Privacy policy - Otto's Skybar

Data Protection Declaration

Data protection is a matter of trust and your trust is important to us. We respect your private sphere and privacy rights. The protection of your personal data that is collected, processed and used in compliance with the law, is therefore of great importance to us. In order to ensure that you feel comfortable when using our websites, we observe strict compliance with the statutory provisions when processing your personal data, and we should now like to inform you about the collection and use of your data here.

We are committed to compliance with the DS-GVO (Datenschutz Grundverordnung [General Data Protection Regulation - GDPR]) as well as the nationally valid data protection laws. For us the topic of data protection has an extremely high priority throughout our company and we work together exclusively with partners who can demonstrate an equally stringent data protection level in their processing procedures. We process your data only if you have given us your express permission to do so and it is necessary for the purposes of processing a contract or it relates to pre-contractual measures on a service-provision basis, or insofar as the relevant laws permit and/or require this respectively. The following data protection information contains both the current national legal framework that applies, as well as the provisions of the EU General Data Protection Regulation (GDPR) that came into force Europe wide on 25 May 2018. Reference to the legal principles of the GDPR are relevant from 25 May 2018. Under no circumstances will we sell your data or pass it on to unauthorised third parties. In the following we should like to inform you in detail about how we handle your data in our business units.

You can print or save this document by using the standard functionality of your browser. In the following Data Protection Declaration, you will find out which data we record on our website and how we process and use the different data.

I. Name and address of the person responsible

The person responsible within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection provisions is:

Lindner Hotels AG
Emanuel-Leutze-Straße 20; D-40547 Düsseldorf
Telephone: +49 211 5997-310
Fax: +49 211 5997-348
Email: info@lindner.de
Internet: www.lindner.de

Person responsible for web content:

Maximilian Abele
maximilian.abele@lindner.de

II. Name and address of the data protection officer

The data protection officer for the person responsible is:

TÜV Informationstechnik GmbH
IT Security, Business Security & Privacy
Specialist Unit for Data Protection
Langemarckstraße 20
45141 Essen

Telephone +49 201 - 8999-899
Fax +49 201 - 8999-666
Email: privacyguard@tuvit.de

Head of Data Processing:

Michael Eckert

III. General information on data processing

1. Scope of the processing of personal data

Fundamentally we collect and use the personal data of our users only insofar as this is required for the provision of a fully functional website and for our contents and services. The collection and use of the personal data of our users is carried out on a regular basis but only following the consent of the user. An exception applies in cases where prior consent cannot be obtained for specific reasons and the processing of the data is permitted by statutory provisions.

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the person affected for the processing of personal data, Art. 6 para. 1a of the EU General Data Protection Regulation (GDPR) serves as a legal basis for the processing of said personal data.

In the case of the processing of the personal data that is required for the fulfilment of a contract, the contracting party of which is the affected person, Art 6 para. 1b GDPR serves as the legal basis. This also applies for processing procedures that are required for the execution of pre-contractual measures.

Insofar as the processing of personal data is required for the fulfilment of a legal obligation to which our company is subject, Art 6 para. 1c GDPR serves as the legal basis.

In the event that the vital interests of the affected person or another natural person make the processing of the personal data necessary, Art 6 para. 1d GDPR serves as the legal basis.

If processing is required in order to maintain a justified interest of our company or a third party and if the interests, basic rights and basic freedoms of the affected person do not take precedence over the aforementioned interest, Art 6 para. 1f GDPR serves as the legal basis for the processing.

3. Data deletion and duration of storage

The personal data of the person affected is deleted or blocked as soon as the reason for the data to be stored is no longer valid. However, they can continue to be stored if this is provided for in the European or national legislature, or in specific rules, directives or other provisions of European Union law to which the responsible person is subject. The blocking or deletion of the data is also carried out if the storage date prescribed by the aforementioned norms expires, unless there is a requirement for the data to continue to be stored for the conclusion or the performance of a contract.

IV. Availability of the website and creation of log files

1. Description and scope of data processing

Every time our internet site is accessed, our system automatically records data and information from the computer system of the calling PC.

The following data is collected in this case:

Information about the browser type and the version used
The operating system of the user
Hashed mobile code numbers for the device
Hashed cross device identifier
Geographic information
Digital fingerprints
Language settings in the user’s browser
User’s customer journey within our website
The user’s internet service provider
Abbreviated IP addresses
Date, time and duration of visit
Websites from which the user’s system accesses our internet site
Websites that are called up by the user’s system via our internet site

The data is also stored in the log files of our system. This data is not stored together with the other personal data of the user.

2. Legal basis for data processing

The legal basis for the temporary storage of the data and log files is Art. 6 para. 1f of GDPR.

3. Purpose of the data processing

The temporary storage of the IP address by the system is required in order to enable a delivery from the website to the user’s computer. Therefore, the user’s IP address must remain stored for the whole duration of the visit.

Storage in log files is carried out in order to guarantee the functionality of the website. In addition, the data helps us to optimise the website and to guarantee the security of our information technology systems. No evaluation of the data for marketing purposes is carried out in connection with this.

For these purposes our justified interests in data processing are in accordance with Art. 6 para. 1f GDPR.

4. Duration of storage

The data is deleted as soon as it is no longer required for the purposes for which it was collected. In the case of collecting the data in order to make the website accessible to the visitor, they are deleted once the visit has ended.

In the case of storing the data in log files, this is the case after seven days at the latest. Further storage is possible. In this case the user’s IP addresses are either deleted or anonymised, so that it is no longer possible to allocate them to the visiting client.

5. Opportunity to contest data or have it eliminated

The collection of data in order to make the website available and the storage of said data in log files is required for the proper functioning of the website. Therefore, the user does not have a right to contest the data in this case.

V. Use of cookies

1. Description and scope of the data processing

Our website uses cookies. Cookies are text files that are filed in the internet browser and/or by the internet browser respectively of the user’s computer system. If a user accesses a website, a cookie can be stored on the user’s operating system. This cookie contains a unique character string that facilitates the clear identification of the browser if the website is visited again.

We use cookies in order to make our websites more user friendly. Some elements of our website require that the calling browser can be identified even after changing websites.

The following data is stored and transmitted in the cookies:

Language settings
Articles in the shopping basket
Log-in information (nights clients)

In addition, we use cookies on our website that facilitate the analysis of the surfing behaviour of the user.

This means that the following data can be transmitted:

Search terms entered
Call-up frequency for websites
Date of access
Internal URLs visited
Shopping basket (booking date, services booked, amount of shopping basket, currency)
Use of website functions

The user data collected in this way are pseudonymised by means of technical precautions. This means that the data can no longer be allocated to the user accessing the site. The data is not stored together with the user’s other personal data.

2. Targeting

Our websites use cookie technology to collect data to optimise our advertising and online content. This data is not used to identify you personally but serve purely as an aid in the evaluation of the use of our homepage on a pseudonymised basis. Your data is never amalgamated with your personal data that we have stored. Using this technology, we can present you with advertising and/or special offers and services, the contents of which are based on the information that has been obtained via clickstream analysis (e.g. advertising that is based on the fact that sports shoes have been viewed exclusively in the last few days). Our aim in this is to structure our online offering in the most attractive way possible and to present you with advertising that corresponds to your areas of interest.

a. Third-party cookies

We use various advertising partners who help us to make our websites and internet offers even more interesting for you. Therefore, the cookies of partner companies are also stored on your hard drive when you visit our websites. These are temporary/permanent cookies that are deleted automatically after a defined period of time. These temporary and permanent cookies (life cycle 14 days up to 10 years) are stored on your hard drive and are deleted automatically after a defined period of time. Also the cookies for our partner companies only have pseudonyms and most even have anonymised data. For example, this could be data about which products you have viewed, whether you bought anything, which products you searched for, etc. Some of our advertising partners also use the websites to collect data on which pages you visited prior to visiting them or which products you were interested in, so that they can then show you the advertising that you are most likely to be interested in. These pseudonymised data is never amalgamated with your personal data. The sole purpose of such data is to enable our partners to present you with advertisements that will really be of interest to you.

b. Re-targeting

In this our websites use so-called re-targeting technologies. We use these technologies in order to make the internet offers more interesting for you. This technology makes it possible for us to address internet users who have already shown an interest in us and our products on the internet sites of our partners. We are convinced that the insertion of personalised, internet-related advertising is generally more interesting for the internet user than advertising that does not have any such personal connection. The insertion of such advertising on our partner pages is carried out on the basis of cookie technology and an analysis of the previous user behaviour. This form of advertising is completely anonymised. No user profiles are amalgamated with your personal data. By using our pages, you agree that so-called cookies can be placed and that your particular usage data can be collected, stored and used. In addition, your data is stored in cookies after the end of the browser session so that they can be called up once again when you re-visit the websites, for example. You can revoke your consent at any time with immediate effect, by setting your browser preferences so that the acceptance of cookies is refused.

3. How can you prevent cookies from being stored?

Depending on the browser you use, you can set the settings in such a way that the storing of cookies is accepted only if you have agreed to this. If you want to accept exclusively our cookies, but not those of our service providers and partners, you can select the setting "Block cookies from third parties" in your browser. As a rule, using the Help function in the menu bar in your web browser you can see how to refuse new cookies and to switch off those you have already received. You can find detailed information on how you can customise the settings in your browser via the following link. If you are using shared computers that are set to accept cookies and flash cookies, we recommend that you should always make sure that you have completely logged out after you have finished your session.

4. Legal basis for data processing

The legal basis for the processing of personal data with the use of cookies is Art. 6 para. 1f GDPR.

5. Purpose of the data processing

The purpose of technically required cookies is to simplify the use of the website for the user. Some of the functions of our internet site could not be offered without the use of cookies. For these it is necessary that the browser is identified even after changing website.

We need cookies for the following applications:

Shopping basket
Acceptance of language settings
Bookmarking of search terms
Bookmarking of websites visited

The user data collected by the technically required cookies are not used to create user profiles.

The reason for the use of the analysis cookies is in order to improve the quality of our websites and their contents. By using the analysis cookies, we can see how the website is being used and so we are able to continually optimise our offers.

For these purposes our justified interests in the processing of personal data are in accordance with Art. 6 para. 1f GDPR.

6. Duration of storage, option to contest and remove information

Cookies are stored on the user’s computer and transmitted to our website from here. Therefore, as a user you have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or limit the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be carried out automatically. If the cookies for our website are deactivated, it is possible that some of the functions of the website may no longer be fully available.

The transmission of flash cookies cannot be prevented using the browser settings but by changing the settings for Flash Player.

VI. Newsletter

1. Description and scope of the data processing

You have the option of subscribing to our newsletter free of charge on our website. When registering for the newsletter the data from the input screen is passed on to us.

Form of address
Last name
First name
Email address
Company name (business newsletter)
City (business newsletter)

In addition, the following data is collected upon registration:

Date and time of registration

Moreover, you have the option of supplying the following information on a voluntary basis:

Language
Address
Interests

Your consent for the processing of your data is obtained during the registration process and reference is made to this Data Protection Declaration.

If you order goods or services on our internet site and provide your email address, we can subsequently use this for the dispatch of the newsletter. In such a case, exclusively direct advertising for our own similar goods or services will be sent via the newsletter. In addition, email addresses that have been collected can be used for advertising purposes in online marketing and social media.

No data is passed on to third parties in connection with the data processing for the dispatch of the newsletter. The data is used exclusively for the dispatch of the newsletter and for advertising purposes in online marketing and social media.

2. Legal basis for data processing

The legal basis for the processing of the data following registration for the newsletter by the user, and following receipt of the user’s consent, is Art. 6 para. 1a GDPR. The legal basis for the dispatch of the newsletter following the purchase of goods or services is § 7 para. 3 UWG (Gesetz gegen den unlauteren Wettbewerb [Unfair Competition Act]).

3. Purpose of the data processing

The recording of the user’s email address is so that the newsletter can be sent. The collection of other personal data within the framework of the registration process is to prevent any misuse of the services or of the email address used.

4. Duration of storage

The data is deleted as soon as it is no longer required for the purpose for which it was collected. The email address of the user is stored for as long as the subscription to the newsletter remains active. The other personal data collected as part of the registration procedure is generally deleted after a period of seven days.

5. Opportunity to contest data or have it eliminated

The subscription to the newsletter can be cancelled by the affected user at any time. There is a corresponding link for this in the newsletter. This also offers the opportunity to revoke consent for the storage of the personal data that was collected during the registration procedure.

VII. Registration

1. Description and scope of the data processing

On our website we offer users the opportunity to register by providing their personal data. The data is entered in an input screen and transmitted to us and then stored. The data is not passed on to third parties. The following data is collected within the framework of the registration process:

Language
Form of address
Title
Last name
First name
Company name
Position
Date of birth
Email
Telephone
Address
Smoker/non-smoker
Room requirements
Any special requests
Interests
Newsletter registration

The following data is stored at the time of registration:

The IP address of the user
Date and time of registration

As part of the registration process the user’s consent to the processing of this data is obtained.

2. Legal basis for data processing

The legal basis for the processing of the data following receipt of the user’s consent, is Art. 6 para. 1a GDPR. If the registration is for the purposes of the fulfilment of a contract, of which the contractual party is the user, or for the purposes of carrying out pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1b GDPR.

3. Purpose of the data processing

The registration of the user is required for the provision of certain contents and services on our website. These contents and services are linked to registration for the Nights programme. Therefore, the identification of the user is required for these contents and services to be provided.

4. Duration of storage

The data is deleted as soon as it is no longer required for the purpose for which it was collected. This is the case for data that is collected during the registration procedure, if the registration is cancelled or changed on our website.

5. Opportunity to contest data or have it eliminated

As a user you have the option of cancelling your registration at any time. You can have your personal data changed at any time.

Once registration has been carried out on our website, the user profile can be amended immediately. You can delete your profile by calling +49 211 44755 200 or emailing nights@lindner.de.

VIII. Contact form and email contact

1. Description and scope of the data processing

A contact form is available on our internet site which can be used to contact us electronically. If a user wishes to take advantage of this option, the data entered in the input screen is transmitted to us and stored. This data is:

Form of address
First name
Last name
Telephone
Email address
Re.
Date of arrival
Date of departure
Details about your enquiry

The following data is also stored when the message is sent:

Date and time contact was made

Your consent for the processing of your data is obtained during the send process and reference is made to this Data Protection Declaration.

Alternatively, it is possible to make contact using the email address provided. In this case the personal details of the user that are transmitted in the email are stored.

This data is not passed on to third parties in this connection. The data is used exclusively for processing the conversation.

2. Legal basis for data processing

The legal basis for the processing of the data following receipt of the user’s consent, is Art. 6 para. 1a GDPR.

The legal basis for the processing of the data that is transmitted by email, is Art. 6 para. 1f GDPR. If the email contact should result in the conclusion of a contract, the additional legal basis for the processing of the data is Art. 6 para. 1b GDPR.

3. Purpose of the data processing

The processing of personal data from the input screen is used by us exclusively for the purpose of processing the contact. In the case of contact by email, this also includes the necessary justified interest in the processing of the data.

The other personal data processed during the send process are used to prevent any misuse of the contact form and to guarantee the security of our IT systems.

4. Duration of storage

The data is deleted as soon as it is no longer required for the purpose for which it was collected. With regard to personal data from the input screen for the contact form and that sent by email, this is the case once the relevant conversation with the user has ended. This conversation is ended, once it is clear from the circumstances that the relevant matter has been definitively clarified.

The additional personal data that is collected during the send process is deleted after a period of seven days at the latest.

5. Opportunity to contest data or have it eliminated

The user has the option of revoking their consent to the processing of personal data at any time. If the user gets in touch with us by email, they can contest the storage of personal data at any time. In such a case it is impossible for the conversation to be continued. It is possible to have a profile deleted by emailing services@lindner.de. All the personal data that was stored during the contact process is deleted in this case. In addition, any enquiries over an interval of one month are completely deleted from our system.

IX. Forwarding of your data to third parties

In order to make our website as user-friendly and easy to use as possible, we also include individual services from external service providers. As a result, you have the option of viewing their data protection provisions on the application and use of the services and functions they provide, so that you can also exercise your rights here as well, if necessary.

1. Google Analytics

Google Analytics is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses "cookies", i.e. text files that are stored on your computer and enable Google to carry out an analysis of the use of our offer. The information provided by the cookies on the use of our websites (including your IP address) are generally transmitted to a Google server in the USA, where they are stored. We should like to point out that Google Analytics has the additional code “gat._anonymizeIp();;” on our websites, so that the IP addresses can be recorded in an anonymised form (so-called IP masking). Therefore, with our permission, your IP address is recorded only in an abbreviated form, which guarantees that it is anonymised and that it is impossible to trace it back to you. In the case of the activation of IP anonymisation on our websites, your IP address is abbreviated in advance by Google within the member states of the European Union or within the other contracting parties to the Agreement across the European Economic Area. Only in exceptional cases is your full IP address transmitted to a Google server in the USA, where it is then abbreviated. Google uses the aforementioned information to evaluate your use of our websites, to compile reports for us on the website activities and to provide us with further services linked to the use of websites and the internet. The IP address transmitted by your browser to Google Analytics is not amalgamated with other data held by Google. The forwarding of this data by Google to third parties is carried out only within the framework of statutory provisions or the processing of contractual data. Google will never amalgamate your data with other data held by Google. By using these websites, you declare that you agree to the processing of your personal data by Google and to the aforementioned type and manner of data processing as well as the purpose thereof already mentioned. You can prevent the storage of cookies by changing the settings in your browser software; however, we should like to point out that this may result in certain functionalities of our websites not being fully operational for you. You can also prevent the recording and processing of the data regarding your use of these websites collected by the cookie (incl. your IP address) by Google, by downloading and installing the browser plugin that is available at the following link.

You will find further information on Google Analytics and data protection at http://tools.google.com/dlpage/gaoptout?hl=de.

2. Google-AdWords

This website uses the online advertising programme “Google AdWords”, which also includes conversion tracking. The cookie for conversion tracking is placed when a user clicks on an advertisement placed by Google. These cookies remain valid for 30 days only and are not used for personal identification. If the user visits specific pages of the website and the cookie has not yet expired, we and Google are able to see that the user has clicked on the advertisement and was directed to this webpage. Every Google AdWords client is given a different cookie. This means that cookies cannot be tracked via the websites of AdWords clients. The information obtained with the help of conversion cookies helps us to compile conversion statistics for AdWords clients who have opted for conversion tracking. These clients are given the total number of users who have clicked on their advertisement and were directed to a page that contains a conversion tracking tag. However, they do not receive any information that could help them to identify the individual users personally. Users who do not want to participate in tracking can easily deactivate the cookie for Google conversion tracking via the user settings in their internet browser. These users are then not recorded in the conversion tracking statistics. Find out more about Google’s Data Protection Provisions.

3. Google Maps

Our websites use Google Maps to display area maps and to create routes for journeys. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using this website, you agree to the recording, processing and use of the data automatically collected by Google, or by one of its representatives or third-party suppliers, or the data supplied by you to Google, or one of its representatives or third-party suppliers. You will find the conditions of use for Google Maps at Google Maps Conditions of use. You will find further details at the data protection centre for google.de: Transparency and options as well as data protection provisions.

4. Etracker

The provider of this website uses the services of etracker GmbH, Hamburg, Germany(https://www.etracker.com) for the analysis of its user data. Cookies are set for this that enable the statistical analysis of the use of this website by its users as well as the display of user-related contents or advertising. Cookies are small text files that are saved in the internet browser of the user’s end device. etracker cookies do not contain any information that would make the identification of the user possible.

The data collected with etracker is processed and saved by etracker exclusively in Germany on behalf of the provider of this website and is therefore subject to the stringent German and European data protection laws and standards. etracker has been independently examined and certified and awarded the data protection seal https://www.eprivacy.eu/kunden/vergebene-siegel/firma/etracker-gmbh/.

The data processing is carried out on the legal basis of Art. 6 para. 1f (justified interest) of the EU General Data Protection Regulation (EU GDPR). Our justified interest is based on the optimisation of our online offers and web presence. Since the private sphere of our users is of paramount importance to us, the IP address with etracker is anonymised as soon as possible and registration or device recognition is converted to a specific key that cannot be traced back to a person. Any other use or amalgamation with other data, or the forwarding of data to third parties, is not carried out by etracker.

You can contest the aforementioned data processing at any time, insofar as this is related to you personally. You will not suffer any disadvantageous consequences from this.

If you enable web push notifications in your browser, a service of that particular browser will be used to provide this feature. For sending push messages, only anonymous or pseudonymous data is transmitted. You can object to the receipt of notifications at any time through the settings of your browser. For information about opting out of web push notifications for each browser, see Google Chrome, Mozilla Firefox, Apple Safari & Opera.

You will find further information on data protection with etracker here.

5. Social plugins

Our internet site uses social plugins (“plugins”) from different social networks. With the help of these plugins you can share contents or recommend products, for example. The plugins on our websites are deactivated as standard and therefore do not transmit any data. By clicking on the "Activate Social Media" button you can activate the plugins. Naturally, the plugins can be activated with a simple click as well.

If these plugins are activated, your browser creates a direct link with the servers of the relevant social networks as soon as they call up one of the websites in our internet presence. The contents of these plugins are transmitted directly to your browser and linked by this to the website.

By linking the plugins, the social network receives the information that you have called up via the corresponding page in our internet presence. If you are logged in to the social network, this can assign the visit to your account. If you interact with the plugins, for example, if you click the “Like” button on Facebook or leave a comment, the corresponding information is transmitted to the social network by your browser, where it is then stored.

Please consult the relevant networks and/or websites for details of the purpose and scope of the data collection and the further processing and use of the data by said social networks as well as their rights and setting options in this regard for the protection of your private sphere. You will find the relevant links below.

Even if you are not registered with the social networks, data can be sent to these networks by websites with active social plugins. A cookie with an identification key is set by an active plugin at every visit to the website. Since your browser automatically sends this cookie with every link to a network server, in principle it would be possible for the network to create a profile on which websites the user with this identification key has visited. And then it would also be absolutely possible to trace back this identification key later on to a person, via a subsequent registration with a social network, for example.

We use the following plugins on our websites:

Facebook
Twitter
Pinterest
Instagram
LinkedIn
Xing

If you do not want social networks to collect your data via active plugins, you can either deactivate the social plugins by simply clicking on our website or click on the function "Block cookies from third-party service providers" in your browser settings. Then your browser will not send any cookies to the server in the case of embedded contents of other providers. However, by enabling this setting it is possible that other cross-page functions will no longer operate, in addition to the deactivated plugins.

a) Facebook

We use plugins for the social network facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). You will find the link to the data protection declaration for Facebook here: Data protection declaration for Facebook.

Facebook Pixel
This website uses the Facebook pixel from the social network “Facebook” (Facebook Inc., 1601 S. California Ave, Palo Alto, California 94304, USA). This is for the purpose of displaying advertising messages of potential interest to visitors to our website when they visit the social network Facebook. The Facebook pixel creates a direct link to the Facebook servers when you visit our website. The Facebook servers are also notified that you have visited our website and Facebook allocates this information to your personal Facebook user account. We would point out that we as providers of the website are not given any knowledge of the contents of the data transmitted or of their use by the Facebook network. You can find more detailed information about the collection and usage of your data by Facebook and about your rights and options for protecting your privacy in the Facebook data policy at https://www.facebook.com/about/privacy/. You can view further information about your corresponding data protection rights and privacy setting options at: https://www.facebook.com/policy.php, https://www.facebook.com/help/186325668085084.

b) Twitter

We use plugins for the social network Twitter, which is operated by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (“Twitter”). You will find the link to the data protection declaration for Twitter here: Data protection declaration for Twitter.

c) Pinterest

We use plugins for the social network Pinterest, which is operated by Pinterest Inc., 635 High Street, Palo Alto, CA, USA (“Pinterest”). You will find the link to the data protection declaration for Pinterest here: Data protection declaration for Pinterest.

d) Instagram

We use plugins for the social network instagram.com, which is operated by Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025 USA (“Instagram”). You will find the link to the data protection declaration for Instagram here: Data protection declaration for Instagram.

e) LinkedIn

We use plugins for the social network Linkedin, which is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). You will find the link to the data protection declaration for LinkedIn here: Data protection declaration for LinkedIn.

f) XING

We use plugins for the social network xing.com, which is operated by XING SE, Dammtorstraße 30, 20354 Hamburg, Germany (“XING”). You will find the link to the data protection declaration for XING here: Data protection declaration for XING.

6. YouTube

Our website uses plugins for YouTube, which is operated by Google. The operator of these pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit other pages that have a YouTube plugin, a connection to the YouTube servers is created. This means that the YouTube server is informed of which of our pages you have visited If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your profile. You can prevent this by logging out of your YouTube account. You will find further details on how your user data is used in the Data Protection Declaration for YouTube.

7. AWIN

We use the performance advertising network of AWIN AG, Eichhornstrasse 3, 10785 Berlin (hereinafter referred to as "AWIN"). AWIN stores cookies for the assignment and documentation of transactions (e.g. leads and sales) on devices of users who visit or use websites or other online offers of its customers (e.g. register for a newsletter or place an order in an online shop). These cookies serve the sole purpose of correctly assigning the success of an advertising medium and the corresponding billing within the framework of its network. A cookie only contains information about when a specific advertising medium was clicked on by a device. An individual sequence of digits, which cannot be assigned to the individual user, is stored in the AWIN tracking cookies, with which the partner program of an advertiser, the publisher, and the time of the user's action (click or view) are documented. AWIN also collects information about the device from which a transaction is being carried out, e.g. the operating system and the calling browser. If the information also contains personal data, the processing described takes place on the basis of our legitimate financial interest in processing commission payments with AWIN in accordance with Art. 6 Para. 1 lit. f GDPR. If you do not want cookies to be stored in your browser, you can do this by making the appropriate browser settings. You can deactivate the saving of cookies in your respective browser under Extras / Internet Options, restrict it to certain websites or set your browser so that it notifies you as soon as a cookie is sent. Please note, however, that in this case you will have to reckon with a restricted display of the online offers and restricted user guidance. You can also delete cookies at any time. In this case, the information stored therein will be removed from your device. Further information on data usage by AWIN can be found in the company's data protection declaration: www.awin.com/gb/legal

8. Bing Ads

Data is collected and stored on our website using the technology of Bing Ads, from which user profiles are created on a pseudonymised basis. This is a service from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. This service allows us to track the activities of users on our website, if they have accessed our website via advertisements from Bing Ads. If you access our website via such an advertisement, a cookie is set on your computer. A Bing UET tag is integrated in our website. This is a code, via which, in conjunction with the cookie, some non-personal data about the use of the website is stored. This includes among others the time spent on the website, which pages on the website were visited and which advertisements led the users to the website. Information on your identity is not recorded. The information collected is transmitted to the Microsoft server in the USA and stored there. You can prevent the recording of the data collected by the cookie relating to your use of the website and well as the processing of this data by deactivating the setting of cookies. However, this can also result in the functionality of the website being limited. In addition, in certain circumstances Microsoft can trace your user behaviour using so-called cross-device tracking via several of your electronic devices and thus is able to integrate personalised advertising into its websites and apps, for example. You can deactivate this functionality via http://choice.microsoft.com/de-de/opt-out.

For more information on the analysis data of Bing, please visit the Bing Ads website (https://help.bingads.microsoft.com/#apex/3/de/53056/2). You will find more information on data protection at Microsoft and Bing in the data protection provisions for Microsoft (https://privacy.microsoft.com/de-de/privacystatement).

9. TAC

This website uses the services of the webshop provider TAC for the provision of applications and vouchers for Binshof Spa (https://shop.tac.eu.com/demo/4/shop/). The operator of this website is TAC I The Assistant Company GmbH, Schildbach 111, 8230 Hartberg, Austria. The personal data that you provided with your order during the purchase process is used for the purposes of dispatch, accounting and customer care as well as for market observation and the optimisation of the sales system. You will find further information on the data protection declaration for TAC I The Assistant Company GmbH here.

10. Sabre

This website uses the software provider Sabre Inc. for the provision of an online booking machine (https://www.sabre.com) The operator of the website is Sabre GLBL Inc., 3150 Sabre Drive, Southlake, Texas 76092, USA. The personal data that you provided with your order during the purchase process is used for the purposes of business processing. You will find further information on the data protection declaration for Sabre Inc here.

11. SITPAY

This website uses the SITPAY cash accounting system for e-payments and customer loyalty programmes (http://www.sit-pay.de/) for processing purchases with vouchers. The operator of this website is SIT Solution for IT-Payment GmbH, Eiffestr. 74, D-20537 Hamburg. The personal data that you provided with your voucher purchase during the purchase process is used for the purposes of business processing. You will find further information on the data protection declaration for SIT Solution for IT-Payment GmbH here.

12. NextGuest CRM

This website uses the data warehouse NextGuest CRM for customer relationship management (CRM) (https://www.nextguestcrm.com/). The operator of this website is Serenata IntraWare GmbH, Neumarkter Str. 18, 81673 Munich. NextGuest CRM saves and processes your data with your registration for our newsletter or the Lindner Nights Programme. You will find further information on the data protection declaration for NextGuest CRM.

13. Matterport

Our website contains virtual tours of hotels connected via the portal my.matterport.com. The operator of this portal is Matterport, Inc., 352 E. Java Dr. Sunnyvale, CA 94089, USA.

When you visit our pages that include a virtual tour, a link is created to the Matterport servers. This means that the Matterport server is informed which of our pages you have visited. Matterport also receives your IP address. This occurs even if you are not logged into Matterport or do not have an account with Matterport. The information recorded by Matterport is sent to the Matterport servers in the USA.

If you are logged into your Matterport account, you enable Matterport to assign your surfing behaviour directly to your profile. You can prevent this by logging out of your Matterport account.

Matterport is used in the interests of creating an attractive representation of our online offers. This represents a legitimate interest as defined in Art. 6 (1) f) GDPR. You can find further information about how Matterport implements the GDPR and handles user data at https://support.matterport.com/hc/en-us/articles/360000904267-Matterport-s-Plan-for-GDPR and in Matterport's Privacy Policy at https://matterport.com/legal/privacy-policy/.

14. Data protection with the use of partner portals

Our website uses the IT facilities of our partner company meetago GmbH, in order to be able to efficiently implement your enquiries/bookings.

By using this website, you agree to the recording, processing and use of the data automatically collected by our partner companies, or by one of their representatives or third-party suppliers, or the data supplied by you to partner companies, or one of their representatives or third-party suppliers. Our partner companies ensure that the processing and use of your data is carried out for the purposes of advice, advertising and market research only with your express consent. Your data will not be sold, rented out or made available to third parties in any other way. You can refuse the use of your data by our partner companies at any time.

The terms and conditions of use and the information on data protection for Meetingmarket by meeconnect as well as the details on the meeting portal tagungshotel.com can be found on meetago.com.

15. TrustYou

We use features supplied by TrustYou GmbH on our website. TrustYou collects and analyses guest reviews, questionnaires and social media posts on the internet. The reviews generated by TrustYou are an efficient way for us to improve our services. By using the service from TrustYou you get the best overview of what guests are saying about your hotel. Reviews you share with TrustYou are received and stored there. You can find further information about this in the TrustYou Privacy Policy at https://www.trustyou.com/de/downloads/privacy-policy-de.pdf

16. Squarelovin

The provider of this website uses the services of Squarelovin (https://squarelovin.com) to display user-generated content. The content is collected via the network Instagram (www.instagram.com). Our partner here is Anchor Media GmbH, Budapester Strasse 45, 20253 Hamburg, Germany. You can find further information about data protection legislation at https://sqln.io/ldh?lang=de.

17. Sistrix

We use the web analysis tools from SISTRIX GmbH (“Sistrix”) on our website. These are analysis tools to optimize the findability of our website in search engines. In this context, only keyword, domain and search data are collected and saved. There is no collection, storage and processing of personal data. You can find more information on the collection and use of data at www.sistrix.de/sistrix/datenschutz/

18. Google Tag Manager

On this website we use the Google Tag Manager from Google Inc., with which we can manage website tags via an interface. The Google Tag Manager is a cookie-free domain that does not collect any personal data. The Google Tag Manager triggers other tags, which in turn may collect data. We hereby point this out separately. The Google Tag Manager does not access this data. If the user has made a deactivation at the domain or cookie level, this remains in effect for all tracking tags that are implemented with Google Tag Manager.

19. Google Optimize

The web analysis and optimization service "Google Optimize", which is provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (hereinafter "Google Optimize"), is used on our website. We use the Google Optimize service to increase the attractiveness, content and functionality of our website by showing new functions and content to a percentage of our users and statistically evaluating changes in usage. Google Optimize uses cookies, which enable you to optimize and analyze your use of our website. The information generated by these cookies about your use of our website is usually transferred to a Google server in the USA and stored there. We use Google Optimize with activated IP anonymization so that your IP address is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address is only transmitted to a Google server in the USA and shortened there in exceptional cases. Google will use this information to evaluate your use of our website, to compile reports on the optimization test and the associated website activities, and to provide us with other services relating to website activity and internet usage. You can prevent the storage of cookies by setting your internet browser accordingly. You can also prevent Google from collecting the data generated by the cookie and relating to your use of our website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install: tools.google.com/dlpage/gaoptout. For more information about data collection and processing by Google, please refer to Google's data protection information, which you can access at www.google.com/policies/privacy.

20. Google Surveys

The "Google Surveys" survey tool is used on our website, which is provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (hereinafter "Google Surveys"). We use the Google Surveys service to optimize the presentation, attractiveness, content and functionality of our website based on feedback from you and other users. To do this, we evaluate the collected data statistically. Further information can be found in the data protection declaration of Google LLC: policies.google.com/privacy

21. Google Search Console

This website uses the Google Search Console. The Google Search Console is a service provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (hereinafter "Google Surveys"). The service is used to monitor and analyze your own websites. This enables the authorized user to recognize errors in his page links, see from which pages links were placed on his page, how many clicks from which countries and from which devices (desktop, tablet or mobile phone) and which images are viewed how often. In addition, the Google Search Console provides information on the indexing of the website as well as information on the search queries made by users and the associated average position in the search engine or in the search results from Google.However, no personal data is collected, stored or displayed. You can find more about this under this link: support.google.com/webmasters/answer/4559176

22. Google Data Studio

We use the Google Data Studio software on the basis of Art. 6 Para. 1 S.1 lit. f) GDPR, to safeguard our legitimate interests in the analysis, optimization and economic operation of our online offer, to visualize data relating to user behavior on our website in the form of graphic reports. We use data from the web analysis service Google Analytics and other data sources (such as Google Ads, Google Analytics, Google Surveys, Google Optimize, SEMrush, sistrix, Google Search Console). You can find more information on using Google Data Studio at support.google.com/datastudio/answer/6283323.

23. Komoot

Komoot We use the Komoot map service on this website. The provider is komoot GmbH, Friedrich-Wilhelm-Boelcke-Strasse 2, 14473 Potsdam, Germany. With the Komoot plug-in, we provide various maps for route planning. In order to display the maps, your browser establishes a direct connection to the Komoot servers. Your IP address and information about the hardware and software you are using, as well as browser information, are transmitted to Komoot. Komoot uses cookies for this. Komoot only uses the data to display its maps and the options for interaction with the plug-in. There is no tracing back to you personally. The data is only evaluated for statistical purposes. Further information about Komoot and how it handles your data can be found in Komoot's data protection provisions (https://www.komoot.de/privacy). The legal basis for the processing is acc. Art. 6 Para. 1 S. 1 f) GDPR our legitimate interest in a service that is as comfortable and secure as possible for you

24. Wow APP

This website uses the WoW APP from Dynamic Deals Solutions GmbH (https://www.dynamic-deals.com/). The operator of this app is OA Dynamic Deals Solutions GmbH, Mariahilferstrasse 116, 1070 Vienna. When using the app, location data is saved so that the recommendations can be displayed in the immediate vicinity. Further information can be found in the Privacy Policy of Dynamic Deals Solutions GmbH: www.dynamic-deals.com/privacy-policy/

25. Adobe Analytics

We use Adobe Analytics, a web analytics tool, on our website. The service provider is the American company Adobe Inc. The Irish company Adobe Systems Software Ireland Companies, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland, is responsible for the European region.

Adobe also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may pose various risks to the lawfulness and security of data processing.

As a basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular the USA) or a data transfer there, Adobe uses so-called standard contractual clauses (see Art. 46 (2) and (3) DS-GVO).

Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through these clauses, Adobe undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the United States. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en .

For more information about the standard contractual clauses and about the data processed through Adobe's use, see Adobe's Privacy Policy at https://www.adobe.com/privacy.html .

X. Rights of the affected person

Pursuant to Art.15 GDPR in conjunction with § 34 BDSG (Bundesdatenschutzgesetz [Federal Data Protection Act]) you have the unrestricted right to information, which is free of charge, on the personal data that we hold on file on you as well as pursuant to § 35 BDSG the right to the deletion or blocking of inadmissible data and/or the right to the correction of any erroneous data respectively.

Upon application, we will be happy to provide you in writing with details on whether and what personal data we have filed on you. As far as possible, we shall take appropriate measures to update and or correct any data that we hold on you in the shortest time possible. Please send all information requests, enquiries regarding information or complaints about data processing, by email, stating your full postal address, directly to our data protection officer.

If your personal data is being processed, you are an affected person within the meaning of the GDPR and you have the following rights vis-à-vis the person responsible:

1. Right of information

You can request a confirmation from the person responsible whether personal data that affects you is being processed by us.

If such processing is indeed being carried out, you can request the following information from the person responsible:

the purposes for which your data is being processed;
the categories of personal data that is being processed;
the recipients and/or categories of recipients to whom the personal data that affects you is being disclosed or will be disclosed in the future;
the planned storage period for the personal data that affects you or, if it is not possible to give any specific information in this regard, the criteria for determining the storage period;
the existence of a right to rectification or deletion of the personal data that affects you, a right to the restriction of processing by the person responsible and a right to object to this processing;
the existence of a right to appeal to a supervisory authority;
all available information on the origin of the data, if the personal data was not collected from the person affected;
the existence of an automated decision-making process including profiling pursuant to Art. 22 para. 1 and 4 GDPR and – at least in these cases – meaningful information on the logic involved as well as the scope and the envisaged impact of such processing for the affected person.

You have the right to request information whether the personal data that affects you is being transmitted to a third country or to an international organisation. In this connection you can request to be informed about the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.

2. Right to rectification

You have a right to rectification and/or completion vis-à-vis the person responsible, insofar as the personal data that affects you being processed is wrong or incomplete. The person responsible must carry out the rectification as quickly as possible.

3. Right to a restriction in the processing

Subject to the following conditions you can request a restriction in the processing of the personal data that affects you:

if you are contesting the correctness of the personal data that affects you for a period of time that allows the person responsible to check the correctness of the personal data;
if the processing is unlawful and you refuse to have the personal data deleted but instead request a limitation in the use of the personal data;
the person responsible no longer requires the personal data for the purposes of processing, but you require them for enforcement or execution purposes or for the defence of legal claims, or
if you have submitted a complaint concerning the processing pursuant to Art. 21 para. 1 GDPR and it is not yet clear whether the justified reasons of the person responsible take precedence over your reasons.

If the processing of the personal data that affects you is restricted, this data – apart from its storage – may only be processed with your consent or in order to enforce, execute or defend legal claims or for the protection of the rights of another natural person or legal entity or for reasons of an important public interest on the part of the European Union or another member state.

If the limitation in the processing pursuant to the aforementioned conditions is restricted, you will be informed by the person responsible before said restrictions are lifted.

4. Right to deletion

a. Duty to delete

You can request from the person responsible that the personal data that affects you should be deleted with immediate effect, and the person responsible is obliged to delete this data immediately, if one of the following reasons applies:

the personal data that affects you is no longer required for the purposes for which they were collected or for which they were processed in another manner.
You revoke your consent on which the processing is based pursuant to Art. 6 para. 1a or Art. 9 para. 2a GDPR and there is no other legal basis for the processing.
Pursuant to Art. 21 para. 1 GDPR you have submitted a complaint regarding the processing and there are no overriding reasons that justify the processing, or you have submitted a complaint regarding the processing pursuant to Art. 21 para. 2 GDPR.
The personal data that affects you was unlawfully processed.
The deletion of the personal data that affects you is required for the fulfilment of a legal duty according to the law of the European Union or the law of a member state to which the person responsible is subject.
The personal data that affects you was collected in connection with services offered by the information society pursuant to Art. 8 para. 1 GDPR.

b. Information to third parties

If the person responsible has made the personal data that affects you publicly and if they are obliged to delete it pursuant to Art. 17 para. 1 GDPR, they shall implement appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform the officers involved in the data processing who are processing the personal data that, as the affected person, you have requested that they should delete all the links to this personal data as well as any copies or replicas thereof.

c. Exceptions

There is no right to deletion if the processing is necessary

for the enforcement of the right to free speech and information;
for the fulfilment of a legal duty that requires the processing pursuant to the law of the European Union or of a member state that is subject to said responsibility, or in order to fulfil a task that is in the public interest or is a result of the exercise of public authority with which the person responsible has been entrusted;
for reasons of the public interest within the area of public health pursuant to Art. 9 para. 2h and i as well as Art. 9 para. 3 GDPR;
for the purposes of archiving that are in the public interest, or for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, if the law mentioned in Section a) will probably make the realisation of the aims of this processing impossible or will seriously impede it, or
for the enforcement, execution and defence of legal claims.

5. Right to information

If you have exercised your right for correction, deletion or restriction in processing vis-à-vis the person responsible, the latter is obliged to inform all the recipients of the personal data that affects you of this correction or deletion of the data or the restriction in processing, unless this should prove to be impossible or it entails a disproportionate amount of time and effort.

You have the right to be informed of these recipients by the person responsible.

6. Right to data transferability

You have the right to receive the personal data that affects you and that you have made available to the person responsible, in a structured, current and machine-processable format. In addition, you have the right to transfer this data to another person responsible without any obstacle being placed in the way by the person responsible for whom the personal data was prepared, insofar as

(1) the processing is based on a consent pursuant to Art. 6 para. 1a GDPR or Art. 9 para. 2a GDPR or on a contract pursuant to Art. 6 para. 1b GDPR and

(2) the processing is carried out with the aid of an automated procedure.

In exercising this right, you also have the right to insist that the personal data that affects you is transferred directly from the one person responsible to the other, insofar as this is technically possible. The rights and freedoms of others must not be restricted by this.

The right of data transferability does not apply for the processing of personal data that are required for the execution of a task that is in the public interest or is a result of the exercise of public authority with which the person responsible has been entrusted.

7. Right to object

You have the right to object at any time to the processing based on Art. 6 para. 1e or f GDPR of the personal data that affects you, for reasons that are pertinent to your particular situation; this also applies for any profiling based on these provisions.

The person responsible shall no longer process the personal data that affects you unless they are able to provide irrefutable reasons sustaining the worthiness of the protection of the processing that supersede your own interests, rights and freedoms, or the processing is for the purpose of the enforcement, execution or defence of legal claims.

If the personal data that affects you is processed for direct marketing purposes, you have the right at any time to object to the use of the personal data that affects you for the purpose of such advertising; this also applies for any profiling, insofar as it is carried out in connection with such direct advertising.

If you object to the processing for the purpose of direct advertising, the personal data that affects you will no longer be processed for these purposes.

You have the option, in connection with the use of services of the information society – irrespective of Directive 2002/58/EC – to exercise your right to object by means of an automated procedure in which technical specifications are used.

8. Right to revoke the data protection declaration of consent

You have the right to revoke your data protection declaration of consent at any time. The legality of the processing up until the point of the revocation of your consent is not affected by this.

9. Automatic decision in an individual case including profiling

You have the right not to be bound by a decision that is based exclusively on automated processing – including profiling – that restricts you vis-à-vis any legal effect or that considerably restricts you in any other way. This does not apply if the decision

for the conclusion or the completion of a contract between you and the person responsible is required,
based on the legal provisions of the European Union or of the member states to which the person responsible is subject, is admissible and these legal provisions contain appropriate measures for the maintenance of your rights and freedoms as well as your justified interests or
is carried out with your express consent.

However, these decisions may not be based on specific categories of personal data pursuant to Art. 9 para. 1 GDPR, if Art. 9 para. 2a or g applies and appropriate measures for the protection of your rights and freedoms as well as your justified interests were met.

With regard to the cases mentioned in (1) and (3) the person responsible shall take appropriate measures to maintain your rights and freedoms as well as your justified interests, whereby the right to intercede on behalf of a person by the person responsible, to the presentation of a personal point of view and to challenge the decision is included at least.

10. Right to lodge a complaint with a supervisory authority

Irrespective of any other legislative or regulatory judicial remedies, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place where the alleged violation took place, if you are of the opinion that the processing of the personal data that affects you has violated the GDPR.

The supervisory authority to whom the complaint is submitted shall inform the complainant about the status and the results of the complaint, including the possibility of any judicial remedy pursuant to Art. 78 GDPR.

XI. Online application

1. Scope of the processing of personal data

As part of the application process we only process your personal data that are connected with your application and which are required to determine your professional and personal capabilities in relation to the job being filled. We only use the information you have sent us directly. This may also include information you have provided on online career networks or other job portals.

Our objective is to make the application process as simple as possible for you. We will also be happy to consider your application for other positions at Lindner Hotels AG. If interested, you can join our talent community (talent pool) as part of the application process by giving your consent for this purpose. The same applies to speculative applications that you send us as part of our talent community. You decide actively whether we may contact you for specific job proposals.

With an online application you enter your personal data in the online form and upload the relevant documents. With your online application, as an alternative to entering your personal data manually or uploading a document, you can also transfer your profile from a social network or job portal (LinkedIn, Indeed, etc.).

We carry out an online assessment for selecting management positions. In order to implement the online test process, we work together with our partner AS Profiling, Andrea Schmelzenbach Personalberatung, Alpspitzstrasse 1, 82347 Bernried am Starnberger See, Germany, with whom we have a contractual relationship. People who have applied to us are invited to take part in the online test by AS Profiling by email on our behalf. We share the information required for the invitation and implementation of the online test process (first name, surname and email address) with AS Profiling solely for this purpose.

2. Type of personal data

We collect your personal data that are relevant to the application process. These may be general data about you (such as name, address and contact details), information about your professional education and qualifications, information about your professional training or other information about your professional career that you send us in connection with your application. In the case of a speculative application that does not relate to a specific position, we also ask about your preferences (e.g. departments you are interested in) so that we can consider you for other suitable jobs.

If we ask you about your gender as part of the application process in the form of your preferred title, the only reason for doing so is because we wish to write to or address you correctly. If you have a nationality from outside the EU, a work permit for Germany will be required. We therefore also ask you about your nationality as part of the application process.

3. Legal basis and purposes of the processing of personal data

We process the data specified under XII 1. for the purposes of deciding whether to establish an employment relationship and – if an employment relationship is created between you and us – to implement or terminate the employment relationship and to exercise or meet our statutory rights and duties based on § 26 of the German Data Protection Act [Bundesdatenschutzgesetz (BDSG)]. We may also process personal data about you if this is necessary to establish or defend legal claims arising from the application process. The legal basis for this is Art. 6 (1) f) GDPR (EU General Data Protection Regulation). The legitimate interest is to preserve our legal positions.

4. Recipients

Only those people have access to your personal data at our company who require it for the purposes stated under XII 1. We only share your personal data with external recipients if we have legal authority to do so or we have obtained your consent. External recipients may be:

Commissioned processors: Service providers whom we use to perform services, for example in the fields of technical infrastructure and the maintenance of our IT systems.
Public bodies: Public authorities and government institutions, such as social security agencies, the courts or authorities to which we are obliged to send personal data for mandatory legal reasons.
Private bodies: Tax advisers, insurance companies or similar auxiliaries to whom data are sent based on a consent or a legal basis.

Your personal data are treated in strict confidence and only supplied to the people who are responsible for and involved in the application process, and contractors who perform the services required for the selection process (e.g. providers of online tests).

If you are considered for a position, the subsequent use or sharing of your personal data are restricted to purely job-related purposes and to the group of people who must be made aware of it as part of the appointment. This also applies to information disclosed to internal or external service providers for the necessary pre-contractual verification processes and based on legal or official requirements.

5. Sources

If you do not send your application to us directly, but via an external online portal or an external recruiter, we initially collect your data via these third parties.

6. Data deletion and duration of storage

We delete your personal data at the end of the application process, unless a legal authority or your consent allows a longer retention period. In both of these cases we delete your personal data once the legal authority no longer exists or you withdraw your consent.

If you set up your own profile as part of an online application for a specific position, you can delete your data and the attachments (such as your CV) yourself at any time. You also have the option of asking us to delete your data. If you wish us to delete your applicant profile immediately, please contact hr@lindner.de.

Our standard deletion period for an application is six months after completion of the application process or after completion of a recruitment event. Fourteen days before your profile is deleted, you will receive an email from us informing you of the impending deletion. With this email you have the option of asking for your data to continue to be stored as part of our talent community.

If you have asked us to delete your data as part of an application for a management position, we will inform our partner for the compulsory online assessment, AS Profiling, immediately, with a note that your data must also be deleted immediately at AS Profiling. The deletion period for AS Profiling is immediate.

If you have filed your data and CV in our talent pool as part of the “talent community” function, we will contact you by email 12 months after you have become a member of our talent community and ask you to renew your consent. If you do not update your data, it is deleted completely no later than after 18 months.

XII. Data processing as part of employment contracts

1. Scope of the processing of personal data

The data you provide (e.g. CV and emergency contacts) and data created as part of your service relationship (e.g. salary data, sickness absences, leave in order to care for dependents and grace periods) are processed as part of your employment relationship.

The data are processed and transferred for the payment of wages, salaries and fees, and to comply with our recording, notification and reporting duties, providing this is required based on laws or standards for the collective shaping of law or employment contract obligations, including text documents created and archived with the assistance of automated processes (such as correspondence) in these matters. We cannot conclude or implement the contract with you without these data. This also applies to all voluntary social benefits paid by the employer and external training and in-service training offers.

We collect and use our employees’ personal data in principle only to the extent required to establish and implement the employment relationship. In all other respects, as a rule we only collect and use our employees’ personal data with the employee’s consent. An exception applies in those cases where prior consent cannot be obtained for objective reasons and the processing of the data is permitted by statutory regulations.

2. Legal basis for the processing of personal data

a. For personal data under Art. 4 subsection 1 BDSG

Processing is based on consent (Art. 6 (1) a) GDPR) - with no employment context
For pre-contractual measures (Art. 6 (1) b) GDPR) - with no employment context
For performance of the contract (Art. 6 (1) b) GDPR) - with no employment context
Processing is required for a legal obligation (Art. 6 (1) c) GDPR)
Processing is carried out to protect vital interests (Art. 6 (1) d) GDPR)
Processing is in the public interest or is carried out in the exercise of official authority (Art. 6 (1) e) GDPR)
Legitimate interests of the data controller or a third party (Art. 6 (1) f) GDPR)
Processing is based on a change of purpose (Art. 6 (4) GDPR).
The processing is carried out to establish an employment relationship (see § 26 (1) clause 1 BDSG).
The processing is carried out to implement or terminate an employment relationship (see § 26 (1) clause 1 BDSG).
The processing is required to exercise or fulfil rights and duties to represent the interests of the employee arising from a law, tariff agreement or works agreement (see § 26 (1) clause 1 BDSG).
The processing is carried out to uncover criminal offences within the employment relationship (see § 26 (1) clause 2 BDSG).
The processing is carried out on the basis of the employee’s consent (see § 26 (2) BDSG).
The processing is carried out on the basis of collective agreements (see § 26 (4) BDSG).

b. For particular categories of personal data as defined in Art. 9 (1) GDPR

Processing is based on consent (Art. 9 (2) a) GDPR) - with no employee context.
Processing is carried out in the context of social law (Art. 9 (2) b) GDPR in conjunction with § 22 (1) subsection 1a BDSG).
To fulfil statutory duties arising from employment law or social law (Art. 9 (2) b) GDPR in conjunction with § 26 (3) BDSG) “employee context”.
Processing is based on a tariff agreement or a works agreement (Art. 9 (2) b) in conjunction with § 26 (4) BDSG) “employee context”.
There are vital interests / no consent is possible (Art. 9 (2) c) GDPR).
Processing is carried out in accordance with Art. 9 (2) d) GDPR.
Processing relates to personal data which is manifestly made public by the data subject (Art. 9 (2) e) GDPR).
Processing is required for the establishment, exercise or defence of legal claims (Art. 9 (2) f) GDPR).
Processing is carried out in accordance with Art. 9 (2) g) GDPR.
Processing is carried out in accordance with Art. 9 (2) h) GDPR in conjunction with § 22 (1) subsection 1b BDSG.
Processing is necessary for archiving purposes in the public interest, or in scientific or historical research purposes or for statistical purposes (Art. 9 (2) j) GDPR).

3. Sources

If you do not send your employee data to us directly, but via an external online portal or an external recruiter, we initially collect your data via these third parties.

4. Recipients

Only those people at our company who require your personal data for the purposes stated under IV. 1. have access to them. We only share your personal data with external recipients if we have legal authority to do so or we have obtained your consent. External recipients may be:

Commissioned processors: Service providers whom we use to perform services, for example in the fields of technical infrastructure and the maintenance of our IT systems.
Public bodies: Public authorities and government institutions, such as social security agencies, the courts or authorities to whom we are obliged to send personal data for mandatory legal reasons.
Private bodies: Tax advisers, insurance companies or similar auxiliaries to whom data is sent based on consent or a legal basis.

5. Data deletion and duration of storage

Employees’ personal data are deleted or blocked as soon as the purpose for storing the data no longer exists. However, they may continue to be stored if this is provided for by the European or national legislation, in directives, laws or other regulations under EU law to which the data controller is subject. The data are also blocked or deleted if the retention period stipulated by the regulations referred to expires, unless there is a requirement for the data to continue to be stored for the conclusion or the performance of a contract.

* Lindner Hotels AG includes Lindner Hotels & Resorts and the me and all hotels.
** For better readability, we do not use male and female formulations at the same time. However, all descriptions apply to both sexes.

XIII. Data processing within the framework of the EQS whistleblower process

1. Personal Data

In principle, the use of the EQS Integrity Line is possible - as far as legally permissible - without providing personal data. However, you may voluntarily provide personal data within the whistleblowing process, in particular your identity, first and last name, country of residence, telephone number or email address.

In principle, we do not request or process any special categories of personal data, e.g. information on racial and/or ethnic origin, religious and/or ideological beliefs, trade union membership or sexual orientation. However, due to free text fields in the notification form, such special categories of personal data may be voluntarily disclosed by you.

The notification you provide may also contain personal data of third parties to which you refer in your notification. Data subjects will be given the opportunity to comment on the notice. In this case, we will inform the data subjects about the notice. In this case, your confidentiality is also protected, as no information about your identity will be provided to the data subject - as far as legally possible - and your tip will be used in such a way that your anonymity is not jeopardised.

2. Purpose and legal basis of processing

The EQS Integrity Line enables you to contact us and report indications of compliance and legal violations. We process your personal data to verify the report you have made via the EQS Integrity Line and to investigate the alleged compliance and legal violations. In doing so, we may have queries for you. For this purpose, we exclusively use communication via the EQS Integrity Line. In this context, the confidentiality of the information you provide is our top priority.

The corresponding processing of your personal data is based on your consent given when reporting via the EQS Integrity Line (Art. 6 para. 1 lit. a European Data Protection Regulation, DSGVO).

Furthermore, we process your personal data to the extent necessary to fulfil legal obligations. This includes in particular notifications of criminal, competition and labour law relevant facts (Art. 6 para. 1 lit. c DSGVO).

Finally, the processing of your personal data takes place insofar as this is necessary to safeguard the legitimate interests of the company or a third party (Art. 6 para. 1 lit. f DSGVO). We have a legitimate interest in the processing of personal data for the prevention and detection of violations within the company, for the verification of internal processes for their lawfulness and for safeguarding the integrity of the company.

If you disclose special categories of personal data to us, we process them on the basis of your consent (Art. 9 para. 2 lit. a DSGVO).

In addition, we use your personal data in anonymised form for statistical purposes.

We do not intend to use your personal data for purposes other than those listed above. Otherwise, we will obtain appropriate consent from you in advance.

3. Technical implementation and security of your data

The EQS Integrity Line contains an option for anonymous communication via an encrypted connection. When using it, your IP address and your current location are not stored at any time. After sending a note, you will receive access data to the EQS Integrity Line mailbox so that you can continue to communicate with us in a protected manner.

To ensure data protection and confidentiality, we maintain appropriate technical measures. The data you provide will be stored on a specially secured database of EQS. All data stored on the database is encrypted by EQS according to the current state of the art.

4. Transfer of personal data

The company operates internationally and has locations in various countries within and outside the European Union. Access to the stored data is only possible for specially authorised persons within the company. Insofar as this is necessary to fulfil the aforementioned purpose, specially authorised persons from our subsidiaries may also be entitled to inspect the data.

This is particularly the case if the investigation of their report is carried out in the country concerned. All persons authorised to inspect the data are expressly obliged to maintain confidentiality.

In order to fulfil the aforementioned purpose, it may also be necessary for us to transfer your personal data to external bodies such as law firms, criminal or competition authorities, within or outside the European Union.

If we transfer your personal data within the group or externally, a uniform level of data protection is ensured by means of internal data protection regulations and/or corresponding contractual agreements. In all cases, responsibility for data processing remains with the company.

Finally, we transfer your personal data to EQS for technical implementation to the extent described above. For this purpose, we have concluded an order data processing agreement to ensure data protection with EQS.

5. Duration of storage

We only store personal data for as long as is necessary to process your notice or we have a legitimate interest in storing your personal data. Storage may take place beyond this if this has been provided for by the European or national legislator for the fulfilment of legal obligations, such as retention obligations.

The term "organisation" refers to the company receiving the notification (Lindner).

Lindner takes the protection of personal data very seriously. This privacy statement explains what personal data we collect from you when you use the EQS Integrity Line and how we use it. We ensure compliance with applicable data protection regulations through appropriate technical and organisational measures.

The technical implementation of the EQS Integrity Line is carried out on our behalf by EQS Group AG, Hardturmstrasse 11, 8005 Zurich, Switzerland ("EQS"). Further information on data protection at EQS Group AG can be found at: www.eqs.com/de/ueber-eqs/datenschutz/.

XIV. Data transmission to cooperation partners

1. HYATT

Transfer of personal data to Hyatt Services GmbH, Römerpassage 1, 55116 Mainz, Germany (“Hyatt”)

As of December 1, 2022 our hospitality services will be offered under a strategic collaboration with Hyatt. Our collaboration will require the transfer of personal data to Hyatt for the purposes of fulfilling your booking and providing our services.

If you provide your consent pursuant to Art. 6 (1) lit. a) GDPR, we will directly forward your booking request together with your first and last name, title, address and email address to Hyatt. For more information on how Hyatt processes your personal data, please refer to Hyatt’s privacy notice under https://www.hyatt.com/en-US/info/privacy-policy-eu-ch

You should be aware that without your consent, we cannot forward your booking request to Hyatt and we will not be able to process your booking request. You can revoke your consent at any time before your stay.

If you do revoke your consent, Hyatt will delete any data about you it has received. A cancellation of your booking due to the revocation of your consent will be subject to the cancellation provisions in our terms and conditions.

To revoke your consent in respect of a booking prior to June 30, 2023 please contact Lindner directly at services@lindner.de. To revoke your consent in respect of a booking after June 30, 2023 onwards please contact Hyatt at Hyatt Services GmbH, Römerpassage 1, 55116 Mainz, Germany or by E-Mail at privacy@hyatt.com.

XV. Miscellaneous

Foreign-language pages

If parts of our internet presence are offered in languages other than German, this is meant exclusively as a service for our clients, employees and prospective clients, who are not German speakers.

The German language version of our privacy notice shall take precedence in the event any inconsistencies arise between it and a version of the privacy notice in another language.