Data privacy

Controller
QR Quality Reservations Deutschland GmbH
Ostpassage 11
30853 Langenhagen
Tel. 0511 – 726 96 23
E-Mail: info@qr-hotels.com
www.qr-hotels.com

Managing director with the power of representation: Carolin Brauer

 

Contact details of the data protection officer
Tel. 0511 – 7269618
E-Mail: datenschutz@qr-hotels.com

 

Contractual services

We process the data of our contractual partners and prospective customers, as well as other clients, customers or contractual partners (hereinafter collectively referred to as “Contractual Partners”) in accordance with Art. 6 (1) b. GDPR, in order to provide our contractual or precontractual services for them. The data processed in this context and the nature, scope, purpose and necessity of the data processing shall be determined on the basis of the underlying contractual relationship.

The processed data shall include the master data of our Contractual Partners (e.g. names and addresses), as well as contract data (e.g. services used, contract content, contractual communications, names of contacts) and payment data (e.g. bank details).

We shall not process special categories of personal data, unless these form part of a commissioned or contractual processing of data.

We shall process data that is necessary for the justification and fulfilment of the contractual services and shall indicate the necessity of providing this data if this is not evident to the Contractual Partners. The data shall only be disclosed to external persons or companies if this is necessary within the framework of a contract. When processing the data that has been provided to us in the context of an order, we shall act according to the instructions of the clients and the statutory requirements.

When our online services are used, we can store the IP address and the time of the respective user activity. This data shall be stored on the basis of our legitimate interests, as well as those of the users, in protection against misuse and other unauthorised use. This data shall not be passed on to third parties, unless this is necessary in order to pursue our claims in accordance with Art. 6 (1) f. GDPR or there is a legal obligation to do so in accordance with Art. 6 (1) c. GDPR.

The data shall be deleted if it is no longer necessary for the fulfilment of contractual or statutory duties of care or for the handling of any warranty obligations or comparable obligations, whereby the necessity of the data storage shall be reviewed every three years; in other respects, the statutory provisions shall apply.

 

Registration function

Users can create a user account. During registration, the users will be informed of the mandatory information that is required and this will be processed on the basis of Art. 6 (1) b. GDPR for the purpose of providing the user account. The processed data particularly includes the login information (name, password and e-mail address). The data entered during registration shall be used for the purpose of using the user account and fulfilling its objective.

The users can be informed about information that is relevant to their user account, e.g. technical changes, by e-mail. If users have terminated their user account, their data relating to the user account shall be deleted, subject to a statutory storage obligation. The users are responsible for securing their data in the event of a termination before the end of the contract. We are entitled to permanently delete all of the user’s data that is stored during the term of the contract.

When our registration and login functions and the user account are used, the IP address and the time of the respective user activity shall be stored. This data shall be stored on the basis of our legitimate interests, as well as the those of the users, in protection against misuse and other unauthorised use. This data shall not be passed on to third parties, unless this is necessary for pursuing our claims or there is a legal obligation to do so in accordance with Art. 6 (1) c. GDPR. The IP address shall be anonymised or deleted after 7 days at the latest.

 

Hosting

The hosting services used by us shall provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we shall use to operate this website.

We, or our hosting provider, shall process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, prospective customers and visitors to this website, on the basis of our legitimate interests in an efficient and secure provision of this website in accordance with Art. 6 (1) f. GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing contract).

 

Collection of access data and log files

We, or our hosting provider, shall, on the basis of our legitimate interests in terms of Art 6. (1) f. GDPR, collect data about any access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, the file, the date and time of the access, the data volume transferred, a report on successful access, the browser type and version, the user’s operating system, the referrer URL (the page visited immediately prior to our website), the IP address and the requesting provider.

For security reasons (e.g. to investigate misuse and fraud), log file information shall be stored for a maximum of 7 days and then deleted. Data whose continued storage is necessary for evidentiary purposes shall be excluded from deletion until the incident has been finally resolved.

 

Cookies and consent

We use cookies and similar technologies to ensure the functionality of our website and to analyze and optimize our services.

Technically necessary cookies are used to enable basic website functions (e.g., navigation or saving settings). This is done in accordance with Article 6(1)(f) of the GDPR and Section 25(2) of the TTDSG.

All other cookies and technologies (in particular for analytical purposes, e.g., via Google Analytics 4 or Google Tag Manager) are used only with your express consent (Art. 6(1)(a) GDPR in conjunction with § 25(1) TTDSG).

When you first visit our website, you will be informed via a consent management tool (cookie banner) and can make your selection. The corresponding services are only activated after your consent and are stored for a maximum of 14 months.

You can revoke or adjust your consent at any time with future effect via the cookie settings in the footer of our website.

The storage duration of cookies varies depending on their purpose. Further information on the technologies used, their storage duration, and recipients can be found in the following sections of this Privacy Policy.

 

Google Tag Manager

We use Google Tag Manager, a service provided by Google Ireland Limited.

Google Tag Manager is used to manage website tags via a unified interface. The tool itself does not set any cookies, but it enables the integration and control of other services.

In doing so, it may be technically necessary for data (e.g., your IP address) to be transmitted to Google when the service is loaded.

The use of Google Tag Manager is based exclusively on your consent in accordance with Art. 6(1)(a) GDPR and § 25(1) TTDSG.

To the extent that additional services are integrated via Google Tag Manager (e.g., Google Analytics 4), these are also activated only with your corresponding consent.

 

Google Analytics 4

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited.

Google Analytics uses cookies and similar technologies to analyse and evaluate the use of our website.

In particular, the following data is processed:

  • Page views and user interactions (events)
  • Approximate location data (region)
  • Technical information (browser, device, operating system)
  • Referrer URL
  • Truncated IP address

The IP address is truncated by Google within the European Union and processed only in anonymized form.

The information collected may be transferred to servers operated by Google LLC in the United States and processed there.

Processing is carried out exclusively on the basis of your consent in accordance with Art. 6(1)(a) GDPR and § 25(1) TTDSG.

We have entered into a data processing agreement with Google.

Google Analytics data is stored for a maximum of 14 months;

Data transfer to the United States is based on the European Commission’s Standard Contractual Clauses and the EU-US Data Privacy Framework.

You may revoke your consent at any time via our consent management tool.

 

Online presence on social media

We maintain an online presence within social networks and platforms so that we can communicate with customers, prospective customers and users who are active there and inform them about our services there. When users access the relevant networks and platforms, the terms and conditions and the data processing policies of their respective operators shall apply.

Unless otherwise stated in our data privacy statement, we shall process the users’ data if they communicate with us within the social networks and platforms, e.g. by leaving posts on our pages there or by sending us messages.

 

Meta-Pixel (Facebook Pixel)

We use the Meta Pixel provided by Meta Platforms Ireland Limited on our website.

The Meta Pixel allows us to track user behaviour after they have been redirected to our website by clicking on an advertisement. This helps us evaluate the effectiveness of our online advertising and optimize our marketing efforts.

In particular, the following data may be processed:

  • Pages visited and user interactions
  • Technical information (e.g., browser, device)
  • Referrer URL
  • Truncated IP address
  • Other pseudonymous identifiers, if applicable

Processing is carried out exclusively on the basis of your consent in accordance with Art. 6(1)(a) GDPR and § 25(1) TTDSG. The Meta Pixel will not be activated without your consent.

The collected data may also be transferred by Meta Platforms, Inc. to the United States and processed there.

Data transfer to the United States is based on the European Commission’s Standard Contractual Clauses and the EU-US Data Privacy Framework.

 

In connection with the use of the Meta Pixel, there is joint responsibility with Meta pursuant to Article 26 of the GDPR for the collection and transfer of the data. Further processing of the data is carried out by Meta under its own responsibility.

Meta guarantees the data protection-compliant processing of the data via a standard contractual clause and thereby provides a guarantee that the European level of data protection is maintained.

https://de-de.facebook.com/privacy/policy/

You can withdraw your consent at any time with future effect using our consent management tool.

 

Right to lodge a complaint

You have the right to lodge a complaint about how your personal data is processed by us with a data protection authority. A list of the state data protection commissioners and their contact details can be found under the following link https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html or you can contact our company data protection officers.

 

Your rights as an “affected person” in terms of GDPR

  • Right of access to information about the processing of your personal data (cf. Art. 15 GDPR)
  • Right to rectification of incorrect personal data relating to you and, taking the purposes of the processing into consideration, the right to complete incomplete personal data (cf. Art. 16 GDPR)
  • Right to erasure (“right to be forgotten”) of personal data relating to you, especially if the data is no longer necessary for the purpose for which it has been processed or if you have revoked your consent (cf. Art. 17 GDPR)
  • Right to restriction of processing (blocking), especially when the accuracy of the data is disputed by you, for a period which allows us to verify the accuracy of the personal data (cf. Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR): you have the right to receive the personal data relating you, which you have provided to us, in a structured, commonly used and machine-readable format, and the right to transmit this data to another controller without hindrance from us, provided that the processing is based on consent or on a contract or the processing is carried out by automated means.
  • Right to object to the processing of personal data, especially in the event of processing for direct marketing purposes (Art. 21 GDPR)

Automated individual decision-making, including profiling (Art. 22 GDPR): you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision is necessary for the conclusion or performance of a contract between the you and us, is permitted on the basis of statutory regulations and these regulations contain suitable measures for the protection of your rights and freedoms and your legitimate interests, or is based on your explicit consent.

 

Consent

You have the right to revoke your consent at any time for the future, without stating reasons, by informing QR Quality Reservations Deutschland GmbH that you are revoking your consent to the processing of your personal data by post to Ostpassage 11, 30853 Langenhagen or by e-mail to datenschutz@qr-hotels.com.

Get in Touch