DATA PROTECTION PROVISIONS

Thank you for your interest in our website mucrooms.de (‘website’) and our application software for mobile devices, the Munich Rooms app (‘app’). The website and the app are operated by Munich Rooms GmbH (‘Munich Rooms’) and offer you, the user (‘user’), the option of learning about the room offerings and the various hotel locations of the Munich Rooms Group, booking a room if you are interested and there is a vacancy, and contacting us if you have questions.

We take the protection of your personal data seriously and abide by the provisions of data protection laws and other relevant data protection requirements. In the sections below we tell you, as a user of our website or our app, how we handle your data and provide you with an overview of the measures we have implemented to protect personal data. kare-hotel.com

1. Controller and scope

The controller pursuant to the EU General Data Protection Regulation  (‘GDPR’) and other national data protection laws of member states as well as other data protection provisions is:

Munich Rooms Hotel e.K., Inh. Selcuk Gürler

Herzogstr. 51

80803 München

This privacy policy is valid for the online presence of Munich Rooms GmbH, Herzogstr. 51, 80803 Munich, which can be accessed under the domain https://www.mucrooms.de, as well as various subdomains.

2. Data protection officer

The controller’s external data protection officer is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)

Promenade 27

91522 Ansbach

E-Mail: poststelle@lda.bayern.de

 

3. Principles of data processing

Personal data refers to all information related to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, email address, IP address or user behaviour. Information that we cannot use to identify you personally (or that would involve a disproportionate effort to do so), for example, by anonymising the information, does not represent personal data. The processing of personal data (e.g. collecting, accessing, using, storing or transmitting such data) always requires a legal basis or your consent. Personal data that has been processed is deleted as soon as the purpose of the processing has been achieved and there are no further statutory retention obligations.

If we process your personal data in order to provide certain offers, we will subsequently inform you of the specific processes, the scope and the purpose of the data processing activity, the legal basis for the processing activity and the relevant storage period.

4. Individual processing steps

a. Type and scope of data processing

When you access and use our website, we collect personal data that your browser automatically sends to our server. This information is temporarily saved in a log file. When you use our website, we collect the following information, which we need for technical reasons in order to display our website to you and ensure stability and security:

Every time a user accesses the website or the app and every time a file is accessed, access data related to this action is stored in a log file on our server. This data includes:

  • Browser type/version
  • Operating system used
  • Referring URL (the site previously visited)
  • Host name of the accessing computer (IP address)
  • Time and date of the server request
  • Volume of data transmitted and access status (file transmitted, file not found, etc.).

This data is used to generate pseudonymised internal statistics that help us to analyse the use of the website, correct errors and improve our services. It is not used for any other purpose related to you individually. In particular, this data is not merged with other data sources. This data is automatically deleted after the statistical assessment. You can prevent your pseudonymised data being used for statistical purposes at any time by using the corresponding setting in your browser software to prevent cookies from being saved on your computer (see para 6.).

b. Legal basis

The legal basis of the specified data processing activity is Art. 6 (1f) GDPR. The processing of the specified data is necessary to provide the website and thus serves to safeguard the legitimate interests of our company.

In addition, Munich Rooms generally only collects and uses personal data that the user sends when using the website or the app, for example, when booking a room or using the contact form on the website to make an enquiry.

It is necessary for customers to provide their full name, address and email address when making a reservation and/or booking. This data is required to process the booking. In addition, other information may also be necessary, such as telephone number, company name, tax identification number, account details or credit card details.

c. Storage period and data deletion

As soon as the specified data is no longer necessary to display the website, it will be deleted. The collection of data to provide the website and the storage of data in log files is necessary for the operation of the website. Consequently, the user does not have the right to object to such use. The data may be stored for longer periods in individual cases if such storage is legally required.

d. Minors

Persons under the age of 18 should not provide us with any personal data without the consent of their parents or guardians. We do not request personal data from children and young people, nor do we collect such data or forward it to third parties.

5. Email correspondence

a. Evaluation email following a stay

After staying at a Munich Rooms, customers will receive an email asking them to rate their stay and suggest improvements.

The legal basis for the data processing activity carried out in respect of the use of your email address is Art. 6 (1f) GDPR. The processing of email addresses and the collection of evaluations is necessary to ensure the quality of the hotel and to optimise hotel services, and therefore helps to safeguard the legitimate interests of our company. This evaluation e-mail is not used for any other purpose.

As soon as the specified data (email address and evaluation) are no longer required for the specified optimisation purposes, they will immediately be deleted.

b. Munich Rooms newsletter

When registering for the Munich Rooms newsletter, the user declared his/her consent to regularly receive a newsletter email containing news, campaigns and offers from Munich Rooms (as well as articles related to the topic of hotels, travel and overnight accommodation). The personal data that Munich Rooms processes to send the newsletter is not disclosed to other companies. Consent regarding use of your email address can be revoked at any time with future effect (newsletter@mucrooms.de). In addition, a separate link located at the end of each newsletter can be used to unsubscribe from the newsletter.

You expressly gave the following declaration of consent when you subscribed to the newsletter on our website: https://www.mucrooms.de/en/newsletter/ and we have logged this consent:

‘I would like to subscribe to the free Munich Rooms newsletter and receive regular news and information about campaigns and offers from Munich Rooms related to the topic of hotels and travel. My email address will not be disclosed to other companies. I can revoke my consent to receive the newsletter with future effect at any time at the website https://www.mucrooms.de/en/newsletter/.’

6. Processing and deletion

Munich Rooms may, of its own initiative or at the request of the user, complete, correct or delete incomplete, erroneous or outdated personal data that Munich Rooms has stored in connection with the operation of this website. If these processes are carried out at the request of the user, Munich Rooms may only do so if the user has sufficiently identified him/herself. Identity is verified using a copy of a photo ID – which will of course be deleted immediately after the authentication has been completed – or using criteria that can only be known by the user. Munich Rooms cannot agree to the user’s request if he/she is not properly identified.

In line with statutory provisions, Munich Rooms deletes personal data immediately upon the user’s request, provided there are no mandatory retention obligations to the contrary.

7. Disclosure of personal data to third parties

a. Personal data is handled confidentially and in line with the statutory data protection regulations. Data is not disclosed to third parties without the user’s consent, unless doing so is required to carry out orders, process payments or process requests or it is permitted in accordance with the statutory provisions. External service providers are obliged to handle data confidentially and securely, and they may only use the data as required to carry out their duties.

b. This is particularly true for any payments processed by external service providers as well as the exchange of data with SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, for the purpose of credit checks if there is a legitimate interest or in the event of non-contractual conduct. SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, stores and transmits data for credit checks to its contractual partners. The user’s legitimate concerns are taken into account in line with the statutory provisions.

c. Otherwise, personal data is only disclosed if the user has given his/her express prior consent or if doing so is necessary for the prosecution of criminal offences. Personal data is only transmitted to the authorities or government agencies with the right to receive information if doing so is subject to a statutory obligation to provide information or there has been a court ruling to this effect. Your legitimate concerns are taken into account in line with the statutory data protection provisions. Where necessary, we may disclose your data to third parties on the basis of statutory requirements. We only comply with such requests if we are required to do so in line with statutory obligations.

d. You may revoke the consent to disclose your data at any time and without the need to provide us with a reason.

8. Protection of data

The protection of personal data is an important corporate principle at Munich Rooms. This is achieved through, among other things, training, a company data protection officer and a written agreement with all employees and external service providers to maintain the confidentiality of data and comply with data protection requirements.

All technical and organisational, physical and computer systems and measures in the area of data protection, IT and information security help to protect stored data from damage, destruction and unauthorised access and to achieve the protection objectives of confidentiality, availability and integrity.

For the sake of security, personal data is collected with the use of an encrypted secure socket layer (SSL) connection (which can be recognised by the use of ‘https://’ at the beginning of the website address in the address bar of the internet browser)

In addition, Munich Rooms takes all reasonable precautions to prevent unauthorised access to users’ personal data as well as the unauthorised use or falsification of this data and to minimise the corresponding risks. However, the provision of personal data, whether this is done in person, on the phone or online, always involves risks, and there is no technical system that is completely impervious to manipulation or sabotage.

9. Use of cookies

Munich Rooms uses cookies (i.e. text files) or web beacons (i.e. graphics files), which are stored on the user’s device. These files are used to collect certain user-specific settings and technical information that can be used to identify users. This information shows when and how the user used the website and they allow us to continuously improve the website. Thanks to cookies, users do not have to enter their personal details every time they complete forms on the website. The use of cookies is widespread and a feature of many websites. Cookies are stored on the user’s device, not on the website.

When they first use the Munich Rooms website or app, users are informed about the use of cookies. Munich Rooms only uses cookies to read information stored by a cookie from the site on the user’s device. By using the website without adjusting the browser settings, the user agrees to the use of cookies as specified in these data protection regulations. Users who do not want cookies stored on their device, who want to delete a stored cookie or who want to be informed when cookies are stored on their device can adjust their browser settings accordingly. For specific information about how to do this, please see the instructions provided with your browser or device.

The legal basis for processing personal data involving the use of cookies is Art. 6 (1f) GDPR. If you have granted us consent to use cookies on the basis of a note on the website (cookie banner), the lawfulness of the use of personal data is based on Art. 6 (1a) GDPR.

Most browsers are configured to accept cookies by default. However, you can configure your browser so that it only accepts certain cookies or no cookies at all. Please note, however, that you may not be able to use all of the functions of our website if you deactivate cookies on our website through your browser settings. You can also use your browser settings to delete cookies that have already been stored in your browser or to display the storage period. In addition, you can configure your browser so that you are informed before cookies are saved. As different browsers may vary in terms of their functionality, please see your browser’s help menu for the configuration options.

If you would like a comprehensive overview of all third parties that have access to your internet browser, we recommend that you install a special plug-in for this purpose.

10. Tracking and analysis tools

We use tracking and analysis tools to ensure ongoing optimisation and the need-based design of our website. Tracking also enables us to collect statistics regarding the use of our website, which helps us to enhance our online presence using the resulting findings. Based on these interests, the use of the following tracking and analysis tools is legitimate in accordance with Art. 6 (1f) GDPR.

The following description of tracking and analysis tools also reveals the respective processing purposes and the data processed.

a. Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc. (‘Google’). Google Analytics uses cookies, or text files, which are stored on your device and which enable your use of the website to be analysed. The information created by the cookie about your use of this website is generally transmitted to a Google server in the USA and stored there. Google Analytics has been enhanced on this website to include the code ‘gat._anonymizeIp()’; in order to ensure the anonymous collection of IP addresses. With this code, your IP address is first abbreviated by Google within member states of the European Union and in other contracting states which are party to the Agreement on the European Economic Area. The full IP address is only transmitted to a Google server in the USA and abbreviated there in exceptional cases.

On behalf of Munich Rooms, Google uses this information to assess your use of the website, to compile reports about website activities and to provide other services related to use of the website and the internet to the website operator. The abbreviated IP address transmitted from your browser as part of the Google Analytics service will not be merged with other Google data. You can prevent cookies from being stored on your device by adjusting the browser settings accordingly; however, if you do this, you may not be able to fully use all of the website’s functions.

You can also prevent the collection of the information generated by the cookie related to your use of the website or app (including your IP address) and the processing of this data by Google by downloading and installing the browser add-on available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

Alternatively, you can prevent the collection of data by Google Analytics when you use a mobile device by clicking on the following link. Doing so will save an opt-out cookie that will prevent the future collection of your data when you visit this website: <a href=”javascript:gaOptout()”>Click here to opt-out of Google Analytics</a>.

Further information about Google Analytics can be found here:

http://www.google.com/intl/en/policies/privacy/partners/

11. Social plugins

We use the following plug-ins from Facebook, Pinterest and Twitter on our website.

a. Facebook social plug-ins

The website contains ‘social plug-ins’ (‘plug-ins’) from the social network www.facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (‘Facebook’). The plug-ins are marked with a Facebook logo or the appendix ‘Facebook Social Plug-in’ (http://developers.facebook.com/plugins). The website contains plug-ins that establish a direct connection between the user’s browser and Facebook’s servers as soon as the user accesses the website. The content of the plug-ins is transmitted directly from Facebook to the user’s browser and integrated into the website by the browser. Munich Rooms has no influence over the scope of the data that Facebook collects with the help of these plug-ins.

As a result of the integration of the plug-ins, Facebook is informed that the user has accessed the corresponding website. If the user is logged into Facebook, Facebook can assign the user to his/her Facebook account. If the user clicks the ‘Like’ button or writes a comment, the corresponding information is transmitted directly from his/her browser to Facebook and stored there.

According to its own information (https://www.facebook.com/help/186325668085084), Facebook saves the date and time of the visit to the site, the website visited and other technical details, such as IP address and browser-related data in order to further enhance Facebook services. The purpose and scope of the data collected and the processing and use of data by Facebook as well as the relevant rights and setting options to protect the user’s privacy can be found in Facebook’s privacy policy (https://www.facebook.com/about/privacy/).

If the user is a member of Facebook and does not want Facebook to collect data about him/her via Munich Rooms and link it with his/her stored membership data, the user must log out of Facebook before visiting the website. However, even if the user is not logged into Facebook, it is possible that Facebook may learn about and save certain data.

If users want to block Facebook social plug-ins in general, they can install and activate a corresponding extension on their browser, such as ‘Facebook Blocker’ (http://webgraph.com/resources/facebookblocker/).

b. Instagram social plugins

Our website uses social plug-ins (‘plug-ins’) from Instagram, which is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (‘Instagram’) The plug-ins are marked with an Instagram logo, e.g. in the form of an ‘Instagram camera’. When the user accesses our website containing such a plug-in, the browser creates a direct connection to Instagram’s servers. The content of the plug-ins is transmitted directly from Instagram to the user’s browser and integrated into the page. As a result of this integration, Instagram is informed when the user has accessed the corresponding page on our website, even if you do not have an Instagram profile or are not logged into Instagram. This information (including your IP address) is transmitted directly from your browser to an Instagram server in the USA and stored there. If the user is logged into Instagram, Instagram can assign the visit to our website to the user’s Instagram account. If the user interacts with the plug-ins, for example by clicking on the Instagram button, this information will also be transmitted directly to an Instagram server and stored there. The information will also be published on your Instagram account and displayed to the user’s contacts there. Munich Rooms has no influence over the scope of the data that Instagram collects with the help of these plug-ins.

The purpose and scope of the data collected and the processing and use of data by Instagram as well as the relevant rights and setting options to protect the user’s privacy can be found in Instagram’s privacy policy: https://help.instagram.com/155833707900388/ If the user does not want Instagram to assign the data collected on our website to his/her Instagram account, he/she must first log out of Instagram before visiting our website. The user can block the Instagram plug-in from loading with the help of browser add-ons, such as the script blocker ‘NoScript’ (http://noscript.net/).

c. Pinterest social plug-ins

Our website uses social plug-ins (‘plug-ins’) from the social network Pinterest, which is operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA (‘Pinterest’). The plug-ins can be seen, for example, on buttons with the ‘Pin it’ icon on a white or red background.[A2]  When the user accesses our website containing such a plug-in, the browser creates a direct connection to Pinterest’s servers. The content of the plug-ins is transmitted directly from Pinterest to the user’s browser and integrated into the page. As a result of this integration, Pinterest is informed when the user has accessed the corresponding page on our website, even if you do not have a Pinterest profile or are not logged into Pinterest.

This information (including your IP address) is transmitted directly from the user’s browser to a Pinterest server in the USA and stored there. If the user is logged into Pinterest, Pinterest can assign the visit to our website to the user’s Pinterest profile. If the user interacts with the plug-ins, for example by clicking on the ‘Pin it’ button, the corresponding information will also be transmitted directly to a Pinterest server and stored there. The information will also be published on Pinterest and displayed to the user’s contacts there. The purpose and scope of the data collected and the processing and use of data by Pinterest as well as the relevant rights and setting options to protect the user’s privacy can be found in Pinterest’s privacy policy: about.pinterest.com/de/privacy-policy If the user does not want Pinterest to assign the data collected on our website to his/her Pinterest profile, he/she must first log out of Pinterest before visiting our website. The user can block the Pinterest plug-in from loading with the help of browser add-ons, such as the script blocker ‘NoScript’ (http://noscript.net/).

d. Twitter buttons

The website also offers the ability to post articles and other content on Twitter. This service and a correspondingly configured plug-in is offered by Twitter, Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107. The ‘tweet’ button allows users to share blog articles on Twitter. The button also shows the number of tweets a blog entry has received.

When the website is accessed, the code for the tweet button is requested directly from a Twitter server by the user’s browser and integrated into the website. Munich Rooms therefore has no influence over the scope of the data accessed by Twitter. According to its own information (https://twitter.com/privacy), Twitter stores the message transmitted in the tweet as well as the meta data. According to the operator, this includes: the date and time of the tweet, the exact internet address (abbreviated, if necessary) where the tweet button is located and other technical data, such as IP address, browser type and operating system. Twitter does not indicate how long the information is stored. Further information from Twitter can be found here (https://twitter.com/privacy)

12. Links to other websites

The website occasionally provides links (interactive references) to third-party websites for which Munich Rooms is not responsible. Munich Rooms has no influence over the content and design of the linked external sites or the websites that the user accesses via these links. The respective providers are solely responsible for the content and design of these websites as well as for compliance with data protection regulations.

13. Rights of data subjects

The GDPR provides you, as the data subject of personal data processing, with the following rights:

  • According to Art. 15 GDPR, you can request information from us about your personal data that we process. In particular, you can request information about the purposes of processing, the categories of personal data, the categories of recipients to whom the personal data has been or will be disclosed, the planned storage period, the existence of the right to request correction or deletion of personal data or restriction of processing of personal data or to object to such processing, the right to lodge a complaint, any available information as to its source when personal data is not collected by us, transmission to a third country or to an international organisation, and about the existence of automated decision-making, including profiling and, in such cases, meaningful information about the logic involved.
  • According to Art. 16 GDPR, you have the right to request the immediate correction of inaccurate personal data or to have incomplete personal data completed.
  • According to Art. 17 GDPR, you can request the deletion of your personal data we have stored if the processing is no longer necessary to exercise the right to freedom of opinion and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
  • According to Art. 18 GDPR, you can request the restriction of the processing of your personal data if the accuracy of the personal data is contested by you, the processing is unlawful, we no longer need the data and you oppose the deletion of the personal data because you need them to assert, exercise or defend legal claims. You also have the rights under Art. 18 GDPR if you have objected to the processing in accordance with Art. 21 GDPR.
  • According to Art. 20 GDPR, you can request that your personal data which you have provided to us be given to you in a structured, commonly used and machine-readable format or to have your personal data transmitted to another controller.
  • According to Art. 7 (3) GDPR, you can revoke consent which you have granted us at any time. If you do so, we will no longer be able to continue the data processing based on this consent in future.
  • According to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. In general, you can contact the supervisory authority in your usual place of residence, your place of work or our corporate domicile for this purpose.

14. Right to object

In the case of the processing of your personal data on the basis of a legitimate interest pursuant to Art. 6 (1f) GDPR, you have the right pursuant to Art. 21 GDPR to object to the processing of your personal data if there are reasons for doing based on your personal situation or if you object to direct marketing. In the case of direct marketing, you have a general right to object which must be adhered to by us without the need to specify a special situation.

15. Data security and security measures

We undertake to protect your privacy and to treat your personal data as confidential. In order to prevent the manipulation, loss or misuse of your data stored with us, we apply comprehensive technical and organisational security measures which are reviewed regularly and which are adapted in line with technical improvements. These include, among other things, the use of recognised encryption methods (SSL or TLS).
Please note, however, that because of the structure of the internet it is possible that the data protection regulations and the above-mentioned security measures will not be observed by persons or institutions which are not within our area of responsibility. In particular, data disclosed in an unencrypted manner – e.g. data disclosed by email – may be read by third parties. We have no technical control over this. It is the user’s responsibility to prevent the misuse of the data he/she provides through encryption or another method.

16. Changes

Munich Rooms may change these data protection regulations or the content of the website at any time without prior notice, or it may change or block access to this website.

17. Questions about data protection and contact

Users can contact Munich Rooms at any time if they would like their personal data corrected, blocked or deleted. In addition, Munich Rooms shares information about the user data it has stored as well as the origin and recipients of such data and the purpose for which it has been stored.

For questions about data protection, please contact:

Munich Rooms Boutique Hotel

Selcuk Gürler

Herzogsstr- 51

D-80803 München

Tel: 089 / 388 32 510
Fax: 089 / 388 32 511
Internet: www.mucrooms.de
E-Mail: hello@mucrooms.de