Privacy Notice
Steigenberger Spa GmbH
I. General information and your rights as a data subject.
1. data controller
The data controller pursuant to Art. 4 No. 7 DSGVO is.
Steigenberger Spa GmbH Lyoner Straße 25 60528 Frankfurt am Main
Tel.: +49 69 215-908 Fax: +49 69 215-8512
E-Mail: thespa@steigenberger.com
2. Contact details of the data protection officer.
You can reach our data protection officer at:
TÜV Informationstechnik GmbH Am TÜV 1 45307 Essen
E-Mail: datenschutz@deutschehospitality.com
3. your rights as a data subject.
Every data subject whose personal data is processed has the right to information from the controller about the personal data concerned in accordance with Article 15 of the GDPR, the right to rectification in accordance with Article 16 of the GDPR, the right to erasure in accordance with Article 17 of the GDPR, the right to restriction of processing in accordance with Article 18 of the GDPR, the right to object to processing in accordance with Article 21 of the GDPR and the right to data portability in accordance with Article 20 of the GDPR. In addition, the restrictions pursuant to Sections 34 and 35 BDSG apply to the right to information and the right to deletion.
If the processing of your personal data is based on consent given to us, you have the right to revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation.
Furthermore, you have the right to lodge a complaint with the competent data protection supervisory authority pursuant to Art. 77 DS-GVO in conjunction with Section 19 BDSG.
II. Processing of your personal data in connection with the health questionnaire.
1. purposes and legal bases of processing as well as categories of data.
In advance of the spa treatment, we ask you to fill out our health questionnaire. Your information will be used to provide you with a safe and effective spa treatment.
In connection with the health questionnaire, we process the following personal data from you:
- First and last name
- Room number, if applicable
- E-mail address, if applicable
- Cell phone number
- Personal preferences
- Information on medical history (e.g., information on health impairments, injuries/Operationen, intolerances/Allergien, medications, information on existing pregnancy)
- Other remarks of the therapist
The processing of your personal data, which you provide to us in the health questionnaire, is based on your express consent according to Art. 6 para. 1 lit. a) DSGVO, Art. 9 para. 2 lit. a) DSGVO.
Duration of the storage of your personal data.
We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations. If the data is no longer required for the fulfillment of contractual obligations or for securing, asserting or enforcing legal claims, it is regularly deleted. As a rule, we delete your personal data that you have provided to us in connection with the health questionnaires after 3 years. If you revoke your consent, we will delete your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or if the processing does not serve the purpose of asserting, exercising or defending legal claims.
3. categories of recipients of the personal data.
If and to the extent necessary for the aforementioned purposes, we also disclose your personal data to the following recipients or categories of recipients pursuant to Art. 4 No. 9 DSGVO:
Within our company, only those offices receive inspection or access to your data (to the extent necessary in each case) that need it to fulfill our contractual and legal obligations. Your data will not be passed on to third parties.
4. obligation to provide the personal data.
You are not obliged to provide us with your personal data. However, if you choose not to provide us with your data, you may not be able to use our services.
5. transfer of data to third countries.
We do not intend to transfer data to any third country or international organization.
III. Processing of your personal data in connection with the sending of our e-mail newsletter.
1. purposes and legal bases of processing and categories of data.
With the H Rewards-email newsletter, we will inform you regularly about the offers and services of our hotel brands including THE SPA at the Steigenberger Frankfurter Hof. If you would like to receive our e-mail newsletter, we require a valid e-mail address from you. For the registration to our newsletter we use the so-called double-opt-in procedure. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. In addition, we store your IP addresses and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
In order to send our e-mail newsletter, including the administration of your subscription to the newsletter, we process the following personal data from you:
- First name and Nachname
- E-mail address
- IP address
- Postal code, if applicable
- Preferences, if any
The legal basis for sending the e-mail newsletter is your consent pursuant to Art. 6 (1) a) DSGVO. As a subscriber to the e-mail newsletter, you can revoke your consent to the processing of your e-mail address for sending the e-mail newsletter at any time. The revocation can be made via the relevant link in each e-mail newsletter or by e-mail to thespa@steigenberger.com.
2. duration of the storage of your personal data.
As soon as you revoke your consent to receive newsletters, your personal data will be deleted.
3. categories of recipients of the personal data
If and to the extent necessary for the above purposes, we also disclose your personal data to the following recipients or categories of recipients pursuant to Art. 4 No. 9 DSGVO:
Within our company, only those bodies will receive inspection of or access to your data (to the extent necessary in each case) that need it to fulfill our contractual and legal obligations.
Furthermore, we use the external service provider Steigenberger GmbH, Lyoner Straße 25, 60528 Frankfurt (order processor) for the newsletter dispatch.
4. obligation to provide the personal data.
You are not obliged to provide us with your personal data. However, if you choose not to provide us with your data, we will not be able to send you our e-mail newsletter.
5. transfer of data to third countries.
We do not intend to transfer data to any third country or international organization.