deenfrzitl

Privacy and data protection policy

Thank you very much for your interest shown in the Apollo Hotel, Regensburg. Data protection is of utmost importance to the team of the hotel and hence, the usage of our Internet presence is generally possible without the provision of your personal data. However, in case any user is interested in using certain specific services provided by our enterprise on our website, the collection and processing of personal data may be necessary. We generally ask for the explicitly expressed consent of the concerned users should the processing of personal data be indispensable and should no legal framework be evident for such data processing.

The processing of personal data, such as the name, address, email address or telephone number of a concerned individual, is always carried out in line with the basic legal frameworks outlined (“Datenschutz-Grundverordnung”) and in line with the regional data protection legislation applicable to the jurisdiction of and to the Apollo Hotel, Regensburg. By complying with these legal requirements, we - as the enterprise - aim to inform the public about the way, range and purpose of the personal data collected, used and processed. Furthermore, concerned individuals are informaed about their inalienable rights by this data protection legislation.

The Apollo Hotel has set in place countless technical and organisational measures to ensure an all-encompassing protection of the personal data processed on our webpage, where possible. Nevertheless, online data transmissions are not free of flaws which is the reason why absolute safety of the transmitted data cannot be guaranteed. Hence, we offer all users and concerned individuals to transmit their personal data using other channels such as over the telephone.

 

1. Explanations


The data protection policy of the Apollo Hotel is based on terms coined by legislative and judicial bodies of the European Union when having issued the basic data protection policies ( “Datenschutz-Grundverordnung (DS-GVO)”). Our data protection policy is set out to be easily legible and understandable to all concerned parties - the public, our guests and business partners. In order to assure this, we would like to provide clarification and definitions on terms used in this policy.

We use, amongst others, the following terms in this data protection policy:

  1. Personal data
    Personal data are all information related to an identifiable or identified natural person (in the following “concerned individual”). A natural person that can be defined directly or indirectly by relation to a known characteristic such as a name, unique identifier number, geo-location data, to an online identifier or to one or more special features which define the physical, psychological, genetical, mental, economical, cultural or social identity of a natural person is regarded as identifiable.
  2. Concerned individual
    Concerned individuals are all identified or identifiable natural persons whose personal data can be processed by any party responsible for the usage of such data.

  3. Data processing
    Data processing is defined as every automated or manual activity carried out or every sequence of activities carried out in conjunction with personal data such as the collection, recording, organising, filing, saving, adjusting or modifying, reading out, interrogating, usage, publication by transmitting, distribution or any other way of making such data available, the comparison or linking, restriction, deletion or annihilation of such data.

  4. Restriction of processing
    Restrictions of data processing are defined as the highlighting of saved personal data with the intent to restrict future processing of such data.

  5. Profiling
    Profiling is defined as every type of the automated processing of personal data in order to analyse or predict certain aspects or qualities of a natural person, especially economic output, economic condition, health, personal preferences, interests, reliability, behaviour, domicile or change of one’s whereabouts.

  6. Pseudonymisation
    Pseudonymisation is the processing of personal data in a way that personal data can no longer be directly or indirectly related to a concerned individual without correlating this data with further information, as long as these information are stored separately and are subject to technical and organisational measures that assure that personal data cannot be assigned to an identified or identifiable natural person.

  7. Guarantor or officer responsible for data processing
    The guarantor or officer responsible for data processing is the natural or judicial person, authority, institution or other office that decides solely or jointly with other parties about the purpose and means of processing personal data. The guarantor or certain criteria of his/her determination can be made a pre-requisite by Union law or the rights of member states, should the before mentioned purpose or means of data processing be provided by union law or by the rights of member states.

  8. Processor
    Processors are natural or judicial persons, authorities, institutions or other offices that process personal data, as mandated by the guarantor.

  9. Recipient
    Recipients are natural or judicial persons, authorities, institutions or other offices to whom personal data is publicised - irrespective whether the recipient is a third party or not. Authorities which possibly receive personal data in the context of certain investigation mandates as per union law or rights of member states are not considered recipients.

  10. Third parties
    Third parties are natural or judicial persons, authorities, institutions or other offices apart from the concerned individual, the guarantor, the processor and the individuals authorised by the direct liability of the processor or guarantor to process personal data.

  11. Consent
    Consent is defined as every voluntarily, unambiguously and only for defined and certain cases in an informed manner provided declaration of will, in form of a statement of any other explicit affirming deed, used by a concerned individual to express his/her approval of the processing of his/her personal data.


 

2. Name and address of the guarantor

The party responsible in line with basic data protection legislation (DS-GVO), with other in the member states of the European Union prevailing data protection laws and with other legislation protecting data, is:

Herr Norbert Auburger
Prüfeninger Schloßstraße 2a
93051 Regensburg

dsb(at)datenschutz-csa.de

 3. CookiesThe websites of the Apollo Hotel use Cookies. Cookies are small text files that are saved on your computer by your web browser.Numerous websites use Cookies. Many Cookies contain a so-called Cookie ID. A Cookie ID is a unique identifier of the Cookie. This identifier is made up of a sequence of signs by which websites and servers can be linked to a certain web browser in which the Cookie is saved. This enables frequented websites and servers to distinguish between the individual browsers of concerned individuals and other Internet browsers that contain Cookies. A certain Internet browser can be recognised and identified through this unique Cookie ID.The usage of Cookies enable the Apollo Hotel to offer the users of its websites customer friendly services which would not be possible without the usage of such Cookies.Information and offers on our websites can be optimised for users by using a Cookie. Cookies enable us, as previously mentioned, to recognise a visitor of our website. The purpose of this recognition is to ease the use of our websites. The user of a website that is Cookie-enabled is not required, for example, to enter his/her login information upon every visit of the website, as these are carried out by the website and the Cookie which is saved on the computer of the user. Another example is a basket Cookie of an online shop. The store remembers the items which a customer placed in the virtual shopping basked by using a Cookie.Concerned individuals can disable the saving and usage of Cookies by a website at any time by manipulating the settings of the used Internet browsers and can object to the usage of Cookies indefinitely. Furthermore, already used and saved Cookies can be deleted by the browser or other software. This functionality is available in all commonly used browsers. Not all functionality of our webpages may be accessible should Cookies be disabled. 4. Collection of general data and informationThe Apollo Hotel’s website collects with every visit of the website by a concerned individual or by an automated system a number of general data and information. These general data and information are saved in the log files of the server. The following may be collected: (1) type and version of browser used, (2) operating system used, (3) the webpage which was visited prior to opening our website (so-called referrer), (4) the subpages which are availed on our website, (5) the date and time of the visit to our website, (6) the Internet Protocol address (IP address), (7) the broadband or Internet service provider of the visiting system and (8) other similar data and information which contribute to the protection of our IT systems in case of cyber attacks.No conclusions as to the concerned individual are drawn during the usage of the general data and information by the Apollo Hotel. These information are rather required in order to (1) deliver the contents of our website correctly, (2) optimise the contents of and advertisements for our website, (3) guarantee the on-going functionality of our IT systems and the technology behind our website and (4) to provide necessary information for criminal prosecution to the judicial authorities in case of a cyber attack. These anonymously collected data and information are hence analysed statically on the one hand, but also in order to augment the levels of data protection and data security in our enterprise on the other hand, so an optimal level of protection can be guaranteed for the personal data processed by us. The anonymous data of the server log files are saved separately from all personal data provided by a concerned individual. 5. Contact through the websiteGiven the legal requirements, the website of the Apollo Hotel contains specifications which enable a fast, electronic and direct means to contact our enterprise which also includes a general address of the so-called electronic mail (email address).Provided that a concerned individual makes contact with the guarantor by email or by using a contact form, the transmitted personal data of the concerned individual are saved. Such voluntarily provided data to the guarantor by a concerned individual are saved in order to work on the query or to make contact with the concerned individual. Personal data are not passed on to Third Parties. 6. Regular deletion and suspension of personal dataThe party responsible for processing processes and saves personal data of concerned individuals only for the time frame allotted for the fulfilment of the reason for saving or if it is required by a European legislative body or another legislator in laws or regulations to which the party responsible for data processing is subject.Personal data are regularly and as per the legal requirements suspended or deleted if the reason for saving the data is no longer applicable or if a deadline for saving data set by a European legislative body or another responsible legislator is expiring. 7. Rights of concerned individuals

 

  1. Right to conformation
    Every concerned individual has the right granted by the European legislators to request a confirmation from the guarantor that personal data concerning this individual are being processed. If a concerned individual wishes to make use of this right to confirmation, he/she may make contact with a representative of the guarantor at any time.

  2. Right to disclosure
    Every individual affected by the processing of personal data has the right granted by the European legislators to receive free of charge disclosure by the guarantor at any time about the stored personal data in relation to this individual as well as a copy of such disclosure. Furthermore, the European legislators have also granted concerned individuals the right to disclosure about the following information:
    • the purpose of data processing
    • the categories of personal data processed
    • the recipient or categories of recipients to which personal data has been disclosed or are still being disclosed, especially in case of recipients in foreign countries or in case of international organisations
    • if applicable the planned duration for which personal data are being saved for, or, should this not be possible, the criteria for the determination of such duration
    • the existence of a right to correction or deletion of the personal data concerning this individual, to restrict the processing by the guarantor or to withdraw consent to this processing
    • the existence of a right to complain to a regulatory body
    • if personal data are not collected at the concerned individual: all available information about the origin of the data
    • the existence of an automated decision making process including profiling as per article 22 of the basic data protection legislation (Artikel 22 Abs.1 and 4 DS-GVO) and - at least in these cases - significant information about the involved logic as well as the range and aspired effects of such data processing for the concerned individual
    Furthermore, every concerned individual has the right to information if personal data has been transmitted to a foreign country or an international organisation. Incidentally, the concerned individual has the right to receive disclosure about suitable guarantees in relation with the transmission, should data have been transmitted internationally.
    If a concerned individual wishes to make use of this right to disclosure, he/she may establish contact with a representative of the guarantor at any time.
  3. Right to correction
    Every concerned individual has the right granted by the European legislators to request an immediate correction of untrue or incorrect information in relation to the individual. Furthermore, every concerned individual has the right to request the completion of incomplete personal data, considering the purposes of the data processing - also by making us of an additional declaration.
    If a concerned individual wishes to make use of this right to correction, he/she may establish contact with a representative of the guarantor at any time.
  4. Right to deletion (right to oblivion)
    Every concerned individual has the right granted by the European legislators to request the immediate deletion of personal data in relation to the individual from the guarantor if one of the following criteria is met and if the processing of the data is not required:
    • The personal data were collected for such purposes or processed in a manner for which they are no longer required
    • The concerned individual withdraws his/her consent, on which the processing was based as per article 6 or article 9 of the basic data protection legislation (Art. 6 Abs. 1 Buchstabe a / rt. 9 Abs. 2 Buchstabe a DS-GVO) and if an alternate legal basis for the processing lacks
    • The concerned individual files for appeal against the data processing as per article 21 of the basic data protection legislation (Art. 21 Abs. 1 DS-GVO) and no prevalent corrective reasons for the processing are evident, or the concerned individual files for appeal against the data processing as per article 21 of the basic data protection legislation (Art. 21 Abs. 2 DS-GVO)
    • The deletion of personal data is essential to the fulfilment of a legal duty as per Union law or rights of the member states to which the guarantor is subject
    • The personal data were collected in relation to services of the information body as per article 8 of the basic data protection legislation (Art. 8 Abs. 1 DS-GVO)
    • If one of the above mentioned criteria is met and a concerned individual wishes to induce the deletion of personal data saved by the Apollo Hotel, he/she may establish contact with a representative of the guarantor at any time. The representative of the Apollo Hotel will prompt the immediate deletion of the data.
    • If the personal data were publicised by the Apollo Hotel and if our enterprise is bound to the duty of deletion as the guarantor by article 17 of the basic data protection legislation (Art. 17 Abs. 1 DS-GVO), the Apollo Hotel will take appropriate measures, also technical measures, in consideration of the available technology and the cost of implementation, in order to inform other parties responsible for data procession which process the publishes personal data of the decision of the concerned individual to request the deletion of all links to the personal data or copies of this personal data from these other parties responsible for data processing, as long as the processing is not necessary. The representative of the Apollo Hotel will prompt necessary means in particular cases.
  5. Right to restriction of processing
    Every concerned individual has the right granted by the European legislators to demand the restriction of the data processing from the guarantor if one of the following criteria is met:
    • The accuracy of the personal data is being contested by the concerned individual and in fact for a duration which enables to guarantor to verify the accuracy of the personal data
    • The processing is unlawful, the concerned individual refuses the deletion of the  personal data and demands instead the restriction of the processing of the personal data
    • The guarantor no longer requires the personal data for the sake of processing, the concerned individual requires the data however in order to enforce, practice or defend legal claims
    • The concerned individuals filed for appeal against the processing as per article 21 of the basic data protection legislation (Art. 21 Abs.1 DS-GVO) and it has not yet been determined if the legitimate reasons of the guarantor outweigh those of the concerned individual
    If one of the above mentioned criteria is met and a concerned individual wishes to induce the restriction of persona data stored by the Apollo Hotel, he/she may establish contact with a representative of the guarantor at any time. The representative of the Apollo Hotel will prompt the immediate restriction of the data.
  6. Right to data transmission
    Every concerned individual has the right granted by the European legislators to receive the personal data concerning this individual which were provided by the concerned individual to a guarantor in a structured, established and machine readable format. He/She also possesses the right to have these data transmitted to another guarantor without obstruction of the guarantor to which the personal data were provided, if the processing is based on the consent as per article 6 or article 9 of the basic data protection legislation (Art. 6 Abs. 1 Buchstabe a; Art. 9 Abs. 2 Buchstabe a  DS-GVO) or based on a contract as per article 6 of the basic data protection legislation (Art. 6 Abs. 1 Buchstabe b DS-GVO) and the processing is conducted using automated techniques, if the processing is not required for the execution of a task of public interest or that is executed by public force transferred to the guarantor.
    Furthermore, the concerned individual has the right to directly transfer the personal data from one guarantor to another when executing his/her right to transferability of data as per article 20 of the basic data protection legislation (Art. 20 Abs. 1 DS-GVO), insofar as this is technically possible and insofar as the rights and freedoms of others are not alienated by this.
    A concerned individual can establish contact to a representative of the Apollo Hotel at any time in order to execute his/her right to data transferability.
  7. Right to appeal
    Every concerned individual has the right granted by the European legislators to appeal the processing of them concerning personal data which occurs based on article 6 of the basic data protection legislation (Art. 6 Abs. 1 Buchstaben e or f DS-GVO) at any time due to reasons that result from their special situation. This also encompasses profiling which is based on of these regulations.
    The Apollo Hotel no longer processes personal data in case of an appeal unless compelling reasons that require protection can be proven and that outweigh the interests, rights and freedoms of the concerned individual or if the processing aids the enforcement, execution or defence of legal claims.
    If the Apollo Hotel processes personal data in order to engage in direct advertising, the  concerned individual has the right to object to the processing of personal data for such advertisements at any time. This is also encompassing profiling, as long as it is related to such direct advertising. The Apollo Hotel will no longer use personal data for direct advertisements if the concerned individual objects to the processing for such functions.
    Furthermore, the concerned individual has the right to object to processing of personal data concerning himself/herself which occurs at the Apollo Hotel for scientific or historic research purposes or for statistical purposes as per article 89 of the basic data protection legislation (Art. 89 Abs. 1 DS-GVO) for reasons which result from his/her special situation, unless such processing is required to fulfil a task which is in the public’s interest.
    A concerned individual can establish contact to a representative of the Apollo Hotel at any time in order to execute his/her right to appeal. The concerned individual has also the liberty, in conjunction with the usage of service of the information enterprise, disregarding policy 2002/58/EG, to execute his/her right to appeal using automated methods which use technical specifications.
  8. Automated decision in particular cases including profiling
    Every concerned individual has the right granted by the European legislators not to be bound to a decision based solely on an automated process - including profiling - which results in legal influence over the individual or influences the individual considerably, provided that the decision (1) is not required for the completion or closure of a contact between the concerned individual and the guarantor or (2) is permissible due to legal requirements of the Union or the member states, to which the guarantor is bound, and these legal requirements contain appropriate measures to protect the rights and freedoms as well as legitimate interests of the concerned individual or (3) is provided with explicit consent of the concerned person.
    If the decision (1) is required for the completion or closure of a contract between the concerned individual and the guarantor or (2) is executed with the explicit consent of the concerned individual, the Apollo Hotel takes appropriate measures in order to protect the rights and freedoms as well as the legitimate interests of concerned individuals. At least the right to coercion of the guarantor’s intervention, to demonstration of personal point of views and to appeal of the decision form part of this over-arching right.
    A concerned individual can establish contact to a representative of the Apollo Hotel at any time in order to execute his/her right to regard to automated decisions.
  9. Right to revoke one’s consent for data protection purposes
    Every concerned individual has the right granted by the European legislators to revoke his/her consent to processing of personal data at any time.
    A concerned individual can establish contact to a representative of the Apollo Hotel at any time in order to execute his/her right to revoke one’s consent.


 
8. Privacy and data protection policies in regard to and for usage of Facebook

The for the processing responsible party has integrated components of the company Facebook into this webpage. Facebook is a social network.

A social network is a social meeting point on the Internet, an online community, that usually enables its users to communicate with each other and to interact on a virtual platform. A social network can be used as a platform to exchange opinions and experiences or enables the online community to provide personal or business related information. Facebook enables users of the social network amongst others the creation of private profiles, the upload of photos and the connection by friend requests.

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States of America. The guarantor for processing personal data is, if the concerned individual resides outside of the United States of America or Canada, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

With every opening of a single page of this website that is operated by the for the processing responsible party and on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser is prompted automatically by the respective Facebook component to download the information of the respective Facebook component from Facebook to the informational-technological system of the concerned individual. An overview of all Facebook plug-ins can be availed from https://developers.facebook.com/docs/plugins/?locale=de_DE. In line with this technical procedure, Facebook is informed precisely which subpage of our website the concerned individual visits.

Facebook recognises with every visit of our webpage by the concerned individual and during the entire duration of the respective visit of our webpage precisely which subpage of our website the concerned individual visits, as long as the concerned individual is logged on simultaneously on Facebook. This information is collected by the Facebook component and attributed to the respective Facebook account of the concerned individual by Facebook. If the concerned individual presses one of the Facebook buttons integrated on our websites, for example the “like” button, or if the concerned individual contributes a comment, Facebook attributes this information to the personal Facebook user account of the concerned individual and saves these personal data.

Facebook always receives information via the Facebook component that a concerned individual visited our website when the concerned individual is simultaneously logged onto Facebook at the time of the visit; this occurs independently and separately whether a concerned individual clicks on the Facebook component or not. This transmission can be avoided by logging out of the Facebook account prior to visiting our website, should such transmission of information to Facebook not be desired by the concerned individual.

The privacy policy published by Facebook and available on https://de-de.facebook.com/about/privacy/, informs about the collection, processing and usage of personal data by Facebook. Furthermore, it is explained which settings Facebook offers to protect the privacy of concerned individuals. Additionally, various applications are available that enable to prevent a data transmission to Facebook. Such applications can be used by concerned individuals to prevent a data transmission to Facebook.

 

9. Legal framework of the processing

Article 6a of the basic data protection legislation (Art. 6 I lit. a DS-GVO) serves our enterprise as the legal basis for acts of processing for which we obtain the consent for a certain purpose of processing. Article 6b of the basic data protection legislation (Art. 6 I lit. b DS-GVO) shall be the basis for processing if the processing of personal data is required for the fulfilment of a contract of which an affected party is the concerned individual, as for example required for acts of processing that are required for the delivery of goods or for the provision of another output or quid pro quo. The same shall be valid for such acts of processing that are required for the execution of pre-contractual measures, for example in case of inquiries about our products or services. Article 6c of the basic data protection legislation (Art. 6 I lit. c DS-GVO) shall be the basis for processing if our enterprise is subject to legal duties by which the processing of personal data become indispensable, such as the compliance with tax-related duties.

In rare cases the processing of personal data may become necessary to protect the vital interests of a concerned individual or of another person. This would be for example the case if a visitor gets injures in our operation and hence his/her name, age, health insurance data or other vital information have to be passed on to a doctor, hospital or other Third Parties. This would be based on article 6d of the basic data protection legislation (Art. 6 I lit. d DS-GVO).

Lastly, acts of processing may be based on article 6f of the basic data protection legislation (Art. 6 I lit. f DS-GVO). Acts of processing not captures by one of the aforementioned legal bases are based on this legal basis if the processing is necessary for the upkeep of a justified interest of our enterprise or of a Third Party as long as the interests, basic rights and basic freedoms of the concerned individual do not overweigh. Such acts of processing are especially permitted to be executed by us, as these were particularly mentioned by the European legislator. The legislator was hence of the opinion that a justified interest may be assumed if the concerned individual was a client of the guarantor (Reason 47 Satz 2 DS-GVO).

 

10. Justified interests in the processing shown by the guarantor or a Third Party

The justified interest is the execution of our business activities in favour of the welfare of all our employees and shareholders if the processing of personal data is based on article 6f of the basic data protection legislation (Art. 6 I lit. f DS-GVO).

 

11. Duration for which personal data is saved

The criterion for the duration of the storage of personal data is the relative legal period for safekeeping. After the expiry of the period the data will be routinely deleted as long as the data is no longer required for the fulfilment or the preparation of a contract.

 

12. Legal or contractual regulations for the provision of the personal data; Requirements for the conclusion of the contract; Commitment of the concerned individual to provide personal data; possible results of the non-provision

We inform that the provision of personal data is partially required by law (for example taxation requirements) or that this may be derived from contractual regulations (for example description of the contractual partner). Occasionally it may be required in order to close a contract that a concerned individual provides us with personal data which subsequently must be processed by us. The concerned individual is for example bound by the duty to provide personal data if our enterprise concludes a contract with the individual. The non-provision of personal data would result in the contract not being able to be closed with the concerned individual. Prior to the provision of personal data the concerned individual has to contact one of our representatives. Our representative informs the concerned individual in single cases whether the provision of personal data is legally or contractually required or required to close the contract, if an obligation to provide personal data is prevailing and about the possible consequences of the non-provision of personal data.

 

13. Existence of an automated decision-making process

As a responsible enterprise we decided not to use an automated decision-making process or profiling.

  • Apollo ***
    Hotel & Restaurant
  • Neuprüll 17
    93051 Regensburg / Deutschland
  • Management:
    Irmgard Rösch
  • Phone:  0049(0)941/9105-0
    Fax:  0049(0)941/9105-70
  • info(at)hotelapollo.de
    www.hotelapollo.de