Data protection information

The following information is intended to give you an overview of the processing of your personal data in connection with the following services and to inform you of your rights under the EU GDPR:

  • in the context of general contact
  • in the context of a hotel stay
  • in the context of membership in our loyalty program
  • in the context of membership in a loyalty program of cooperation partners
  • in the context of the use of the website
  • in the context of newsletters, existing customer advertising
  • within the scope of documentation of changes, corrections of personal data

I. Information in case of processing of personal data
By way of introduction, we would like to refer to our far-reaching information on transparency formation according to Art. 13 and 14 DS-GVO.

1. person responsible for data processing
The person responsible for data processing on this website pursuant to Art. 4 No. 7 DS-GVO and provider of the website (service provider) within the meaning of the German Telemedia Act (TMG) is.

Steigenberger Hotels AG
Lyon Street 25
60528 Frankfurt am Main
Phone: +49 69 66564-460
Fax: +49 69 66564-888
E-mail: service@hrewards.com

Complete information according to § 5 TMG (imprint)

2.** Contact details of the data protection officer**.
You can reach our data protection officer at

TÜV Information Technology GmbH
At TÜV 1
45307 Essen
E-mail address: datenschutz@deutschehospitality.com

3. your personal data

3.1 General contact
In the course of general contacting, we receive, process and store the personal data listed under point 3.9 according to the requirement of the request.

3.2 Hotel stay (inquiry, booking/reservation, arrival preparation, arrival, stay, departure and further necessary and/or required processing).
To process and manage reservation requests and reservations and to provide our services under the accommodation contract, including the processing of your hotel stay and payment processing. In addition, hotels are generally required to collect the personal data mentioned in section 3.9 within the scope of the applicable registration laws and regulations in the context of hotel stays. In addition, we also process and store voluntarily made preferences and wishes that either apply to the specific stay or in general (recurring requirements, preferences and wishes). In addition, we are obligated to inform you of significant changes as part of the performance of the contract. For this purpose, we use the personal data available to us.

3.3 Membership in the loyalty program H Rewards
Within the scope of membership in our own loyalty program, we collect, process and store the personal data listed under points 3.9.

3.4 Membership in the loyalty program of a cooperation partner
In the context of membership in a loyalty program of one of our cooperation partners, such as Miles & More or bahn.bonus, we collect, process and store the personal data listed under point 3.9.

3.5 Use of the website
Some functions on the website, such as the contact form or booking a hotel stay, require the collection, processing and storage of the personal data listed under point 3.9.

3.6 Use of the customer account and user authentication
For the use of the customer account, we collect, process and store the personal data listed under point 3.9.

3.7 Newsletter, existing customer advertising
In the context of existing customer advertising and newsletter dispatch, we collect the personal data listed under point 3.8.

3.8 Documentation of changes and corrections to personal data
As part of our documentation obligation, we process and store all changes and corrections to the personal data listed under point 3.9.

3.9 Your personal data
The following personal data is collected by us and processed in accordance with the DSGVO.

  • First and last name, except 3.2), 3.3), 3.4), 3.2) , 3.2)
  • Residential address and, if applicable, different billing and communication addresses, except 3.4) and 3.5)
  • Date of birth, except 3.4) and 3.5)
  • Gender and form of address, except 3.4) and 3.5)
  • E-mail address(es), if more than one is used or provided, except 3.4) and 3.5)
  • Telephone number(s), if more than one is used or provided, except 3.4) and 3.5)
  • Passport data only for 3.2)
  • Loyalty program membership numbers, except 3.5)
  • Residence-related preferences and desires, except 3.5)
  • General interests, preferences and desires, except 3.5)
  • Password only 3.6)

In Part I Item 9 Your Rights as a Data Subject, you will find information on the correction or deletion of personal data.

4. purposes and legal bases for the processing of personal data
We process your personal data in accordance with the provisions of the EU General Data Protection Regulation (DS-GVO), the new Federal Data Protection Act (BDSG-neu) and all other applicable laws for the following purposes and based on the following legal grounds:

(a) To process and manage reservation requests and reservations and to provide our services under the accommodation contract, including the processing of your hotel stay and payment processing (in particular also to track your use of our services (telephone, bar, spa, paid TV programs, etc.), to carry out check-in and manage access to rooms). The legal basis for this is Art. 6 para. 1 p. 1 lit. b) DS-GVO.

(b) For the fulfillment of a legal obligation to which our company is subject as the responsible party (e.g. due to registration laws, tax laws, accounting obligations, etc.). The legal basis for this is Art. 6 para. 1 p. 1 lit. c) DS-GVO.

(c) For the creation, processing, management and updating of your membership account and the correct processing of credits and debits to your membership account, as well as for the provision of our services as part of membership in the loyalty program H Rewards. The legal basis for this is Art. 6 para. 1 p. 1 lit. b) DS-GVO.

(d) For the processing of bonus credits (points, miles, etc.) and other services within the scope of your membership in the loyalty programs of our cooperation partners. The legal basis is the fulfillment of the contract according to Art. 6 para. 1 p. 1 lit. b) DS-GVO.

(e) To fulfill and design your stay according to your expectations based on already stored personal data, e.g. data transmitted with the reservation, voluntarily given data from previous stays (regular guests, returning guests) as well as possible additional services or requirements for the hotel stay, e.g. bouquet of flowers in the room, two pillows. The legal basis for this is our legitimate interest in offering our customers the best possible service in accordance with Art. 6 para. 1 p. 1 lit. f) DSGVO.

(f) For comprehensive recognition, in particular in the case of a membership in our loyalty program, at all service contact points (in person and/or digitally) of the hotels operated under the umbrella brand Deutsche Hospitality (group of companies) (see item 4 - category of recipients ) and automatic updating of your recurring wishes, preferences and requirements, e.g. always two pillows, in order to always provide a high-quality service corresponding to the hotel brand. The legal basis for this is our legitimate interest in offering our customers the best possible service according to Art. 6 para. 1 p. 1 lit. f) DSGVO.

(g) For the processing of your inquiries, information and complaints, insofar as the processing is related to the performance of a contract or is necessary for the implementation of pre-contractual measures, the legal basis for the processing of your personal data is Art. 6 para. 1 p. 1 lit. b) DSGVO. In other cases, the legal basis is our legitimate interest in effectively processing requests addressed to us pursuant to Art. 6 para. 1 p. 1 lit. f) DSGVO.

(h) To maintain, ensure and improve the quality of our products and services, in particular through the anonymized analysis of complaints, satisfaction surveys and guest comments. The legal basis for this is our legitimate interest in offering our customers the best possible service in accordance with Art. 6 para. 1 p. 1 lit. f) DSGVO.

(i) To send our email newsletter including the management of your subscription to the newsletter. The legal basis for this is your consent in accordance with Art. 6 para. 1 p. 1 lit. a) DS-GVO.

(j) To advertise our offers and services to existing customers - the legal basis for this is Art. 6 para. 1 p. 1 lit. f) DS-GVO. You can find more details on existing customer advertising under Part II No. 4.2 of this Privacy Policy.

(k) To create statistics based on anonymized data analyses for the improvement and further development of products, services and program content of the loyalty program H Rewards. The legal basis for this is our legitimate interest in the further development of our loyalty program pursuant to Art. 6 Para. 1 Sentence 1 lit. f) DSGVO.

(l) For authentication and fraud prevention, especially in the context of membership in the loyalty program H Rewards or a loyalty program of our cooperation partners such as Miles & More or bahn.bonus. The legal basis for this is recital 57 "Additional data for identification"

(m) To safeguard house rights, to prevent and solve criminal offences (in particular also by means of video surveillance), to assert and defend legal claims and to safeguard interests in legal disputes, to ensure IT security and IT operations, to identify creditworthiness risks - the legal basis for this is Art. 6 (1) p. 1 lit. f) DS-GVO. Our overriding legitimate interests follow from our obligation to ensure a safe stay of our guests in the hotel as well as from our interest in the enforcement of our material and immaterial claims and the exercise of our rights as well as in the defense against unjustified claims. Furthermore, the processing of personal data to the extent strictly necessary for the prevention of fraud also constitutes a legitimate interest of our company pursuant to recital 47 of the GDPR.

(n) To process the purchase of a voucher - the legal basis for this is Art. 6 (1) p. 1 lit. b) DS-GVO.

5. minors
Minors may not transmit any personal data to us without the consent of their legal guardians. Furthermore, we do not store any personal data of minors without the consent of their legal guardians. We do not process any knowingly obtained personal data of minors within the scope of our Internet presence.

6. categories of recipients of personal data
If and insofar as necessary for the purposes stated in point 4 above, we also disclose your personal data to the following recipients or categories of recipients in accordance with Art. 4 No. 9 DS-GVO:

Within our company, only those departments will receive access to your data (to the extent necessary in each case) that need it to fulfill our contractual and legal obligations.

The Deutsche Hospitality processes and stores your personal data in our central guest database, in particular for internal administrative purposes such as the administration and updating of consents and revocations as well as the member account and other connected services. In this context, your personal data will also be disclosed to other companies within the group of companies that operate a hotel of the brands belonging to Deutsche Hospitality (Steigenberger Hotel & Resorts, IntercityHotel, Jaz in the City, Maxx by Deutsche Hospitlity, Zleep). Disclosure is made only to the extent necessary in the context of a specific purpose and only to those companies that are appropriately noted in the list of hotel operators. In addition, the inspection and processing of your personal data is only permitted to authorized employees within the scope of their function.

Service providers employed by us (e.g. as part of commissioned processing pursuant to Art. 28 DS-GVO) and vicarious agents may also receive personal data for these purposes. These are companies in the categories of credit services and payment processing, IT services, cleaning services, logistics, printing services, telecommunications, debt collection, advice and consulting, and sales and marketing. The respective service providers can be seen from the list of service providers/processors, which is updated regularly.

Furthermore, data may be passed on to public bodies and institutions in the event of a legal obligation (e.g. tax authorities, law enforcement agencies).

Other data recipients may be those bodies for which you have given us your consent to transfer data.

7. transfer of personal data to a third country
A transfer of personal data to entities in countries outside the European Union (so-called third countries) takes place, as far as

(a) it is necessary for the execution of your reservations and the handling of your hotel stay

(b) it is necessary for the execution in the context of the membership in the loyalty program H Rewards or with a cooperation partner

(c) it is required by law

(d) you have given us your consent.

As can be seen in detail from the list of service providers/processors, our company uses service providers for certain tasks that have their registered office in a third country or belong to an international group with companies in third countries or that in turn cooperate with service providers based in a third country. A transfer of personal data to such service providers is permitted if the European Commission has decided that an adequate level of protection exists in the third country in question (pursuant to Art. 45 DS-GVO). If the Commission has not made such a decision, our company or the service provider may transfer personal data to a third country or to an international organization only if appropriate safeguards are in place and enforceable rights and effective remedies are available (Art. 46(1) DS-GVO). Beyond the aforementioned cases, our company does not transfer personal data to entities in third countries or to international organizations.

8. duration of the storage of personal data and criteria for determining this duration.
We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations. If the data are no longer required for the fulfillment of contractual obligations, they are regularly deleted, unless their temporary further processing is necessary due to

(a) national or regional reporting laws or regulations at the place where the data is collected or the contract is executed.

(b) national commercial and tax retention periods at the location where the data is collected or the contract is executed

(c) national, regional or local tax regulations at the place where the data is collected or the contract is performed

(d) membership in the company's own loyalty program H Rewards.

The periods specified there for storage or documentation are two to ten years.

9. your rights as a data subject
Every data subject whose personal data is processed has the right to information from the controller about the personal data concerned in accordance with Article 15 of the GDPR, the right to rectification in accordance with Article 16 of the GDPR, the right to erasure in accordance with Article 17 of the GDPR, the right to restriction of processing in accordance with Article 18 of the GDPR, the right to object to processing in accordance with Article 21 of the GDPR and the right to data portability in accordance with Article 20 of the GDPR. In addition, the restrictions pursuant to Sections 34 and 35 BDSG-neu apply to the right to information and the right to deletion.

More information on your right to object to processing pursuant to Art. 21 DS-GVO.

If the processing of your personal data is based on consent given to us, you have the right to revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation.

Furthermore, you have the right to lodge a complaint with the competent data protection supervisory authority pursuant to Art. 77 DS-GVO in conjunction with Section 19 BDSG-neu.

10. Obligation to provide data
The obligation to provide personal data always exists if it is necessary for the implementation or if we are legally obligated to collect it, that applies in particular to

(a) the creation of a contract and the execution of the contract.

(b) the creation and administration of the member account in our own loyalty program H Rewards

(c) the fulfillment of the registration laws and requirements at the hotel location.

If you do not provide us with the necessary information, we may not be able to provide the services you have requested, or not provide them in full.

11. automated decision making and profiling
When establishing and implementing our contractual relationship, you will not be exposed to any decision based exclusively on automated processing - including profiling - pursuant to Art. 22 DS-GVO, which produces legal effects vis-à-vis you or similarly significantly affects you.

12. Supplementary information about your right to object in accordance with Art. 21 DS-GVO
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6(1) sentence 1 lit. e) DS-GVO (data processing in the public interest) or Art. 6(1) sentence 1 lit. f) DS-GVO (data processing on the basis of a balance of interests); this also applies to profiling based on this provision in accordance with Art. 4(4) DS-GVO.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the purpose of asserting, exercising or defending legal claims.

If your personal data is processed by us in order to advertise to existing customers, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is related to such advertising to existing customers.

The objection is possible by using the unsubscribe function in digital media, corresponding settings in the member area or subscriber area, the use of the contact form on the website or informally to the contact details mentioned in section 2.

13. video surveillance:
Insofar as we carry out video surveillance of the hotel you visit, the following applies to the processing of personal data associated with this:

(a) Purposes of the data processing:
Exercise of domiciliary rights, prevention of criminal offences (e.g. damage to property or theft), securing criminal prosecution.

(b) Legal basis for data processing:
Art. 6 para. 1 p. 1 lit. f) DS-GVO. The overriding legitimate interests of our company follow from our obligation to ensure a safe stay of our guests in the hotel as well as from our interest in the enforcement of our material and immaterial claims and the exercise of our rights as well as in the defense against unjustified claims.

(c) Categories of recipients of the personal data: Potential recipients of the data are law enforcement authorities and persons or companies that we commission to exercise our rights (such as lawyers).

We do not intend to transfer the data to any third country or international organization.

(d) Duration of the storage of personal data:
If a recording of surveillance footage takes place, the relevant recordings will be deleted after 72 hours at the latest; after this storage period has expired, only data that is required for the clarification of specific incidents or for the enforcement of claims based on a specific event (e.g. a criminal offense) will be stored. This data is also deleted after the purpose for continued storage has ceased to exist.

II. Supplementary information on data processing on this website.
1. member account (user account/account)
You can register on our website as a member of the loyalty program H Rewards (user account/account) by providing your full first and last name, your current residential address, your date of birth, your preferred e-mail address and assigning a password. This registration can be done via the menu item "Login/Register" in the header or by adding a password during your booking and entering your personal data.

Upon successful login/registration, a member account will automatically be created for you, which is available for the website of the loyalty program (www.hrewards.com) and thus for all hotel brands belonging to Deutsche Hospitality.

In this respect, by signing up/registering for membership, you agree to the transfer of the data you provided during registration to the respective operators of the aforementioned websites.

In the member account you can view and change your personal data. In addition, you will be shown all important information about your membership, such as membership status. In the member area, you can book hotel accommodations, change or cancel reservations that you have made via one of the aforementioned websites using your membership data, as well as make premium bookings according to your account balance. You may cancel your membership at any time. The membership account will be automatically deleted after final termination of the membership (see termination in the terms and conditions).

The legal basis for the processing of your personal data in connection with the set-up and use of your membership account is your membership in accordance with the terms and conditions of participation of the loyalty program as well as Art. 6 para. 1 p. 1 lit. b) DS-GVO.

2. linking and synchronization of different customer profiles
Your personal data is collected at different contact points (e.g. member account, hotel, ...) in different forms (handwritten and digital). This may result in multiple customer profiles and conflicting information, especially in the context of consent management or in the case of multiple membership numbers. In order to provide you with the best possible service and to ensure that your personal data is processed correctly, we take care to merge multiple data into a unique profile using unique characteristics such as first name, last name and address. For the merging of customer profiles, we use the information that we collect as part of the membership and the hotel stay, as well as the personal data that you have voluntarily provided to us in other ways.

Without this automated and partially required manual merging, we cannot ensure the proper processing of your personal data, as the different customer profiles may have different settings.

The processing and merging takes place in the central guest database of Steigenberger Hotels AG.

3. digital offers (newsletter), existing customer advertising and program information
3.1 Advertising
With the e-mail newsletter, we will regularly inform you about the offers and services of the hotels belonging to Deutsche Hospitality (see list of hotel operators) as well as offers within the scope of membership in the loyalty program H Rewards according to the preferences you have indicated.

If you would like to receive the e-mail newsletter, we require a valid e-mail address from you. For the registration to our newsletter we use the so-called double-opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within two weeks, your information will be blocked and automatically deleted after one month. In addition, we store your respective IP addresses used and times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.

3.2 Existing customer advertising
3.2.1 Membership advertising within the framework of membership in the loyalty program
We reserve the right to send our members in the loyalty program offers from our range of services as membership advertising by e-mail. Our legitimate interest in advertising to existing customers is to inform our members about their current membership status and to be able to offer individual and exclusive offers to specific target groups.

We can process your personal data, which you have provided in the membership account or which you provide in the context of a stay, for membership advertising within the framework of the existing membership.

3.2.2 Existing customer advertising as part of a stay
We reserve the right to send our guests offers from our range of services by e-mail as advertising for existing customers. Our legitimate interest in carrying out advertising to existing customers is to be able to offer our guests target group-oriented individual offers, which are created on the basis of a previous booking (transaction) or the existing customer relationship.

We may process your personal data, which you provide when making a booking with us, within 12 months after a past transaction for the purpose of sending existing customer advertising. If you do not make a new booking or do not make another transaction within this period, your personal data will no longer be processed for the purpose of existing customer advertising and will be deleted accordingly, unless you have subscribed to a newsletter or your personal data must continue to be stored due to other regulations.

3.3 Obligatory communication
3.3.1 Communication within the framework of membership
As part of the operation of the loyalty program, we are required by law to inform you about changes to the program (conditions of participation). The communication will take place exclusively by e-mail to the e-mail address stored in the membership account. If this is no longer valid, we reserve the right to contact you by other means, e.g. by post.

3.3.2 Communication within the framework of the contractual relationship
Within the framework of the execution of the contract, we are legally obligated to inform you about significant changes in the course of your stay. The communication is preferably by e-mail to the e-mail address stored in the central customer profile. If this is no longer valid, we reserve the right to contact you by other means, e.g. by post.

3.4 Communication media
For the aforementioned communication purposes, we use the following communication media in accordance with the settings and consents stored in the central customer profile:

  • E-mail
  • Messenger services
  • Telephone
  • Mail

3.5 Revocation of consent and objection to existing customer and member advertising
3.5.1 Revocation of consent
As a subscriber to the e-mail newsletter, you can revoke your consent to the processing of your e-mail address for sending the e-mail newsletter at any time. The revocation can be made via the relevant link in each e-mail newsletter or by e-mail with the subject "Unsubscribe" to news@update.hrewards.com.

3.6 Objection to the use of personal data
You can object to the use of your e-mail address for the purpose of sending advertising to existing customers or members at any time, without incurring any costs other than the transmission costs according to the basic rates. For more information on how to exercise your right to object to the use of your e-mail address for direct marketing purposes, please refer to Part I No. 9 of this Privacy Policy.

4. integration of payment service providers for online payments
For the processing of online payments, we use the external payment service providers Concardis GmbH (Helfmann-Park 7, 65760 Eschborn, Germany, Tel. +49 (0)69 79220) and Adyen N.V. German Branch (Friedrichstraße 63, 10117 Berlin, Germany, Tel. +49 (0)30 30808505), through whose platforms you can initiate payment transactions based on your free decision. If you wish to make an online payment, this can be done both integrated in the booking process and via an e-mail address provided by you by sending a corresponding link. In the event that you use such a link, you will be redirected to the pages of the payment platform of Concardis GmbH. Further details on the handling of your personal data in this context.

5. cookies
5.1 Information about cookies
6.We use cookies on our website. These are small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your end device, do not contain viruses, Trojans or other malware. In the cookie, information is stored that arises in each case in connection with the specific end device used. However, this does not mean that we gain direct knowledge of your identity.

The use of cookies serves on the one hand to make the use of our offer more pleasant for you; on the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you.

We use cookies for the purposes mentioned below:

  • Required functions:
    These cookies contribute significantly to improving your movement and booking experience on our website. Basic functionalities and applications such as shopping carts or electronic billing procedures are thereby optimized and their handling facilitated. These cookies do not collect information about you that can be used for marketing campaigns or statistical analysis. These cookies are necessary for the use of the website, legal basis for these cookies is Art 6 para 1 lit b) DSGVO.

  • Statistical analysis:
    Statistical analysis is the processing and presentation of data on user actions and interactions on websites and apps (e.g. number of page visits, number of unique visitors, number of returning visitors, entry and exit pages, dwell time, bounce rate, actuation of buttons) and, where applicable, the classification of users into groups based on technical data on the software settings used (e.g. browser type, operating system, language setting, screen resolution). The legal basis for these cookies is consent in accordance with Art 6 (1) a) DSGVO.

  • Reach measurement:
    Reach measurement is the visit action evaluation by analyzing user behavior in terms of determining specific user actions and measuring the effectiveness of online advertising. The number of visitors who have reached websites or apps, for example, by clicking on advertisements, is measured. In addition, the rate of users who perform a certain action (e.g. registering for the newsletter, ordering goods) can be measured. The legal basis for these cookies is consent in accordance with Art 6 (1) a) DSGVO.

  • Personalized advertising:
    Certain functions of websites and apps are used to display personalized advertising materials (ads or commercials) to users in other contexts, for example on other websites, platforms or apps. For this purpose, conclusions about the interests of users are drawn from demographic information, search terms used, contextual content, user behavior on websites and in apps, or from the location of users. Based on these interests, advertising materials will be selected in the future and displayed at other online content providers. The legal basis for these cookies is consent in accordance with Art. 6 (1) a) DSGVO.

Setting cookies via our Cookie Consent Tool
To adjust your cookie settings, you can use our Cookie Consent Tool at any time. To do this, you can access the tool via the following link and set the above categories of cookies there by giving or not giving consent to the use of these cookies in your browser.

Under paragraph II 6.2. of this Privacy Policy, you can see which partner companies and third-party providers set cookies on our website and to which of the categories from II 6.2. they are assigned.

[Consent Panel]

Setting cookies via the browser
In your browser, you can set that cookies are only stored if you agree to this. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website. If you only want to accept Steigenberger cookies, but not cookies from partners, please select the "Block third-party cookies" in your browser. In the menu bar of your web browser, the help function will show you how to reject new cookies and turn off cookies you have already received. We recommend that for shared computers that accept cookies and so-called Flash cookies, you always log out completely when they are finished.

6. data storage
6.1 Provider of cookies

Category Necessary functions:
Awin: storage period 90 days / purpose: billing purpose.

Derbysoft: Storage period 30 days / Purpose: Billing purpose.

Google Ads Derbysoft: 24 months / billing purpose

Category Personalized advertising
Criteo: storage period 13 months / purpose: advertising

Dailypoint: storage period max. 90 days / purpose: profiling, advertising

Facebook: Storage period 28 days / Purpose: advertising

Google Ads: storage period max. 24 months / purpose: advertising

Microsoft Advertising / Bing Ads: storage period 13 months / purpose: advertising

Tripadvisor: storage period max. 24 months / purpose: advertising

Triptease: storage period 8 hours / 5 years / purpose: marketing automation

Category Statistical Analysis
Mapp Intelligence: storage period 6 months / purpose: analysis

Zenloop: storage period max. 24 months / purpose: evaluation

Local data storage
www.hrewards.com / Category: Necessary functions / Storage period: 365 days / Purpose: Login, Token, Cat-UID, Member Level, Currency

Further information about cookie providers
Personalized advertising provider:

  • AWIN Recipient: AWIN AG, Eichhornstraße 3 10785 Berlin, Germany

  • Criteo Recipient: Criteo SA, 32 Rue Blanche, 75009 Paris, France

  • Dailypoint Recipient: Toedt, Dr. Selk & Coll. GmbH, Augustenstr. 79, 80333, Munich, Germany.

  • Facebook Recipient: Facebook Inc., 1 Hacker Way, Menlo Park 94025, CA.USA

  • GoogleAds Recipient: Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.

  • Microsoft / Bing Ads
    Recipient: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

  • Tripadvisor
    Recipient: TripAdvisor LLC, 400 1st Avenue, Needham, MA 02494

  • Triptease
    Recipient: Triptease Ltd, 2nd Floor, 6 Ramillies Street, London W1F 7TY, UK

  • Zenloop
    Recipient: zenloop GmbH, Erich-Weinert-Strasse 145, 10409 Berlin, Germany

Zenloop
Recipient: zenloop GmbH, Erich-Weinert-Straße 145, 10409 Berlin, Germany

How it works: Marketing tools for personalized advertising all technically work in a similar way, so the following text refers to this way of working for the providers mentioned above as a whole.

Personalized advertising providers use technologies such as "cookies," "tracking pixels," and "device fingerprinting" to serve ads that are relevant to users and improve campaign performance reports. With the help of these providers, interest-based advertisements can be played on the providers' websites as well as on our website. Information stored on users' end devices is also processed in the process.

The providers provide functions for this purpose, which are generally referred to as "remarketing" With remarketing, users of websites can be recognized on other websites within an advertising network of the provider and presented with advertisements tailored to their interests. The advertisements may also relate to such products and services that users have already viewed on our website. For this purpose, the interaction of users on our website is analyzed, e.g. which offers users are interested in, in order to be able to display targeted advertising to users on other sites even after they have visited our website. If users visit our website, a "cookie" is stored by the respective provider on the end device of users. With the help of "cookies" and "tracking pixels", the provider processes the information generated by the end devices of users about the use of our website and interactions with our website as well as access data, in particular the IP address, browser information, the previously visited website and the date and time of the server request, for the purpose of playing and analyzing personalized advertisements.

Furthermore, the aforementioned providers also use the "conversion" function to draw attention to our attractive offers with the help of advertising media on external websites. We can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. These advertising media are delivered by the providers via so-called "ad servers". For this purpose, we use "ad server cookies" through which certain parameters for measuring reach - e.g. display of the ads, duration of viewing or clicks by users - can be measured. Information stored on users' end devices is also processed in the process. If users access our website via an advertisement of the provider, a "cookie" is stored by the provider on the end device of the users. With the help of "cookies" and "tracking pixels", the provider processes the information generated by the user's end device about interactions with our advertisements (calling up a specific website or clicking on an advertisement) and user access data, in particular IP address, browser information, the website previously visited, and the date and time of the server request, for the purpose of analyzing and visualizing the reach measurement of our advertisements. Due to the marketing tools used, the users' browser automatically establishes a direct connection with the provider's server.

Derbysoft
Recipient: DerbySoft (Hong Kong) Limited, 14800 Landmark Blvd, Suite 640, Dallas, Texas 75254, USA

Functionality: Derbysoft is a web service for measuring reach and classic "conversion tracking". For this purpose, Derbysoft uses technologies such as "cookies" and "tracking pixels" to track specific user behavior on the websites of our advertising partners. With the help of "cookies" and "tracking pixels", Derbysoft processes the information generated by the user's terminal device about interactions with our advertising materials (calling up a specific website or clicking on an advertising material) and user access data, in particular IP address, browser information, the website previously visited and the date and time of the server request, for the purpose of analyzing and visualizing the reach measurement of our advertisements. Due to the marketing tools used, the users' browser automatically establishes a direct connection with the provider's server.

Mapp Intelligence
This website uses Mapp Intelligence, a web analytics service provided by Webtrekk GmbH, based in Berlin, Germany.

Recipient: Webtrekk GmbH, Robert-Koch-Platz 4, 10115 Berlin, Germany.

Functionality: The "Mapp Intelligence" web analytics service uses technologies such as "cookies", "tracking pixels" and "device fingerprinting" to track specific user behavior on websites and, to this end, transmits information to a Mapp server in Nuremberg, Germany, where it is stored. This also involves processing information that is stored on users' end devices. With the help of the "tracking pixels" embedded in websites and the "cookies" stored on users' end devices, "Mapp Intelligence" processes the information generated about the use of our website by users' end devices - e.g. that a certain web page was called up - and access data for the purpose of statistical analysis of website use. Access data includes, in particular, the IP address, browser information, the website previously visited, and the date and time of the server request. According to information provided by "Mapp", the IP addresses are immediately anonymized and deleted in the course of pre-processing. On behalf of the operator of this website, Mapp will use the information collected by Mapp Intelligence to evaluate your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. For more information on Mapp's terms of use and data protection, please visit https://docs.mapp.com/display/CDBD/Allgemeine+terms-of-use or https://www.webtrekk.com/privacy-notice.html.

7. integration of services and content from third-party providers (collection of IP address by third-party services).
Third-party content (hereinafter referred to as "third-party providers") is integrated within the website. For the use of such content, the transmission of the user's IP address to the respective third-party provider is technically necessary. This is because without the IP address, the third-party providers would not be able to send the content embedded in the website to the browser of the respective user. We have no influence on whether a third-party provider stores the IP address, e.g. for statistical purposes, or uses it in any other way. We use the following third-party providers on our website:

Third-party provider:
MapTiler AG, Höfnerstrasse 98 Unterägeri, Zug 6314
Functional description: Display of maps (via service "Maptiler") on the websites
Purpose: To maintain, ensure and improve the quality of products and services, in particular to improve the user experience

Third Party Provider: Monotype Imaging Holdings, Inc, 600 Unicorn Park Drive, Woburn, Massachusetts 01801 USA.
Function description: Myfonts.com - Display of text on web pages
Purpose: To maintain, ensure, and improve the quality of products and services, particularly to enhance the user experience.

Third-party provider: zenloop GmbH, Erich-Weinert-Strasse 145, 10409 Berlin, Germany.
Functional description: Business-to-business software-as-a-service platform for evaluating customer feedback at various touchpoints.
Purpose: Customer and product evaluations for quality management and improvement of the customer experience

Status and update of data protection notices
This privacy notice is effective as of 05/16/2022.

We will update this privacy notice from time to time in the event of relevant changes to our website, the processing of personal data or changes to legal requirements. The revised version will apply from the published effective date.In the event of significant changes to this privacy notice, we will inform you in good time before the changes come into force by posting a notice on our website.We will also notify our guests of the changes by email or other means as appropriate