Privacy & cookies

Data Protection Declaration

Data protection is a matter of trust and your trust is important to us. We respect your private sphere and privacy rights. The protection of your personal data that is collected, processed and used in compliance with the law, is therefore of great importance to us. In order to ensure that you feel comfortable when using our websites, we observe strict compliance with the statutory provisions when processing your personal data, and we should now like to inform you about the collection and use of your data here.

We are committed to compliance with the DS-GVO (Datenschutz Grundverordnung [General Data Protection Regulation - GDPR]) as well as the nationally valid data protection laws. For us the topic of data protection has an extremely high priority throughout our company and we work together exclusively with partners who can demonstrate an equally stringent data protection level in their processing procedures. We process your data only if you have given us your express permission to do so and it is necessary for the purposes of processing a contract or it relates to pre-contractual measures on a service-provision basis, or insofar as the relevant laws permit and/or require this respectively. The following data protection information contains both the current national legal framework that applies, as well as the provisions of the EU General Data Protection Regulation (GDPR) that came into force Europe wide on 25 May 2018. Reference to the legal principles of the GDPR are relevant from 25 May 2018. Under no circumstances will we sell your data or pass it on to unauthorised third parties. In the following we should like to inform you in detail about how we handle your data in our business units.

You can print or save this document by using the standard functionality of your browser. In the following Data Protection Declaration, you will find out which data we record on our website and how we process and use the different data.

1. Name and address of the person responsible

The person responsible within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection provisions is:

Lindner Hotels AG
Emanuel-Leutze-Straße 20; D-40547 Düsseldorf
Telephone: +49 211 5997-310
Fax: +49 211 5997-348
Email: info@lindner.de
Internet: www.lindner.de

Person responsible for web content:

Maximilian Abele
+49 211 5997 1149
maximilian.abele@meandallhotels.com

II. Name and address of the data protection officer

The data protection officer for the person responsible is:

TÜV Informationstechnik GmbH
IT Security, Business Security & Privacy
Specialist Unit for Data Protection
Langemarckstraße 20
45141 Essen

Telephone +49 201 - 8999-899
Fax +49 201 - 8999-666
Email: privacyguard@tuvit.de

Head of Data Processing:

Michael Eckert

III. General information on data processing

1. Scope of the processing of personal data

Fundamentally we collect and use the personal data of our users only insofar as this is required for the provision of a fully functional website and for our contents and services. The collection and use of the personal data of our users is carried out on a regular basis but only following the consent of the user. An exception applies in cases where prior consent cannot be obtained for specific reasons and the processing of the data is permitted by statutory provisions.

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the person affected for the processing of personal data, Art. 6 para. 1a of the EU General Data Protection Regulation (GDPR) serves as a legal basis for the processing of said personal data.

In the case of the processing of the personal data that is required for the fulfilment of a contract, the contracting party of which is the affected person, Art 6 para. 1b GDPR serves as the legal basis. This also applies for processing procedures that are required for the execution of pre-contractual measures.

Insofar as the processing of personal data is required for the fulfilment of a legal obligation to which our company is subject, Art 6 para. 1c GDPR serves as the legal basis.

In the event that the vital interests of the affected person or another natural person make the processing of the personal data necessary, Art 6 para. 1d GDPR serves as the legal basis.

If processing is required in order to maintain a justified interest of our company or a third party and if the interests, basic rights and basic freedoms of the affected person do not take precedence over the aforementioned interest, Art 6 para. 1f GDPR serves as the legal basis for the processing.

3. Data deletion and duration of storage

The personal data of the person affected is deleted or blocked as soon as the reason for the data to be stored is no longer valid. However, they can continue to be stored if this is provided for in the European or national legislature, or in specific rules, directives or other provisions of European Union law to which the responsible person is subject. The blocking or deletion of the data is also carried out if the storage date prescribed by the aforementioned norms expires, unless there is a requirement for the data to continue to be stored for the conclusion or the performance of a contract.

IV. Availability of the website and creation of log files

1. Description and scope of data processing

Every time our internet site is accessed, our system automatically records data and information from the computer system of the calling PC.

The following data is collected in this case:

  • Information about the browser type and the version used
  • The operating system of the user
  • Hashed mobile code numbers for the device
  • Hashed cross device identifier
  • Geographic information
  • Digital fingerprints
  • Language settings in the user’s browser
  • User’s customer journey within our website
  • The user’s internet service provider
  • Abbreviated IP addresses
  • Date, time and duration of visit
  • Websites from which the user’s system accesses our internet site
  • Websites that are called up by the user’s system via our internet site

The data is also stored in the log files of our system. This data is not stored together with the other personal data of the user.

2. Legal basis for data processing

The legal basis for the temporary storage of the data and log files is Art. 6 para. 1f of GDPR.

3. Purpose of the data processing

The temporary storage of the IP address by the system is required in order to enable a delivery from the website to the user’s computer. Therefore, the user’s IP address must remain stored for the whole duration of the visit.

Storage in log files is carried out in order to guarantee the functionality of the website. In addition, the data helps us to optimise the website and to guarantee the security of our information technology systems. No evaluation of the data for marketing purposes is carried out in connection with this.

For these purposes our justified interests in data processing are in accordance with Art. 6 para. 1f GDPR.

4. Duration of storage

The data is deleted as soon as it is no longer required for the purposes for which it was collected. In the case of collecting the data in order to make the website accessible to the visitor, they are deleted once the visit has ended.

In the case of storing the data in log files, this is the case after seven days at the latest. Further storage is possible. In this case the user’s IP addresses are either deleted or anonymised, so that it is no longer possible to allocate them to the visiting client.

5. Opportunity to contest data or have it eliminated

The collection of data in order to make the website available and the storage of said data in log files is required for the proper functioning of the website. Therefore, the user does not have a right to contest the data in this case.

V. Use of cookies

1. Description and scope of the data processing

Our website uses cookies. Cookies are text files that are filed in the internet browser and/or by the internet browser respectively of the user’s computer system. If a user accesses a website, a cookie can be stored on the user’s operating system. This cookie contains a unique character string that facilitates the clear identification of the browser if the website is visited again.

We use cookies in order to make our websites more user friendly. Some elements of our website require that the calling browser can be identified even after changing websites.

The following data is stored and transmitted in the cookies:

  • Language settings
  • Articles in the shopping basket
  • Log-in information (nights clients)

In addition, we use cookies on our website that facilitate the analysis of the surfing behaviour of the user.

This means that the following data can be transmitted:

  • Search terms entered
  • Call-up frequency for websites
  • Date of access
  • Internal URLs visited
  • Shopping basket (booking date, services booked, amount of shopping basket, currency)
  • Use of website functions

The user data collected in this way are pseudonymised by means of technical precautions. This means that the data can no longer be allocated to the user accessing the site. The data is not stored together with the user’s other personal data.

2. Targeting

Our websites use cookie technology to collect data to optimise our advertising and online content. This data is not used to identify you personally but serve purely as an aid in the evaluation of the use of our homepage on a pseudonymised basis. Your data is never amalgamated with your personal data that we have stored. Using this technology, we can present you with advertising and/or special offers and services, the contents of which are based on the information that has been obtained via clickstream analysis (e.g. advertising that is based on the fact that sports shoes have been viewed exclusively in the last few days). Our aim in this is to structure our online offering in the most attractive way possible and to present you with advertising that corresponds to your areas of interest.

a. Third-Party-Cookies

We use various advertising partners who help us to make our websites and internet offers even more interesting for you. Therefore, the cookies of partner companies are also stored on your hard drive when you visit our websites. These are temporary/permanent cookies that are deleted automatically after a defined period of time. These temporary and permanent cookies (life cycle 14 days up to 10 years) are stored on your hard drive and are deleted automatically after a defined period of time. Also the cookies for our partner companies only have pseudonyms and most even have anonymised data. For example, this could be data about which products you have viewed, whether you bought anything, which products you searched for, etc. Some of our advertising partners also use the websites to collect data on which pages you visited prior to visiting them or which products you were interested in, so that they can then show you the advertising that you are most likely to be interested in. These pseudonymised data is never amalgamated with your personal data. The sole purpose of such data is to enable our partners to present you with advertisements that will really be of interest to you.

b. Re-targeting

In this our websites use so-called re-targeting technologies. We use these technologies in order to make the internet offers more interesting for you. This technology makes it possible for us to address internet users who have already shown an interest in us and our products on the internet sites of our partners. We are convinced that the insertion of personalised, internet-related advertising is generally more interesting for the internet user than advertising that does not have any such personal connection. The insertion of such advertising on our partner pages is carried out on the basis of cookie technology and an analysis of the previous user behaviour. This form of advertising is completely anonymised. No user profiles are amalgamated with your personal data. By using our pages, you agree that so-called cookies can be placed and that your particular usage data can be collected, stored and used. In addition, your data is stored in cookies after the end of the browser session so that they can be called up once again when you re-visit the websites, for example. You can revoke your consent at any time with immediate effect, by setting your browser preferences so that the acceptance of cookies is refused.

3. How can you prevent cookies from being stored?

Depending on the browser you use, you can set the settings in such a way that the storing of cookies is accepted only if you have agreed to this. If you want to accept exclusively our cookies, but not those of our service providers and partners, you can select the setting "Block cookies from third parties" in your browser. As a rule, using the Help function in the menu bar in your web browser you can see how to refuse new cookies and to switch off those you have already received. You can find detailed information on how you can customise the settings in your browser via the following link. If you are using shared computers that are set to accept cookies and flash cookies, we recommend that you should always make sure that you have completely logged out after you have finished your session.

4. Legal basis for data processing

The legal basis for the processing of personal data with the use of cookies is Art. 6 para. 1f GDPR.

5. Purpose of the data processing

The purpose of technically required cookies is to simplify the use of the website for the user. Some of the functions of our internet site could not be offered without the use of cookies. For these it is necessary that the browser is identified even after changing website.

We need cookies for the following applications:

  • Shopping basket
  • Acceptance of language settings
  • Bookmarking of search terms
  • Bookmarking of websites visited

The user data collected by the technically required cookies are not used to create user profiles.

The reason for the use of the analysis cookies is in order to improve the quality of our websites and their contents. By using the analysis cookies, we can see how the website is being used and so we are able to continually optimise our offers.

For these purposes our justified interests in the processing of personal data are in accordance with Art. 6 para. 1f GDPR.

6. Duration of storage, option to contest and remove information

Cookies are stored on the user’s computer and transmitted to our website from here. Therefore, as a user you have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or limit the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be carried out automatically. If the cookies for our website are deactivated, it is possible that some of the functions of the website may no longer be fully available.

The transmission of flash cookies cannot be prevented using the browser settings but by changing the settings for Flash Player.

VI. Newsletter

1. Description and scope of the data processing

You have the option of subscribing to our newsletter free of charge on our website. When registering for the newsletter the data from the input screen is passed on to us.

  • Form of address
  • Last name
  • First name
  • Email address

In addition, the following data is collected upon registration:

  • Date and time of registration

Moreover, you have the option of supplying the following information on a voluntary basis:

  • Language
  • Address
  • Interests

Your consent for the processing of your data is obtained during the registration process and reference is made to this Data Protection Declaration.

If you order goods or services on our internet site and provide your email address, we can subsequently use this for the dispatch of the newsletter. In such a case, exclusively direct advertising for our own similar goods or services will be sent via the newsletter. In addition, email addresses that have been collected can be used for advertising purposes in online marketing and social media.

No data is passed on to third parties in connection with the data processing for the dispatch of the newsletter. The data is used exclusively for the dispatch of the newsletter and for advertising purposes in online marketing and social media.

2. Legal basis for data processing

The legal basis for the processing of the data following registration for the newsletter by the user, and following receipt of the user’s consent, is Art. 6 para. 1a GDPR. The legal basis for the dispatch of the newsletter following the purchase of goods or services is § 7 para. 3 UWG (Gesetz gegen den unlauteren Wettbewerb [Unfair Competition Act]).

3. Purpose of the data processing

The recording of the user’s email address is so that the newsletter can be sent. The collection of other personal data within the framework of the registration process is to prevent any misuse of the services or of the email address used.

4. Duration of storage

The data is deleted as soon as it is no longer required for the purpose for which it was collected. The email address of the user is stored for as long as the subscription to the newsletter remains active. The other personal data collected as part of the registration procedure is generally deleted after a period of seven days.

5. Opportunity to contest data or have it eliminated

The subscription to the newsletter can be cancelled by the affected user at any time. There is a corresponding link for this in the newsletter. This also offers the opportunity to revoke consent for the storage of the personal data that was collected during the registration procedure.

VII. Registration

1. Description and scope of the data processing

On our website we offer users the opportunity to register by providing their personal data. The data is entered in an input screen and transmitted to us and then stored. The data is not passed on to third parties. The following data is collected within the framework of the registration process:

  • Language
  • Form of address
  • Title
  • Last name
  • First name
  • Company name
  • Position
  • Date of birth
  • Email
  • Telephone
  • Address
  • Smoker/non-smoker
  • Room requirements
  • Any special requests
  • Interests
  • Newsletter registration

The following data is stored at the time of registration:

  • The IP address of the user
  • Date and time of registration

As part of the registration process the user’s consent to the processing of this data is obtained.

2. Legal basis for data processing

The legal basis for the processing of the data following receipt of the user’s consent, is Art. 6 para. 1a GDPR. If the registration is for the purposes of the fulfilment of a contract, of which the contractual party is the user, or for the purposes of carrying out pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1b GDPR.

3. Purpose of the data processing

The registration of the user is required for the provision of certain contents and services on our website. These contents and services are linked to registration for the Nights programme. Therefore, the identification of the user is required for these contents and services to be provided.

4. Duration of storage

The data is deleted as soon as it is no longer required for the purpose for which it was collected. This is the case for data that is collected during the registration procedure, if the registration is cancelled or changed on our website.

5. Opportunity to contest data or have it eliminated

As a user you have the option of cancelling your registration at any time. You can have your personal data changed at any time.

Once registration has been carried out on our website, the user profile can be amended immediately. You can delete your profile by calling +49 211 44755 200 or emailing nights@lindner.de.

VIII. Contact form and email contact

1. Description and scope of the data processing

A contact form is available on our internet site which can be used to contact us electronically. If a user wishes to take advantage of this option, the data entered in the input screen is transmitted to us and stored. This data is:

  • Form of address
  • First name
  • Last name
  • Telephone
  • Email address
  • Re.
  • Date of arrival
  • Date of departure
  • Details about your enquiry

The following data is also stored when the message is sent:

  • Date and time contact was made

Your consent for the processing of your data is obtained during the send process and reference is made to this Data Protection Declaration.

Alternatively, it is possible to make contact using the email address provided. In this case the personal details of the user that are transmitted in the email are stored.

This data is not passed on to third parties in this connection. The data is used exclusively for processing the conversation.

2. Legal basis for data processing

The legal basis for the processing of the data following receipt of the user’s consent, is Art. 6 para. 1a GDPR.

The legal basis for the processing of the data that is transmitted by email, is Art. 6 para. 1f GDPR. If the email contact should result in the conclusion of a contract, the additional legal basis for the processing of the data is Art. 6 para. 1b GDPR.

3. Purpose of the data processing

The processing of personal data from the input screen is used by us exclusively for the purpose of processing the contact. In the case of contact by email, this also includes the necessary justified interest in the processing of the data.

The other personal data processed during the send process are used to prevent any misuse of the contact form and to guarantee the security of our IT systems.

4. Duration of storage

The data is deleted as soon as it is no longer required for the purpose for which it was collected. With regard to personal data from the input screen for the contact form and that sent by email, this is the case once the relevant conversation with the user has ended. This conversation is ended, once it is clear from the circumstances that the relevant matter has been definitively clarified.

The additional personal data that is collected during the send process is deleted after a period of seven days at the latest.

5. Opportunity to contest data or have it eliminated

The user has the option of revoking their consent to the processing of personal data at any time. If the user gets in touch with us by email, they can contest the storage of personal data at any time. In such a case it is impossible for the conversation to be continued. It is possible to have a profile deleted by emailing info.ecommerce@lindner.de. All the personal data that was stored during the contact process is deleted in this case. In addition, any enquiries over an interval of one month are completely deleted from our system.

X. Forwarding of your data to third parties

In order to make our website as user-friendly and easy to use as possible, we also include individual services from external service providers. As a result, you have the option of viewing their data protection provisions on the application and use of the services and functions they provide, so that you can also exercise your rights here as well, if necessary.

1. Google Analytics

Google Analytics is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses "cookies", i.e. text files that are stored on your computer and enable Google to carry out an analysis of the use of our offer. The information provided by the cookies on the use of our websites (including your IP address) are generally transmitted to a Google server in the USA, where they are stored. We should like to point out that Google Analytics has the additional code “gat._anonymizeIp();;” on our websites, so that the IP addresses can be recorded in an anonymised form (so-called IP masking). Therefore, with our permission, your IP address is recorded only in an abbreviated form, which guarantees that it is anonymised and that it is impossible to trace it back to you. In the case of the activation of IP anonymisation on our websites, your IP address is abbreviated in advance by Google within the member states of the European Union or within the other contracting parties to the Agreement across the European Economic Area. Only in exceptional cases is your full IP address transmitted to a Google server in the USA, where it is then abbreviated. Google uses the aforementioned information to evaluate your use of our websites, to compile reports for us on the website activities and to provide us with further services linked to the use of websites and the internet. The IP address transmitted by your browser to Google Analytics is not amalgamated with other data held by Google. The forwarding of this data by Google to third parties is carried out only within the framework of statutory provisions or the processing of contractual data. Google will never amalgamate your data with other data held by Google. By using these websites, you declare that you agree to the processing of your personal data by Google and to the aforementioned type and manner of data processing as well as the purpose thereof already mentioned. You can prevent the storage of cookies by changing the settings in your browser software; however, we should like to point out that this may result in certain functionalities of our websites not being fully operational for you. You can also prevent the recording and processing of the data regarding your use of these websites collected by the cookie (incl. your IP address) by Google, by downloading and installing the browser plugin that is available at the following link.

You will find further information on Google Analytics and data protection at http://tools.google.com/dlpage/gaoptout?hl=de.

2. Google-AdWords

This website uses the online advertising programme “Google AdWords”, which also includes conversion tracking. The cookie for conversion tracking is placed when a user clicks on an advertisement placed by Google. These cookies remain valid for 30 days only and are not used for personal identification. If the user visits specific pages of the website and the cookie has not yet expired, we and Google are able to see that the user has clicked on the advertisement and was directed to this webpage. Every Google AdWords client is given a different cookie. This means that cookies cannot be tracked via the websites of AdWords clients. The information obtained with the help of conversion cookies helps us to compile conversion statistics for AdWords clients who have opted for conversion tracking. These clients are given the total number of users who have clicked on their advertisement and were directed to a page that contains a conversion tracking tag. However, they do not receive any information that could help them to identify the individual users personally. Users who do not want to participate in tracking can easily deactivate the cookie for Google conversion tracking via the user settings in their internet browser. These users are then not recorded in the conversion tracking statistics. Find out more about Google’s Data Protection Provisions.

3. Google Maps

Our websites use Google Maps to display area maps and to create routes for journeys. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using this website, you agree to the recording, processing and use of the data automatically collected by Google, or by one of its representatives or third-party suppliers, or the data supplied by you to Google, or one of its representatives or third-party suppliers. You will find the conditions of use for Google Maps at Google Maps Conditions of use. You will find further details at the data protection centre for google.de: Transparency and options as well as data protection provisions.

4. Etracker

The provider of this website uses the services of etracker GmbH, Hamburg, Germany(https://www.etracker.com) for the analysis of its user data. Cookies are set for this that enable the statistical analysis of the use of this website by its users as well as the display of user-related contents or advertising. Cookies are small text files that are saved in the internet browser of the user’s end device. etracker cookies do not contain any information that would make the identification of the user possible.

The data collected with etracker is processed and saved by etracker exclusively in Germany on behalf of the provider of this website and is therefore subject to the stringent German and European data protection laws and standards. etracker has been independently examined and certified and awarded the data protection seal https://www.eprivacy.eu/kunden/vergebene-siegel/firma/etracker-gmbh/.

The data processing is carried out on the legal basis of Art. 6 para. 1f (justified interest) of the EU General Data Protection Regulation (EU GDPR). Our justified interest is based on the optimisation of our online offers and web presence. Since the private sphere of our users is of paramount importance to us, the IP address with etracker is anonymised as soon as possible and registration or device recognition is converted to a specific key that cannot be traced back to a person. Any other use or amalgamation with other data, or the forwarding of data to third parties, is not carried out by etracker.

You can contest the aforementioned data processing at any time, insofar as this is related to you personally. You will not suffer any disadvantageous consequences from this.

You will find further information on data protection with etracker here.

5. Social plugins

Our internet site uses social plugins (“plugins”) from different social networks. With the help of these plugins you can share contents or recommend products, for example. The plugins on our websites are deactivated as standard and therefore do not transmit any data. By clicking on the "Activate Social Media" button you can activate the plugins. Naturally, the plugins can be activated with a simple click as well.

If these plugins are activated, your browser creates a direct link with the servers of the relevant social networks as soon as they call up one of the websites in our internet presence. The contents of these plugins are transmitted directly to your browser and linked by this to the website.

By linking the plugins, the social network receives the information that you have called up via the corresponding page in our internet presence. If you are logged in to the social network, this can assign the visit to your account. If you interact with the plugins, for example, if you click the “Like” button on Facebook or leave a comment, the corresponding information is transmitted to the social network by your browser, where it is then stored.

Please consult the relevant networks and/or websites for details of the purpose and scope of the data collection and the further processing and use of the data by said social networks as well as their rights and setting options in this regard for the protection of your private sphere. You will find the relevant links below.

Even if you are not registered with the social networks, data can be sent to these networks by websites with active social plugins. A cookie with an identification key is set by an active plugin at every visit to the website. Since your browser automatically sends this cookie with every link to a network server, in principle it would be possible for the network to create a profile on which websites the user with this identification key has visited. And then it would also be absolutely possible to trace back this identification key later on to a person, via a subsequent registration with a social network, for example.

We use the following plugins on our websites:

  • Facebook
  • Twitter
  • Pinterest
  • Instagram
  • LinkedIn
  • Xing

If you do not want social networks to collect your data via active plugins, you can either deactivate the social plugins by simply clicking on our website or click on the function "Blockcookies from third-party service providers" in your browser settings. Then your browser will not send any cookies to the server in the case of embedded contents of other providers. However, by enabling this setting it is possible that other cross-page functions will no longer operate, in addition to the deactivated plugins.

a) Facebook

We use plugins for the social network facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). You will find the link to the data protection declaration for Facebook here: Data protection declaration for Facebook.

b) Twitter

We use plugins for the social network Twitter, which is operated by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (“Twitter”). You will find the link to the data protection declaration for Twitter here: Data protection declaration for Twitter.

c) Pinterest

We use plugins for the social network Pinterest, which is operated by Pinterest Inc., 635 High Street, Palo Alto, CA, USA (“Pinterest”). You will find the link to the data protection declaration for Pinterest here: Data protection declaration for Pinterest.

d) Instagram

We use plugins for the social network instagram.com, which is operated by Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025 USA (“Instagram”). You will find the link to the data protection declaration for Instagram here: Data protection declaration for Instagram.

e) LinkedIn

We use plugins for the social network Linkedin, which is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). You will find the link to the data protection declaration for LinkedIn here: Data protection declaration for LinkedIn.

f) XING

We use plugins for the social network xing.com, which is operated by XING SE, Dammtorstraße 30, 20354 Hamburg, Germany (“XING”). You will find the link to the data protection declaration for XING here: Data protection declaration for XING.

6. YouTube

Our website uses plugins for YouTube, which is operated by Google. The operator of these pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit other pages that have a YouTube plugin, a connection to the YouTube servers is created. This means that the YouTube server is informed of which of our pages you have visited If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your profile. You can prevent this by logging out of your YouTube account. You will find further details on how your user data is used in the Data Protection Declaration for YouTube.

7. Ignition One

The provider of this website uses the services of IgnitionOne, Inc. (https://www.ignitionone.com/) for the analysis of user data. The operator of this site is IgnitionOne, Inc., 470 Park Avenue South, 6th floor, New York, NY 10016, USA. When you visit our websites, you are requested to register for our newsletter on an individual and anonymous basis. In addition, displays are shown based on retargeting lists and returning users are shown the most recently displayed content. In addition, by grouping user interests, it is possible to show them user-appropriate advertising. You will find further information on the data protection declaration for IgnitionOne Inc. here.

8. Affilinet

To correctly record sales and/or leads, affilinet places a cookie on the client’s computer (visitor’s) computer. This cookie is set by the domain partners.webmaster-plan.com and/or banners.webmasterplan.com. This cookie complies with the currently valid data protection guidelines. The cookies used by affilinet are accepted in the standard setting of the internet browser. If you do not want these cookies to be stored, please deactivate the acceptance of the cookies for the corresponding domains in your internet browser. affilinet tracking cookies do not store any personal data but only the ID of the referring partner as well as the order number for the advertising medium (banner, text link, etc.) clicked by the visitor, which are required for payment processing. The partner ID is required at the conclusion of a transaction in order to be able to allocate the commission to be paid to the referring partner concerned. You can find further details on the Awin cookie regulations here

9. advanced store GmbH

For the optimal displaying relevant advertising media and advertising campaigns advanced store GmbH, Alte Jakobstr 79/80, 10179 Berlin, is collecting, using ad4mat technology, on this page pseudonymous information and data about the surfing behavior of users. This is done through cookies (small text files) that are stored on your computer. With the help of a special algorithm based analysis of surfing behavior, advanced store GmbH can make it on this and other Website specific relevant, i.e. recommend products and offers according to your interest through banner ads. The use of cookies is only for the optimization of the recommended advertising content, a personal identification of the website user is not taking place. advanced store GmbH is committed to the European industry standard for online behavioral advertising, the EDAA. For more information and preference management, visit www.youronlinechoices.com. The services of advanced store GmbH are based on Art. 6 (1)(f) GDPR. If you want to object to the use of pseudonymous cookie IDs and the corresponding analysis of your surfing behavior, then you have the opportunity here. You will also find further information here and the privacy policy of advanced store GmbH.

10. Bing Ads

Data is collected and stored on our website using the technology of Bing Ads, from which user profiles are created on a pseudonymised basis. This is a service from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. This service allows us to track the activities of users on our website, if they have accessed our website via advertisements from Bing Ads. If you access our website via such an advertisement, a cookie is set on your computer. A Bing UET tag is integrated in our website. This is a code, via which, in conjunction with the cookie, some non-personal data about the use of the website is stored. This includes among others the time spent on the website, which pages on the website were visited and which advertisements led the users to the website. Information on your identity is not recorded. The information collected is transmitted to the Microsoft server in the USA and stored there. You can prevent the recording of the data collected by the cookie relating to your use of the website and well as the processing of this data by deactivating the setting of cookies. However, this can also result in the functionality of the website being limited. In addition, in certain circumstances Microsoft can trace your user behaviour using so-called cross-device tracking via several of your electronic devices and thus is able to integrate personalised advertising into its websites and apps, for example. You can deactivate this functionality via http://choice.microsoft.com/de-de/opt-out.

For more information on the analysis data of Bing, please visit the Bing Ads website (https://help.bingads.microsoft.com/#apex/3/de/53056/2). You will find more information on data protection at Microsoft and Bing in the data protection provisions for Microsoft (https://privacy.microsoft.com/de-de/privacystatement).

11. Sistrix

We use the web analysis tools from SISTRIX GmbH (“Sistrix”) on our website. These are analysis tools to optimize the findability of our website in search engines. In this context, only keyword, domain and search data are collected and saved. There is no collection, storage and processing of personal data. You can find more information on the collection and use of data at www.sistrix.de/sistrix/datenschutz/

12. Sabre

This website uses the software provider Sabre Inc. for the provision of an online booking machine  (https://www.sabre.com)  The operator of the website is Sabre GLBL Inc., 3150 Sabre Drive, Southlake, Texas 76092, USA. The personal data that you provided with your order during the purchase process is used for the purposes of business processing. You will find further information on the data protection declaration for Sabre Inc here.

13. SITPAY

This website uses the SITPAY cash accounting system for e-payments and customer loyalty programmes (http://www.sit-pay.de/) for processing purchases with vouchers. The operator of this website is SIT Solution for IT-Payment GmbH, Eiffestr. 74, D-20537 Hamburg. The personal data that you provided with your voucher purchase during the purchase process is used for the purposes of business processing. You will find further information on the data protection declaration for SIT Solution for IT-Payment GmbH here.

14. NextGuest CRM

This website uses the data warehouse NextGuest CRM for customer relationship management (CRM) (https://www.nextguestcrm.com/). The operator of this website is Serenata IntraWare GmbH, Neumarkter Str. 18, 81673 Munich. NextGuest CRM saves and processes your data with your registration for our newsletter or the Lindner Nights Programme. You will find further information on the data protection declaration for NextGuest CRM.

15. Matterport

Our website contains virtual tours of hotels connected via the portal my.matterport.com. The operator of this portal is Matterport, Inc., 352 E. Java Dr. Sunnyvale, CA 94089, USA.

When you visit our pages that include a virtual tour, a link is created to the Matterport servers. This means that the Matterport server is informed which of our pages you have visited. Matterport also receives your IP address. This occurs even if you are not logged into Matterport or do not have an account with Matterport. The information recorded by Matterport is sent to the Matterport servers in the USA.

If you are logged into your Matterport account, you enable Matterport to assign your surfing behaviour directly to your profile. You can prevent this by logging out of your Matterport account.

Matterport is used in the interests of creating an attractive representation of our online offers. This represents a legitimate interest as defined in Art. 6 (1) f) GDPR. You can find further information about how Matterport implements the GDPR and handles user data at https://support.matterport.com/hc/en-us/articles/360000904267-Matterport-s-Plan-for-GDPR and in Matterport's Privacy Policy at https://matterport.com/legal/privacy-policy/.

16. TrustYou

We use features supplied by TrustYou GmbH on our website. TrustYou collects and analyses guest reviews, questionnaires and social media posts on the internet. The reviews generated by TrustYou are an efficient way for us to improve our services. By using the service from TrustYou you get the best overview of what guests are saying about your hotel. Reviews you share with TrustYou are received and stored there. You can find further information about this in the TrustYou Privacy Policy at https://www.trustyou.com/de/downloads/privacy-policy-de.pdf

17. Squarelovin

The provider of this website uses the services of Squarelovin (https://squarelovin.com) to display user-generated content. The content is collected via the network Instagram (www.instagram.com). Our partner here is Anchor Media GmbH, Budapester Strasse 45, 20253 Hamburg, Germany. You can find further information about data protection legislation at https://sqln.io/ldh?lang=de.

18. Adobe Analytics

We use Adobe Analytics, a web analytics tool, on our website. The service provider is the American company Adobe Inc. The Irish company Adobe Systems Software Ireland Companies, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland, is responsible for the European region.

Adobe also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may pose various risks to the lawfulness and security of data processing.

As a basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular the USA) or a data transfer there, Adobe uses so-called standard contractual clauses (see Art. 46 (2) and (3) DS-GVO).

Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through these clauses, Adobe undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the United States. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en  .

For more information about the standard contractual clauses and about the data processed through Adobe's use, see Adobe's Privacy Policy at https://www.adobe.com/privacy.html .

XI. Rights of the affected person

Pursuant to Art.15 GDPR in conjunction with § 34 BDSG (Bundesdatenschutzgesetz [Federal Data Protection Act]) you have the unrestricted right to information, which is free of charge, on the personal data that we hold on file on you as well as pursuant to § 35 BDSG the right to the deletion or blocking of inadmissible data and/or the right to the correction of any erroneous data respectively.

Upon application, we will be happy to provide you in writing with details on whether and what personal data we have filed on you. As far as possible, we shall take appropriate measures to update and or correct any data that we hold on you in the shortest time possible. Please send all information requests, enquiries regarding information or complaints about data processing, by email, stating your full postal address, directly to our data protection officer.

If your personal data is being processed, you are an affected person within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible:

1. Right of information

You can request a confirmation from the person responsible whether personal data that affects you is being processed by us.

If such processing is indeed being carried out, you can request the following information from the person responsible:

  • the purposes for which your data is being processed;
  • the categories of personal data that is being processed;
  • the recipients and/or categories of recipients to whom the personal data that affects you is being disclosed or will be disclosed in the future;
  • the planned storage period for the personal data that affects you or, if it is not possible to give any specific information in this regard, the criteria for determining the storage period;
  • the existence of a right to rectification or deletion of the personal data that affects you, a right to the restriction of processing by the person responsible and a right to object to this processing;
  • the existence of a right to appeal to a supervisory authority;
  • all available information on the origin of the data, if the personal data was not collected from the person affected;
  • the existence of an automated decision-making process including profiling pursuant to Art. 22 para. 1 and 4 GDPR and – at least in these cases – meaningful information on the logic involved as well as the scope and the envisaged impact of such processing for the affected person.

You have the right to request information whether the personal data that affects you is being transmitted to a third country or to an international organisation. In this connection you can request to be informed about the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.

2. Right to rectification

You have a right to rectification and/or completion vis-à-vis the person responsible, insofar as the personal data that affects you being processed is wrong or incomplete. The person responsible must carry out the rectification as quickly as possible.

3. Right to a restriction in the processing

Subject to the following conditions you can request a restriction in the processing of the personal data that affects you:

  • if you are contesting the correctness of the personal data that affects you for a period of time that allows the person responsible to check the correctness of the personal data;
  • if the processing is unlawful and you refuse to have the personal data deleted but instead request a limitation in the use of the personal data;
  • the person responsible no longer requires the personal data for the purposes of processing, but you require them for enforcement or execution purposes or for the defence of legal claims, or
  • if you have submitted a complaint concerning the processing pursuant to Art. 21 para. 1 GDPR and it is not yet clear whether the justified reasons of the person responsible take precedence over your reasons.

If the processing of the personal data that affects you is restricted, this data – apart from its storage – may only be processed with your consent or in order to enforce, execute or defend legal claims or for the protection of the rights of another natural person or legal entity or for reasons of an important public interest on the part of the European Union or another member state.

If the limitation in the processing pursuant to the aforementioned conditions is restricted, you will be informed by the person responsible before said restrictions are lifted.

4. Right to deletion

a. Duty to delete

You can request from the person responsible that the personal data that affects you should be deleted with immediate effect, and the person responsible is obliged to delete this data immediately, if one of the following reasons applies:

  • the personal data that affects you is no longer required for the purposes for which they were collected or for which they were processed in another manner.
  • You revoke your consent on which the processing is based pursuant to Art. 6 para. 1a or Art. 9 para. 2a GDPR and there is no other legal basis for the processing.
  • Pursuant to Art. 21 para. 1 GDPR you have submitted a complaint regarding the processing and there are no overriding reasons that justify the processing, or you have submitted a complaint regarding the processing pursuant to Art. 21 para. 2 GDPR.
  • The personal data that affects you was unlawfully processed.
  • The deletion of the personal data that affects you is required for the fulfilment of a legal duty according to the law of the European Union or the law of a member state to which the person responsible is subject.
  • The personal data that affects you was collected in connection with services offered by the information society pursuant to Art. 8 para. 1 GDPR.

b. Information to third parties

If the person responsible has made the personal data that affects you publicly and if they are obliged to delete it pursuant to Art. 17 para. 1 GDPR, they shall implement appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform the officers involved in the data processing who are processing the personal data that, as the affected person, you have requested that they should delete all the links to this personal data as well as any copies or replicas thereof.

c. Exceptions

There is no right to deletion if the processing is necessary

  • for the enforcement of the right to free speech and information;
  • for the fulfilment of a legal duty that requires the processing pursuant to the law of the European Union or of a member state that is subject to said responsibility, or in order to fulfil a task that is in the public interest or is a result of the exercise of public authority with which the person responsible has been entrusted;
  • for reasons of the public interest within the area of public health pursuant to Art. 9 para. 2h and i as well as Art. 9 para. 3 GDPR;
  • for the purposes of archiving that are in the public interest, or for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, if the law mentioned in Section a) will probably make the realisation of the aims of this processing impossible or will seriously impede it, or
  • for the enforcement, execution and defence of legal claims.
5. Right to information

If you have exercised your right for correction, deletion or restriction in processing vis-à-vis the person responsible, the latter is obliged to inform all the recipients of the personal data that affects you of this correction or deletion of the data or the restriction in processing, unless this should prove to be impossible or it entails a disproportionate amount of time and effort.

You have the right to be informed of these recipients by the person responsible.

6. Right to data transferability

You have the right to receive the personal data that affects you and that you have made available to the person responsible, in a structured, current and machine-processable format. In addition, you have the right to transfer this data to another person responsible without any obstacle being placed in the way by the person responsible for whom the personal data was prepared, insofar as

(1)          the processing is based on a consent pursuant to Art. 6 para. 1a GDPR or Art. 9 para. 2a GDPR or on a contract pursuant to Art. 6 para. 1b GDPR and

(2)          the processing is carried out with the aid of an automated procedure.

In exercising this right, you also have the right to insist that the personal data that affects you is transferred directly from the one person responsible to the other, insofar as this is technically possible. The rights and freedoms of others must not be restricted by this.

The right of data transferability does not apply for the processing of personal data that are required for the execution of a task that is in the public interest or is a result of the exercise of public authority with which the person responsible has been entrusted.

7. Right to object

You have the right to object at any time to the processing based on Art. 6 para. 1e or f GDPR of the personal data that affects you, for reasons that are pertinent to your particular situation; this also applies for any profiling based on these provisions.

The person responsible shall no longer process the personal data that affects you unless they are able to provide irrefutable reasons sustaining the worthiness of the protection of the processing that supersede your own interests, rights and freedoms, or the processing is for the purpose of the enforcement, execution or defence of legal claims.

If the personal data that affects you is processed for direct marketing purposes, you have the right at any time to object to the use of the personal data that affects you for the purpose of such advertising; this also applies for any profiling, insofar as it is carried out in connection with such direct advertising.

If you object to the processing for the purpose of direct advertising, the personal data that affects you will no longer be processed for these purposes.

You have the option, in connection with the use of services of the information society – irrespective of Directive 2002/58/EC – to exercise your right to object by means of an automated procedure in which technical specifications are used.

8. Right to revoke the data protection declaration of consent

You have the right to revoke your data protection declaration of consent at any time. The legality of the processing up until the point of the revocation of your consent is not affected by this.

9. Automatic decision in an individual case including profiling

You have the right not to be bound by a decision that is based exclusively on automated processing – including profiling – that restricts you vis-à-vis any legal effect or that considerably restricts you in any other way. This does not apply if the decision

  • for the conclusion or the completion of a contract between you and the person responsible is required,
  • based on the legal provisions of the European Union or of the member states to which the person responsible is subject, is admissible and these legal provisions contain appropriate measures for the maintenance of your rights and freedoms as well as your justified interests or
  • is carried out with your express consent.

However, these decisions may not be based on specific categories of personal data pursuant to Art. 9 para. 1 GDPR, if Art. 9 para. 2a or g applies and appropriate measures for the protection of your rights and freedoms as well as your justified interests were met.

With regard to the cases mentioned in (1) and (3) the person responsible shall take appropriate measures to maintain your rights and freedoms as well as your justified interests, whereby the right to intercede on behalf of a person by the person responsible, to the presentation of a personal point of view and to challenge the decision is included at least.

10. Right to lodge a complaint with a supervisory authority

Irrespective of any other legislative or regulatory judicial remedies, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place where the alleged violation took place, if you are of the opinion that the processing of the personal data that affects you has violated the GDPR.

The supervisory authority to whom the complaint is submitted shall inform the complainant about the status and the results of the complaint, including the possibility of any judicial remedy pursuant to Art. 78 GDPR.

XII. Online application

If you should apply online for a job that we are advertising, we shall fundamentally collect only data that is required in order to process your application with LINDNER Hotels AG. These are your title, first name, last name, application documents and email or telephone number so that we can contact you.

However, the provision of your email address and telephone number is voluntary. You will not suffer any negative consequences if you do not supply these details. However, the non-provision of a telephone number can make communication for a telephone interview more difficult.

Your personal information and data is collected and stored with the greatest of care and integrity and used only for the purpose stated. The provisions of the EU General Data Protection Regulation as well as the national laws are complied with. 

You agree to the processing and transmission of your data exclusively for the application process. Data processing is carried out on the basis of § 26 BDSG. You confirm that all the information you have provided is correct. You are also aware that any incorrect information can result in the termination of the employment contract. We delete your information once the application procedure has been terminated and after the expiry of the statutory storage periods of 6 months, if your application is unsuccessful.

We use the portal HOTELCAREER provided by the company YOURCAREERGROUP GmbH, Kaiserswerther Straße 282, 40474 Düsseldorf, for the online application procedure, and they support us as part of the contract processing strictly in line with the relevant instructions. If you upload a profile at www.hotelcareer.de and apply for positions with different companies, YOURCAREERGROUP GmbH is responsible for the data processing. Please note the data protection provisions that you will find there. We delete your information once the application procedure has been terminated and after the expiry of the statutory storage periods of 6 months at the latest, if your application is unsuccessful.

XIII. Data transmission to cooperation partners

1. HYATT

Transfer of personal data to Hyatt Services GmbH, Römerpassage 1, 55116 Mainz, Germany (“Hyatt”)

As of December 1, 2022 our hospitality services will be offered under a strategic collaboration with Hyatt.  Our collaboration will require the transfer of personal data to Hyatt for the purposes of fulfilling your booking and providing our services. 

If you provide your consent pursuant to Art. 6 (1) lit. a) GDPR, we will directly forward your booking request together with your first and last name, title, address and email address to Hyatt. For more information on how Hyatt processes your personal data, please refer to Hyatt’s privacy notice under https://www.hyatt.com/en-US/info/privacy-policy-eu-ch

You should be aware that without your consent, we cannot forward your booking request to Hyatt and we will not be able to process your booking request.  You can revoke your consent at any time before your stay. 

If you do revoke your consent, Hyatt will delete any data about you it has received. A cancellation of your booking due to the revocation of your consent will be subject to the cancellation provisions in our terms and conditions. 

To revoke your consent in respect of a booking prior to June 30, 2023 please contact Lindner directly at services@lindner.de.  To revoke your consent in respect of a booking after June 30, 2023 onwards please contact Hyatt at Hyatt Services GmbH, Römerpassage 1, 55116 Mainz, Germany or by E-Mail at privacy@hyatt.com.

XIV. Miscellaneous

Foreign-language pages

If parts of our internet presence are offered in languages other than German, this is meant exclusively as a service for our clients, employees and prospective clients, who are not German speakers.

The German language version of our privacy notice shall take precedence in the event any inconsistencies arise between it and a version of the privacy notice in another language.

XV. Data protection information pursuant to Art. 13 GDPR

Data protection information pursuant to Art. 13 GDPR

Date of our Data Protection Declaration: February 2020

 

Deletion request or information request concerning personal data under the GDPR

Do you want to receive information about the personal data stored about you in our IT systems, or do you want to delete your personal data?

Deletion request or information request concerning personal data under the GDPR