§ 1 Information Regarding the Collection of Personal Data
The information provided below describes the collection of personal data when users access our website. “Personal data” refers to all information that can be used to identify an individual person, e.g., name, address, email addresses, or user behavior.
As defined in Article 4 (7) of the EU General Data Protection Regulation (GDPR), the data controller for this website is:
Legend Hotel GmbH
50667 Köln (Cologne)
When you contact us via email or an online contact form, the data you share with us (your email address, your name, or your telephone number) will be stored to enable us to respond to your inquiries. Once this data is no longer needed, it will be deleted. In the event that statutory retention requirements apply, processing of the data will be restricted. The legal regulations concerning the processing of data transmitted via email or online contact forms are stipulated in Article 6 (1) (f) of the GDPR. If the purpose of the email message is the performance of a contract, the legal regulations governing the processing of this data are stipulated in Article 6 (1) (b) of the GDPR.
If we have contracted with external service providers for individual functions of our website or if we wish to use your data for advertising purposes, information about those procedures is provided below, including established criteria for the storage period.
§ 2 Your Rights
You have the following rights with respect to your own personal data:
– right of access
– right to rectification or erasure
– right to the restriction of processing
– right to object to processing
– right to data portability
You additionally have the right to file a complaint with a data protection supervisory authority regarding our processing of your personal data.
§ 3 Personal Data Collected When You Visit Our Website
If you simply visit our website for informational purposes, without registering or entering other information, we collect only the personal data transmitted by your browser. If you choose to view our website, we collect the data listed below, which is required to guarantee the proper technical functioning, stability, and security of the website (in accordance with Article 6 (1) (1) (f) of the GDPR):
– IP address
– Date and time of request
– Time zone difference from Greenwich Mean Time (GMT)
– Content accessed (specific pages)
– Access status/HTTP status code
– Volume of data transmitted
– Referrer URL (website from which the request originated)
– Browser type
– Operating system and interface
– Language and version of the browser software
In addition to the data listed above, when you visit our website, a cookie will be stored on your computer. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using. They allow certain information to be transmitted to the website from which the cookie originated (in this case, us). Cookies are not capable of executing programs or spreading viruses to your computer. Their purpose is to make the Internet browsing experience more user-friendly and effective.
a) This website uses the following types of cookies, the scope and function of which are explained below:
– Transient cookies (see paragraph b)
– Persistent cookies (see paragraph c)
b) Transient cookies are automatically deleted when you close your browser. This includes session cookies in particular. These cookies store a “session identifier,” which allows your browser to track the individual pages accessed during a particular browsing session. This enables our website to then recognize your computer if you return to our website. Session cookies are automatically deleted when you log out or close your browser.
c) Persistent cookies are automatically deleted after a pre-defined period of time, which may vary depending on the individual cookie. You can delete these cookies in your computer’s security settings at any time.
d) You can individually configure your browser settings to block certain types of cookies, such as third-party cookies, or even prevent all cookies from being accepted. Please note, however, that this may restrict the functionality of this website.
f) The flash cookies we use are not stored by your browser, but by your Flash plug-in. We also use HTML5 storage objects, which are stored on your device. These objects store the required data separately from your browser and have no automatic expiration date. If you wish to block flash cookies, you will need to install add-on software. Mozilla Firefox offers a number of such programs at https://addons.mozilla.org/en-GB/firefox/extensions/category/privacy-security/. Google Chrome recommends use of the Adobe Flash Blocker (https://chrome.google.com/webstore/detail/flash-block-plus/lhjanpmhcanjknkcfjiikkjdecjkmngn?hl=en). You can prevent the use of HTML5 storage objects by using your browser’s private browsing mode. We also recommend that you manually delete cookies and your browsing history on a regular basis.
§ 4 Additional Features and Services on Our Website
In addition to the purely informational resources on our website, we offer a variety of services that may be of interest and use to you. These services generally require you to enter additional personal data that we need to provide the specific service The previously described general data processing regulations apply to this data as well.
In some cases, we use external service providers to process user data. These providers are carefully selected and contracted by us. They are required to follow all of our data protection regulations and are regularly monitored for compliance.
Personal data may also be shared with third parties when we collaborate with partners to offer special promotions or contests, or for the performance of a contract or similar services. Details will be provided when you enter your personal information or are included in the description of the specific offering or service.
In the event that our service providers or partners are headquartered in a non-EEA (European Economic Area) country, information regarding any data protection ramifications of this will be provided in the description of the specific offering or service.
§ 5 Objection to or Revocation of Consent for Data Processing
If you have given your consent to our processing of your data, you may revoke this consent at any time. Our legal authorization to process your personal data will be affected from the point in time at which we receive your revocation.
To the extent that our processing of your personal data is based on legitimate interest, you have the right to object to this processing. This is particularly the case when the processing is not required for the performance of a contract with you, as outlined in the description provided below each of the services offered. Should you wish to object to the processing of your data, we request that you provide us with the reason(s) we should not be allowed to continue to process your data. For justifiable objections, we will review the situation and either discontinue or adjust the processing of your data or provide you with our overriding legitimate grounds for the continued processing of your data.
You may, of course, object at any time to the processing of your personal data for marketing and data analysis purposes. You may inform us of your objection by email or postal mail at the following addresses:
Legend Hotel GmbH
§ 6 Newsletter
Upon your consent, you have the option of subscribing to our newsletter, which we provide to keep you up to date on current promotions that may be of interest to you. The goods and services advertised are described in the consent form.
When you register for our newsletter, we use a double opt-in process. This means that once you have submitted your registration, we will send a message to the email address you have provided, requesting that you confirm your subscription request. If you do not confirm your request within 24 hours, your information will be blocked and after one month, your data will be automatically deleted. We also store the IP addresses from which the registration and confirmation were made as well as the dates and times these were received. This is done to allow us to document your registration and, if necessary, to clarify any potential misuse of your personal data.
The only data required when you register to receive our newsletter is your email address. Any additional (marked “optional”) information you voluntarily provide will be used to communicate personally with you. In accordance with Article 6 (1) (1) (a) of the GDPR, following your confirmation, we will store your email address for the purpose of sending you our newsletter.
You may revoke your consent to receive the newsletter at any time and cancel your subscription. This can be done by clicking on the link provided in every email newsletter, by emailing us at email@example.com, or by sending an unsubscribe request to the contact person listed in the legal notice on our website.
We reserve the right to send our guests direct marketing emails highlighting offers from our entire range of services. Our legitimate interest in conducting direct email marketing is the ability to provide our guests with offers targeted directly to their individual interests, which have been determined on the basis of a previous booking (transaction) or an existing customer relationship.
The personal data you provide when making a booking with us may be processed by us for direct marketing purposes for a period of 12 months from the time of the transaction. If during this time period, you do not make a subsequent booking or initiate any other type of transaction with us, your personal data will no longer be processed for direct marketing purposes and will be deleted, unless you have registered to receive our newsletter or other legal regulations require us to continue to store your data.
Emails sent in connection with an existing booking, which may also be of a marketing nature, are sent via “Revinate,” an email marketing service of the U.S. provider Revinate, Inc., located at 1 Letterman Dr., Building C, Suite CM100, San Francisco, CA 94129, USA. The email addresses and names of our guests, along with other data as described in this document, are stored on Revinate’s servers in the USA. Revinate uses this data to distribute and evaluate our newsletters within the scope of our contract as well as to optimize and improve their own services (e.g., technical optimizations to distribution methods or the display of the newsletter). When you open the newsletter, a “web beacon” will initially collect technical data, such as information about your browser and operating system as well as your IP address and the date and time of access. This information is used to improve services on the basis of the technical data or the target groups and their reading behavior as determined by the access locations (which can be established by the IP address) or access times. Our order processing agreement with Revinate conforms to Article 28 of the GDPR and obliges Revinate to maintain the required level of data protection.
The distribution of both marketing emails and advertising materials sent by postal mail is done in accordance with Article 6 (1) (f) of the GDPR in conformance with Section 7 (3) of the German Unfair Competition Act (UWG). Marketing emails are sent only to those people who have been guests at the hotel and have utilized the services we offer. You may unsubscribe from the newsletter at any time. To do so, please notify us by email at: firstname.lastname@example.org. You will also find an “Unsubscribe” link at the bottom of every newsletter. Once your request to cancel the subscription has been processed, you will not receive any further promotional emails from us.
§ 7 Posting of Comments
For some of the promotions presented on our website, you have the option of leaving a comment. Your comment will appear with the user name under which you post it. We recommend the use of a pseudonym rather than your actual name. You are required to provide your user name and email address, but all other information is optional. When you post a comment, we will store your IP address for a period of one week, after which time it will be deleted. This is necessary so that, in the event that illegal content has been posted, we can defend ourselves against liability claims. We need your email address so that we can contact you should a third party claim that your comment violates legal regulations. This is done in accordance with Article 6 (1) (1) (b) (f) of the GDPR. Comments will not be reviewed prior to posting. We reserve the right to delete comments whose content is claimed by third parties to be unlawful.
§ 8 Use of Google Analytics
This site uses Google Analytics, a website analysis service provided by Google, Inc. (“Google”). Google Analytics uses “cookies,” which are text files stored on your computer that allow your use of our website to be analyzed. The information generated by the cookies will normally be transmitted to a server in the USA, where it will be stored. However, if IP anonymization has been activated on this website, in EU member states or in other countries participating in the Agreement on the European Economic Area (EEA), Google will first truncate your IP address. Only in exceptional cases will the complete IP address first be transmitted to the USA and shortened there. As contracted by the operator of this website, Google will use this information to evaluate your use of our website, compile reports on website activity, and perform other contracted services related to activity on this website and the internet.
The IP addresses transmitted from your browser in the context of Google Analytics will not be merged with any other data collected by Google.
You can prevent cookies from being stored by adjusting your browser settings. If you do so, however, you may limit or block the functionality of some features of our website. You can also prevent the transmission of the data generated by the cookie related to your use of our website (including your IP address) as well as Google’s processing of this data by downloading and installing the browser plug-in available at: tools.google.com/dlpage/gaoptout. As an alternative to the browser plug-in, or for browsers on mobile devices, you can click on the link below to prevent future collection of your data on this website by Google Analytics. An opt-out cookie will then be stored on your device. Should you delete all of your cookies in the future, you will need to click on this link again:
This website uses Google Analytics with the extension “anonymizeIp()”. This allows your IP address to be processed in an abbreviated form that prevents it from being linked to a particular individual. If any of the information collected is traceable to a specific person, it will be blocked immediately, and the associated personal data will be promptly deleted.
We use Google Analytics to analyze the use of our website and continually improve it. The statistics it generates allow us to optimize our services and make them more interesting to our users. To protect against the unlikely event that personal data are unintentionally transmitted to the USA, Google is certified under the EU-US Privacy Shield: www.privacyshield.gov/EU-US-Framework. Our use of Google Analytics is in accordance with Article 6 (1) (1) (f) of the GDPR.
Third-Party Provider Information:
Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001; User Terms and Conditions:
This website also uses Google Analytics for a cross-device analysis of visitor streams on the basis of user IDs. You can disable the cross-device analysis of your use of our website in your customer account under “My Data/Personal Data.”
§ 9 Use of Social-Media Plug-Ins
We currently use the following social media plug-ins: Facebook, Instagram, Google+, and Twitter. For these, we employ the “two-click solution.” This means that when you visit our website, no personal data will initially be transmitted to the plug-in providers. You can identify the individual plug-in providers by the marking on the box above the first letter of their names or their logos. Clicking on this button gives you the option to communicate directly with these providers.Only if you click on the marked box and thereby activate the link will the plug-in provider receive the information that you have accessed that specific page of our online content. In addition, the data described in Section 3 of this document will also be transmitted. With regard to Facebook, according to the respective providers in Germany, IP addresses will be anonymized directly upon collection. By activating the plug-in, your personal data will be transmitted to the individual plug-in provider, where it will be stored (for US providers, in the USA). Because the plug-in providers primarily collect data via cookies, we recommend that before clicking on the grayed-out box, you go to your browser’s security settings and delete all cookies.
We have no influence over the data being collected or its processing. We also have no knowledge regarding the full scope of data collection, the purpose of its processing, or the duration of its storage. Nor do we have any information regarding the deletion of data collected by a plug-in provider.
The plug-in provider stores your data as a usage profile and uses this for advertising and market research purposes and/or to enhance the user-centered design of its website. This type of analysis is particularly used to enable (including for users who are not logged in) user-based advertising and to inform other users in the social network about your activity on our website. You have the right to object to the creation of these usage profiles. To assert this right, you must contact the individual plug-in provider. Our use of the plug-ins allows us to provide you with the opportunity to interact with these social networks and other users so that we can improve our services and make our offerings more interesting to you. Our use of plug-ins is done in accordance with Article 6 (1) (1) (f) of the GDPR.
Data transmittal takes place whether or not you have an account with the plug-in provider or are logged in to that social network. If you are logged in to the plug-in provider’s site, the data we have collected will be directly linked to your account with that provider. If you click on the activated button and link to the webpage, for example, the plug-in provider will store this information in your user account and share it publicly with your contacts. We recommend that you always log out of social network sites when you are finished, particularly before activating this button. This will allow you to avoid having this information stored in your user profile with the plug-in provider.
Further information regarding the purpose and scope of the data collection and processing performed by each plug-in provider can be found in their individual privacy policies, links to which are provided below. You will also find additional information regarding your associated rights as well as privacy setting options.
Addresses for each of the plug-in providers, with links to their privacy policies:
[Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; www.facebook.com/policy.php; additional information regarding data collection: www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications, and http://www.facebook.com/about/privacy/your-info#everyoneinfo.
Facebook has been certified by the EU-US Privacy Shield: www.privacyshield.gov/EU-US-Framework.
Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; www.google.com/policies/privacy/partners/.
Google has been certified by the EU-US Privacy Shield: www.privacyshield.gov/EU-US-Framework.
Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy.
Twitter has been certified by the EU-US Privacy Shield: www.privacyshield.gov/EU-US-Framework.
§ 10 Integration of YouTube Videos
Our online content includes embedded YouTube videos, which are stored atwww.YouTube.com and can be played directly from our website. These are all embedded in “privacy-enhanced mode,” meaning that if you do not play the videos, none of your user data will be transmitted to YouTube. Only once you play a video will the data described in paragraph (2) below be transmitted. We have no control over this data transmission.
When you visit the website, YouTube receives the information that you have accessed that specific page on our website. The data described in Section 3 of this document will also be transmitted. This will take place whether or not you are logged in to a YouTube account or even have no YouTube account. If you are logged in to Google, this data will be directly linked to your account. If you do not want this information to be linked from YouTube, you must log out of Google before activating the button. YouTube stores your data as a usage profile, which is used for advertising and market research purposes and/or to enhance the user-centered design of its website. This type of analysis is particularly used to enable (including for users who are not logged in) user-based advertising and to inform other users in the social network about your activity on our website. You have the right to object to the creation of this usage profile. To assert this right, you must contact YouTube directly.
§ 11 Integration of Google Maps
This website uses Google Maps. This allows us to display interactive maps directly on the website for your convenience.
When you visit the website, Google receives the information that you have accessed that specific page on our website. The data described in Section 3 of this document will also be transmitted. This will take place whether or not you are logged in to a Google account or even have no Google account. If you are logged in to Google, your data will be directly linked to your account. If you do not want Google to link this information, you must log out of Google before activating the button. Google stores your data as a usage profile, which is used for advertising and market research purposes and to enhance the user-centered design of its website. This type of analysis is particularly used to enable (including for users who are not logged in) user-based advertising and to inform other users in the social network about your activity on our website. You have the right to object to the creation of this usage profile. To assert this right, you must contact Google directly.
§ 12 Use of Google AdWords Conversion
We use Google AdWords as a marketing tool on external websites to help draw attention to our attractive offerings. By analyzing the data from our individual marketing campaigns, we can measure their effectiveness. This is pursuant to our interests in providing you with advertising that is of interest to you, making our website more relevant to your interests, and arriving at a fair calculation of advertising costs.
This marketing media is provided by Google via its “ad servers.” We also use ad server cookies, through which specific parameters used to measure effectiveness can be analyzed, such as ad displays or user clicks. If you click on a Google advertisement to arrive on our website, Google will store a cookie on your computer. These cookies normally expire after 30 days and are not intended to identify you personally. Along with this cookie, other analysis values that will be stored are the unique cookie ID, the number of ad impressions per placement (frequency), and the last impression (relevant for post-view conversions) as well as any opt-out information (indication that the user no longer wishes to be contacted).
These cookies allow Google to recognize your internet browser. If a user visits a specific page on an AdWords client’s website and the cookie that has been stored on their computer has not expired, Google and the AdWord client can recognize that the user clicked on the ad and was redirected to that page. Each AdWords client is assigned a unique cookie, which prevents the tracking of cookies via the websites of AdWords clients. We ourselves do not collect and process any personal data as part of the marketing measures described. Google provides us solely with statistical analyses. These allow us to identify which of the advertising measures used are most effective. These advertising media do not provide us with any additional data and none of the analyses allow the identification of individual users.
Through the marketing tools used, your browser automatically establishes a direct connection with Google’s server. We have no influence over the scope or further use of the data collected by Google through the use of this tool. Based on our current knowledge, we can inform you that through the integration of AdWords conversion, information is transmitted to Google that you have accessed a specific page on our website or have clicked on one of our advertisements. If you are a registered user of a Google service, Google can link this activity to your account. Even if you are not registered with Google or are not logged in, it is possible that the provider will obtain and store your IP address.
You have several options for preventing this tracking: a) adjusting your browser settings, especially those that block third-party cookies, so that you block any third-party advertising; b) disabling conversion tracking cookies by changing your browser settings so that cookies from “www.googleadservices.com” are blocked: www.google.de/settings/ads (please be aware that if you delete your cookies, you will have to reactivate this setting); c) disabling the interest-based ads of providers who participate in the “About Ads” self-regulatory campaign by visiting http://www.aboutads.info/choices (this setting will also have to be reset if you delete your cookies); d) permanently disabling cookies in the Firefox, Internet Explorer or Google Chrome browsers via www.google.com/settings/ads/plugin. Please note that this may limit your ability to access all the functionality of this website.
§ 13 Remarketing
In addition to AdWords Conversion, we also use Google Remarketing, a tool that allows us to continue to reach out to you. Once you have visited our website, this program allows our advertisements to be displayed on other internet pages you visit. This is done via browser cookies that allow Google to track and analyze your internet browsing activity, which is also how Google recognizes that you have previously visited our website. According to Google, none of the data collected by their Remarketing program will be merged with any of your personal data that may also be stored by Google. Google has specifically stated that they use pseudonymization in their Remarketing program.
§ 14 Facebook Custom Audiences
Our website also uses the “Custom Audiences” remarketing tool offered by Facebook Inc. (“Facebook”). This allows website visitors to be shown interest-based advertisements (“Facebook Ads”) when they browse the Facebook social network or other websites that also use this tool. This is pursuant to our interest in providing you with advertising that is of interest to you and designing our website to be more relevant to your interests.
Through the marketing tools used, your browser automatically establishes a direct connection with Facebook’s server. We have no control over the scope or further use of the data collected by Facebook through the use of this tool. Based on our current knowledge, we can inform you that through the integration of Facebook Custom Audiences, information is transmitted to Facebook that you have accessed a specific page on our website or have clicked on one of our advertisements. If you are a registered user of a Facebook service, Facebook can link this activity to your account. Even if you are not registered with Facebook or are not logged in, it is possible that the provider will obtain and store your IP address and other identifying data.
You can deactivate Facebook Custom Audiences at www.facebook.com/settings/. You must be logged into Facebook to do this.
The legal basis for the processing of your data is established in Article 6 (1) (1) (f) of the GDPR. Further information regarding Facebook’s processing of your data can be found at www.facebook.com/about/privacy/.
§ 15 Social Wall
We have integrated a “Juicer” social wall on our website. With Juicer, a variety of posts from different social media can be combined into one feed that can be embedded on a website as a social wall. This allows posts from Instagram, Twitter, and many other social media platforms to be displayed based on their hashtags or, alternatively, the display of all posts from a specific account (Instagram, Twitter, etc.) on the social wall. The social wall can be accessed by everyone – even those who do not have accounts on Instagram, Twitter, etc. Juicer’s operating company is Juicer.io, 1515 7th Street, #424, Santa Monica, CA 90403, USA.
Juicer and the third-party providers with whom it collaborates comply with the EU-GDPR. The GDPR was developed to provide users with more information and to better protect user data. Juicer has never and will never:
- store or collect personal data from users who view the Juicer feed (social wall) on any website
- share Juicer user data, with the exception of cookies used for system optimization, from which Juicer collects a minimal amount of data, which is handled with discretion.
- share any type of user data with social networks
§ 16 Online Purchase of Vouchers
Vouchers are available for purchase on our website. When a user purchases a voucher online, the data entered into the purchase form will be transmitted to and stored by us. This consists of salutation/company name, first name, last name, date of birth, email address, street address, telephone/fax number, voucher amount, special requests, payment data, and password for the individual user account. Payments for the desired voucher amount will be handled by the online order platform belonging to INCERT eTourismus Gmbh & Co KG, Leonfeldner Strasse 328, A-4040 Linz, Austria. The transmission of all data entered for placement of the order will be encrypted. INCERT is committed to handling your transmitted data in accordance with data protection regulations. INCERT ensures that all organizational and technical measures necessary for protecting your data are taken and no data collected in this context will be shared with third parties. The data collected is used solely for the processing of the transaction and communication purposes.
The legal basis for the processing of this data is the performance of a purchase contract with the user in accordance with Article 6 (1) (b) of the GDPR.
The processing of the personal data provided by the user in the purchase form will be used solely to process the purchase of the voucher and the payment transaction.
This data will be deleted once it is no longer required for the purpose for which it was collected. If a contractual relationship exists, the data will be deleted as soon as national, commercial law, statutory, or contractual retention requirements have been met.
Users have the option to object to the processing of their personal data at any time. Please contact us at email@example.com.
§ 17 Requests for Customer Feedback
We have contracted with CA Customer Alliance GmbH, Ullsteinstrasse 130, 12109 Berlin, Germany (“Customer Alliance”) to poll your satisfaction with our services. For this purpose, we provide Customer Alliance with your contact information and information regarding your booking (e.g., the duration of your stay) and request that they contact you via email to inquire about your satisfaction with our services (e.g., a rating). Customer Alliance then provides us with the results of their inquiry, which may also be made available to the public. This processing of your data is done in accordance with Article 6 (1) (1) (f) of the GDPR, pursuant to our legitimate interest in using your feedback to improve our services and offerings.
A Customer Alliance plug-in is also integrated into our website to permit customer feedback to be displayed.