Data Protection Statement
Thank you for your interest in our website and our services. For us, data form the basis of excellent service. However, our most important asset is our customers’ trust. It is our highest priority to protect customer data and to only use them in the way that our customers expect.
The data protection information below should therefore inform you about the processing of your personal data and your rights regarding this processing in accordance with the European General Data Protection Regulation (“GDPR”) and other applicable data protection provisions.
1. General Information
Hospitality Digital GmbH, Metro-Straße 1, 40235 Düsseldorf, Germany (hereinafter “H.d”, “we” or “us”) is responsible for the operation of this website. H.d attaches the utmost importance to the protection of your personal data.
If you have questions regarding data protection, you can contact our Data Protection Officer using the contact details below: Hospitality Digital GmbH, Data Protection Officer, Metro-Straße 1, 40235 Düsseldorf, Germany, e-mail: firstname.lastname@example.org.
In this Data Protection Statement, we outline how we collect, process and use personal data in the context of providing our website. Personal data is individual information about your personal or material circumstances. We process personal data that we collect about you, process and use exclusively within the context of the applicable statutory provisions.
2. Processing of personal data and transfer to third parties
Upon use of our website, some personal data is automatically collected about your device (computer, mobile phone, tablet etc.). The IP address currently being used by your device, date, time, browser, operating system of your device and the pages retrieved are also collected. This happens for the purpose of data security, to optimize our range and to improve our website.
With the exception of analysis for statistical purposes, which in that case is strictly in an anonymized form, any other analysis is only performed strictly within the scope of this Data Protection Statement. The processing of this personal data is done on the basis of art. 6, para. 1, sentence 1, letter f) GDPR. The protection of our website and the optimization our services represent a legitimate interest on our part.
If you contact us (e.g., via a request to email@example.com), we will collect, process and use only such personal data that you have communicated to us and that is necessary to process and answer your request.
In order to enable the data processing operations stated in this Data Protection Statement, we are deploying service providers as data processors within the meaning of art. 28 GDPR, for example, service providers for cloud hosting, maintenance and other services. The services providers are both external service providers and services providers within the METRO Group that are located in countries within and outside of the European Union (EU) and the European Economic Area (EEC).
By way of contractual provisions, we ensure that these service providers process personal data in accordance with the GDPR in order to guarantee a high level of data protection, even when personal data is transferred to another country where another level of data protection is the standard and for which there is no decision on adequacy from the EU Commission.
There is no further transfer of personal data to other recipients, unless we are legally obliged to do so. For further information regarding the appropriate security precautions regarding the international transfer of data or a copy of these precautions, please contact our Data Protection Officer per e-mail at: firstname.lastname@example.org.
In order to design our services attractively and to enable the use of specific functions, we use so-called cookies. They are small text files that are stored on your device. Some of the cookies used by us are deleted after the end of the browser session, i.e., after closing your browser (so-called session cookies). Other cookies remain on your device and allow us to recognize your browser on your next visit (persistent cookies).
If cookies are not accepted, the functionality of the our website may be limited. By accepting our “Cookie-Banner”, you agree to the processing of your personal data by cookies. This personal data is processed on the basis of art. 6, para. 1, sentence 1, letter a) GDPR. In the following, we detail specific cookies.
On behalf of the website operator, Google uses this information to evaluate your use of the website, to compile reports on website activity and in order to perform other services connected to the use of the website and the internet with respect to the website operator. The IP address transferred by your browser in the context of Google Analytics is not merged with other Google data. You may prevent the cookies from being saved by way of a corresponding setting in your browser software.
Furthermore, you can prevent the collection for Google of the data that is generated by the cookies and based on your use of the website (incl. your IP address) and the processing of this data by Google by downloading and installing the following browser plug-in available at: https://tools.google.com/dlpage/gaoptout?hl=de.
4. Processing of personal data in connection with digital services
We use the services of Mailchimp, a marketing platform for small businesses created by the Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA (“Mailchimp”), for example, to send our newsletter and issue invitations to webinars and events.
Upon sending e-mails, Mailchimp analyses your user behavior on our behalf. For this analysis, the sent e-mails contain so-called web beacons or tracking pixels. This single pixel graphic file makes it possible to record your user behavior. Using the data harvested this way, we create a user profile in order to provide you with content tailored to your interests. In doing so, we record the time that you read our e-mails and which links you click on within the e-mail. From this we draw conclusions about your personal interests. We link these data to the actions performed by you on our website (see also no. 4.2).
This personal data isprocessed on the basis of art. 6, para. 1, sentence 1, letter f) GDPR and serves the optimization of our marketing campaigns.
If you use one of our digital services for which you have completed a registration process (for example, our newsletter), Mailchimp additionally supports us with the analysis of your user behavior on our website. For this a text file (cookie, see also no. 3) is saved on your computer that allows us to recognize you when you visit our website again and analyse how you use our website. This way, we can individually tailor our offers to your needs, so that you generally receive fewer randomly selected offers. This personal data is processed on the basis of art. 6, para. 1, sentence 1, letter f) GDPR and serves the optimization of our marketing campaigns.
When you register for one of our Digital Services and in this context provide personal data via a registration form, we seek a separate declaration of consent. In it, you declare that you agree to the data processing to the extent stated in the declaration and in the context of using our Digital Services, such as newsletters, invitations to webinars and events, and the connected analysis of your user behavior as described in this section. These personal data are processed on the basis of your consent as per art. 6, para. 1, sentence 1, letter a) GDPR.
5. Provision of personal data and storage periods
Your personal data is provided on a voluntary basis. You are not legally obliged to provide us with your personal data. If you do not want to provide us with your personal data, it does not have any consequences for you other than you cannot use our services. Personal data that you provide to us via our website is only saved until the purpose for which it was processed has been served. Deviating storage periods may arise from a legitimate interest on the part of H.d (e.g., to guarantee data security and to prevent abuse). Personal data, which we must save due to statutory or contractual storage obligations, is blocked.
6. Your rights
To exercise your rights as per the GDPR to
– the information on the processing of your personal data and a copy of these data (art. 15 GDPR),
– the correction and completion of incorrect and incomplete personal data (art. 16 GDPR)
– the deletion of your personal data, and if it have been made public, that H.d. informs the other responsible parties of the application for deletion (art. 17 GDPR),
– a restriction regarding the processing of your personal data (art. 18 GDPR),
– the data portability so that you are given your personal data in structured, standard and machine-readable format and the right to transfer this data to another responsible party without obstruction by H.d (art. 20 GDPR),
– the revocation of an issued consent; the revocation does not affect the legality of the processing undertaken on the basis on the consent before the revocation (art. 7 GDPR), and
– an objection to the data processing (art. 21 GDPR),
you can contact the Data Protection Officer of H.d (email@example.com) at any time. In addition, you have the right to raise a complaint at the competent supervisory authority if you regard the data processing to be incompatible with the GDPR (art. 77 GDPR).
As on: May 2018/ AG