Information about the processing of your data
In accordance with article 12 of the General Data Protection Regulation (hereinafter: GDPR), we have a duty to tell you how your data are processed when you use our website. We take the protection of your personal data seriously. The following Privacy Policy sets out the details of data processing and your statutory rights.
We reserve the right to amend the Privacy Policy with effect from the future in cases including but not limited to the development of the website, the use of new technologies and changes to the statutory basis or corresponding case law.
Disclosure of personal data
We only use personal information for this website. We do not disclose such information to third parties without your specific consent. In the event that data are disclosed to service providers as part of data processing, said service providers are bound by the German Federal Data Protection Act (BDSG), other statutory regulations and this Privacy Policy.
Personal data are only collected or transferred to state institutions or authorities where this is mandatory under law.
We recommend that you read the Privacy Policy from time to time and make a print-out or copy for your files.
Definition of terms
"Website" means all pages of the controller at www.lfpihotels.de
"Personal data" means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. For example, a person's name, e-mail address and telephone number are personal data, as are data about preferences, hobbies and subscriptions or memberships.
„Processing" means operations or sets of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
„Pseudonymisation" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
„Consent" means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
„Google" refers below to Google, LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; contactable in the European Union at: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001.
Scope
The Privacy Policy applies to all www.lfpihotels.de pages. It does not cover any linked websites/websites operated by other providers.
Provider / Representative of the provider in the European Union (EU)
Responsible for processing personal data under this Privacy Policy:
LFPI Hotels Management Deutschland GmbH
Konrad-Adenauer-Ufer 37
50668 Köln
Tel.: +49 221 47 44 25-0
Fax: +49 221 47 44 25 29
Questions about privacy
If you have any questions about privacy in relation to our company or our website, please contact our data protection officer:
Spirit Legal LLP Rechtsanwälte
Rechtsanwalt und Datenschutzbeauftragter / Lawyer and Data Protection Officer
Peter Hense
Postal address:
Datenschutzbeauftragter / Data Protection Officer
c/o LFPI Hotels Management Deutschland GmbH, Konrad-Adenauer-Ufer 37, 50668 Köln
Contact using our encrypted online form:
Contact the data protection officer
Security
We have taken comprehensive technical and organisational measures to protect your personal data from unauthorised access, misuse, loss and other external factors. We review and update our security measures on a regular basis.
Your rights
You have the following rights in relation to personal data concerning you:
Right of access (article 15 GDPR);
Right to rectification (article 16 GDPR) or erasure (article 17 GDPR);
Right to restriction of processing (article 18 GDPR);
Right to object to processing (article 21 GDPR);
Right to withdraw consent (article 7(3) GDPR);
Right to receive the data in a structured, commonly used and machine-readable format ("data portability") and the right to transmit those data to another controller subject to article 20(1)(a) and (b) GDPR (article 20 GDPR)
You can exercise your rights by notifying us using the contact details provided under "Provider / Representative of the provider in the European Union" or by contacting our named data protection officer.
You also have the right to lodge a complaint with a supervisory authority about our processing of your personal data (article 77 GDPR).
Use of the website and access data
You can use our website purely for information purposes without disclosing your identity. When you access individual pages on the website for that purpose, the only information sent to our Webspace provider is access data to allow the website to be displayed to you. The following data are access data:
Browser type / browser version
Operating system used
Browser software language and version
Host name of the terminal device from which you are accessing the website
IP address
Website from which the request is received
Content of the request (specific page)
Date and time of the server request
Access status / HTTP status code
Referrer URL (the previous page visited)
Volume of data transferred
Time zone difference from Greenwich Mean Time (GMT)
The temporary processing of the IP address by the system is necessary to allow the technical delivery of the website to your computer. Your IP address needs to be processed for the duration of the session for this purpose. The legal basis for this processing is article 6(1)(f) GDPR.
Access data are not used to identify individual users and are not combined with other data sources. The access data are deleted once they are no longer required for the purpose for which they are being processed. In the case of data collection for the purpose of delivering the website, data are no longer required when you leave the website.
IP addresses are stored in log files to ensure website functionality. We also use the data to optimise the website and ensure the security of our IT systems. Data are not evaluated for marketing purposes. The data are as a rule deleted after seven days at the latest; processing after this point may take place in certain, specific cases. In such cases, the IP address is deleted or changed to such an extent that it can no longer be associated with the client.
The collection of data for the provision of the website and the processing of data in log files are essential for the operation of the website. You have the right to object to processing. In the event of a reasoned objection, we examine the situation and either cease or amend data processing or demonstrate our compelling legitimate grounds for continued processing.
Cookies
In addition to the access data listed above, cookies are stored in the browser on your terminal device when you use our website. Cookies are small text files containing a series of numbers and are stored locally in the temporary memory of the browser you are using. Cookies do not become part of your PC system and cannot run programs. They are used to make our website user-friendly. Cookies may be essential for technical reasons or may also be used for other purposes (for example analysis / evaluation of website use).
a) Essential cookies
Certain elements of our website require your browser to be identifiable even after you change pages. The following data are processed in cookies:
Language settings
Items in your basket
Log-in details
User data collected by essential cookies are not used to generate user profiles. We also use "session cookies". Session cookies store a session ID that allows different requests from your browser to be identified as belonging to the same session. Session cookies are required for the use of the website functions. Most importantly, session cookies allow us to recognise the terminal device if you return to the website. We use these cookies to recognise you on subsequent visits to the website if you have an account with us; otherwise, you would have to login again each time. The legal basis for this processing is article 6(1)(f) GDPR. We use session cookies to make the use of the website more attractive and more effective. Session cookies are cleared as soon as you log out or close the browser.
Most browsers are set by default to accept cookies automatically. You can object to the processing of your data by cookies. You can change the settings in your browser to prevent or limit the use of cookies. Cookies previously stored can be cleared at any time. This can be done automatically. If you disable cookies for our website, you may not have full access to all the website's functions.
b) Non-essential cookies We also use cookies on our website to allow an analysis of user browsing patterns. For this purpose, the following data, for example, are stored and processed in cookies:
Search terms entered
Frequency of page impressions
Use of website functions
These cookies are used to make the use of the website more efficient and more attractive. The legal basis for this processing is article 6(1)(f) GDPR. Non-essential cookies are cleared automatically after a set time, which differs from cookie to cookie.
You can object to the processing of your data by cookies. If you do not want cookies to be used, you can change your browser settings to prevent the storage of all cookies or of specific cookies, and to clear cookies that have already been stored. You can also set your browser to notify you before a cookie is stored. Change or disabling the use of cookies in your browser settings may restrict the functionality of this website.
If and to the extent that we use third-party cookies on our website, this is indicated below.
c) Cookie banner
When you access the website, a banner appears telling you about the use of cookies and referring you to this Privacy Policy. You are also notified that you can prevent the storage of cookies in your browser settings.
Contacting our company
If you contact us, for example by e-mail or using the contact form on the website, we will process the personal data you provide in order to respond to your enquiry.
A name or pseudonym and a valid e-mail address are essential for processing enquiries using the website contact form. When you send your message to us, the following data are also processed:
IP address
Date / time of registration
The legal basis for processing is article 6(1)(f) GDPR, or article 6(1)(b) GDPR if contact relates to the intention to enter into a contract.
Personal data from the form are processed solely for the purposes of handling your enquiry. This is also our legitimate interest in data processing if you contact us by e-mail. The other personal data processed during the submission process are processed to avoid misuse of the contact form and to protect our IT systems.
Data are not disclosed to third parties. The data are processed solely for the purposes of handling communication. We delete these data once processing is no longer required or limit processing to the minimum required for compliance with mandatory statutory retention obligations.
You can object to the processing of your personal data for enquiries at any time. This applies in particular if processing is not necessary for the performance of a contract with you, as we detail in the above explanation of the functions of processing. In such a case, it may not be possible to continue processing your enquiry. In the event of a reasoned objection, we examine the situation and either cease or amend data processing or demonstrate our compelling legitimate grounds for continued processing.
Processing and disclosure of personal data for contractual purposes
We process your personal data if and to the extent that this is necessary for initiating, establishing, conducting and/or ending a transaction with our company. The legal basis for this is article 6(1)(b) GDPR.
Once the purpose of processing (for example performance of a contract) has been achieved, we shall prevent further processing of the personal data or delete them unless we are entitled to continued retention and further processing on the grounds of your consent (for example consent to the processing of your e-mail address to send advertising e-mails), on the grounds of a contractual agreement, on the grounds of statutory authorisation (for example authorisation to send direct marketing) or on the grounds of legitimate interest (for example retention to allow legal claims).
Your personal data are therefore disclosed if and when
this is necessary for the establishment, performance or termination of transactions with our company (for example disclosure of data to a payment provider / mail-order firm for fulfilment of a contract with you), (article 6(1)(b) GDPR); or
a subcontractor or vicarious agent that we are using solely for the provision of offers or services you wish requires these data (such agents are, unless we specifically state otherwise, only authorised to process the data if and to the extent that this is necessary for the provision of the offer or service); or
this is required under an enforceable official directive (article 6(1)(c) GDPR); or
this is required under an enforceable court order (article 6(1)(c) GDPR); or
we are required to disclose them by law (article 6(1)(c) GDPR); or
processing is necessary in order to protect the vital interests of the data subject or of another natural person (article 6(1)(d) GDPR); or
we are authorised or even obliged to disclose the data in order to pursue overriding legitimate interests (article 6(1)(f) GDPR.
Your personal data shall not otherwise be disclosed to other persons, companies or bodies unless you have given valid consent to such a disclosure. The legal basis for processing in such a case is then article 6(1)(a) GDPR.
Selection processes
Thank you for your interest in our company and your application. Please read on for information on how we process personal data in connection with applications. We process the data that are necessary for the online application process (name, e-mail address and location) and data that you have sent us in connection with your application in order to assess your suitability for the post (or another vacancy at our company) and carry out the selection process.
The primary legal basis for the processing of your personal data in the selection process is section 26 of the German Federal Data Protection Act (BDSG) as amended on 25 May 2018. This provision states that personal data may be processed where necessary for hiring decisions. In the event that the data are necessary after the end of the selection process for the assertion of legal claims, data may be processed in accordance with article 6 GDPR, with purposes including but not limited to legitimate interests pursuant to article 6(1)(f) GDPR. In this case, our interest is in establishing or defending claims.
Data from unsuccessful applicants are deleted after six months. In the event that you have consented to the continued storage of your personal data, we will add your details to our applicant pool. Data in the applicant pool are deleted after two years. If you are appointed to a job at the end of the selection process, the data will be transferred from the applicant data system to the human resources system.
We use a specialist software provider for the selection process. This software provider works for us as a service provider, and may become aware of your personal data in the course of system maintenance and management. We have concluded a contract with this provider governing processing on our behalf as the controller to ensure that any data processing is in compliance with the rules.
Your applicant details will be viewed by the human resources department after receipt of your application. Suitable applications are then passed on internally to the competent person in the relevant department. They then decide on the next steps. Within the company, the only people with access to your data are those who need it to ensure a smooth selection process.
You can object to the processing of your data at any time. This applies in particular if processing is not necessary for the performance of a contract with you, as we detail in the above explanation of the functions of processing. In the event of a reasoned objection, we examine the situation and either cease or amend data processing or demonstrate our compelling legitimate grounds for continued processing.
Hosting
We use external hosting services to provide the following services: infrastructure and platform services, computing capacity, storage resources and database services, security and technical maintenance services. All data required for the operation and use of our website are processed.
We use external hosting services for the operation of this website. The purpose of the use of external hosting services is the secure and efficient provision of our website. The legal basis for processing is article 6(1)(f) GDPR.
The collection of data for the provision and use of the website and the processing of data through external web hosting providers are essential for the operation of the website. You have the right to object to processing. In the event of a reasoned objection, we examine the situation and either cease or amend data processing or demonstrate our compelling legitimate grounds for continued processing.
Third-party content
Third-party content such as videos, maps, RSS feeds and images from other websites are integrated into our website. Such integration requires the providers of such content ("third-party providers") to have access to the IP addresses of users. Without your IP address, they cannot send the content to your browser. Your IP address is therefore required for this content to be displayed.
We make every effort only to use content from third-party providers that only process IP addresses in order to deliver content. However, we have no control over whether third-party providers also, for example, process IP addresses for statistical purposes. Where we are aware of such processing, this is indicated below.
Some third-party providers may process data outside the European Union.
You can reject processing by installing a JavaScript-Blocker such as the browser plug-in 'NoScript' (www.noscript.net) or disabling JavaScript in your browser. This may, however, restrict website functionality.
Google web fonts
We use web fonts from Google for the standardised display of fonts. When you access a page, your browser loads the required web fonts to your browser cache so that texts and fonts are displayed correctly.
To do so, your browser has to establish a connection to the Google servers. This tells Google that our website has been accessed from your IP address. Google web fonts are used for the consistent and attractive displayed of our web pages. This represents a legitimate interest within the meaning of article 6(1)(f) GDPR. We are not aware of and have no control over how long data are stored by Google.
You can object to processing by changing your browser settings so that your browser does not support web fonts – if you do, however, a standard font from your computer will be used.
Google Maps
This website also uses the Google service "Google Maps" to display maps or sections of maps, offering convenient use of a map function on our website.
When you visit the website, Google receives the information that you have accessed the sub-page in question. The data listed in the "Access data" section are also sent to Google. This happens whether or not you have a Google user account and, if you do, whether or not you are logged in. If you are logged in to Google, your data are associated with your account. If you do not want the data to be associated with your Google profile, you need to log out before activating the button.
Google saves your data as user profiles and processes the data for the purposes of marketing, market research and/or the targeted display of its website. The main purpose of this analysis (even for users who are not logged in) is to target marketing and inform other users of the social network about your activities on our website.
The legal basis for processing is article 6(1)(f) GDPR. The purpose of processing is to make our website more attractive and improve the service we offer you. We are not aware of and have no control over how long data are stored by Google.
You will find more information on the purpose and scope of processing by the plug-in provider in the provider's privacy policy. It sets out more information about your rights and possible settings to protect your privacy: policies.google.com/privacy. Google processes personal data in the USA and is subject to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework. You will find more information about the terms of use for Google Maps at www.google.com/intl/en_gb/help/terms_maps/
You have the right to object to processing; however, you must direct your objection to Google. You can change the settings in your browser to prevent or limit the use of cookies. Cookies previously stored can be cleared at any time. This can be done automatically. If you disable cookies for our website, you may not have full access to all the website's functions.
Services for statistics, analysis and marketing purposes
We use third-party services for statistics, analysis and marketing purposes. This enables us to make our website user-friendly and offer you the best possible user experience. The third-party providers use cookies (cf. "Cookies" above) to manage their services. Unless otherwise indicated below, this does not involve the processing of personal data.
Some of the third-party providers offer you the option of objecting directly to the use of the specific service, for example by selecting an opt-out cookie.
If you select the relevant opt-out cookie, the external provider will no longer be able to process data relating to your usage behaviour. You can also object to a specific selection of external services. If you switch browsers or terminal device or clear all cookies, you will have to select the opt-out cookie again.
You can also reject cookies directly on the opt-out platform of the Deutscher Datenschutzrat Online-Werbung (DDOW) (German online marketing data protection council) at www.meine-cookies.org/cookies_verwalten/praeferenzmanager.html or on the Network Advertising Initiative opt-out page at www.networkadvertising.org/choices/ More information on usage-based advertising and opt-outs is available here: www.youronlinechoices.com
The following section sets out the services from external providers currently used on our website, the purpose and scope of processing in each case, and your opt-out options.
Google Analytics
We use Google Analytics, a web analysis service from Google, to tailor our website to your interests. Google Analytics uses cookies (cf. "Cookies" above), which are stored on your computer and allow an analysis of your use of the website. The information about your use of this website generated in this way is transferred to and processed on a Google server in the USA.
If IP anonymisation has been activated on this website, Google will first truncate your IP address within a Member State of the European Union or another signatory state to the Agreement on the European Economic Area. The full IP address will only be transferred to a Google server in the USA and truncated there in exceptional cases. Google then uses this information to evaluate your use of the website, to compile reports for us on website activity and to provide further services relating to website use and Internet use.
The IP address provided by your browser as part of Google Analytics will not be combined with any other data from Google.
This website uses Google Analytics with the extension "_anonymizeIp()". This means that IP addresses are truncated for processing and therefore cannot be associated with specific persons. In the event that data collected about you could be associated with you, such personal data will immediately be deleted to avoid any such association.
We use Google Analytics to analyse and regularly improve use of our website. Statistics allow us to improve our site and make it more useful for you, the user. For the exceptional cases in which personal data is transferred to the USA, Google has signed up to the EU-US Privacy Shield: www.privacyshield.gov/EU-US-Framework The legal basis for processing by Google Analytics is article 6(1)(f) GDPR. The Analytics cookies are deleted after a period of no more than fourteen months.
You have the right to object. You can prevent the storage of cookies with settings in your browser software; please be aware, however, that in this case you may not be able to use all functions of this website in full. You can also prevent the collection of data generated by cookies relating to your use of the website (including your IP address) by Google and the processing of these data by Google by downloading and installing the browser plug-in available here: tools.google.com/dlpage/gaoptout
More information about the third-party provider Google is available here:
www.google.com/analytics/terms/de.html, www.google.com/intl/de/analytics/learn/privacy.html, www.google.de/intl/de/policies/privacy.
Copyright © by Spirit Legal LLP