Privacy Policy of HENRI HOTEL GmbH
The provisions of the EU General Data Protection Regulation (hereinafter referred to as DSGVO) apply throughout Europe. We would like to inform you about the processing of personal data carried out by our company in accordance with this regulation (compare Articles 13 and 14 DSGVO). If you have any questions or comments about this data protection declaration, you can send them at any time to the email address given in section 1.2 or 1.3.
Table of contents:
1. Overview
1.1 Scope
1.2 Person responsible
1.3 Data protection officer
2 Data Processing in detail
2.1 General information on data processing
2.2 Accessing the website
2.3 Newsletter
2.4 Reservation
2.5 Reception / Stay at the hotel
3. Data subject rights
3.1 Right of objection
3.2 Right of access
3.3 Right of rectification
3.4 Right to erasure ("right to be forgotten")
3.5 Right to restriction of processing
3.6 Right to data portability
3.7 Right of withdrawal of consent
3.8 Right of appeal
1. Overview
In this section of the privacy policy you will find information on the scope of application, the data controller and its data protection officer.
1.1 Scope
On this page we inform you about the type, scope and purpose of the personal data collected by HENRI HOTEL GmbH, which is processed both when you visit this homepage and during other processing under our responsibility, which is not related to this homepage.
1.2 Person responsible
The person responsible for data processing - i.e. the person who decides on the purposes and means of the processing of personal data - in connection with the processing operations is
HENRI HOTEL GmbH
Bugenhagenstrasse 21
20095 Hamburg
Telephone: +49 (0) 40 - 300 322 311
E-mail: hello@henri-hotel.com
1.3 Data protection officer
You can contact our data protection officer as follows:
Contact form: https://www.dsextern.de/anfragen
DS EXTERN GmbH
Dipl.-Kfm. Marc Althaus
Frapanweg 22
D-22589 Hamburg
2. Data processing in detail
In this section of the data protection declaration we inform you in detail about the processing of personal data. For the sake of clarity, we have divided this information according to specific functionalities.
2.1 General information on data processing
Unless otherwise stated, the following applies to all processing operations described below:
No obligation to provide
There is neither a contractual nor a legal obligation to provide personal data. You are not obliged to provide data.
Consequences of non-provision
In the case of required data (data that is marked as mandatory when entered), failure to provide the data will result in the service in question not being provided. Otherwise, failure to provide the data may mean that our services cannot be provided in the same form and quality.
Consent
In various cases, you have the option of also giving us your consent (where applicable for part of the data) to further processing in connection with the processing described below. In this case, we will inform you separately in connection with the submission of the respective declaration of consent about all modalities and the scope of the consent and about the purposes we pursue with these processing operations.
Photography and filming
The events of the HENRI Hotels brand may be documented by photo and film recordings. The use of photographs, such as team photos taken or event photos, takes place on the internet on the respective event page. Selected photographic material of the event may be used for impressions in social media in web resolution as well as in various print media. There will be no other transfer of photo and film recordings to third parties.
The participant may object to the storage, use and dissemination of the recordings made of him/her at any time with effect for the future. If the objection is made before the start of an event of the HENRI HOTELS brand, DSR Hotel Holding will delete all recordings of the participant immediately after the end of the event. The objection can be declared in writing (e.g. letter) or in text form (e.g. by fax or by e-mail). Please state your surname and first name as well as the date and name of the event in your objection.
Transmission to state authorities
We only transfer personal data to state authorities (including law enforcement agencies) if this is necessary for the fulfilment of a legal obligation to which we are subject (legal basis: Art. 6 para. 1 c) DSGVO) or if it is necessary for the assertion, exercise or defence of legal claims (legal basis Art. 6 para. 1 f) DSGVO).
Storage period
We do not store your data for longer than we need it for the respective processing purposes. If the data is no longer required, it is regularly deleted unless its temporary retention is still necessary. Reasons for this may include the following:
- The fulfilment of retention obligations under commercial and tax law.
- The preservation of evidence for legal disputes within the framework of the legal statute of limitations.
Categories of recipients
In addition to the categories of recipients explicitly listed below, personal data is also transferred to the following categories of recipients: Shipping service providers, telephone and fax providers.
Categories of data
- Personal master data: Title, form of address/gender, first name, surname, date of birth
- Address data: street, house number, if necessary address additions, postcode, city, country
- Contact data: Telephone number(s), fax number(s), e-mail address(es)
- Registration data: Information about the service through which you have registered; timing and technical information about registration, confirmation and deregistration; data provided by you when registering.
- Booking data: Bookings, prices, payment information
- Payment data: Account data, credit card data, data on other payment services
- Access data: Date and time of the visit to our service; the page from which the accessing system accessed our site; pages called up during use; data for session identification (session ID); also the following information of the accessing computer system: Internet protocol address (IP address) used, browser type and version, device type, operating system and similar technical information.
2.2 Accessing the website
This section describes how we process your personal data when you access the website.
Information on processing
- Data category: Access data
- Purpose: Connection establishment, display of the contents of the service, detection of attacks on our site based on unusual activities, error diagnosis.
- Legal basis: safeguarding legitimate interests (Art. 6 para. 1f DSGVO).
- If applicable, legitimate interest: proper functioning of the services, security of data and business processes, prevention of misuse, prevention of damage due to interference with information systems
- Storage period: 7 days
- Recipients: IT security service provider, hosting service provider, Consenttool provider
- Third country transfer: -
Tracking to analyse and optimise our services and their use as well as to measure the success of advertising campaigns and optimise the display of advertisements
Information on the services used can be found under "Manage cookies" in the footer or in the Consenttool.
2.3 Newsletter
What happens to your personal data in connection with a subscription to our newsletter is described here:
Processing information
- Data category:
- E-mail address
- Newsletter user profile data
- Registration data
- Purpose:
- Verification of registration (double opt-in procedure), newsletter delivery
- Interest-oriented design of the newsletter
- Traceability of newsletter registration/confirmation/unsubscription.
- Legal basis:
- Consent (Art. 6 para. 1a DSGVO)
- Consent (Art. 6 para. 1a DSGVO)
- Safeguarding legitimate interests (Art. 6 para. 1f DSGVO)
- If applicable, legitimate interest: Proof of successful newsletter subscription/confirmation/unsubscription.
- Storage period: duration of newsletter subscription, (unsubscription data, unlimited to fulfil accountability obligations)
- Recipient: Service provider for newsletter dispatch
- Third country transfer: -
2.4 Reservation
You can find out how we process your personal data when you contact our customer service here:
Processing information
- Data category:
- Personal data
- Contact details
- Contents of enquiries/bookings/complaints
- Payment data
- Purpose: processing of customer enquiries, bookings and complaints.
- Legal basis: contract (Art. 6 para. 1b DSGVO), protection of legitimate interests (Art. 6 para. 1f DSGVO)
- If applicable, legitimate interest: Customer loyalty, sales, improvement of customer satisfaction.
- Storage period: processing of the enquiry, booking data in accordance with the statutory retention period (10 years)
- Recipients: payment service providers
- Transfer to third countries: -
2.5 Reception / stay at the hotel
How we process your personal data when you are at our hotel can be found here:
Processing information
- Data category:
- Personal master data
- Address data
- Contact data
- Booking data
- Payment data
- Purpose: fulfilment of the accommodation contract
- Legal basis: Contract (Art. 6 para. 1b DSGVO)
- If applicable, legitimate interest: -
- Storage period: booking data in accordance with the statutory retention period (10 years)
- Recipients: Payment service provider, reservation system provider
- Transfer to third countries: -
3. Data subject rights
3.1 Right of objection
You have the right to object at any time with future effect to the processing of personal data relating to you which is carried out in accordance with Art. 6 (1) (e) or (f) DSGVO for reasons arising from your particular situation.
You can exercise the right of objection free of charge.
3.2 Right to information
You have the right to know whether personal data concerning you is being processed by us, which personal data it is, if any, and to obtain further information in accordance with Article 15 of the DSGVO.
3.3 Right of rectification
You have the right to request that we correct any inaccurate personal data relating to you without undue delay (Art. 16 DSGVO). Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.
3.4 Right to erasure ("right to be forgotten")
You have the right to demand that we erase personal data relating to you without delay, provided that one of the reasons set out in Article 17(1) of the DSGVO applies and the processing is not necessary for one of the purposes regulated in Article 17(3) of the DSGVO.
3.5 Right to restriction of processing
You have the right to request a restriction in the processing of your personal data if one of the conditions regulated in Art. 18 (1) a) to d) DSGVO applies.
3.6 Right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. Furthermore, you have the right to transfer this data to another responsible party without hindrance from us or to obtain that a direct transfer is made by us, if this is technically possible. This should always apply if the basis of the data processing is consent or a contract and the data is processed automatically. Accordingly, this does not apply to data held only in paper form.
3.7 Right of withdrawal in the case of consent
If the processing is based on your consent, you have the right to revoke your consent at any time. This does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
3.8 Right of complaint
You have the right to complain to a supervisory authority.
Version: 8