DATA PROTECTION

Ennismore Germany GmbH
Ericus 1
20457 Hamburg
Germany

phone +49 (0) 40/ 22 616 24100

referred to in the following as 25hours, is the provider and controller of the websites at https://www.25hours-hotels.com/ and https://www.25hours-companion.com/ and and takes its data protection obligations very seriously. To this end, it designs its website so that only the minimum of personal data is collected, processed and used. Under no circumstances will personal data be leased or sold to third parties for advertising purposes. Personal data will be not used for advertising or marketing purposes without the explicit consent of the visitor. 

Our Videos are available on the websites https://www.25hours-hotels.com/ and https://www.25hours-companion.com/. No third party providers are involved, so that no data is transmitted to third parties. There is also no evaluation of your user behaviour.

At 25hours, access to personal data is only granted to persons who require this data to perform their tasks on behalf of the controller, who have been informed about the legal provisions on data protection and who have entered into an undertaking for compliance in accordance with the applicable legal provisions (Art. 5 General Data Protection Regulation (GDPR)). Pursuant to Art. 6 para. 1 GDPR, collection, processing, use and transfer of the personal data collected only takes place to the extent that is necessary for performance of a contractual relationship between 25hours as the controller and the visitor as the data subject. 

CHANGES IN THE PURPOSE OF DATA PROCESSING AND USE

Technical progress and organisational changes in the processing methods applied may lead to changes/developments, so we reserve the right to update this Privacy Policy to reflect the new technical circumstances. We therefore request that you review the 25hours Privacy Policy from time to time. Where you do not consent to the developments that occur over time, you may request in writing, pursuant to Art. 17 GDPR, the erasure of data that is not stored for compliance with other legal requirements such as retention obligations under commercial or tax law. 

ANONYMOUS DATA COLLECTION

As a rule, you may visit the controller’s website without informing us of who you are. We merely learn the name of your internet service provider, the website from which you visited us and the web pages you visit on our site. The legal basis for this data collection is Art. 6 para. 1 point b) GDPR. This information is evaluated for statistical purposes. You remain anonymous as an individual user.  

COLLECTION AND PROCESSING OF PERSONAL DATA

Personal data is only collected if you provide it to us voluntarily, for example when subscribing to a newsletter, and grant your consent to the use of the data (Art. 6 para. 1 point a) GDPR). The controller adheres to the requirements of Art. 5 and 6 GDPR in this context. Within the scope of the controller’s personalised services, your registration data will be processed for the purpose of sending you our newsletter or for the needs-based design of the electronic services, assuming you grant consent. You have the right at any time to object to the storage of your personal data. To do so, kindly send an email to datenschutz@25hours-hotels.com with “Erase datasets” in the subject line and stating the website in question.  

Processing and use of your personal data takes place in accordance with the requirements of the GDPR. 

DURATION OF STORAGE

We store your personal data only for as long as is necessary to provide the web service you use or to perform contractual relationships with you, or for as long as we have your consent or we have another legitimate interest in processing the data. Any storage beyond this scope will take place exclusively for compliance with legal obligations. 

RIGHTS OF THE DATA SUBJECTS

You have the following rights insofar as we process your personal data:  

RIGHT TO WITHDRAW CONSENT

Where personal data is processed on the basis of consent, you have the right to withdraw this consent with effect for the future.  

RIGHT TO INFORMATION

You have the right to obtain confirmation from us as to whether we are processing personal data concerning you. If so, you may obtain the following information: 

  • the purposes of processing; 

  • which personal data is processed; 

  • the recipients of the data in cases of data transfer to third parties, as well as the name of the third parties and the country in which they are domiciled; 

  • the retention period of the data; 

  • the existence of a right to lodge a complaint with a supervisory authority; 

  • any available information about the origin of the data if the data was not collected directly from you. 

 

You will receive the information no later than one month after receipt of your written request for information. Kindly take note that this information will only be provided if the identity of the person submitting the request can be established unequivocally. 

RIGHT TO RECTIFICATION

You have the right to obtain without delay a rectification of your personal data insofar as it is incorrect.  

RIGHT TO ERASURE (RIGHT TO BE FORGOTTEN)

You have the right to require the erasure of your personal data insofar one of the following reasons applies: 

  • The personal data is no longer necessary for the purposes for which it was collected or processed. 

  • We are not subject to a statutory data retention obligation.  

  • You withdraw your consent on which the processing was based and there is no other legal basis for storage. 

  • You object to the processing and there is no other legal basis for continued storage. 

  • The personal data were unlawfully collected and processed in the first place. 

RIGHT TO RESTRICTION OF PROCESSING

You have the right to obtain restriction of processing of your personal data where one of the following conditions applies: 

  • You contest the permissibility of the processing of your personal data, for a period enabling us to verify the accuracy of the personal data; 

  • Processing of your personal data is actually unlawful and you oppose the erasure of the personal data and request the restriction of its use instead; 

  • We no longer need the personal data for the purposes of the processing, but it is required by you to exercise your legal claims; or 

  • You have objected to processing, pending verification of whether our legitimate reasons override your legitimate reasons. 

RIGHT TO DATA PORTABILITY

You have the right to receive the personal data concerning you and that we have stored in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller without hindrance from us.

RIGHT TO OBJECT

You have the right to object to the processing of personal data concerning you which is based on Article 6 para. 1 points e) or f) GDPR at any time. We shall no longer process this data unless we can demonstrate compelling legitimate grounds for processing which override your interests. 

RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

You have the right to lodge a complaint with the data protection supervisory authority responsible for the controller. 

EXPORT AND PROCESSING OF DATA TO AND IN COUNTRIES OUTSIDE OF THE EUROPEAN ECONOMIC AREA

As a matter of principle, your personal data will not be exported to countries outside the European Economic Area (in the following: EEA), unless explicitly stated in this Privacy Policy. The service providers commissioned by the controller are otherwise domiciled and operate their IT infrastructure exclusively within the EEA. This also applies to any use of cloud-based services. Contracts are in place with the service providers which comply with the data protection and security requirements of the GDPR. 25hours remains the controller, even if external service providers are commissioned.  

USE AND TRANSFER OF PERSONAL DATA

The personal data collected in connection with the controller’s websites will only be used without your consent for performance of a contract and to respond to your enquiries. Your data will otherwise only be used by the controller for the purposes of advertising and market research if you have given your prior consent (Art. 6 para. 1 point a) GDPR in conjunction with Section 25 para. 1 Act on Data Protection and Privacy in Telecommunications and Telemedia (TTDSG)). You may of course withdraw your consent at any time with effect for the future.  

Your data will not be transferred to other third parties apart from that. Insofar as the controller commissions service providers with the provision of its services, the necessary contracts have been concluded in accordance with Art. 28 GDPR. Kindly contact the data protection officer if you require more detailed information concerning the commissioned processors.  

EXTERNAL LINKS

For your information, our pages contain links that point to pages operated by third parties. Insofar as this is not obviously recognisable, we would like to point out that these are external links. The controller has no influence whatsoever on the content and design of these pages from other providers. Hence, the guarantees set out in this Privacy Policy do not apply to external providers. 

USE OF COOKIES

The controller uses “cookies” to customise and optimise the customer’s online experience and online time. A cookie is a text file which is temporarily placed in the computer’s working memory (“session cookie”) or stored on the hard drive (“permanent cookie”). Cookies contain information about the user’s previous accesses to the corresponding server or information about which services have been accessed so far. Cookies are not used to execute programs or to load viruses on to your computer. Instead, cookies are used primarily to provide an internet presence that is tailored to the needs of the customer and to make use of the service as convenient as possible.   

The controller uses both session and permanent cookies. 

SESSION COOKIES

The controller predominantly uses “session cookies” which are not stored on the customer’s hard drive and which are deleted when the browser is closed. In this context, session cookies are used for login authentication and load balancing. These cookies are absolutely necessary for the provision of our website (Art. 6 para. 1 point f) GDPR in conjunction with Section 25 para. 2 TTDSG).  

PERMANENT COOKIES

Subject to your consent, the controller also uses “permanent cookies” to store the personal user settings that a customer enters when using the controller’s services; it does so to personalise and improve the service (Art. 6 para. 1 point a) GDPR in conjunction with Section 25 para. 1 TTDSG). The permanent cookies ensure that customers are not required to re-enter their personal settings when they return to the controller’s websites. 

Moreover, the service providers commissioned by the controller with the analysis of user behaviour use permanent cookies to recognise returning users. These services store the data transferred by the cookie in an exclusively anonymous form. The data is not associated with the customer’s IP address.  

For more information about the permanent cookies placed by the controller or its service providers, refer to the following sections of this Privacy Policy: 

 

  • Use of analytics programs 

  • Use of social media buttons 

  • Online offerings on social media platforms 

AVOIDANCE OF COOKIES

Visitors may block cookies at any time. This usually takes place by adjusting the browser settings or by using additional programs. For more information, customers should refer to the Help tab in their browser. Should the customer decide to disable cookies, this may restrict the scope of services and have a negative effect on use of the controller’s services.  

USE OF ANALYTICS PROGRAMS

The controller performs or commissions the performance of analyses to investigate the behaviour of its customers when using its service, provided they have given their consent. This involves the creation of anonymised or pseudonymised usage profiles. The sole purpose of creating these usage profiles is to continuously improve the controller’s service. The legal basis for the processing of your data is Art. 6 para. 1 point a) GDPR in conjunction with Section 25 para. 1 TTDSG.  During its web analysis, the controller also uses Google Analytics, a web analytics service of Google Inc. (“Google”), whereby the controller has added the Google Analytics extension “_anonymizeIp()”. This analysis will only be performed if you have given your consent. The extension ensures that the IP addresses are processed exclusively in a truncated form to prevent any association with a real person. The legal basis for this processing is Art. 6 para. 1 point a) GDPR in conjunction with Section 25 para. 1 TTDSG. Consent to the collection and storage of data in this context can be withdrawn at any time with effect for the future.

Google requires its users – also the controller – to use the following notice in their privacy policies. 25hours complies with this request by reproducing the following text:  

“Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse use of the website by you. The information generated by the cookie about your use of this website (including your IP address) will be transmitted to Google and stored on servers in the United States. Google will use this information on behalf of the operator of this website, to analyse your usage of the website to compile reports about the website activities and to provide further services to the website operator associated with website and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. On no accounts will Google associate your IP address with any other data held by Google. You can prevent the installation of cookies by making an appropriate setting in your browser software; we point out that you may not be able to use all the functions of this website in this case. By using this website, you consent to the processing of data collected about you by Google in the manner and for the purposes set out above.”  

USE OF SOCIAL MEDIA BUTTONS

We provide social media buttons to share content from our online offering on social networks. We do not use ‘share buttons’ for this purpose, which establish a direct connection with the social network. Instead, we only use icons, which represent a link to the network. By clicking on the icon, users access the social network and can sign in there.   

We use this solution because the buttons offered directly by the operators of social networks unlawfully transfer personal data such as the IP address or entire cookies when loading a website on which they are integrated, and in doing so disclose precise information about your internet usage to the social networks without having first obtained your consent. As described above, the social media buttons we use only establish a direct connection between the social network and the visitor when the latter actively clicks on the icon. This prevents you from leaving a digital footprint on each page you visit. We are therefore able to protect your personal data, while still integrating buttons for social sharing.  

For more information, refer to the following explanations of the specific social media buttons we use: 

 

  • Facebook 

  • Twitter 

  • YouTube plug-ins 

  • Instagram 

  • Pinterest 

DATA PROTECTION INFORMATION CONCERNING THE USE OF THE FACEBOOK PIXEL

This website uses the Facebook pixel for conversion tracking, which is provided by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA. This applies only insofar as you have given us your consent (Art. 6 para. 1 point a) GDPR in conjunction with Section 25 para. 1 TTDSG). 

The Facebook pixel can be used to track your behaviour as a page visitor after clicking on a Facebook advertisement and being redirected to our website. This technology permits evaluations of the effectiveness of Facebook ads for statistical and market research purposes and for optimising future advertising campaigns. 

The data collected is anonymous for us as the operator of this website, and we are unable to draw any conclusions about the identity of users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible. Facebook may use the data for its own advertising purposes in accordance with the Facebook Data Policy. This allows Facebook to place ads on its own pages or elsewhere. We are unable to influence this use of data as the website operator. 

Use of the Facebook pixel is based on Art. 6 para. 1 point  a) GDPR in conjunction with Section 25 para. 1 TTDSG; consent can be withdrawn at any time with effect for the future. 

We otherwise refer to the privacy policies of the individual providers and the options to object in each case (so-called “opt-out”). Where an opt-out option has not been stated explicitly, you may disable cookies in your browser settings. However, this may restrict the functions of our online offerings. We therefore recommend that you use the following opt-out options that are offered specifically for particular regions: 

You will find more information about how to protect your privacy in the Facebook Privacy Policy: https://de-de.facebook.com/about/privacy/

You can also disable the “Custom Audiences” remarketing function in the Ad Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must sign in to Facebook to do so

If you do not have a Facebook account, you can visit the European Interactive Digital Advertising Alliance website at http://www.youronlinechoices.com/de/praferenzmanagement/ to disable usage-based advertising from Facebook. 

Services and service providers we use: 

Facebook pixel  

Meta Plattforms Ireland Ltd.., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Meta Plattforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, website:  

Privacy policy:  

Privacy Shield (to guarantee adequate data protection when processing data in the USA):  

Objection option (opt-out):  

INFORMATION ON DATA PROCESSING (FOR APPLICANTS AND PERMANENT STUFF)

Information on data processing (for applicants and permanent staff) 

We are only able to complete the selection procedure after receipt of your application and initiate a possible employment relationship if we process some of your personal data. The following sections explain which of your personal data we process, in which way and for what purpose. This information is provided in order to fulfil our notification obligations under data protection law. 

1. Controller 

Ennismore Germany GmbH is the controller in the meaning of the General Data Protection Regulation (GDPR).  

2. The controller’s data protection officer 

If you have any questions about data protection, you may contact Prof. Lauser, the company data protection officer appointed for Ennismore Germany GmbH. You will find the necessary information in the contact details. 

3. Personal data 

We process the following categories of personal data concerning you as part of the application process or employment relationship: 

– Master data (e.g. name, gender, date of birth) 

– Contact details (e.g. address, email address, telephone number) 

– Application documents (e.g. certificates, curriculum vitae, photo) 

– Data concerning your professional track record and acquired skills (e.g.: education and training, professional experience, additional qualifications) 

– Usage and inventory data when applications are placed online (e.g.: IP address, name of the retrieved file, date and time of the retrieval, volume of data transferred, notification of successful retrieval, web browser). 

We also process the following categories of personal data in the event that we enter into an employment relationship with you:

– Personal data (insurance, marital status, tax ID, etc.) 

4. Purpose of processing 

All personal data is processed exclusively for the following purposes, unless you give us your separate consent for additional data processing: 

– Initiation, establishment, implementation and termination of the employment relationship 

– Issue of notifications and declarations based on legal obligation or otherwise permitted by law 

– Fulfilment of our obligations under tax and social security law 

– Safeguarding and enforcing our legitimate interests 

– Investigation of criminal offences where necessary 

– Control and organisation within the company. 

The legal bases for the processing of your data in these cases are: 

– Art. 6 para. 1 point b) GDPR in conjunction with Section 26 para. 1 Federal Data Protection Act (BDSG) 

– Art. 6 para. 1 point c) GDPR in conjunction with Section 26 Federal Data Protection Act (BDSG) 

– Art. 6 para. 1 point f) GDPR in conjunction with Section 26 para. 1 no. 2 Federal Data Protection Act (BDSG) 

– Art. 9 para. 2 point b) GDPR in conjunction with Section 26 para. 3 Federal Data Protection Act (BDSG) where special categories of personal data are processed. 

5. Recipients of data 

Your data will be transferred exclusively to companies within our group, except where we are legally obliged to disclose your data to other bodies. Insofar as we use service providers as part of our data processing, we have concluded the necessary contracts in accordance with Art. 28 GDPR. You can send an email to the following contact address to obtain further information about the processors we use: Prof. Lauser, datenschutz@25hours-hotels.com

6. Duration of storage 

Your data will be stored for up to 6 months after completion of the application process or for the duration of the employment relationship, and beyond that for a period of three years from the end of the employment relationship (if an employment relationship is established) and then erased. Storage for a longer period will only take insofar and inasmuch as we are legally obliged to do so in individual cases. 

7. Rights of the data subject 

You have, at any time, the right, 

– pursuant to Article 7 para. 3 GDPR, to withdraw any consent you have given. The processing of data that was based on consent will no longer continue in these cases; 

– pursuant to Article 15 GDPR, to obtain information about the processing of personal data concerning you. In particular, you may obtain information about the purposes of processing, the category of personal data, the categories of recipients to whom data has been or will be disclosed, the envisaged storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of the data if it was not collected by the controller, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details; 

– pursuant to Art. 16 GDPR, to obtain without undue delay the rectification of inaccurate or incomplete personal data stored by the data controller; 

– pursuant to Art. 17 GDPR, to obtain the erasure of the stored personal data, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims; 

– pursuant to Art. 18 GDPR, to obtain restriction of processing of personal data, insofar as the accuracy of the data is contested by you, the processing is unlawful, but you object to its erasure and the controller no longer requires the data, but it is needed by you for the establishment, exercise or defence of legal claims, or you have objected to processing pursuant to Art. 21 GDPR. 

– pursuant to Art. 20 GDPR, to receive the personal data you have provided in a structured, commonly used and machine-readable format or to obtain its transfer to another controller; and 

– pursuant to Art. 77 GDPR, to lodge a complaint with the competent supervisory authority.  

8. Right to object 

Where personal data is processed on the basis of legitimate interests according to Art. 6 para. 1 point f) GDPR, you have the right, pursuant to Art. 21 GDPR, to object, on grounds relating to your particular situation, to the processing of personal data concerning you. 

It is sufficient to send an email to Prof. Lauser to exercise your right to object. 

DATA TRANSFER UPON CONCLUSION OF A CONTRACE FOR ONLINE SHOPS/TRADERS AND GOODS SHIPPING/BOOKINGS)

When you order goods from us/make bookings with us, we will transfer your personal data to the transport company entrusted with delivery and to the payment service provider entrusted with payment processing. We will only disclose the data that the individual service providers require in order to complete their tasks. The legal basis for this is Art. 6 para. 1 point b) GDPR, which permits the processing of data 

for the performance of a contract or to take steps prior to entering into a contract. Where you have provided suitable 

consent according to Art. 6 para. 1 point a) GDPR in conjunction with Section 25 para. 1 TTDSG, we will transfer your email address to the transport company entrusted with delivery so that they can notify you by email about the shipping status of your order; you may withdraw this consent at any time. 

1. Order fulfilment by drop shipping 

It is possible that our retailers will ship the products directly to you if you place an order with us (drop shipping) We will pass on your name, the shipping address and – insofar as this is necessary for delivery – your telephone number to the shipping company for this purpose. This data is disclosed exclusively for the purpose of delivering the goods. 

The legal basis for data processing is Art. 6 para. 1 point b) GDPR (performance of a contract) and our legitimate interest in the fastest and most effective processing of your purchase within the meaning of Art. 6 para. 1 point f) GDPR. 

We use the following dealer for drop shipping: 

Brainbehind GmbH 

We have entered into a data processing agreement (DPA) with the aforementioned provider. A DPA is a mandatory contract under data protection law, which ensures that this company only processes personal data of our website visitors in accordance with our instructions and in compliance with the GDPR. 

We initially collect the following information when you purchase a voucher on our website: 

- Salutation* 

- Surname* 

- First name* 

- Email* 

- Phone* 

- Town/city* 

- Post code* 

- Street* 

- Country* 

- Company (optional) 

  

This data is stored together with the products you have ordered so that your order can be processed and fulfilled (Art. 6 para. 1 point b) GDPR).  

The following processing steps are implemented in connection with the fulfilment of your order: 

- An internal (sequential) order ID is created for the order data and the 

date of creation is saved as well. 

- Order subtotal/total 

- Order status 

- Language (based on the language version selected for the website) 

- Payment method (Saferpay) 

Saferpay acts as a payment services provider under its own responsibility. 

Once payment has been received, our service provider Brainbehind GmbH, Haunsbergstrasse 28, 5165 Berndorf bei Salzburg – with whom we have entered into a data processing agreement – sends an order confirmation by email and then issues the voucher. 

Your data will be erased no later than three years after completion of the order. 

 2. Payment services 

We integrate third-party payment services on our website. When you make a purchase/booking with us, your payment details (e.g. name, payment amount, account details, credit card number) are processed by the payment service for the purpose of processing the payment. The terms of contract and the privacy policies of these individual providers apply to these transactions. Payment services are used on the basis of Art. 6 para. 1 point b) GDPR (performance of a contract) and 

in the interest of ensuring a smooth, convenient and secure payment process (Art. 6 para. 1 point f) GDPR). Where your consent is requested for certain operations, Art. 6 para. 1 point a) GDPR is the legal basis for data processing; consent can be withdrawn at any time with effect for the future. 

We use the following payment services/payment service providers on this website:   

2.1 PayPal 

The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (in the following: “PayPal”). 

Data transfer to the USA is based on the standard contractual clauses of the European Commission. Click on the following link for more details: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.  

Refer to the PayPal Privacy Policy for further information: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.  

2.2. Klarna

The provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter “Klarna”). Klarna offers various payment options (e. g. installment purchase). If you choose to pay with Klarna (Klarna checkout solution), Klarna will collect various personal data from you. Klarna uses cookies to optimize the use of the Klarna checkout solution. Details on the use of Klarna cookies can be found at the following link: https://cdn.klarna.com/1. 0/shared/content/policy/cookie/de_de/checkout.pdf.

Details can be found in Klarna’s privacy policy at the following link: https://www.klarna.com/de/datenschutz/.

2.3. Sofortüberweisung 

The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich (in the following: “Sofort GmbH”). Sofort GmbH uses its “Sofortüberweisung” procedure, with which we receive confirmation of payment in real time and can begin fulfilment of our obligations without delay. Where you have selected “Sofortüberweisung” as your payment method, you transmit the PIN and a valid TAN to Sofort GmbH, which it uses to sign into your online banking account. Sofort GmbH automatically checks your account balance after logging in and uses the TAN you have sent to transfer us the amount. It then sends a transaction confirmation to us without delay. After logging in, your transactions, the credit line of your overdraft facility and the presence of other accounts and their balances are also checked automatically. In addition to the PIN and the TAN, the payment data you have entered as well as data about yourself are also transmitted to Sofort GmbH. The personal data is your first name and surname, your address, phone number(s), email address, IP address and possibly other details that are required for the fulfilment of payment. The transfer of this data is necessary to unequivocally establish your identity and to prevent attempted fraud. Click on the following links for details about payments with Sofortüberweisung: 

2.4. Amazon Pay


This payment service is provided by Amazon Payments Europe S. C. A. , 38 avenue J. F. Kennedy, L-1855 Luxembourg.

Details on the handling of your data can be found in the privacy policy of Amazon Pay under the following link: https://pay.amazon.de/help/201212490?ld=APDELPADirect.

2.5. Mastercard 

The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (in the following: “Mastercard”). 

Mastercard may transfer data to its parent company in the USA. Data transfer to the USA is based on Mastercard’s Binding Corporate Rules. Click on the following links for more details: 

2.6. VISA 

The provider of this payment service is Visa Europe Services Inc., London Office, 1 Sheldon Square, London W2 6TT, United Kingdom (in the following: “VISA”). 

The UK is considered a safe third country under data protection law, as an adequacy decision has been issued. This means that the standards of data protection in the UK are equivalent to those in the European Union. 

VISA may transfer data to its parent company in the USA. Data transfer to the USA is based on the standard contractual clauses of the European Commission. Click on the following links for more details: 

Refer to the VISA Privacy Policy for further information: 

2.7.  JCB Group 

The provider of this payment service is JCB International Company from Japan. JCB International (Europe) Ltd. EMEA Head Office, (Part Ground Floor, 30 Eastbourne Terrace, London, W2 6LA, United Kingdom) is responsible for Europe. JCB may transfer data concerning its customers to its parent company in Japan. Click on the following link for information about processing and for the privacy policy:https://www.global.jcb/en/about-us/policy/privacy/eu-privacy-notice/index.html 

http://www.jcbeurope.eu/privacy/

2.8. American Express 

The provider of this payment service is the American Express Company in the USA. American Express Europe S.A. (Avenida Partenón 12-14, 28042, Madrid, Spain) is responsible for Europe. 

American Express may transfer data to its parent company in the USA. Data transfer to the USA is based on Binding Corporate Rules. Click on the following link for more details: https://www.americanexpress.com/en-pl/company/legal/privacy-centre/european-implementing-principles/

Refer to the American Express Privacy Policy for further information: https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html

2.9. Diners Club 

The provider of this payment service is the Austrian company DC Bank AG, Lasallestrasse 3, 1020 Vienna. For more details on how your data is handled, refer to the Diners Club Privacy Policy at: https://www.dinersclub.de/datenschutz 

2.10. Maestro 

The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (in the following: “Mastercard”). 

Mastercard may transfer data to its parent company in the USA. Data transfer to the USA is based on Mastercard’s Binding Corporate Rules. Click on the following links for more details: 

2.11. UnionPay 

The provider of this payment service is the Chinese company UnionPay International, Building B, Poly Plaza, No.6 Dongfang Road, Pudong New District, Shanghai, China. 

2.12. Discover 

The provider of this payment service is the American company Discover Financial Services, P.O Box 30943, Salt Lake City, UT 84130-0943. 

____________________________________ 

1. Customer account: 

Our website gives you the option of entering personal data to create a customer account. You consent to the processing of data for the purpose of creating and managing the customer account by entering the data (Art. 6 para. 1 point a) GDPR). You can cancel the customer account at any time by deregistering; your data will then be erased without undue delay, unless we are obliged to continue processing the data due to statutory retention periods. 

The personal data processed in connection with the customer account is as indicated in the input mask used for registration. The personal data you enter will be collected and stored exclusively for internal use by the data controller and for its own purposes.  

The IP address assigned by the data subject’s internet service provider (ISP) and the date and the time of registration are also stored when you register a customer account on the website. This data is stored due to the fact that this is the only way to prevent misuse of our services and, if necessary, to enable us to investigate criminal offences that have been committed. Data storage is therefore necessary to protect the controller (Art. 6 para. 1 point f) GDPR in conjunction with Section 25 para. 2 TTDSG). 

2. Bookings 

In the event that you place a booking on our website, the data collected from you during the booking – as indicated on the individual input mask – will only be processed for the purpose of performing the booking (Art. 6 para. 1 point b) GDPR). Our booking platform is operated by our service provider Sabre Marketing Nederland B.V., with whom we have entered into a data processing agreement. Your data will be processed for the duration of the booking and performance of the contract, unless statutory retention periods stipulate a longer storage period.  

FURTHER INFORMATION AND CONTACT DETAILS

Should you have any further questions on the subject of “Controller’s Privacy Policy”, please contact our company’s data protection officer. You can enquire here as to which data concerning you we have saved. Furthermore, you can send requests for information, erasure or rectification of your data and any suggestions to the following address at any time by letter or email:  

Prof. Rolf Lauser[Textflussumbruch]Dr. Gerhard-Hanke-Weg 31[Textflussumbruch]85221 Dachau[Textflussumbruch]datenschutz@25hours-hotels.com 

Ericus 1[Textflussumbruch]20457 Hamburg[Textflussumbruch][Textflussumbruch]Head Office: +49 40 22 616 24 100[Textflussumbruch]Bookings: +49 40 25 77 77 255[Textflussumbruch]contact@25hours-hotels.com 


back to
top