Check In
Night
Check Out
Adults
Children

Data privacy statement of Congress Hotel am Stadtpark GmbH & Co. KG

 

We are happy to you are visiting our website and thank you for your interest in our hotel. The protection of your personal information is important to us. That is why processing of personal information, such as for example the name, address, email address or phone number of a person concerned is carried out according to the applicable European and national statutory regulations.

If processing of personal information is required and if there is no statutory basis for such processing, we generally obtain the consent of the person concerned.

You may of course revoke your declaration(s) of consent at any time with an effect for the future. To do so please contact the controller. Contact information can be found at the end of this data privacy statement.

 

With the following, Congress Hotel am Stadtpark GmbH & Co. KG would like to inform the public regarding the type, scope and purpose of personal information processed by the company. Furthermore, persons concerned are informed by means of this data privacy statement regarding their rights.

 

Definitions

 

The data privacy statement of Congress Hotel am Stadtpark GmbH & Co. KG is based on the concept used by the European body issuing directives and regulations when issuing the European General Data Protection Regulation (hereinafter referred to as “EU DSGVO”). We want our data privacy statement to be easy to read and understand by the public as well as our guests and business partners. To guarantee such, we would like to explain in advance the used definitions.

The following terms are used in this data privacy statement and on our website:

Personal information is all information that refers to an identified or identifiable natural person (hereinafter referred to as “person concerned”). A natural person is deemed identifiable who can be identified in a direct or indirect fashion, in particular via association with an identifier such as a name, an identification number, location information, online identification or to one or several special features that are the expression of the physical, physiological, genetic, psychic, economic, cultural or social identify of this natural person.

Person concerned is any identified or identifiable natural person whose personal information is processed by the person or party responsible for such processing.

Processing is any process carried out with or without the help of automated procedures or any such sequence of procedures in connection with personal information such as the collection, recording, organizing, filing, storing, adjusting or changing, reading out, retrieving, use, disclosure via transmission, distribution or another form of provisioning, the comparison or linking, the limitation, deletion or destruction.

Limitation of processing is the marking of stored personal information with the goal to restrict its future processing.

Profiling is any type of automated processing of personal information that consists in the fact that this personal information is used to assess certain personal aspects related to a natural person, in particular to analyze or predict aspects pertaining to work performance, economic situation, health, personal preferences, interests, reliability, behavior, place of residence or change in the place of residence of this natural person.

Pseudonymization is the processing of personal information in a way according to which such personal information cannot be associated any longer with a specific person concerned without the inclusion of additional information provided that such additional information is stored separately and that it is subject to technical and organizational measures that ensure that the personal information is not assigned to an identified or identifiable natural person.

Controller is the natural or legal person, authority, institution or other body who, alone or together with others, determines the purposes and means of processing of personal information. If the purposes and means of such processing are prescribed by European Union law or the law of the Member States, the controller or the specific criteria for his nomination may be designated according to European Union law or the law of the Member States.

Processor is a natural or legal person, authority, institution or other body who processes the personal information on behalf of the controller.

Recipient is a natural or legal person, authority, institution or other body personal information is disclosed to, independent of the fact whether such is a third party. However, authorities who potentially receive personal information in line with a certain request for investigation according to European Union law or the law of the Member States are not deemed a recipient.

Third party is a natural or legal person, authority, institution or other body besides the person concerned, the controller, the processor and the persons who under the direct responsibility of the controller or the processor are authorized to process the personal information.

Consent is any statement of intent made voluntarily by the person concerned for the specific case in an informed and unambiguous fashion in the form of a declaration or another clear and confirming action with which the person concerned makes it understood that such person concerned agrees with the processing of personal information affecting the person concerned.

 

Registration (e.g. via our contact form)

 

The person concerned has the option to register on the website of the controller while using personal information. Which personal information is transmitted to the controller is the result of the respective input mask used for registration. Personal information entered by the person concerned is exclusively used internally by the controller and collected and stored for proprietary purposes. The controller may initiate the forwarding of such personal information to one or several processors (for example a parcel service) who also only uses the personal information for internal use attributed to the controller.

By registering on the website of the controller, the IP address assigned by the Internet service provider (ISP) of the person concerned, the date as well as the time of registration is stored. Storing of such data is made against the background that only this way the abuse of our services can only be prevented, and that such data may help, if necessary, to uncover criminal offenses that were committed as well as copyright infringement. In this respect, storing of such data is required to protect the controller. Forwarding of such data to third parties is in principle not carried out unless the statutory obligation to forward such data exists or if forwarding of such data may aid law enforcement.

The registration of the person concerned under the voluntary indication of personal information helps the controller to offer to the person concerned content or services that by the very nature can only be offered to registered users. Registered persons have the option to have personal information that was indicated during registration completely deleted from the database of the controller.

Upon request, the controller shall at all times disclose to any person concerned which personal information is stored in view of such person concerned. Furthermore, the controller shall correct or delete personal information at the request or indication of the person concerned unless this conflicts with the statutory obligation to preserve records.

 

Contact

 

Personal information is also processed by Congress Hotel am Stadtpark GmbH & Co. KG if you disclose such personal information. For example, this happens any time you contact us. Personal information transmitted in this fashion is naturally only used for the purpose for which you have provided such information while contacting us. Disclosing such information is carried out strictly on a voluntary basis and with your consent. To the extent that this pertains to information regarding communication channels (for example email address, phone number) you also give your consent that, if applicable, we may contact you via such communication channels to answer your inquiry.

 

Comment functions

 

In line with the comment function we collect personal information (e.g. name, email address) in line with your commenting on a post only to the extent this was submitted by you. When a comment is published, the email address indicated by you is stored, however, not published. Your name is published if you did not use a pseudonym to submit your comment.

 

Data security

 

Congress Hotel am Stadtpark GmbH & Co. KG takes various technical and organizational measures to protect your personal information against accidental or unlawful deletion, change or against loss and against the unauthorized forwarding or unauthorized access.

Nevertheless, for example Internet-based data transmissions may have security gaps so that absolute protection cannot be guaranteed. Therefore, any person is free to transmit personal information also by way of alternative channels, such as for example via phone.

 

Links to other websites

 

This website contains links to other websites (so-called external links).

As a provider, Congress Hotel am Stadtpark GmbH & Co. KG is responsible for its own content according to applicable European and national statutory provisions. Links to content provided by other providers are different from own content. We have no control over the fact that the operators of other websites may not comply with applicable European and national statutory provisions. Please read the data privacy statements provided on the respective website. For third-party content provided via links and specially marked, Congress Hotel am Stadtpark GmbH & Co. KG does not assume any responsibility and does not take ownership of the respective content. For illegal, incorrect or incomplete content as well as for damage arising from the use or non-use of information, solely the provider and operator of the linked website is liable.

 

Cookies

 

We use cookies to make our Internet presence user-friendly for you and to tailor it to your needs. Cookies are small text files that, as soon as you visit a website, are sent by a web server to your browser and are stored locally on your end device (PC, notebook, tablet, smartphone, etc.).

Many websites and servers use cookies. May cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string through which websites and servers can be assigned to the concrete web browser in which the cookie was stored. This makes it possible for the visited websites and servers to distinguish the individual browser of the person concerned from other web browsers that contain different cookies. A certain web browser can be recognized and identified via the unique cookie ID. If you visit the website again using the same end device, such information serves to recognize you automatically and to make navigation easier for you.

Accepting or rejecting cookies – also for web tracking – can be done via the settings of your web browser. You can configure your browser in a way that cookies are rejected in principle or that you are notified in advance any time a cookie is to be stored. This, however, may impair the functionality of the website (for example when ordering online). Your browser also offers a function to delete cookies (for example via “delete browser data”). This can be done in any standard web browser. For more information, please refer to the user manual or the settings of your browser.

 

Collection of general data and information

 

The website of Congress Hotel am Stadtpark GmbH & Co. KG collects a series of general data and information any time a person concerned or an automated system requests a website. This general data and information is stored in the log files of the server. The following can be recorded:

  • the used browser types and versions
  • the operating system used by the accessing system
  • the website from which an accessing system lands on our website (so-called referrer)
  • the sub-website which are accessed by an accessing system on our website
  • the date and time of access to the website
  • a web protocol address (IP address)
  • the Internet service provider of the accessing system
  • other similar data and information that serve to avert danger in the case of attacks on our information technology systems

When using this general data and information, Congress Hotel am Stadtpark GmbH & Co. KG does not draw any conclusions regarding the person concerned. Rather, such information is used to

  • correctly deliver the content of our website
  • optimize the content of our website as well as advertising for it
  • ensure the lasting functionality of our information technology systems and the technology of our website
  • provide law enforcement authorities with information required for such authorities in the event of a cyber attack

Therefore, such anonymously collected data and information is on the one hand analyzed for statistical purposed by Congress Hotel am Stadtpark GmbH & Co. KG, and on the other hand with the goal to increase data protection and data security in our company to ultimately ensure an optimal security level for personal information processed by us. The anonymous data of the server log files is stored separately from all personal information indicated by a person concerned.

 

Routine deletion and blocking of personal information

 

The controller processes (in this sense also: stores) personal information of the person concerned only for the period required to achieve the storage purpose or if this is prescribed by the European body issuing directives and regulations or another legislative body in laws or regulations the controller is subject to.

If the storage purpose is omitted, or if a storage period expires that is prescribed by the European body issuing directives and regulations or another responsible legislative body, personal information is routinely blocked or deleted according to statutory provisions.

 

Rights of the person concerned

 

Right to obtain confirmation: Any person concerned has the right to receive confirmation from the controller whether personal information pertaining to such person concerned is processed. If a person concerned would like to exercise this right to obtain confirmation, the person concerned may contact the controller in this respect at any time.

Right to be informed: Any person affected by the processing of personal information has the right to receive information at any time from the controller free of charge regarding his stored personal information as well as a copy of such information. Furthermore, the European body issuing directives and regulations grants the person concerned the disclosure of the following information:

  • the purposes of processing
  • the categories of personal information that are processed
  • the recipients or categories of recipients towards which personal information was disclosed or will still be disclosed, in particular when this concerns recipients in third countries or international organizations
  • if possible the planned duration for which the personal information is stored, or, if this is not possible, the criteria for determining such duration
  • the existence of a right to correction or deletion of the personal information pertaining to a person concerned or a right to limiting the processing by the controller or a right to object to such processing
  • the existence of a right to appeal with a supervisory authority
  • if personal information is not collected with the person concerned: All available information pertaining to the origin of the data
  • the existence of an automated decision-making model including profiling pursuant to Section 22 Subsections 1 and 4 EU DSGVO and – at least in these cases – meaningful information regarding the logic involved as well as the scope and the desired effects of such processing for the person concerned

Furthermore, the person concerned has a right to receive information whether personal information was transmitted to a third country or to an international organization. If this is the case, the person concerned also has the right to receive information regarding suitable guarantees in connection with such a transmission.

If a person concerned would like to exercise this right to obtain confirmation, the person concerned may contact the controller in this respect at any time.

Right to correction: Any person affected by the processing of personal information has the right to demand the immediate correction of incorrect personal information. Furthermore, the person concerned has the right, while taking into consideration the purposes of processing, to demand the completion of incomplete personal information – also by means of a supplementary declaration.

If a person concerned would like to exercise this right to correct information, the person concerned may contact the controller in this respect at any time.

Right to deletion (right to be forgotten): Any person affected by the processing of personal information has the right to demand from the controller that personal information is deleted immediately if one of the following reasons should apply and to the extent that processing is not required:

  • Personal information was collected for such purposes or processed in such a way for which it is no longer required.
  • The person concerned revokes his consent processing was based on pursuant to Section 6 Subsection 1 a EU DSGVO or Section 9 Subsection 2 a EU DSGVO, and there is no other legal basis for such processing.
  • The person concerned objects to the processing pursuant to Section 21 Subsection 1 EU DSGVO, and there are no overriding authorizing reasons for the processing, or the person concerned objects to the processing pursuant to Section 21 Subsection 2 EU DSGVO.
  • Personal information was unlawfully processed.
  • The deletion of personal information is required to fulfill a legal obligation pursuant to European Union law or the law of the Member States the controller is subject to.
  • Personal information was collected in regard to offered information society services pursuant to Section 8 Subsection 1 EU DSGVO.

To the extent that one of the above-mentioned reasons applies and if a person concerned wishes for personal information stored with Congress Hotel am Stadtpark GmbH & Co. KG to be deleted, such person concerned may contact the controller at any time. The deletion request of the person concerned will be carried out immediately.

If personal information was made public by Congress Hotel am Stadtpark GmbH & Co. KG and if our company as controller pursuant to Section 17 Subsection 1 EU DSGVO is obligated to delete personal information, Congress Hotel am Stadtpark GmbH & Co. KG shall take appropriate measures, also of a technical nature, while taking into account the available technology and implementation costs to inform other controllers processing the published personal information that the person concerned has requested from these other controllers the deletion of all links to this personal information or of copies or replications of this personal information to the extent that processing is not required. The controller shall then take the necessary measures in individual cases.

Right to limitation of processing: Any person affected by the processing of personal information has the right to demand from the controller the limitation of processing if one of the following prerequisites is given:

  • The correctness of personal information is disputed by the person concerned, and for a period that enables the controller to review the correctness of such personal information.
  • The processing is unlawful; the person concerned rejects the deletion of personal information and instead requests the limitation of use of such personal information.
  • The controller no longer requires the personal information for the purposes of processing; however, the person concerned requires such personal information for the assertion, exercise or defense of legal claims.
  • The person concerned has objected to the processing pursuant to Section 21 Subsection 1 EU DSGVO, and it is not yet determined whether the legitimate reasons of the controller outweigh the reasons of the person concerned.

To the extent that one of the above-mentioned prerequisites applies and if a person concerned wishes for personal information stored with Congress Hotel am Stadtpark GmbH & Co. KG to be limited, such person concerned may contact the controller at any time. The limitation of processing shall then be carried out immediately.

Right to data portability: Any person affected by the processing of personal information has the right to receive his personal information that was provided by the person concerned to the controller in a structured, standard and machine-readable format. He also has the right to transmit such information to another controller without being hindered by the controller such personal information was provided to to the extent that the processing is based on the consent pursuant to Section 6 Subsection 1 a EU DSGVO or Section 9 Subsection 2 a EU DSGVO or on a contract pursuant to Section 6 Subsection 1 b EU DSGVO and the processing is carried out by means of automated processes, unless the processing is required for the execution of a task that is in the public interest or unless the processing is carried out in the exercise of official authority that was given to the controller.

Furthermore, the person concerned, while exercising his right to data portability pursuant to Section 20 Subsection 1 EU DSGVO, has the right for it to be effected that the personal information is transmitted directly from one controller to another controller to the extent that this is technically feasible and to the extent that this does not interfere with the rights and freedoms of other persons.

To assert the right to data portability, the person concerned may contact the controller at any time.

Right to objection: Any person affected by the processing of personal information has the right, for reasons that pertain to his specific situation, to object at any time to the processing of personal information that is carried out on the basis of Section 6 Subsection 1 e or f EU DSGVO. This also applies to profiling that is based on these provisions.

Congress Hotel am Stadtpark GmbH & Co. Kg no longer processes the personal information in the event of an objection, unless we are able to establish compelling reasons worthy of protection for the processing that outweigh the interests, rights and freedoms of the person concerned, or the processing serves to assert, exercise or defend legal claims.

If Congress Hotel am Stadtpark GmbH & Co. KG processes personal information to carry out direct marketing, the person concerned has the right to object to the processing of personal information at any time for the purpose of such marketing. This also applies for profiling to the extent that it is connected to such direct marketing. If the person concerned objects to the processing for the purposes of direct marketing towards Congress Hotel am Stadtpark GmbH & Co. KG, Congress Hotel am Stadtpark GmbH & Co. KG shall no longer process such personal information for such purposes.

In addition, the person concerned has the right, for reasons that pertain to his specific situation, to object to the processing of personal information carried out at Congress Hotel am Stadtpark GmbH & Co. KG for scientific or historical research purposes or for statistical purposes pursuant to Section 89 Subsection 1 EU DSGVO, unless such processing is required to fulfill a task that is in the public interest.

To assert the right to objection, the person concerned may contact the controller at any time. Furthermore, in connection with the use of information society services, and regardless of the Directive 2002/58/EC, the person concerned is free to exercise his right to objection by means of automated processes for which technical specifications are used.

Automated decisions in individual cases including profiling: Any person affected by the processing of personal information has the right not to be subjected to a decision that is based exclusively on an automated processing – including profiling – that has a legal effect towards the person concerned or that substantially impairs the person concerned in a similar fashion to the extent that the decision:

  • is not required for entering into or fulfilling a contract between the person concerned and the controller, or
  • is permissible on the basis of statutory provisions of the European Union or the Member States the controller is subject to, and that these statutory provisions contain appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the person concerned, or
  • is made with the express consent of the person concerned.

If the decision is required for entering into or fulfilling a contract between the person concerned and the controller, or if it is made with the express consent of the person concerned, Congress Hotel am Stadtpark GmbH & Co. KG shall take appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the person concerned – this includes at the very minimum the right to effect the intervention of a person on the part of the controller, the right to explain the own point of view and the right to challenge the decision.

If the person concerned wishes to assert rights in regard to automated decisions, he may contact the controller at any time.

Right to revoke consent pertaining to data protection: Any person affected by the processing of personal information has the right to revoke at any time consent given for the processing of personal information.

If the person concerned wishes to assert his right to revoke consent, he may contact the controller at any time.

 

Data protection regarding applications and during the application process

 

The controller collects and processes the personal information of applicants for the purposes of completing the application process. Processing may also be carried out electronically. This is especially the case if an applicant transmits to the controller corresponding application documents electronically, for example via email. If the controller enters into an employment contract with an applicant, any transmitted information is stored for the purposes of processing the employment relationship while taking into account any and all statutory provisions. If the controller does not enter into an employment contract with the applicant, the application documents are automatically deleted six months after announcement of the decision to decline an offer for employment unless there are legitimate interests of the controller not to delete such documents. Other legitimate interest in this sense is, for example, the burden of proof in proceedings pursuant to the General Act on Equal Treatment (AGG).

 

The use of Google Analytics (with anonymization function)

 

This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called “cookies,” text files that are stored on your computer and that enable an analysis of how the website is used. Information generated by the cookie regarding your use of this website is usually sent to one of Google’s servers in the US and stored there. Should IP anonymization be activated on this website, your IP address is however shortened beforehand by Google within the Member States of the European Union or in other contractual states of the treaty regarding the European Economic Area. Only in exceptional cases is the full IP address transferred to one of Google’s servers in the US and then shortened there. On behalf of the operator of this website, Google will use this information to analyze your use of the website to compile reports regarding the website activities and to provide additional services connected to the use of the website and the use of the Internet in view of the website operator. The IP address transmitted in line with Google Analytics from your browser is not combined with other data by Google. You are able to prevent the storing of cookies my means of a corresponding setting of your browser software. However, we would like to point out that in such cases potentially not all functions of this website may be used to the full extent. Furthermore, you are able to prevent the capture and transmission of data generated by the cookie and related to your use of the website (including your IP address) to Google, as well as the processing of such data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

You may prevent the capture by Google Analytics by clicking on the below link. This installs an opt-out cookie on your browser to prevent future capture of your data when visiting this website:

<a href=“javascript:gaOptout()“>Google Analytics deaktivieren</a>

Please find more information regarding the terms of use and data protection at: http://www.google.com/analytics/terms/de.html or at: https://www.google.de/intl/de/policies/

In view of the discussion regarding the use of analysis tools with complete IP addresses, Congress Hotel am Stadtpark GmbH & Co. KG would like to point out that, in order to exclude the identification or identifiability of a natural person, IP addresses are only processed in a limited fashion on this website, since we use Google Analytics with the expansion “_anonymizelP()”.

 

Name and address of the controller:

 

Controller in the sense of the European General Data Protection Regulation (EU DSGVO), other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:

 

Congress Hotel am Stadtpark GmbH & Co. KG

Clausewitzstr. 6

30175 Hannover

P: +49 511 28050

F: +49 511 814652

Email: info(a)congress-hotel-hannover.de

Please replace (a) with @ when sending an email. This spelling is used to protect against spam.

 

Managing Director:

Jörg-Walter Koch

 

Name and address of the data protection officer:

 

SHIELD GmbH

Martin Vogel

Perleberger Str. 10b

25421 Pinneberg

P: +49 4101 77 44 70

Email: info(a)shield-datenschutz.de

Please replace (a) with @ when sending an email. This spelling is used to protect against spam.

 

Changes to the data privacy policy

 

We reserve the right to amend our data protection practices and this data privacy policy to adapt them, if applicable, to amendments of relevant laws or regulations or to better meet the needs of our guests. Possible changes in our data protection practices will be announced accordingly. Please refer to the current version date of the data privacy statement.

 

Hanover, March 2018