Privacy policy

We wish to take this opportunity to inform you which of your personal data we collect when you visit our website and for what purposes it is used. This Privacy Policy applies to the centromed Berlin-Spandau Betriebs GmbH & Co KG website.

Who is the controller and how can I reach you?

Controller
For the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)
centromed Berlin-Spandau Betriebs GmbH & Co. KG
Brauereihof 6
13585 Berlin
Tel.: +49/30/818 75-0
Email: info@centrovital-berlin.de

Data Protection Officer
DataSolution LUD GmbH
Email: mail@ds-lud.de

What is it about?

This Privacy Policy meets the legal requirements for transparency in the processing of personal data. This is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, email address, IP address or user behaviour when visiting a website. Information for which we cannot (or only with disproportionate effort) establish a reference to your person, e.g. through anonymisation, is not personal data. The processing of personal data (e.g. the collection, retrieval, use, storage or transfer) always requires a legal basis and a defined purpose.
Stored personal data will be deleted as soon as the purpose of the processing has been achieved and there are no legitimate reasons to further store the data. We will inform you about the specific storage periods and criteria for storage in the individual processing operations. Irrespective of this, we store your personal data in individual cases for the assertion, exercise or defence of legal claims and in the event of statutory retention obligations.

Who receives my data?

We only pass on your personal data that we process on our website to third parties if this is necessary to fulfil the purposes and is covered by the legal basis (e.g. consent or protection of legitimate interests) in individual cases. Furthermore, in individual cases, we pass on personal data to third parties if this serves the assertion, exercise or defence of legal claims. Possible recipients may then be, for example, law enforcement authorities, lawyers, auditors, courts, etc.
Insofar as we use service providers to operate our website who process personal data on our behalf as part of order processing in accordance with Article 28 GDPR, they may be recipients of your personal data. Further information on the use of processors and web services can be found in the overview of the individual processing operations.

Online booking via the website

You can book hotel rooms and packages on our website. If users accept this option, the data entered in the input mask will be transmitted to us and stored. This data comprises: First name, last name, email address, telephone, address, number of fellow travellers, estimated time of arrival, wishes, payment details (credit card), date, and time.
If you make an online booking from our website, this is done through the online reservation system of HotelNetSolutions GmbH, Genthiner Straße 8, 10785 Berlin, Germany. All the booking data you enter is transmitted in encrypted form. HotelNetSolutions GmbH has committed itself to handling your transmitted data in accordance with data protection regulations. It takes all organisational and technical measures to protect your data.
As part of the communication regarding your booking, we use the service of Revinate, Inc., based in the USA. Revinate Inc. has undertaken to handle your transmitted data in accordance with data protection regulations. It takes all organisational and technical measures to protect your data We would like to point out that this is a service provider from the USA.
Your data will be used exclusively for processing the booking and for communication.

Legal basis for data processing
The legal basis for the processing of the data is the conclusion of an accommodation contract with the user.

Purpose of data processing
The processing of the personal data from the input mask serves us solely to process the booking request and to process payment transactions.

Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of a contractual relationship, we will delete the data received as soon as national, commercial, statutory or contractual retention requirements have been fulfilled.

Option to object
You can object to the processing of your data at any time. We wish to point out that in the event of an objection, the booking cannot be completed or the conversation cannot be continued.

Online booking via other websites

Centrovital Berlin allows interested parties to book rooms and hotel arrangements via hotel reservation portals (third-party providers). If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored to the extent permitted by the respective hotel reservation portal in accordance with its own data protection regulations. Data can be: First name, last name, email address, telephone, address, number of fellow travellers, estimated time of arrival, wishes, and payment details (credit card).
The data provided is transferred to our hotel software via what is known as a Channel Manager. All booking data received is transmitted in encrypted form. HotelNetSolutions GmbH, Genthiner Straße 8, D-10785 Berlin, Germany, as the provider of the Channel Manager, has undertaken to handle the personal data transmitted in accordance with data protection regulations. It takes all organisational and technical measures to protect your data.
As part of the communication regarding your booking, we use the service of Revinate, Inc., based in the USA. Revinate Inc. has undertaken to handle your transmitted data in accordance with data protection regulations. It takes all organisational and technical measures to protect your data We would like to point out that this is a service provider from the USA.
Your data will be used exclusively for processing the booking and, if necessary, for communication.

Legal basis for data processing
The legal basis for the processing of the data is the conclusion of an accommodation contract with the user.

Purpose of data processing
The processing of the personal data from the input mask serves us solely to process the booking request and to process payment transactions.

Booking spa and wellness treatments

You can book wellness and spa treatments using the contact form, telephone or email. If a user makes use of this option, the following data will be stored by us for the appointment booking: First name, last name, email address, date, and time.
We use the booking system of Treatwell DACH GmbH, Greifswalder Straße 212, 10405 Berlin, Germany for appointment bookings. All the data you enter is transmitted in encrypted form. Treatwell DACH GmbH has undertaken to handle your transmitted data in accordance with data protection regulations. It takes all organisational and technical measures to protect your data.
Your data will be used exclusively for processing the booking and for communication.

Legal basis for data processing
The legal basis for the processing of the data is the conclusion of a contract with the user.

Purpose of data processing
The processing of personal data serves us solely to process the booking request.

Conference bookings

You can book conferences and events on our website. If users accept this option, the data entered in the input mask will be transmitted to us and stored. This data comprises: Title/company, first name, last name, email address, and telephone.
If you book a conference or event on our website, this is done via the online ordering platform of ZELFMADE GmbH, Paul-Nevermann-Platz 5, D-22765 Hamburg, Germany. All order data entered by you will be transmitted in encrypted form. ZELFMADE GmbH is committed to handling your transmitted data in accordance with data protection regulations. It takes all organisational and technical measures to protect your data.
Your data will be used exclusively for processing the booking and for communication.

Legal basis for data processing
The legal basis for the processing of the data is the conclusion of a contract with the customer.

Purpose of data processing
The processing of the personal data from the input mask serves us solely to process the booking request and to process payment transactions.

Purchase of a voucher

You can purchase vouchers on our website. If users accept this option, the data entered in the input mask will be transmitted to us and stored. This data comprises: Title/company, first name, last name, date of birth, email address, address, telephone/fax, voucher value, preferences, payment details.
If you purchase a voucher from our website, this occurs through the online ordering platform of INCERT eTourismus GmbH & Co KG, Leonfeldner Straße 328, A-4040 Linz, Austria. All order data entered by you will be transmitted in encrypted form. INCERT is committed to handling your transmitted data in accordance with data protection regulations. INCERT takes all organisational and technical measures to protect your data.
Your data will be used exclusively for processing the booking and for communication.

Legal basis for data processing
The legal basis for the processing of the data is the conclusion of a purchase contract with the user.

Purpose of data processing
The processing of the personal data from the input mask serves us solely to process the voucher purchase and to process payment transactions.

Option to object
You can object to the processing of your data at any time.

Use of company contact data for support, advice and advertising

For the support, advice and advertising of corporate customers, we collect and use the contact person, telephone number and postal address in addition to the business partner or potential business partner. We receive the information from various sources, either through an inquiry (email or telephone), but also via events, trade fairs, business cards received by our sales staff, etc.

Legal basis for data processing
The legal basis for processing the data is also our legitimate interest in data processing. If the contact is aimed at concluding a contract, the additional legal basis for the processing is the business initiation relationship or contractual relationship.

Purpose of data processing
We use this contact data exclusively for our own purposes and for the needs-based design of our own sales activities.

Duration of storage
In principle, there is no erasure period. However, if our sales department has had no contact with the company contact within 3 years, the sales department will decide whether the contact person of the company contact will be deleted.
If the contact is a pre-contractual relationship (offer, booking or reservation request), the transmitted data will also be stored in our hotel software and used to execute the contract. If there is no contractual relationship, we will delete the data after one year at the end of the year.

Option to object
As a company contact, you have the option to object to the processing of your data at any time.

Online evaluation

Former guests can leave a review at our hotel after check-out. We would like to send you an email within 14 days of your departure to ask you to submit a hotel review. Each evaluation can be published anonymously on request. If you did not feel comfortable in one of our hotels, we would like to take the opportunity to contact you.
If you submit an online evaluation, the data will be stored in the evaluation tool of CA Customer Alliance GmbH, Ullsteinstraße 118 | Turm B, D-12109 Berlin, Germany. Customer Alliance has undertaken to handle your transmitted data in accordance with data protection regulations. It takes all organisational and technical measures to protect your data.
No further data will be passed on to third parties in this context. The data is used exclusively to publish the rating and for arbitration in the event of poor ratings.

Legal basis for data processing
The legal basis for processing the data is also our legitimate interest in data processing.

Purpose of data processing
The purpose of the hotel review is to communicate and summarise the opinions of hotel guests via our website so that interested parties can form their own opinion of our services. The results are also used for our internal quality management.

Duration of storage
The data will not be deleted.

Option to object
It is possible to have the publication of the rating deleted at any time (right to be forgotten). Please let us know which is the rating in question.

You can subscribe to our newsletter on our website. If users accept this option, the data entered in the input mask will be transmitted to us and stored. This data comprises: Email address and voluntary information such as title, first name, last name, language, desired destination or topics.
If you register for a newsletter on our website, the data will be stored in our CRM and newsletter tool of Revinate, Inc., based in the USA. Revinate Inc. has undertaken to handle your transmitted data in accordance with data protection regulations. It takes all organisational and technical measures to protect your data We would like to point out that this is a service provider from the USA.
If we receive an email address in any other way where the recipient clearly informs us that they would like to receive our newsletter, we will collect their data via the input mask on our website.
No further data will be passed on to third parties in this context. The data is used exclusively for sending newsletters.

Legal basis for data processing
The legal basis for the processing of the data is the existence of the recipient's consent. This is ensured by a double opt-in procedure.

Purpose of data processing
We process personal data solely for the purpose of sending individual newsletters.

Duration of storage
The data will be deleted as soon as you unsubscribe from the newsletter service.

Option to object
As a newsletter recipient, you have the option to object to the processing of your data at any time. The recipient can unsubscribe from the newsletter service with each newsletter.

Contact forms

Nature and scope of processing
On our website, you have the opportunity to contact us using the forms provided. The information collected via mandatory fields is required to process the request. In addition, you may voluntarily provide additional information that you believe is necessary to process the contact request.
When using the contact forms, your personal data will not be passed on to third parties.

Legal basis for data processing
The legal basis is our legitimate interest. If your request relates to an existing contractual relationship with us, the processing is carried out for the purpose of fulfilling the contract. You have no legal or contractual obligation to provide your data, but we cannot process your request if you do not provide the information in the mandatory fields. If you do not wish to provide this data, please contact us by telephone or email.

Purpose of the data processing
The processing of your data through the use of our contact forms is for the purpose of communication and processing your request.

Storage duration
If you use a contact form, we store the data collected for each inquiry for a period of three years, starting with the completion of your inquiry or until the

withdrawal of your consent.
If you use the contact form within a contractual relationship, we store the collected data of each request for a period of three years from the end of the contractual relationship.

Online store

You can purchase products from our online store on our website. If a user makes use of this option, they will be redirected to the online store. This is operated by the Hotelshop.one service of Interdependence GmbH, Germany.
Further processing of the purchase is carried out by the online store. You can find the data protection information at https://centrovital.hotelshop.one/en/policies/privacy/.
The data is used exclusively for processing the order in the online store.

Applications to our company

You can apply to a job advertisement or send us a speculative application. You can do this preferably by email, but alternatively in paper form.
You can access our job advertisements on our website. When you apply for a job with us, we store the following general information about you in our personnel management program (Personio):

Salutation
First name, last name
Address
Date of birth
Email address
Phone
Application date
Applied as
Which department did you apply to?
Applied how (by email, via HotelCareer, by post)

Internally, your application may be forwarded to the responsible department head who is involved in the application process. The data will not be passed on to third parties. The data will be used exclusively for processing the application and for communication with you.

Legal basis for data processing
The legal basis for the data processing is also the processing for a pre-contractual relationship or contractual relationship.

Purpose of data processing
The processing of personal data serves us solely to process the application.

Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. If we do not hire you, we will erase all data and documents relating to your application after 6 months at the latest. If, due to your qualifications, we wish to keep your documents for longer, we will obtain your permission to do so.

Option to object
As an applicant, you have the option to object to the processing of your personal data at any time. We would like to point out that in the event of an objection, the application cannot be completed or the conversation cannot be continued.

Protection of minors

This service is mainly aimed at adults. We do not currently market any special areas for children. As a result, we do not knowingly collect information to determine age, nor do we knowingly collect personal data from children under the age of 16. However, we advise all visitors to our website under the age of 16 not to disclose or provide any personal data via our service. In the event that we discover that a child under the age of 16 has provided us with personal data, we will delete the child's personal data from our files as far as is technically possible.

What rights do I have?

Under the conditions of the statutory provisions of the General Data Protection Regulation (GDPR), you have the following rights as a data subject:

Information pursuant to Article 15 GDPR about the personal data stored about you in the form of meaningful information on the details of the processing and a copy of your data;
Correction pursuant to Article 16 GDPR of incorrect or incomplete data stored by us;
Erasure pursuant to Article 17 GDPR of the data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
Restriction of processing pursuant to Article 18 GDPR if the accuracy of the data is contested, the processing is unlawful, we no longer need the data and you oppose its erasure because you require it for the establishment, exercise or defence of legal claims or you have objected to processing pursuant to Article 21 GDPR.
Data portability pursuant to Article 20 GDPR, insofar as you have provided us with personal data on the basis of consent pursuant to Article 6(1)(a) GDPR or on the basis of a contract pursuant to Article 6(1)(b) GDPR and it has been processed by us using automated procedures. You will receive your data in a structured, common and machine-readable format or we will transfer the data directly to another data controller, to the extent that this is technically feasible.
Objection pursuant to Article 21 GDPR to the processing of your personal data, insofar as this is based on Article 6(1)(e), (f) GDPR and there are reasons for this arising from your particular situation or the objection is directed against direct advertising. The right to object does not exist if overriding compelling legitimate grounds for the processing are demonstrated or if the processing is carried out to assert, exercise or defend legal claims. An indication is made where the right to object does not exist for individual processing operations.
Withdrawal pursuant to Article 7(3) GDPR of your consent with effect for the future.
Complaint to a supervisory authority pursuant to Article 77 GDPR if you believe that the processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work or our company headquarters.

Security

We use technical and organisational security measures in accordance with Article 32 GDPR to protect your data managed by us against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security measures are continuously improved in line with technological developments. Access to it is only possible for a few authorised persons and persons with a special data protection obligation who are involved in the technical, administrative or editorial management of data.
For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses SSL or TLS encryption. This means that data that you transmit via this website cannot be read by third parties. You can recognise an encrypted connection by the "https://" address line of your browser and the lock symbol in the browser line.

Updating and amending

We reserve the right to amend, update or supplement this Privacy Policy at any time. Any revised information on data processing applies only to personal data collected or modified after the effective date.

Do we use cookies?

Cookies are small text files that are sent by us to the browser of your end device and stored there when you visit our website. As an alternative to the use of cookies, information can also be stored in the local storage of your browser. Some functions of our website cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies, on the other hand, enable us to carry out various analyses so that we are able, for example, to recognise the browser you are using when you visit our website again and to transmit various information to us (non-essential cookies). With the help of cookies, we can, among other things, make our website more user-friendly and effective for you, for example by tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly via your browser. Cookies do not cause any damage to your end device. They cannot run programs or contain viruses.
We provide information about the respective services for which we use cookies in the individual processing operations. Detailed information on the cookies used can be found in the cookie settings or in this website’s Consent Manager.

How is my data processed in detail?

In the following, we explain the individual processing operations, the scope and purpose of the data processing, the legal basis, the obligation to provide your data and the respective storage period. No automated-decision making in individual cases, including profiling, takes place.

Provision of the website

Nature and scope of processing
When you access and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in what is known as a log file:

IP address of the requesting computer
date and time of access
Name and URL of the retrieved file
Website from which the access is made (referrer URL)
Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider

[Our website is not hosted by us, but by a service provider who processes the aforementioned data on our behalf in accordance with Article 28 GDPR]

Purpose and legal basis
The processing is carried out to safeguard our overriding legitimate interest in displaying our website and ensuring security and stability on the basis of Article 6(f) GDPR. The collection of data and storage in log files is absolutely necessary for the operation of the website. There is no right to object to the processing due to the exception under Article 21(1) GDPR. Insofar as further storage of the log files is required by law, processing is carried out on the basis of Article 6(1)(c) GDPR. There is no legal or contractual obligation to provide the data, but it is not technically possible to access our website without providing the data.

Storage duration
The aforementioned data will be stored for the duration of the display of the website [and for technical reasons for a maximum of [7 days]].

Presence on social media platforms

We maintain fan pages or accounts or channels on the networks listed below in order to provide you with information and offers within social networks and to offer you further ways to contact us and find out about our offers. In the following, we will inform you about what data we or the respective social network process from you in connection with the access and use of our fan pages/accounts.

Data that we process from you
If you wish to contact us via Messenger or via Direct Message via the respective social network, we generally process your user name, which you use to contact us, and may store other data provided by you insofar as this is necessary to process/answer your request.
The legal basis is Article 6(1)(1)(f) GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller).

(Static) usage data that we receive from the social networks
We receive automated statistics about our accounts via Insights functionalities. The statistics include the total number of page views, likes, information on page activity and post interactions, reach, video views/views and information on the proportion of men/women among our fans/followers.
The statistics only contain aggregated data and cannot be linked to individual persons. You are not identifiable to us through this.

What data the social networks process from you
To view the content of our fan pages or accounts, you do not have to be a member of the respective social network and therefore no user account is required for the respective social network.
Please note, however, that the social networks also collect and store data from website visitors without a user account when the respective social network is accessed (e.g. technical data in order to be able to display the website to you) and use cookies and similar technologies, over which we have no influence whatsoever. Details on this can be found in the privacy policy of the respective social network (see the corresponding links above)
If you wish to interact with the content on our fan pages/accounts, e.g. comment on, share or like our posts/contributions and/or wish to contact us via messenger functions, you must first register with the respective social network and provide personal data.
We have no influence on the data processing by the social networks in the context of your use of them. To the best of our knowledge, your data is stored and processed in particular in connection with the provision of the services of the respective social network, as well as for the analysis of user behaviour (using cookies, pixels/web beacons and similar technologies) on the basis of which advertising based on your interests is displayed both within and outside the respective social network. It cannot be ruled out that your data will also be stored by the social networks outside the EU/EEA and passed on to third parties.
Information on, among other things, the exact scope and purposes of the processing of your personal data, the storage period/deletion as well as guidelines on the use of cookies and similar technologies in the context of registration and use of the social networks can be found in the data protection provisions/cookie guidelines of the social networks. There you will also find information on your rights and how to object.

Facebook page
When you visit our Facebook page, Facebook (Meta) collects, among other things, your IP address and other information that is stored on your PC in the form of cookies. This information is used to provide us, as the operator of the Facebook pages, with statistical information about the use of the Facebook page. Facebook provides more information on this under the following link: https://www.facebook.com/privacy/policy.
It is not possible for us to draw conclusions about individual users based on the statistical information transmitted. We only use them to respond to our users’ interests and to continuously improve our online presence and ensure its quality.
We only collect your data via our fan page in order to make it possible to communicate and interact with us. This collection generally includes your name, message content, comment content and the profile information you have made "publicly" available.
The processing of your personal data for the above-mentioned purposes is based on our legitimate business and communication interests in offering an information and communication channel in accordance with Article 6(1)(f) GDPR. If you as a user have given your consent to data processing to the respective provider of the social network, the legal basis for processing is Article 6(1)(a), Article 7 GDPR.
Due to the fact that the actual data processing is carried out by the provider of the social network, our access options to your data are limited. Only the provider of the social network is authorised to have full access to your data. As a result, only the provider can directly take and implement appropriate measures to fulfil your user rights (request for information, request for deletion, objection, etc.). The most effective way to assert such rights is therefore directly against the respective provider.
We are jointly responsible with Facebook for the personal content of the fan page. Data subject rights can be asserted with Meta Platforms Ireland Ltd. as well as with us.
The primary responsibility for the processing of Insights data lies with Facebook in accordance with the GDPR and Facebook fulfils all obligations under the GDPR with regard to the processing of Insights data, Meta Platforms Ireland Ltd. provides the main points of the Page Insights Supplement to the data subjects.
We do not make any decisions regarding the processing of Insights data and the storage duration of cookies on user end devices.
Further information can be found directly on Facebook (supplementary agreement with Facebook): https://www.facebook.com/legal/terms/page_controller_addendum.
For more information, including the exact scope and purposes of the processing of your personal data, the storage period/erasure and guidelines on the use of cookies and similar technologies in the context of registration and use, please refer to Facebook's privacy policy/cookie guidelines:
https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0
https://www.facebook.com/policies/cookies

Instagram page
When you visit our Instagram page, Instagram (Meta) collects, among other things, your IP address and other information that is stored on your PC in the form of cookies. This information is used to provide us, as the operator of the Instagram pages, with statistical information about the use of the Instagram page. Instagram provides more information on this under the following link (Note: clicking on the following link will take you to the website of the social network Facebook, also part of the Meta Group. However, the information provided via the link applies equally to the social network Instagram): https://www.facebook.com/privacy/policy.
It is not possible for us to draw conclusions about individual users based on the statistical information transmitted. We only use them to respond to our users’ interests and to continuously improve our online presence and ensure its quality.
We only collect your data via our fan page in order to make it possible to communicate and interact with us. This collection generally includes your name, message content, comment content and the profile information you have made "publicly" available.
The processing of your personal data for the above-mentioned purposes is based on our legitimate business and communication interests in offering an information and communication channel in accordance with Article 6(1)(f) GDPR. If you as a user have given your consent to data processing to the respective provider of the social network, the legal basis for processing is Article 6(1)(a), Article 7 GDPR.
Due to the fact that the actual data processing is carried out by the provider of the social network, our access options to your data are limited. Only the provider of the social network is authorised to have full access to your data. As a result, only the provider can directly take and implement appropriate measures to fulfil your user rights (request for information, request for deletion, objection, etc.). The most effective way to assert such rights is therefore directly against the respective provider.
We are jointly responsible with Instagram for the personal content of the fan page. Data subject rights can be asserted with Meta Platforms Ireland Ltd. as well as with us.
The primary responsibility for the processing of Insights data lies with Instagram in accordance with the GDPR and Instagram fulfils all obligations under the GDPR with regard to the processing of Insights data, Meta Platforms Ireland Ltd. provides the main points of the Page Insights Supplement to the data subjects.
We do not make any decisions regarding the processing of Insights data and the storage duration of cookies on user end devices.
Further information can be found directly on Instagram (supplementary agreement with Facebook): https://www.facebook.com/legal/terms/page_controller_addendum.
For more information, including the exact scope and purposes of the processing of your personal data, the storage period/deletion and guidelines on the use of cookies and similar technologies in the context of registration and use, please refer to Instagram's privacy policy/cookie policy (note: clicking on the following link will take you to the website of the social network Facebook):
https://help.instagram.com/519522125107875/?helpref=uf_share
This information can also be viewed in the help section of the Instagram website via the following link:
https://help.instagram.com/581066165581870

XING page
XING is a social network of New Work SE based in Hamburg, Germany, which enables the creation of private and professional profiles of natural persons and company profiles. Users can maintain their existing contacts and make new ones within the social network. Companies and other organisations can create profiles where photos and other company information can be uploaded to present themselves as employers and hire employees. Other XING users have access to this information and can write their own articles and share this content with others. The focus of the network is on professional exchange on specialist topics with people who have the same professional interests.
When using or visiting the network, XING or third parties used by XING automatically collect data from users or visitors during the use or visit, such as user name, job title and IP address. This is done with the help of various tracking technologies. XING provides users with information, offers and recommendations based on the data collected in this way, among other things.
We only collect your data via our company profile in order to make it possible to communicate and interact with us. This collection generally includes your name, message content, comment content and the profile information you have made "publicly" available.
The processing of your personal data for the above-mentioned purposes is based on our legitimate business and communicative interest in offering an information and communication channel in accordance with Article 6(1)(f) GDPR. If you as a user have given your consent to the respective provider of the social network to process your data, the legal basis for processing is Article 6(1)(a) and Article 7 GDPR.
Due to the fact that the actual data processing is carried out by the provider of the social network, our access options to your data are limited. Only the provider of the social network is authorised to have full access to your data. As a result, only the provider can directly take and implement appropriate measures to fulfil your user rights (request for information, request for deletion, objection, etc.). The most effective way to assert such rights is therefore directly against the respective provider.
Together with XING, we are responsible for the personal content of our company profile. Data subject rights can be asserted with New Work SE and with us.
We do not make any decisions regarding the data collected on the XING site using tracking technologies.
Further information about XING can be found at https://corporate.xing.com/de/unternehmen.
Further information on data protection at XING can be found at https://privacy.xing.com/de/datenschutzerklaerung.

YouTube
Nature and scope of processing
We have integrated YouTube video on our website. YouTube Video is a component of the video platform of YouTube, LLC, on which users can upload content, share it over the Internet and receive detailed statistics.
YouTube Video enables us to integrate content from the platform into our website.
YouTube Video uses cookies and other browser technologies to evaluate user behaviour, recognise users and create user profiles. This information is used, among other things, to analyse the activity of the content listened to and to create reports. If a user is registered with YouTube, LLC, YouTube Video can assign the videos played to the profile.
We also maintain an account on YouTube for the publication of videos. Youtube is a service of Google Inc. When you visit our YouTube channel, YouTube or third parties automatically collect data from users or visitors, such as IP addresses, during the use or visit. This is done with the help of various tracking technologies. YouTube provides users with information, offers and recommendations based on the data collected in this way, among other things.
When you access this content or visit the YouTube website, a connection is established to the servers of YouTube, LLC, Google Ireland Limited, Gordon House, Barrow Street Dublin 4 Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted.

Purpose and legal basis
The service is used on the basis of your consent in accordance with Article 6(1)(a) GDPR or we use the YouTube channel on the basis of our legitimate interest in accordance with Article 6(1)(f) GDPR.

Storage duration
The specific storage period of the processed data cannot be influenced by us, but is determined by YouTube, LLC. Further information can be found in the privacy policy for YouTube Video: https://policies.google.com/privacy.

Bing Ads

Nature and scope of processing
We have integrated Bing Ads on our website. Bing Ads is a service provided by Microsoft Corporation to display targeted advertising to users. Bing Ads uses cookies and other browser technologies to evaluate user behaviour and recognise users.
Bing Ads collects information about visitor behaviour on various websites. This information is used to optimise the relevance of advertising. Furthermore, Bing Ads delivers targeted advertising based on behavioural profiles and geographic location. Your IP address and other identification features such as your user agent are transmitted to the provider.
In this case, your data will be passed on to the operator of Bing Ads, Microsoft Corporation, One Microsoft Way Redmond, WA 98052-6399, United States.

Purpose and legal basis
The use of Bing Ads is based on your consent in accordance with Article 6(1)(a) GDPR and Section 25(1) TTDSG.

Storage duration
The specific storage period of the processed data cannot be influenced by us, but is determined by Microsoft Corporation. Further information can be found in the privacy policy for Bing Ads: https://privacy.microsoft.com/de-de/privacystatement.

Google Ads

Nature and scope of processing
We have integrated Google Ads on our website. Google Ads is a service provided by Google Ireland Limited to display targeted advertising to users. Google Ads uses cookies and other browser technologies to evaluate user behaviour and recognise users.
Google Ads collects information about visitor behaviour on various websites. This information is used to optimise the relevance of advertising. Furthermore, Google Ads delivers targeted advertising based on behavioural profiles and geographic location. Your IP address and other identification features such as your user agent are transmitted to the provider.
If you are registered with a Google Ireland Limited service, Google Ads can assign the visit to your account. Even if you are not registered with Google Ireland Limited or have not logged in, it is possible that the provider will find out and store your IP address and other identification features.
In this case, your data will be passed on to the operator of Google Ads, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Purpose and legal basis
The use of Google Ads is based on your consent in accordance with Article 6(1)(a) GDPR and Section 25(1) TTDSG.

Storage duration
We cannot influence the specific storage duration of the processed data because it is determined by the company Google Ireland Limited. Further information can be found in the privacy policy for Google Ads: https://policies.google.com/privacy.

Google Analytics

Nature and scope of processing
We use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analysis service for the statistical evaluation of our online offering. This includes, for example, the number of visits to our online offering, sub-pages visited and the time spent by visitors.
Google Analytics uses cookies and other browser technologies to evaluate user behaviour and recognise users.
This information is used, among other things, to compile reports on website activity.

Purpose and legal basis
The use of Google Analytics is based on your consent in accordance with Article 6(1)(a) GDPR and Section 25(1) TTDSG.

Google CDN

Nature and scope of processing
We use Google CDN to properly provide the content of our website. Google CDN is a service provided by Google Ireland Limited, which acts as a content delivery network (CDN) on our website.
A CDN helps to make the content of our online offering, in particular files such as graphics or scripts, available more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Google CDN.

Purpose and legal basis
The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in the secure and efficient provision and optimisation of our online offer in accordance with Article 6(1)(a) GDPR.

Google DoubleClick

Nature and scope of processing
We have integrated components from DoubleClick by Google on our website. DoubleClick is a Google brand under which mainly special online marketing solutions are marketed to advertising agencies and publishers. DoubleClick by Google transmits data to the DoubleClick server with every impression as well as with clicks or other activities.
Each of these data transfers triggers a cookie request to the data subject's browser. If the browser accepts this request, DoubleClick sets a cookie in your browser.
DoubleClick uses a cookie ID, which is required for the technical process. The cookie ID is required, for example, to display an advertisement in a browser. DoubleClick can also use the cookie ID to record which advertisements have already been displayed in a browser in order to avoid duplication. The cookie ID also enables DoubleClick to record conversions. Conversions are recorded, for example, when a user has previously been shown a DoubleClick ad and subsequently makes a purchase on the advertiser's website using the same Internet browser.
A DoubleClick cookie does not contain any personal data, but may contain additional campaign identifiers. A campaign identifier is used to identify the campaigns with which you have already been in contact on other websites. As part of this service, Google obtains knowledge of data that Google also uses to create commission statements. Among other things, Google can track that you have clicked on certain links on our website. In this case, your data will be passed on to the operator of DoubleClick, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Further information and the applicable data protection provisions of DoubleClick by Google can be found at policies.google.com/privacy.

Purpose and legal basis
We process your data with the help of a double-click cookie for the purpose of optimising and displaying advertising on the basis of your consent in accordance with Article 6(1)(a) GDPR and Section 25(1) TTDSG. You give your consent by setting the use of cookies (cookie banner/consent manager), with which you can also declare your withdrawal at any time with effect for the future in accordance with Article 7(3) GDPR. The cookie is used, among other things, to place and display user-relevant advertising and to create reports on advertising campaigns or to improve them. The cookie is also used to avoid multiple displays of the same advertisement. Each time you access one of the individual pages of our website on which a DoubleClick component has been integrated, your browser is automatically prompted by the respective DoubleClick component to transmit data to Google for the purpose of online advertising and billing of commissions. There is no legal or contractual obligation to provide your data. If you do not give us your consent, you can visit our website without restriction, but not all functions may be fully available.

Storage duration
The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google DoubleClick: https://policies.google.com/privacy.

Google Maps

Nature and scope of processing
We use the map service Google Maps to provide directions. Google Maps is a service provided by Google Ireland Limited, which displays a map on our website.
When you access this content on our website, you establish a connection to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Google Maps.

Purpose and legal basis
The use of Google Maps is based on your consent in accordance with Article 6(1)(a) GDPR and Section 25(1) TTDSG.

Google Tag Manager

Nature and scope of processing
We use the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags via an interface and allows us to control the precise integration of services on our website.
This allows us to flexibly integrate additional services in order to evaluate user access to our website.

Purpose and legal basis
The use of Google Tag Manager is based on your consent in accordance with Article 6(1)(a) GDPR and Section 25(1) TTDSG.

Google reCAPTCHA

Nature and scope of processing
We have integrated Google reCAPTCHA components on our website. Google reCAPTCHA is a service of Google Ireland Limited and enables us to distinguish whether a contact request comes from a natural person or is automated through a program. When you access this content, you establish a connection to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. Furthermore, Google reCAPTCHA records the user's dwell time and mouse movements in order to distinguish automated requests from human ones. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Google reCAPTCHA.

Purpose and legal basis
The use of Google reCAPTCHA is based on your consent in accordance with Article 6(1)(a) GDPR and Section 25(1) TTDSG.

DialogShift chat application on our website

Our website uses the chat application of DialogShift GmbH, Rheinsberger Str. 76/77, 10115 Berlin. This application processes and stores data for the purpose of web analysis, to operate the chat application and to respond to inquiries.
To operate the chat function, the chat texts are saved and a cookie with a unique ID is set - this is used to recognise you as a customer.
A cookie is a small text file that is stored locally in the cache on your device. With the help of this cookie, our application recognises the device and can call up past chat logs. This cookie is stored for 90 days since it was last used. You can deactivate the storage of cookies in your browser settings. However, the chat function cannot be executed without the use of cookies.
The possible disclosure of e.g. name, email address or telephone number is voluntary and with the consent to temporarily use and store this data for the purpose of establishing contact until the end of the contact. This personal data is deleted after 90 days.
The legal basis for data processing is Article 6(1)(f) GDPR on the basis of our legitimate interest in effective customer service, for statistical analysis of user behaviour and for the purpose of optimising our offers.
DialogShift offers under
https://www.dialogshift.com/en-old/data-privacy
further information on the collection and use of data and on your rights and options for protecting your privacy.

Hotelchamp

Nature and scope of processing
We use Hotelchamp from Hotelchamp B.V., Amsterdam, Noord-Holland, NL, a professional provider of online software and services, to improve our online booking process and to personalise and optimise our interaction with users.
In providing this service, Hotelchamp may process some of your personal data on our behalf. Both we and Hotelchamp value and respect your privacy. We process and protect your personal data in accordance with all applicable laws and regulations, and we and Hotelchamp may process data such as your email address, IP address or browser fingerprint in combination with your booking data and other interactions on our website in order to prepare content and offers that we think may be relevant and appealing to you. If you book at Christmas, for example, we can make you a special Christmas offer. If we can deduce from your booking details that you are a family, we can also offer you special family discounts, for example.

Purpose and legal basis
We process your data with the help of Hotelchamp for the purpose of optimising our website and for marketing purposes on the basis of your consent in accordance with Article 6(1)(a) GDPR and Section 25 paragraph 1 TTDSG. Hotelchamp's services may include the use of cookies on our website.

Storage duration
The specific storage period of the processed data cannot be influenced by us, but is determined by Hotelchamp B.V.. Further information can be found in the privacy policy for Hotelchamp: www.hotelchamp.com/privacy-policy.

INTO CITIES CDN

Nature and scope of processing
We use INTO CITIES CDN for the proper provision of the content of our website. INTO CITIES CDN is a service provided by Durch die Stadt GmbH, which acts as a content delivery network (CDN) on our website.
A CDN helps to make the content of our online offering, in particular files such as graphics or scripts, available more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to the servers of Durch die Stadt GmbH, Weißenseer Weg 37, 13055 Berlin, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of INTO CITIES CDN.

Storage duration
The specific storage period of the processed data cannot be influenced by us, but is determined by Durch die Stadt GmbH. Further information can be found in the privacy policy for INTO CITIES CDN: intocities.com/privacy.

Usercentrics

Nature and scope of processing
We have integrated Usercentrics on our website. Usercentrics is a consent solution from Usercentrics GmbH, Rosental 4, 80331 Munich, Germany, with which consent to the storage of cookies can be obtained and documented. Usercentrics uses cookies or other web technologies to recognise users and to store the consent given or withdrawn.

Purpose and legal basis
The use of the service is based on obtaining the legally required consent to the use of cookies in accordance with Article 6(1)(c) GDPR.

Storage duration
The specific storage period of the processed data cannot be influenced by us, but is determined by Usercentrics GmbH. Further information can be found in the privacy policy for Usercentrics: https://usercentrics.com/privacy-policy/.

Updated November 2023

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

Privacy policy

Who is the controller and how can I reach you?

What is it about?

Who receives my data?

Online booking via the website

Online booking via other websites

Booking spa and wellness treatments

Conference bookings

Purchase of a voucher

Use of company contact data for support, advice and advertising

Online evaluation

Newsletter

Contact forms

Online store

Applications to our company

Protection of minors

What rights do I have?

Security

Updating and amending

Do we use cookies?

How is my data processed in detail?

Provision of the website

Presence on social media platforms

Bing Ads

Google Ads

Google Analytics

Google CDN

Google DoubleClick

Google Maps

Google Tag Manager

Google reCAPTCHA

DialogShift chat application on our website

Hotelchamp

INTO CITIES CDN

Usercentrics

Your browser is out-of-date!