Privacy Policy
General
Personal data
The subject of privacy is personal data (hereinafter referred to as “data”), i.e. any information relating to an identified or identifiable natural person. Examples of such information include name, address, occupation, e-mail address, state of health, income, marital status, genetic characteristics, telephone number and, if applicable, user data such as the IP address.
Controller
The Controller for processing your personal data in the context of using the website https://shop.eventhotels.com (hereinafter referred to as the “website”) is Crusader Investments B.V. (hereinafter referred to as the “Operator” or “Controller”). The contact details are as follows:
Crusader Investments B.V.,
Zweigniederlassung Deutschland
Konrad-Adenauer-Ufer 5-7
50668 Cologne
info@eventhotels.com
+49 (0) 221 973 056 0
Data protection officer
The data protection officer is reachable at datenschutz@eventhotels.com.
Right to object
If you want to object to the processing of your data by the Operator in accordance with this privacy policy entirely or for individual measures, you can use the contact details, which are stated under the imprint. Please note that in the event of such an objection, the use of the website and the access of the services provided may be restricted or not possible at all.
Scope and purposes of data processing, legal bases, provision of data and storage period
Access and use of the website
Each time the website and its subpages are accessed, usage data is transferred by the respective internet browser and stored in log files (server log files). The stored data records contain the following data:
- date and time of access
- name of the subpage which is accessed
- IP address
- referrer URL (original URL from which you have accessed the website)
- data volume transferred
- product and version information of the browser used
The admissibility of this processing is based on Art. 6 para. 1 b) GDPR stating that the processing is lawful if it is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. The data processed by the Operator is required to enable you to access and use the website. Such data must necessarily be processed while using a telemedia. Otherwise, you are not able to access the website. The log files are evaluated by the Operator in anonymised form in order to continuously improve the website and make it more user-friendly, to find and rectify faults more quickly and control server capacities. For example, it can be understood at which time the use of the website is particularly popular and the Operator can provide appropriate data volume. The admissibility of this processing is based on Art. 6 para. 1 f) GDPR stating that the processing is lawful if it is necessary for the purposes of preserving the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. The legitimate interest of the Operator lies in providing a website with information and offering services to customers as well as optimising the operation of the website. The provision of data is neither prescribed by law nor contractually. The consequence of not providing personal data is that the data cannot be used to optimise the website. Your IP address will be deleted or anonymised after termination of use. In the case of anonymisation, the IP addresses are changed in such a way that they can no longer be assigned to an identified or identifiable natural person or can only be assigned with a disproportionate large amount of time, costs and effort.
Contact form and e-mail at a click
If you wish to get in touch with the Operator, a corresponding contact form is available. You must enter the following information in this form:
- name
- e-Mail address
- message
In addition, you can voluntarily provide the following information:
- telephone number
- company address
Furthermore, you have the option to open an e-mail directed to the Operator at just one click on the website. The e-mail address linked to your e-mail program is automatically used as the sender. If you do not want your e-mail address to be retrieved in this way, you can change it in the settings of your respective e-mail program. The admissibility of this processing is based on Art. 6 para. 1 b) GDPR stating that the processing is lawful if it is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. The personal data processed will be deleted after expiry of the legal retention periods unless the Controller has a legitimate interest in further storage. In any case, only the data will continue to be stored that is necessary to achieve the corresponding purpose. As far as possible, the personal data is anonymised.
Advertising
The Operator uses your data for advertising purposes. The admissibility of this processing is based on Art. 6 para. 1 f) GDPR stating that the processing is lawful if it is necessary for the purposes of preserving the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. The use of data for advertising purposes constitutes a legitimate interest of the Operator according to Art. 6 para. 1 f) GDPR. The Operator is dependent on actively presenting the services to new and existing customers. As a customer of the Operator, you will regularly receive product recommendations by e-mail, which are based on the services you have already used. By doing this, the Operator would like to provide you with information about the services that may be of interest to you on the basis of your last booking. The legal basis is specified in Art. 6 para. 1 f) GDPR in connection with § 7 para. 3 UWG (German Act Against Unfair Competition). The provision of data is neither prescribed by law nor contractually. The consequence of not providing personal data is that you cannot be contacted for advertising purposes. The personal data processed for the purpose of advertising will be deleted unless the Controller has a legitimate interest in further storage. In any case, only the data will continue to be stored that is necessary to achieve the corresponding purpose.
Voucher Shop
The operator offers customers the option of purchasing or gifting individual vouchers via its voucher shop. The vouchers can then be redeemed at all participating hotels for overnight stays and restaurant services.
The vouchers are sent by email so that you can print them yourself. To purchase the vouchers, you therefore need to provide an email address in addition to your personal data.
Payments can be made via PayPal. To do this, the order and payment data (name, address, telephone number, email address, account information) as well as device information, technical usage data and location data are forwarded to PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg.
PayPal uses the data to process payment transactions, check creditworthiness, manage risk and analyse and improve services. For these purposes, personal data may also be passed on to other members of the group and to other third parties, e.g. credit agencies. Personal data may also be transferred to third countries. PayPal has established binding corporate rules for transfers to affiliated companies that have been approved by the appropriate regulatory authorities. These are available here https://www.paypal.com/de/webapps/mpp/ua/bcr. For more information, please see PayPal’s privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full/.
Payments can also be made by credit card. To do this, the card data (card number, card type and expiry date) as well as further payment data (e.g. amount, date, time, etc.) are forwarded to Concardis GmbH, Helfmann-Park 7, 65760 Eschborn.
Concardis uses the data to process the payment transactions and secure the transmission of the data. The data is passed on to the acquirer (Visa, Mastercard) by Concardis. The acquirer uses the data to process payment transactions, prevent card misuse, limit the risk of non-payment, securely transmit data, bill charges, archive receipts and collect receivables. The data may also be disclosed to other third parties such as banks, money laundering offices, etc. For more information, please see Concardis’ privacy policy at https://www.concardis.com/fileadmin/redakteur/Dokumente/Datenschutz/DE_DE_Datenschutz_Information_DSGVO_fuerKarteninhaber.pdf.
The permissibility of the processing by the operator is based on Art. 6 (1) b) GDPR, according to which the processing is lawful if it is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures taken at the request of the data subject. The provision of the data is required so that the purchase and payment can be processed.
The processed personal data will be deleted after the expiry of the legal storage obligations, unless the controller has a legitimate interest in the further storage. In any case, only the data that is really required to achieve the corresponding purpose will continue to be stored. As far as possible, personal data will be made anonymous.
Use of tracking tools
Google Analytics
The Operator uses the web analysis service Google Analytics of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This service uses the above-described cookies to collect information such as your operating system, browser, IP address, the website accessed previously as well as the date and time of your visit to the Operator’s website. The information generated by the cookies about the use of the website will be transferred to a Google server in Ireland and stored there. If necessary, the data may also be transferred to the USA. The transfer of your personal data to the USA is carried out using standard data protection clauses pursuant to Art. 46 para. 2 c) GDPR, which were issued by the European Commission pursuant to Art. 93 para. 2 GDPR. Information on the standard data protection clauses is available on the European Commission’s website (https://ec.europa.eu/info/index_de). You will find further information directly at Google https://policies.google.com/privacy/frameworks?gl=de.
Google will use this information in order to evaluate the use of the website, compile reports on the website activity for the Operator and render further services relating to the website activity and internet use. If this is prescribed by law or if third parties process this data on behalf of Google, Google will share this information with these third parties. This use is anonymised or pseudonymised. You will find further information directly at Google https://policies.google.com/privacy?hl=de.
When using Google Analytics, no direct personal data is stored, but only the internet protocol address. This information is used to automatically recognise you the next time you visit the Operator’s website and make navigation easier for you.
The admissibility of this processing is based on Art. 6 para. 1 f) GDPR stating that the processing is lawful if it is necessary for the purposes of preserving the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. The legitimate interest of the Operator lies in optimising the website by evaluating the website visit.
You can change your cookie settings at any time via Cookiebot by using the arrow key on the right-hand side of the screen.
The personal data collected in the context of the use of tracking tools will be deleted unless the Controller has a legitimate interest in further storage. In any case, only the data will continue to be stored that is necessary to achieve the corresponding purpose. As far as possible, the personal data is anonymised.
The provision of data is neither prescribed by law nor contractually. Without the provision of data, Google Analytics cannot be used.
Akismet
The Operator uses the service Akismet of Automattic Inc., 60 29th Street 343, San Francisco, CA 94107, USA, on the website, which sends comments to a server in the USA in order to check whether they are actually written comments or spam. The transfer of your personal data to the USA is carried out using standard data protection clauses pursuant to Art. 46 para. 2 c) GDPR, which were issued by the European Commission pursuant to Art. 93 para. 2 GDPR. Information on the standard data protection clauses is available on the European Commission’s website (https://ec.europa.eu/info/index_de). You will find further information in the privacy policy of Automattic https://automattic.com/privacy/.
The admissibility of this processing is based on Art. 6 para. 1 f) GDPR stating that the processing is lawful if it is necessary for the purposes of preserving the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. The use for the website security constitutes a legitimate interest of the Operator according to Art. 6 para. 1 f) GDPR.
The provision of data is neither prescribed by law nor necessary for the conclusion of a contract. The consequence of not providing data is that you are not able to use corresponding comment functions.
The Operator does not store any personal data about the integration of Akismet. The personal data collected by Akismet will be deleted unless Automattic has a legitimate interest in further storage. In any case, only the data will continue to be stored that is necessary to achieve the corresponding purpose. As far as possible, the personal data is anonymised. The data is stored by Automattic in accordance with its own privacy policy
Right of access, to rectification, erasure, restriction, object and data portability
Right of access (Art. 15 GDPR)
Upon request, the Operator provides you with information as to whether data is processed concerning you. The Operator makes every effort to process requests for information as quickly as possible.
Right to rectification (Art. 16 GDPR)
You have the right to obtain from the Controller an immediate rectification of inaccurate personal data concerning you.
Right to erasure (Art. 17 GDPR)
You have the right to obtain from the Operator the erasure of personal data concerning you immediately and the Operator is obliged to erase personal data immediately if one of the grounds stated in Art. 17 para. 1 a) – f) GDPR applies.
Right to restriction (Art. 18 GDPR)
You have the right to obtain from the Controller restriction of processing if one of the grounds stated in Art. 18 para. 1 a) – d) GDPR applies.
Right to object (Art. 21 GDPR)
You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Art. 6 para. 1 e) or f) GDPR, including profiling based on those provisions. The Operator shall no longer process your personal data unless the Operator demonstrates compelling legitimate grounds for processing which override the interests, rights and freedoms of you or for the establishment, exercise or defence of legal claims. If personal data is processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. You have the right to object, on grounds relating to your particular situation, to processing of your personal data for scientific or historical research purposes pursuant to Art. 89 para. 1 GDPR unless the processing is necessary for the performance of a task in the public interest. Please use the contact address specified in the imprint for your notification.
Right to data portability (Art. 20 GDPR)
You have the right to receive your personal data, which you provided to the Operator, in a structured, commonly used and machine-readable format and have the right to transmit the data to another controller without hindrance from the operator to which the personal data has been provided, unless the processing is based on a consent pursuant to Art. 6 para. 1 a) GDPR, Art. 9 para. 2 a) GDPR or on a contract pursuant to Art. 6 para. 1 b) GDPR and the processing is carried out by automated means.
Withdrawal of consent
If you have given your consent to processing of your personal data and withdraw it, the processing shall not be affected before its withdrawal.
Right to complain (Art. 77 GDPR)
You have the right to lodge a complaint with a supervisory authority at any time.
Recipients
The data collected when you were accessing and using the website and the information you provided when contacting will be transmitted to the server and stored there. In addition, your data may be transferred to the following categories of recipients:
- Persons working for the Controller who are engaged in the processing (e.g. marketing department, personnel management, customer service)
- Processors (e.g. computer centre, IT service provider, software support, provider of analysis tools, mailing services)
- Operator’s contractual partners (e.g. banks, tax advisers)
Links to third-party websites
When visiting the website, content linked to third-party websites may be displayed. The Operator has neither access to the cookies or other functions used by third parties nor can control them. Such third-party websites are not subject to the Operator’s privacy provisions.