Ennismore Germany GmbH
Ericus 1
20457 Hamburg
Germany

phone +49 (0) 40/ 22 616 24100

referred to in the following as 25hours, is the provider and controller of the websites at https://www.25hours-hotels.com/ and https://www.25hours-companion.com/ and and takes its data protection obligations very seriously. To this end, it designs its website so that only the minimum of personal data is collected, processed and used. Under no circumstances will personal data be leased or sold to third parties for advertising purposes. Personal data will be not used for advertising or marketing purposes without the explicit consent of the visitor. 

Our Videos are available on the websites https://www.25hours-hotels.com/ and https://www.25hours-companion.com/. No third party providers are involved, so that no data is transmitted to third parties. There is also no evaluation of your user behaviour.

At 25hours, access to personal data is only granted to persons who require this data to perform their tasks on behalf of the controller, who have been informed about the legal provisions on data protection and who have entered into an undertaking for compliance in accordance with the applicable legal provisions (Art. 5 General Data Protection Regulation (GDPR)). Pursuant to Art. 6 para. 1 GDPR, collection, processing, use and transfer of the personal data collected only takes place to the extent that is necessary for performance of a contractual relationship between 25hours as the controller and the visitor as the data subject. 

Technical progress and organisational changes in the processing methods applied may lead to changes/developments, so we reserve the right to update this Privacy Policy to reflect the new technical circumstances. We therefore request that you review the 25hours Privacy Policy from time to time. Where you do not consent to the developments that occur over time, you may request in writing, pursuant to Art. 17 GDPR, the erasure of data that is not stored for compliance with other legal requirements such as retention obligations under commercial or tax law. 

Personal data is only collected if you provide it to us voluntarily, for example when subscribing to a newsletter, and grant your consent to the use of the data (Art. 6 para. 1 point a) GDPR). The controller adheres to the requirements of Art. 5 and 6 GDPR in this context. Within the scope of the controller’s personalised services, your registration data will be processed for the purpose of sending you our newsletter or for the needs-based design of the electronic services, assuming you grant consent. You have the right at any time to object to the storage of your personal data. To do so, kindly send an email to datenschutz@25hours-hotels.com with “Erase datasets” in the subject line and stating the website in question.  

Processing and use of your personal data takes place in accordance with the requirements of the GDPR. 

You have the right to require the erasure of your personal data insofar one of the following reasons applies: 

The personal data collected in connection with the controller’s websites will only be used without your consent for performance of a contract and to respond to your enquiries. Your data will otherwise only be used by the controller for the purposes of advertising and market research if you have given your prior consent (Art. 6 para. 1 point a) GDPR in conjunction with Section 25 para. 1 Act on Data Protection and Privacy in Telecommunications and Telemedia (TTDSG)). You may of course withdraw your consent at any time with effect for the future.  

Your data will not be transferred to other third parties apart from that. Insofar as the controller commissions service providers with the provision of its services, the necessary contracts have been concluded in accordance with Art. 28 GDPR. Kindly contact the data protection officer if you require more detailed information concerning the commissioned processors.  

The controller uses “cookies” to customise and optimise the customer’s online experience and online time. A cookie is a text file which is temporarily placed in the computer’s working memory (“session cookie”) or stored on the hard drive (“permanent cookie”). Cookies contain information about the user’s previous accesses to the corresponding server or information about which services have been accessed so far. Cookies are not used to execute programs or to load viruses on to your computer. Instead, cookies are used primarily to provide an internet presence that is tailored to the needs of the customer and to make use of the service as convenient as possible.   

The controller uses both session and permanent cookies. 

The controller performs or commissions the performance of analyses to investigate the behaviour of its customers when using its service, provided they have given their consent. This involves the creation of anonymised or pseudonymised usage profiles. The sole purpose of creating these usage profiles is to continuously improve the controller’s service. The legal basis for the processing of your data is Art. 6 para. 1 point a) GDPR in conjunction with Section 25 para. 1 TTDSG.  During its web analysis, the controller also uses Google Analytics, a web analytics service of Google Inc. (“Google”), whereby the controller has added the Google Analytics extension “_anonymizeIp()”. This analysis will only be performed if you have given your consent. The extension ensures that the IP addresses are processed exclusively in a truncated form to prevent any association with a real person. The legal basis for this processing is Art. 6 para. 1 point a) GDPR in conjunction with Section 25 para. 1 TTDSG. Consent to the collection and storage of data in this context can be withdrawn at any time with effect for the future.

Google requires its users – also the controller – to use the following notice in their privacy policies. 25hours complies with this request by reproducing the following text:  

“Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse use of the website by you. The information generated by the cookie about your use of this website (including your IP address) will be transmitted to Google and stored on servers in the United States. Google will use this information on behalf of the operator of this website, to analyse your usage of the website to compile reports about the website activities and to provide further services to the website operator associated with website and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. On no accounts will Google associate your IP address with any other data held by Google. You can prevent the installation of cookies by making an appropriate setting in your browser software; we point out that you may not be able to use all the functions of this website in this case. By using this website, you consent to the processing of data collected about you by Google in the manner and for the purposes set out above.”  

We provide social media buttons to share content from our online offering on social networks. We do not use ‘share buttons’ for this purpose, which establish a direct connection with the social network. Instead, we only use icons, which represent a link to the network. By clicking on the icon, users access the social network and can sign in there.   

We use this solution because the buttons offered directly by the operators of social networks unlawfully transfer personal data such as the IP address or entire cookies when loading a website on which they are integrated, and in doing so disclose precise information about your internet usage to the social networks without having first obtained your consent. As described above, the social media buttons we use only establish a direct connection between the social network and the visitor when the latter actively clicks on the icon. This prevents you from leaving a digital footprint on each page you visit. We are therefore able to protect your personal data, while still integrating buttons for social sharing.  

For more information, refer to the following explanations of the specific social media buttons we use: 

This website uses the Facebook pixel for conversion tracking, which is provided by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA. This applies only insofar as you have given us your consent (Art. 6 para. 1 point a) GDPR in conjunction with Section 25 para. 1 TTDSG). 

The Facebook pixel can be used to track your behaviour as a page visitor after clicking on a Facebook advertisement and being redirected to our website. This technology permits evaluations of the effectiveness of Facebook ads for statistical and market research purposes and for optimising future advertising campaigns. 

The data collected is anonymous for us as the operator of this website, and we are unable to draw any conclusions about the identity of users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible. Facebook may use the data for its own advertising purposes in accordance with the Facebook Data Policy. This allows Facebook to place ads on its own pages or elsewhere. We are unable to influence this use of data as the website operator. 

Use of the Facebook pixel is based on Art. 6 para. 1 point  a) GDPR in conjunction with Section 25 para. 1 TTDSG; consent can be withdrawn at any time with effect for the future. 

We otherwise refer to the privacy policies of the individual providers and the options to object in each case (so-called “opt-out”). Where an opt-out option has not been stated explicitly, you may disable cookies in your browser settings. However, this may restrict the functions of our online offerings. We therefore recommend that you use the following opt-out options that are offered specifically for particular regions: 

a) Europe: https://www.youronlinechoices.eu 

a) Canada: https://www.youradchoices.ca/choices 

c) USA: https://www.aboutads.info/choices 

d) All regions: http://optout.aboutads.info 

You will find more information about how to protect your privacy in the Facebook Privacy Policy: https://de-de.facebook.com/about/privacy/. 

You can also disable the “Custom Audiences” remarketing function in the Ad Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must sign in to Facebook to do so. 

If you do not have a Facebook account, you can visit the European Interactive Digital Advertising Alliance website at http://www.youronlinechoices.com/de/praferenzmanagement/ to disable usage-based advertising from Facebook. 

Services and service providers we use: 

Facebook pixel  

https://www.facebook.com 

Meta Plattforms Ireland Ltd.., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, parent company: Meta Plattforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, website:  

https://www.facebook.com 

Privacy policy:  

https://www.facebook.com/about/privacy 

Privacy Shield (to guarantee adequate data protection when processing data in the USA):  

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active 

Objection option (opt-out):  

https://www.facebook.com/settings?tab=ads 

Information on data processing (for applicants and permanent staff) 

We are only able to complete the selection procedure after receipt of your application and initiate a possible employment relationship if we process some of your personal data. The following sections explain which of your personal data we process, in which way and for what purpose. This information is provided in order to fulfil our notification obligations under data protection law. 

1. Controller 

Ennismore Germany GmbH is the controller in the meaning of the General Data Protection Regulation (GDPR).  

2. The controller’s data protection officer 

If you have any questions about data protection, you may contact Prof. Lauser, the company data protection officer appointed for Ennismore Germany GmbH. You will find the necessary information in the contact details. 

3. Personal data 

We process the following categories of personal data concerning you as part of the application process or employment relationship: 

– Master data (e.g. name, gender, date of birth) 

– Contact details (e.g. address, email address, telephone number) 

– Application documents (e.g. certificates, curriculum vitae, photo) 

– Data concerning your professional track record and acquired skills (e.g.: education and training, professional experience, additional qualifications) 

– Usage and inventory data when applications are placed online (e.g.: IP address, name of the retrieved file, date and time of the retrieval, volume of data transferred, notification of successful retrieval, web browser). 

We also process the following categories of personal data in the event that we enter into an employment relationship with you:

– Personal data (insurance, marital status, tax ID, etc.) 

4. Purpose of processing 

All personal data is processed exclusively for the following purposes, unless you give us your separate consent for additional data processing: 

– Initiation, establishment, implementation and termination of the employment relationship 

– Issue of notifications and declarations based on legal obligation or otherwise permitted by law 

– Fulfilment of our obligations under tax and social security law 

– Safeguarding and enforcing our legitimate interests 

– Investigation of criminal offences where necessary 

– Control and organisation within the company. 

The legal bases for the processing of your data in these cases are: 

– Art. 6 para. 1 point b) GDPR in conjunction with Section 26 para. 1 Federal Data Protection Act (BDSG) 

– Art. 6 para. 1 point c) GDPR in conjunction with Section 26 Federal Data Protection Act (BDSG) 

– Art. 6 para. 1 point f) GDPR in conjunction with Section 26 para. 1 no. 2 Federal Data Protection Act (BDSG) 

– Art. 9 para. 2 point b) GDPR in conjunction with Section 26 para. 3 Federal Data Protection Act (BDSG) where special categories of personal data are processed. 

5. Recipients of data 

Your data will be transferred exclusively to companies within our group, except where we are legally obliged to disclose your data to other bodies. Insofar as we use service providers as part of our data processing, we have concluded the necessary contracts in accordance with Art. 28 GDPR. You can send an email to the following contact address to obtain further information about the processors we use: Prof. Lauser, datenschutz@25hours-hotels.com. 

6. Duration of storage 

Your data will be stored for up to 6 months after completion of the application process or for the duration of the employment relationship, and beyond that for a period of three years from the end of the employment relationship (if an employment relationship is established) and then erased. Storage for a longer period will only take insofar and inasmuch as we are legally obliged to do so in individual cases. 

7. Rights of the data subject 

You have, at any time, the right, 

– pursuant to Article 7 para. 3 GDPR, to withdraw any consent you have given. The processing of data that was based on consent will no longer continue in these cases; 

– pursuant to Article 15 GDPR, to obtain information about the processing of personal data concerning you. In particular, you may obtain information about the purposes of processing, the category of personal data, the categories of recipients to whom data has been or will be disclosed, the envisaged storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of the data if it was not collected by the controller, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details; 

– pursuant to Art. 16 GDPR, to obtain without undue delay the rectification of inaccurate or incomplete personal data stored by the data controller; 

– pursuant to Art. 17 GDPR, to obtain the erasure of the stored personal data, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims; 

– pursuant to Art. 18 GDPR, to obtain restriction of processing of personal data, insofar as the accuracy of the data is contested by you, the processing is unlawful, but you object to its erasure and the controller no longer requires the data, but it is needed by you for the establishment, exercise or defence of legal claims, or you have objected to processing pursuant to Art. 21 GDPR. 

– pursuant to Art. 20 GDPR, to receive the personal data you have provided in a structured, commonly used and machine-readable format or to obtain its transfer to another controller; and 

– pursuant to Art. 77 GDPR, to lodge a complaint with the competent supervisory authority.  

8. Right to object 

Where personal data is processed on the basis of legitimate interests according to Art. 6 para. 1 point f) GDPR, you have the right, pursuant to Art. 21 GDPR, to object, on grounds relating to your particular situation, to the processing of personal data concerning you. 

It is sufficient to send an email to Prof. Lauser to exercise your right to object. 

When you order goods from us/make bookings with us, we will transfer your personal data to the transport company entrusted with delivery and to the payment service provider entrusted with payment processing. We will only disclose the data that the individual service providers require in order to complete their tasks. The legal basis for this is Art. 6 para. 1 point b) GDPR, which permits the processing of data 

for the performance of a contract or to take steps prior to entering into a contract. Where you have provided suitable 

consent according to Art. 6 para. 1 point a) GDPR in conjunction with Section 25 para. 1 TTDSG, we will transfer your email address to the transport company entrusted with delivery so that they can notify you by email about the shipping status of your order; you may withdraw this consent at any time. 

1. Order fulfilment by drop shipping 

It is possible that our retailers will ship the products directly to you if you place an order with us (drop shipping) We will pass on your name, the shipping address and – insofar as this is necessary for delivery – your telephone number to the shipping company for this purpose. This data is disclosed exclusively for the purpose of delivering the goods. 

The legal basis for data processing is Art. 6 para. 1 point b) GDPR (performance of a contract) and our legitimate interest in the fastest and most effective processing of your purchase within the meaning of Art. 6 para. 1 point f) GDPR. 

We use the following dealer for drop shipping: 

Brainbehind GmbH 

We have entered into a data processing agreement (DPA) with the aforementioned provider. A DPA is a mandatory contract under data protection law, which ensures that this company only processes personal data of our website visitors in accordance with our instructions and in compliance with the GDPR. 

We initially collect the following information when you purchase a voucher on our website: 

- Salutation* 

- Surname* 

- First name* 

- Email* 

- Phone* 

- Town/city* 

- Post code* 

- Street* 

- Country* 

- Company (optional) 

This data is stored together with the products you have ordered so that your order can be processed and fulfilled (Art. 6 para. 1 point b) GDPR).  

The following processing steps are implemented in connection with the fulfilment of your order: 

- An internal (sequential) order ID is created for the order data and the 

date of creation is saved as well. 

- Order subtotal/total 

- Order status 

- Language (based on the language version selected for the website) 

- Payment method (Saferpay) 

Saferpay acts as a payment services provider under its own responsibility. 

Once payment has been received, our service provider Brainbehind GmbH, Haunsbergstrasse 28, 5165 Berndorf bei Salzburg – with whom we have entered into a data processing agreement – sends an order confirmation by email and then issues the voucher. 

Your data will be erased no later than three years after completion of the order. 

 2. Payment services 

We integrate third-party payment services on our website. When you make a purchase/booking with us, your payment details (e.g. name, payment amount, account details, credit card number) are processed by the payment service for the purpose of processing the payment. The terms of contract and the privacy policies of these individual providers apply to these transactions. Payment services are used on the basis of Art. 6 para. 1 point b) GDPR (performance of a contract) and 

in the interest of ensuring a smooth, convenient and secure payment process (Art. 6 para. 1 point f) GDPR). Where your consent is requested for certain operations, Art. 6 para. 1 point a) GDPR is the legal basis for data processing; consent can be withdrawn at any time with effect for the future. 

We use the following payment services/payment service providers on this website:   

2.1 PayPal 

The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (in the following: “PayPal”). 

Data transfer to the USA is based on the standard contractual clauses of the European Commission. Click on the following link for more details: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.  

Refer to the PayPal Privacy Policy for further information: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.  

2.2. Klarna

The provider is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden (hereinafter “Klarna”). Klarna offers various payment options (e. g. installment purchase). If you choose to pay with Klarna (Klarna checkout solution), Klarna will collect various personal data from you. Klarna uses cookies to optimize the use of the Klarna checkout solution. Details on the use of Klarna cookies can be found at the following link: https://cdn.klarna.com/1. 0/shared/content/policy/cookie/de_de/checkout.pdf.

Details can be found in Klarna’s privacy policy at the following link: https://www.klarna.com/de/datenschutz/.

2.3. Sofortüberweisung 

The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich (in the following: “Sofort GmbH”). Sofort GmbH uses its “Sofortüberweisung” procedure, with which we receive confirmation of payment in real time and can begin fulfilment of our obligations without delay. Where you have selected “Sofortüberweisung” as your payment method, you transmit the PIN and a valid TAN to Sofort GmbH, which it uses to sign into your online banking account. Sofort GmbH automatically checks your account balance after logging in and uses the TAN you have sent to transfer us the amount. It then sends a transaction confirmation to us without delay. After logging in, your transactions, the credit line of your overdraft facility and the presence of other accounts and their balances are also checked automatically. In addition to the PIN and the TAN, the payment data you have entered as well as data about yourself are also transmitted to Sofort GmbH. The personal data is your first name and surname, your address, phone number(s), email address, IP address and possibly other details that are required for the fulfilment of payment. The transfer of this data is necessary to unequivocally establish your identity and to prevent attempted fraud. Click on the following links for details about payments with Sofortüberweisung: 

https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/.  

2.4. Amazon Pay

This payment service is provided by Amazon Payments Europe S. C. A. , 38 avenue J. F. Kennedy, L-1855 Luxembourg.

Details on the handling of your data can be found in the privacy policy of Amazon Pay under the following link: https://pay.amazon.de/help/201212490?ld=APDELPADirect.

2.5. Mastercard 

The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (in the following: “Mastercard”). 

Mastercard may transfer data to its parent company in the USA. Data transfer to the USA is based on Mastercard’s Binding Corporate Rules. Click on the following links for more details: 

https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.  

2.6. VISA 

The provider of this payment service is Visa Europe Services Inc., London Office, 1 Sheldon Square, London W2 6TT, United Kingdom (in the following: “VISA”). 

The UK is considered a safe third country under data protection law, as an adequacy decision has been issued. This means that the standards of data protection in the UK are equivalent to those in the European Union. 

VISA may transfer data to its parent company in the USA. Data transfer to the USA is based on the standard contractual clauses of the European Commission. Click on the following links for more details: 

https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zuzustandigkeitsfragen-fur-den-ewr.html.  

Refer to the VISA Privacy Policy for further information: 

https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html 

2.7.  JCB Group 

The provider of this payment service is JCB International Company from Japan. JCB International (Europe) Ltd. EMEA Head Office, (Part Ground Floor, 30 Eastbourne Terrace, London, W2 6LA, United Kingdom) is responsible for Europe. JCB may transfer data concerning its customers to its parent company in Japan. Click on the following link for information about processing and for the privacy policy:https://www.global.jcb/en/about-us/policy/privacy/eu-privacy-notice/index.html 

http://www.jcbeurope.eu/privacy/

2.8. American Express 

The provider of this payment service is the American Express Company in the USA. American Express Europe S.A. (Avenida Partenón 12-14, 28042, Madrid, Spain) is responsible for Europe. 

American Express may transfer data to its parent company in the USA. Data transfer to the USA is based on Binding Corporate Rules. Click on the following link for more details: https://www.americanexpress.com/en-pl/company/legal/privacy-centre/european-implementing-principles/. 

Refer to the American Express Privacy Policy for further information: https://www.americanexpress.com/de/legal/online-datenschutzerklarung.html. 

2.9. Diners Club 

The provider of this payment service is the Austrian company DC Bank AG, Lasallestrasse 3, 1020 Vienna. For more details on how your data is handled, refer to the Diners Club Privacy Policy at: https://www.dinersclub.de/datenschutz 

2.10. Maestro 

The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (in the following: “Mastercard”). 

Mastercard may transfer data to its parent company in the USA. Data transfer to the USA is based on Mastercard’s Binding Corporate Rules. Click on the following links for more details: 

https://www.mastercard.de/de-de/datenschutz.html and https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.  

2.11. UnionPay 

The provider of this payment service is the Chinese company UnionPay International, Building B, Poly Plaza, No.6 Dongfang Road, Pudong New District, Shanghai, China. 

2.12. Discover 

The provider of this payment service is the American company Discover Financial Services, P.O Box 30943, Salt Lake City, UT 84130-0943. 

Customer account & bookings on our website

1. Customer account: 

Our website gives you the option of entering personal data to create a customer account. You consent to the processing of data for the purpose of creating and managing the customer account by entering the data (Art. 6 para. 1 point a) GDPR). You can cancel the customer account at any time by deregistering; your data will then be erased without undue delay, unless we are obliged to continue processing the data due to statutory retention periods. 

The personal data processed in connection with the customer account is as indicated in the input mask used for registration. The personal data you enter will be collected and stored exclusively for internal use by the data controller and for its own purposes.  

The IP address assigned by the data subject’s internet service provider (ISP) and the date and the time of registration are also stored when you register a customer account on the website. This data is stored due to the fact that this is the only way to prevent misuse of our services and, if necessary, to enable us to investigate criminal offences that have been committed. Data storage is therefore necessary to protect the controller (Art. 6 para. 1 point f) GDPR in conjunction with Section 25 para. 2 TTDSG). 

2. Bookings 

In the event that you place a booking on our website, the data collected from you during the booking – as indicated on the individual input mask – will only be processed for the purpose of performing the booking (Art. 6 para. 1 point b) GDPR).

In addition, we process your data on the basis of our legitimate interest in contacting you regarding your booking via email or telephone (Art. 6 para. 1 lit. f GDPR).

Our booking platform is operated by our service provider Sabre Marketing Nederland B.V., with whom we have entered into a data processing agreement. Your data will be processed for the duration of the booking and performance of the contract, unless statutory retention periods stipulate a longer storage period.  

Should you have any further questions on the subject of “Controller’s Privacy Policy”, please contact our company’s data protection officer. You can enquire here as to which data concerning you we have saved. Furthermore, you can send requests for information, erasure or rectification of your data and any suggestions to the following address at any time by letter or email:  

Prof. Rolf Lauser[Textflussumbruch]Dr. Gerhard-Hanke-Weg 31[Textflussumbruch]85221 Dachau[Textflussumbruch]datenschutz@25hours-hotels.com 

Ericus 1[Textflussumbruch]20457 Hamburg[Textflussumbruch][Textflussumbruch]Head Office: +49 40 22 616 24 100[Textflussumbruch]Bookings: +49 40 25 77 77 255[Textflussumbruch]contact@25hours-hotels.com