We are pleased that you are visiting our website, and we thank you for your interest in our Hotel. The protection of personal data is an important concern of ours. Therefore, the processing of personal data, for example, the name, address, email address or the telephone number of a data subject, ensues in accordance to the current European and national regulations.
In the event that the processing of personal data is required and there is no legal basis for such processing, we generally request the permission of the data subject.
You can, of course, recant your declaration(s) of permission at any time with effect for the future. Please contact the controller to do so. You will find the contact information in the lower section of this Data Privacy Statement.
In the following, the Hotel St. Raphael Hospiz GmbH (hereafter: “Best Western Plus Hotel St. Raphael”) would like to inform the general public of the manner, scope and purpose of the personal data they process. Furthermore, the rights of the data subjects are explained in this Data Privacy Statement.
Definitions of Terms
The Data Privacy Statement of the Best Western Plus Hotel St. Raphael is based on the terms used by the European Directive Committee and Regulators as decreed by the EU General Data Protection Regulation (hereafter called “GDPR”). Our Data Privacy Statement should be easy to read and understand for both the general public and for our guests and business partners. To ensure this, we would like to first explain the terms used.
We use the following terms, among others, in this Data Privacy Statement and on our website:
Personal data shall mean any information relating to an identified or identifiable natural person (hereafter called “data subject”). A natural person is considered identifiable who can, directly or indirectly, be identified in particular through the assignment of an identifier such as a name, an identification number, location data, an online identification data or one or more specific features that express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
Data subject is any identified or identifiable natural person whose personal data are processed by the controllers.
Processing is any operation or any such set of operations performed with or without the aid of automated means in connection with personal data such as the collection, recording, organisation, classification, storage, adjustments or changes, selection, retrieval, use, publication through disclosure, dissemination or otherwise making available, the matching or linking, restriction, deletion or destruction.
Limiting the processing is the marketing of stored personal data with the aim of limiting the future processing of the data.
Profiling is any form of automated processing of personal data which consists of using this personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects regarding the job performance, economic status, health, personal preferences, interests, reliability, behaviour, residence or change of location of this natural person.
Pseudonymisation is the processing of personal data in a manner in which the personal data can no longer be assigned to a specific natural person without additional information as long as this additional information is separately stored and is subject to technical and organisational measures that guarantee that the personal data cannot be assigned to an identified or identifiable natural person.
Controller is the natural or legal person, authority, institution or other entity who solely or collaboratively makes decisions regarding the purposes and means of the processing of personal data. If the purposes or means of this processing is specified by European Union law or the laws of its member states, the controller(s) or the specific criteria of his/her appointment can be specified in accordance with the EU law or the laws of its member states.
Processor is a natural or legal person, authority, institution or other entity that processes the personal data on behalf of the controller.
Recipient is a natural or legal person, authority, institution or other entity to which the personal data is disclosed regardless of whether a third party is or is not involved. Authorities that possibly receive personal data within the framework of a specific inquiry in accordance with EU law or the laws of its member states are not considered recipients.
Third party is a natural or legal person, authority, institution or other entity other than the data subject, the controller, the processor and the persons who, under the direct responsibility of the controller or processor, are authorised to process personal data.
Permission is any expression of willingness in the form of a statement or any other clear action of confirmation voluntarily and unequivocally submitted in an informed state by the data subject for the specific case with which the data subject indicates that he/she agrees with the processing of the personal data relating to him/her.
The data subject has the opportunity to register on the website of the controller by submitting personal data. Which personal data should be submitted to the controller for the processing is revealed in the respective input mask used for the registration. The personal data entered by the data subject are exclusively for the internal processing which the controller collects and stores for its own purposes. The controller can arrange the disclosure to one or more processors (for example, a package service) which likewise uses personal data exclusively for internal purposes attributed to the controller.
In registering on the website of the controller, the IP address given to the data subject by the Internet Service Provider (IPS) as well as the date and the time of the registration are stored. The storage of these data occurs taking into consideration that the misuse of our services can only be prevented in this way and these data make it possible to detect offenses and copyright infringements should the situation arise. In this respect, the storage of these data is required for the protection of the controller. Principally, a disclosure of these data to third parties does not occur provided there is no legal obligation for disclosure or the disclosure is conducive to the prosecution.
The registration of the data subject through voluntary submission of personal data serves the purposes of the controller by offering the data subject contents or services that can only be advertised to registered users due to the nature of the matter. The opportunity is open to registered persons to allow for the complete deletion of the personal data submitted for the registration from the database of the controller.
The controller provides information to any data subject upon request at any time about what type of personal data from the data subject has been stored. Furthermore, the controller corrects or deletes personal data at the request or notice of the data subject so far as there are no legal obligations for retention.
Personal data are also processed by the Best Western Plus Hotel St. Raphael if you supply us with this data. This occurs, for example, each time you contact us. We use the personal data transferred in this way exclusively for the purpose for which you have made the data available through the contact. A disclosure of this information expressly occurs on a voluntary basis and with your permission. If this concerns information for communication channels (for example, email addresses, telephone numbers), you also give permission that we contact you through these communication channels as well if necessary in order to answer your requests.
Best Western Plus Hotel St. Raphael meets many technical and organisational measures in order to protect your personal data against unintentional and unlawful deletion, change or against loss and unauthorised disclosure or unauthorised access.
Nevertheless, internet-based data transmissions, for example, can inherently have security vulnerabilities so that absolute protection cannot be guaranteed. For this reason, any data subject is free to also deliver personal data through alternative routes to us such as, for example, by telephone.
Links to Other Websites
This website contains links to other websites (so-called external links).
Best Western Plus Hotel St. Raphael as a supplier is responsible for its own content in accordance to the current European and national regulations. Links in the content provided by other providers must be distinguished from our own content. We cannot influence whether operators of other websites observe the current European and national legal regulations. Please read the information provided on the data privacy statements on the respective websites. Best Western Plus Hotel St. Raphael assumes no responsibility for external content that is made available for use through links and are specially labelled and do not make the content our own. Liability lies solely with the provider of the website referenced in the case of illegal, erroneous or incomplete content as well as for damages that ensue through the use or non-use of the information.
You can perform the permission and refusal of cookies – even for webtracking – in the settings of your web browser. You can configure your web browser in such a way that the acceptance of cookies is principally denied or that you are informed in advance when a cookie should be saved. In this case, the functionality of the website can, however, be affected (for example, when placing orders). Your browser also offers a function to delete cookies (for example, with “Delete browser data”). This is possible in all current web browsers. Further information on this can be found in the operation manual or in the settings of your browser.
Collection of General Data and Information
The Best Western Plus Hotel St. Raphael website collects a series of general data and information with every access to the website by a data subject or an automated system. These general data and information are stored in the log files of the server. The following can be collected:
- the types of browser and versions used
- the operating system used by the accessing system
- the website from which an accessing system reached our website (so-called referrer)
- the sub-websites which are steered by an accessing system to our website
- the date and time of an access to the website
- a web protocol address (IP address)
- the internet service provider of the accessing system
- other similar data and information that serve to divert dangers in the case of attacks to our IT systems
Best Western Plus Hotel St. Raphael does not draw conclusions about the data subject in the use of these general data and information. Rather, this information is required to:
- correctly deliver the contents of our website
- optimise the contents of our website and the advertisement for this
- ensure uninterrupted operability of our IT systems and the technology of our website
- make necessary information for prosecution available to prosecution authorities in the event of a cyber attack
These anonymously recorded data and information are therefore statistically analysed by Best Western Plus Hotel St. Raphael with the aim of increasing the data protection and the privacy security in our company in order to ultimately guarantee an optimal level of protection for the personal data we process. The anonymous data from the server log files are stored separately from the personal data submitted by a data subject.
Routine Deletion and Blocking of Personal Data
The controller processes (also in the sense of: stores) personal data of the data subject only for the period of time required for the attainment of the storage purpose or inasmuch as this is stipulated by the European Directive Committee and Regulators or other legislative bodies in regulations or specifications to which the controllers are subject.
If the storage purpose should be omitted or the prescribed storage period of the European Directive Committee and Regulators or another authorised legislative body expires, the personal data are routinely blocked or deleted in accordance with the legal specifications.
Rights of the Data Subject
Right of Confirmation: Every data subject has the right to request a confirmation from the controller if the relating personal data are processed. If a data subject would like to claim the right to confirmation, he/she can appeal to the controller for this at any time.
Right of Access to Information: Every data subject with processed personal data has the right to receive information free of charge from the controller about his/her stored personal data and a copy of this information at any time. Furthermore, the European Directive Committee and Regulators has permitted the data subject access to details about the following information:
- the processing purposes
- the categories of personal data that are processed
- the recipients or categories of recipients to whom the personal data has been disclosed or is still being disclosed, in particular, recipients in third world countries or in international organisations
- if possible, the intended period for which the personal data is stored or, if not possible, the criteria for the establishment of this period
- the existence of the right to rectify or delete personal data of the data subject or the right to limit the processing by the controller or a right of objection against this processing
- the existence of a right of repeal with a regulatory authority
- if the personal data are not recorded with the data subject: All available information on the origin of the data
- the existence of an automated decision-making including profiling according to article 22 sections 1 and 4 of the EU-GDPR and – at least in such cases – significant information about the involved logic as well as the consequences and intended effects of such processing for the data subject
Furthermore, the data subject is entitled to a right of access to information about whether personal data have been sent to a third world country or an international organisation. Insofar as this is the case, the data subject also has the right to receive information about the appropriate guarantees in connection to the transfer of the data.
If a data subject would like to claim this right to information, he/she can appeal to the controller for this at any time.
Right to Rectify: Every data subject with processed personal data has the right to request the immediate rectification of inaccurate personal data relating to him/her. Furthermore, the data subject is entitled to the right to request the completion of incomplete personal data – also by means of a supplementary statement – bearing in mind the purpose of the processing.
If a data subject would like to claim this right to rectify, he/she can appeal to the controller for this at any time.
Right to Deletion (Right to Be Forgotten): Every data subject with processed personal data has the right to request from the controller that the personal data relating to him/her be promptly deleted provided one of the following reasons pertains and if the processing is not necessary:
- The personal data are recorded for such purposes or processed in another manner for which they are no longer necessary.
- The data subject revokes his/her permission on which the processing is based in accordance with article 6 section 1 (a) of the EU-GDPR or article 9 section 2 (a) of the EU-GDPR, and another legal basis for the processing is lacking
- The data subject files an objection against the processing in accordance with article 21 section 1 of the EU-GDPR, and there are no predominant legitimate reasons for the processing, or the data subject files an objection against the processing in accordance with article 21 section 2 of the EU-GDPR.
- The personal data were unlawfully processed.
- The deletion of personal data is necessary for the fulfilment of a legal obligation in accordance with European Union laws or the laws of its member states to which the controller is subject.
- The personal data was recorded with regard to the information society services provided in accordance with article 8 section 1 of the EU-GDPR.
If one of the above-mentioned reasons pertains and a data subject would like to initiate the deletion of personal data that are stored with the Best Western Plus Hotel St. Raphael, he/she can appeal to the controller for this at any time. The data subject’s deletion request is then complied with immediately.
If the Best Western Plus Hotel St. Raphael release personal data and our company is obligated as a controller to delete personal data in accordance with article 17 section 1 of the EU-GDPR, Best Western Plus Hotel St. Raphael then meets appropriate measures, also of a technical nature, considering the available technology and the implementation costs to inform other controllers who process the released personal data that the data subject has requested the deletion of all links to this personal data or of copies or replications of this personal data by these other controllers if the processing is unnecessary. The controller will then arrange for what is necessary in the individual case.
Right to Limit the Processing: Every data subject with processed personal data has the right to request the limitation of the processing from the controller if one of the following requirements is given:
- The accuracy of the personal data is challenged by the data subject, and this is for a period that enables the controller to check the accuracy of the personal data.
- The processing is illegal, the data subject declines the deletion of the personal data and instead requests limiting the use of the personal data.
- The controller no longer requires the personal data for the purposes of the processing, the data subject, however, requires the data for the assertion, exercise or defence of legal claims.
- The data subject has filed an objection to the processing in accordance to article 21 section 1 of the EU-GDPR, and it is still undetermined whether the legitimate reasons of the controller outweigh those of the data subject.
If one of the above-mentioned requirements is given and a data subject would like to request the limiting of the personal data that is stored with the Best Western Plus Hotel St. Raphael, the data subject can appeal to the controllers for this at any time. The limitation of the processing is arranged for immediately.
Right to Data Portability: Every data subject with processed personal data has the right to receive the personal data relating to him/her which were supplied to the controller by the data subject in a structured, current and machine-readable format. The data subject also has the right to transfer these data to another controller without interference from the controller to whom the personal data was submitted provided the processing is based on the permission in accordance to article 6 section 1 (a) of the EU-GDPR or article 9 section 2 (a) of the EU-GDPR or based on a contract in accordance with article 6 section 1 (b) of the EU-GDPR. Moreover, the processing occurs with the aid of automated processes provided the processing is not necessary for the realisation of a task carried out in the public interest or in the exercise of official authority granted to the controller.
Furthermore, in exercising his/her right to data portability in accordance with article 20 section 1 of the EU-GDPR, the data subject is entitled to the situation in which the personal data are transferred directly from a controller to another controller if this is technically feasible and provided the rights and freedoms of other persons are not affected by this.
The data subject can appeal to the controllers for the assertion of the right of data portability at any time.
Right to Object: Every data subject with processed personal data has the right to file an objection at any time based on reasons arising from their particular situation against the processing of personal data relating to him/her which ensue in accordance with article 6 section 1 (e) or (f) of the EU-GDPR. This also applies to profiling based on these provisions.
The Best Western Plus Hotel St. Raphael no longer processes the personal data in the case of an objection unless we can prove compelling legitimate grounds for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves the assertion, exercise or defence of legal claims.
If the Best Western Plus Hotel St. Raphael is processing personal data in order to engage in direct advertising, the data subject then has the right to file an objection against the processing of personal data for the purpose of such advertising at any time. This also applies to the profiling provided it is connected to such direct advertising. If the data subject objects to the processing for the purposes of direct advertising by Best Western Plus Hotel St. Raphael, the Best Western Plus Hotel St. Raphael will then no longer process the personal data for these purposes.
In addition, the data subject has the right to file an objection based on reasons arising from his/her situation against the processing of personal data relating to him/her that ensues at the Best Western Plus Hotel St. Raphael for the purposes of scientific or historical research or for statistical purposes in accordance with article 89 section 1 of the EU-GDPR unless such processing is necessary for the fulfilment of a task carried out in the public interest.
In exercising the right to objection, the data subject can directly appeal to the controller. Furthermore, the data subject is free to exercise his/her right to object by means of automated procedures in which technical specifications are used in connection with the use of information society services notwithstanding Directive 2002/58/EG.
Automated Decisions in the Individual Case including Profiling: Every data subject with processing personal data shall have the right not to be subject to a decision exclusively based on automated processing – including profiling – that produces legal effects for him/her or considerably impairs him/her in a similar manner if the decision:
- is not required for the completion or fulfilment of a contract between the data subject and the controller or
- is admissible based on the legal specifications of the EU or its member states to which the controller is subject and these legal specifications contain appropriate measures for the safeguarding of rights and freedoms as well as the warranted interest of the data subject or
- ensues with express permission of the data subject.
If the decision for the completion or fulfilment of a contract between the data subject and the controller is required or ensues with the express permission of the data subject, the Best Western Plus Hotel St. Raphael meets appropriate measures to safeguard the rights and freedoms as well as the warranted interests of the data subject to which belong at least the right to obtaining the engagement of a person on the side of the controller, to expressing an individual’s views and to challenge the decision.
If the data subject would like to claim rights referring to automated decisions, he/she can appeal to the controller for this at any time.
Right to the Retraction of Data Privacy Permission: Every data subject with processed personal data has the right to retract a permission for the processing of personal data at any time.
If the data subject would like to claim his/her right to the retraction of a permission, he/she can appeal to the controller for this at any time.
Data Privacy in Applications and in the Application Process
The controller collects and processes data from applicants for the purpose of execution of the application process. The processing can also take place by electronic means.
This is particularly the case when an applicant sends appropriate application documents by electronic means, for example via email, to a controller. If the controller concludes an employment contract with an applicant, the data transferred for the purpose of the execution of the employment relationship are stored with consideration of the legal specifications. If the controller does not conclude an employment contract with the applicant, the application documents are automatically deleted six months after the notification of the decision of refusal provided a deletion is not in opposition to any other warranted interests of the controllers. Other warranted interest in this sense is, for example, a burden of proof in a process based on the General Equal Treatment Act.
Use of Google Analytics (with Automation Function)
This website uses Google Analytics, a web analysis service of Google Inc, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; “Google”). The use includes the “Universal Analytics”; operating mode. This facilitates the assignment of data, sessions and interactions across several devices to a pseudonymous user ID and thus the analysis of a user's activities across devices. This data protection notice is provided by www.intersoft-consulting.de.
Click here to opt-out of Google Analytics
Use of Google Maps
Name and Address of the Controller:
Controller in terms of the EU General Data Protection Regulation (EU-GDPR), other valid data protection regulations in the Member States of the European Union and other specifications with data protection character are the:
Best Western Plus Hotel St. Raphael
Hotel St. Raphael Hospiz GmbH
Adenauerallee 41, D-20097 Hamburg
Phone +49 (0) 40 / 248 20-0
Fax +49 (0) 40 / 248 20-333
Manager: Athanasia Sotiropoulos
Name and Address of the Data Protection Officers:
Perleberger Str. 10b, D-25421 Pinneberg
Phone +49 (0) 4101 / 77 44 70
Amendments to the Data Protection Directive:
We reserve the right to amend our data protection practices and this directive in order to, if necessary, adapt them to amendments in relevant regulations or specifications or to better address your needs.
Possible amendments to our data protection practices are made known accordingly at this location. Please note the current version date of the Data Privacy Statement.
Hamburg, April 2018