's IP address is transmitted to Google and stored there. Google participates in the EU-US Privacy Shield: www.privacyshield.gov/EU-US-Framework

You can find more information on terms of use and data protection at: www.google.com/policies/privacy


18.Transmission of personal data outside the European Union (third countries)
The transfer of personal data to bodies in third countries takes place if

it is necessary to carry out the booking of the website user and to process the hotel stay
it is required by law
or there is consent from the user
As already mentioned in the course of this data protection declaration, our company works for certain tasks with service providers whose headquarters are in third countries, whose parent company is in third countries or who themselves work with companies based in third countries. Such cooperation is permitted if the European Commission has decided that there is an appropriate level of protection in the third countries concerned (Section 45 GDPR). In addition, we have concluded an "order processing agreement" with the service providers. This is a contract in which the service providers undertake to protect the data of our users, to process it on our behalf in accordance with their data protection regulations and, in particular, not to pass them on to third parties. In the event of suitable guarantees, legal remedies and the possibility of effectively enforcing rights, we may also transfer personal data to companies based in third countries, provided that no such decision has been made by the European Commission (Section 46 (1) GDPR). We do not carry out any further transmission of personal data beyond the type of cooperation described.

Personal data is only stored by Maritim Hotelgesellschaft mbH for the period of time that is necessary to achieve the storage purpose or if this has been provided for by the European directives and regulations or another legislator in laws or regulations to which the person responsible for processing is subject .

If the purpose of storage no longer applies or if a storage period prescribed by the European directives and regulations or another responsible legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

External service providers such as the post office or mailing houses that process personal data on behalf of Maritim Hotelgesellschaft mbH are subject to statutory data protection regulations and may only process the data provided for a specific purpose.

External links

For your optimal information, you will find links on our website that refer to third party websites. If such links are not clearly recognizable, we point out that they are external links. Maritim Hotelgesellschaft mbH has no influence whatsoever on the content or design of this website or on the data protection practices of third parties. We cannot accept any responsibility for this. The information in our data protection declaration therefore does not apply there. If you click on an advertisement or a third party link, be aware that you are leaving the Maritim Hotelgesellschaft mbH service and that any personal data you provide will no longer be covered by this data protection declaration. Please read the data protection declarations of the other website operators to find out how your personal data is collected and processed on these websites.

Declaration of consent of the user

By using our websites and online offers, you agree that the data you voluntarily provide and transmit may be saved by us and used and processed in accordance with this data protection declaration.

19. Rights of the data subject
If your personal data is processed, you are affected within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible:

1. Right to information
You can request confirmation from the person responsible as to whether we are processing personal data relating to you.

If this is the case, you can request the following information from the person responsible:

the purposes for which the personal data are processed;
the categories of personal data that are processed;
the recipients or the categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;
the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
the existence of a right to correct or delete your personal data, a right to restrict processing by the person responsible or a right to object to this processing;
the existence of a right to lodge a complaint with a supervisory authority;
all available information about the origin of the data if the personal data are not collected from the data subject;
the existence of automated decision-making including profiling in accordance with Art. 22 Para. 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information about whether your personal data is being transmitted to a third country or to an international organization. In this context, you can request to be informed about the appropriate guarantees according to Art. 46 GDPR in connection with the transmission.

2. Right to rectification
You have a right to correction and / or completion vis-à-vis the person responsible if the processed personal data concerning you is incorrect or incomplete. The person responsible must make the correction immediately.

3. Right to restriction of processing
You can request that the processing of your personal data be restricted under the following conditions:

if you dispute the accuracy of the personal data concerning you for a period of time that enables the person responsible to check the accuracy of the personal data;
the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
the person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
if you have objected to the processing in accordance with Art. 21 Paragraph 1 GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of your personal data has been restricted, this data - apart from its storage - may only be permitted with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest processed by the Union or a Member State.

If the processing restriction has been restricted according to the above conditions, you will be informed by the person responsible before the restriction is lifted.

4. Right to cancellation
a) Obligation to delete
You can request the person responsible to delete the personal data relating to you immediately, and the person responsible is obliged to delete this data immediately if one of the following reasons applies:

The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
You revoke your consent on which the processing was based in accordance with Article 6 (1) (a) or Article 9 (2) (a) GDPR, and there is no other legal basis for the processing.
You object to the processing in accordance with Art. 21 (1) GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Art. 21 (2) GDPR.
The personal data concerning you have been processed unlawfully.
The deletion of your personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which the person responsible is subject.
The personal data relating to you was collected in relation to information society services offered in accordance with Art. 8 Para. 1 GDPR.
b) Information to third parties

If the person responsible has made the personal data concerning you public and is obliged to delete it in accordance with Art. 17 Para. 1 GDPR, he shall take appropriate measures, including technical measures, to take into account the available technology and the implementation costs, to make the person responsible for the data processing who process the personal data, that you, as the data subject, have requested them to delete all links to this personal data or copies or replications of this personal data.

c) Exceptions

The right to deletion does not exist if processing is necessary

to exercise the right to freedom of expression and information;
to fulfill a legal obligation that requires processing under the law of the Union or of the member states to which the person responsible is subject, or to perform a task that is in the public interest or in the exercise of official authority that has been transferred to the person responsible;
for reasons of public interest in the area of public health in accordance with Art. 9 Paragraph 2 lit. h and i as well as Art. 9 Paragraph 3 GDPR;
for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 GDPR, insofar as the right mentioned under section a) is likely to make the realization of the objectives of this processing impossible or seriously impair it, or
to assert, exercise or defend legal claims.
Right to be informed
If you have asserted the right to correction, deletion or restriction of processing against the person responsible, the person responsible is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, unless this turns out to be impossible or involves a disproportionate effort.

You have the right vis-à-vis the person responsible to be informed about these recipients.

Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the person responsible, in a structured, common and machine-readable format. You also have the right to transfer this data to another person responsible without hindrance from the person responsible to whom the personal data was provided, provided that

the processing is based on consent in accordance with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR or on a contract in accordance with Article 6 (1) (b) GDPR and
the processing is carried out using automated procedures.
In exercising this right, you also have the right to have the personal data relating to you transmitted directly from one person in charge to another person in charge, insofar as this is technically feasible. This must not impair the freedoms and rights of other people.

The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task that is in the public interest or takes place in the exercise of official authority that has been transferred to the person responsible.

Right to object
You have the right, for reasons that arise from your particular situation, to object at any time to the processing of your personal data, which is based on Art. 6 Para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.

The person responsible will no longer process the personal data concerning you unless he can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data relating to you are processed in order to operate direct mail, you have the right to object at any time to the processing of the personal data relating to you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

If you object to processing for direct marketing purposes, the personal data relating to you will no longer be processed for these purposes.

In connection with the use of information society services - regardless of Directive 2002/58 / EC - you have the option of exercising your right of objection by means of automated procedures that use technical specifications.

Questions / right to complain to a supervisory authority
If you have further questions about the protection of your personal data, about this data protection declaration, declarations of consent that have been issued, as well as the processing of your personal data or complaints about data protection, you can contact our data protection officer at the following email address: datenschutz@maritim.de

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged violation, if you are of the opinion that the processing of your personal data is against violates the GDPR.

The supervisory authority is the North Rhine-Westphalian data protection authority based in Düsseldorf.

20. Data security
We take internal data protection very seriously. For this we use modern data storage and security technologies in order to optimally protect your data. It goes without saying that our security measures are continuously improved in line with technological developments. Our employees and the processors (service companies) commissioned by us have been contractually bound by us to maintain secrecy and to comply with IT / security regulations and the applicable data protection regulations.

We and our contractual partners protect your personal data from unauthorized access, loss, use or publication and ensure that your personal information is in a legally required, controlled, secure environment in which unauthorized access, loss or publication is prevented.

Technical and organizational measures have been taken in our company to ensure that our company meets the legal requirements of the BDSG and the GDPR and to protect your data against damage, destruction, falsification, manipulation and unauthorized access. Your data will be encrypted and then saved in a database. All systems in which your personal data is stored are protected against access and are only accessible to a specific group of people who are responsible for personnel.

In order to avoid unnecessary amounts of data, we only collect, process and use your personal data to the extent that this is necessary within the scope of our range of services.

The data collection is carried out by Maritim Hotelgesellschaft mbH as well as by contract processors employed by it.

21. Change to the data protection declaration
Please note that data protection regulations and data protection practices can change continuously and the content of this data protection declaration must be adapted. If this is the case, we will explain changes in a transparent manner for you. It is also advisable to inform yourself about changes in legal regulations and the practice of our company.

As of May 24, 2018
Share by: