Privacy Statement

Privacy Statement Best Western Leipzig

Privacy settings
[user_privacy_settings_form]

We welcome your visit to our home page and thank you for your interest in our company. Our interactions with our clients and interested parties are a matter of trust. We really value the trust extended to us, meaning that we are committed to exercising great care when handling your data and protecting it from misuse.

We take the protection and confidential treatment of your personal data seriously and therefore strive to make you feel safe and at ease during your visit to our website. For this reason, we act only in compliance with the valid legal stipulations concerning the protection of personal data and data security. The purpose of this data privacy information is therefore to provide you with information regarding the data that we store and how we use it – subject to existing German data protection regulations of course.

The Best Western Hotel Leipzig City Center operates in accordance with the EU General Data Protection Regulation (EU GDPR). In the following, we explain what information we collect when you visit our website and how this information is used.

Overview

I. Name and address of data controller
II. Name and address of data protection officer
III. General information on data processing
IV. Provision of the website and creation of log files
V. Contact form / e-mail contact
VI. Online booking via the website
VII. Online booking via other websites
VIII. Newsletter Service
IX. Business Customers
X. Business information, debt collection
XI. Use of Cookies
XII. Use of Facebook, Google+ und Twitter
XIII. Facebook-Fanpage
XIV. Integration of services and contents of third parties
XV. Protection of minors
XVI. Rights of the data subject
XVII. Right to lodge a complaint with a regulatory authority
XVIII. Security
XIX. User declaration of consent

I. Name and address of data controller

The data controller, within the meaning of the EU GDPR and other national data protection laws of the member states as well as other data protection regulations, is:

WALTER Betrieb CCH Leipzig GmbH & Co.KG, Best Western Hotel Leipzig City Center,
Kurt-Schumacher-Strasse 3, 04105 Leipzig, Tel.: +49 341-1251-0,
Mail: info@bestwestern-leipzig.de

II. Name and address of data protection officer

The data controller’s data protection officer is:

Berit Schubert, DataSolution Thurmann GbR, Isarstr. 13, D-14974 Ludwigsfelde, Deutschland, Tel.: +49 (0) 3378 205729, Mail: mail@hoteldatenschutz.de

III. General information on data processing

In principle, we collect and use the personal data of our users only insofar as is necessary for the provision of a functional website and for our content and services. Collection and use of personal data takes place regularly only after consent from the relevant user. An exception is made in cases where it is not possible to obtain consent in advance for objective reasons and where processing of the data is permitted by statutory regulations.

Basically, the processing of your data takes place in the territory of the Federal Republic of Germany. The use of various service providers may also result in processing in European and non-European countries. If that is the case, sufficient contractual arrangements and guarantees have been made.

IV. Provision of the website and creation of log files

1. Description and scope of data processing

Each time this website is accessed, our system records data and information from the computer system of the inquiring computer by means of an automated system. The following data is collected as part of this process:

·       Information about the browser type and version used

·       The user’s operating system

·       The user’s IP address

·       Time and date of access

·       Websites from which the user’s system has come to our website

·       Websites accessed by the user’s system via our website

This data is also stored in our system’s log files. This data is not stored together with other personal data of the user. It is therefore not possible to create personal user profiles. The stored data shall only be evaluated for statistical purposes.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is to safeguard the legitimate interests of our company according to Art. 6 Abs. 1 lit. f GDPR.

3. Purpose of data processing

The system temporarily stores the user’s IP address in order to make the website available on the user’s computer. To do this, the user’s IP address must be stored for the duration of the session.

The storage in log files is carried out to ensure the functional capability of the website. The data also helps us to optimise the website and ensure the security of our IT systems. No data is evaluated for marketing purposes in this context.

This is also the reasoning behind our legitimate interest in data processing.

4. Storage duration

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. When data is collected in order to make the website available, this is the case when the respective session ends.

When data is stored in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, the IP addresses of users are deleted or scrambled so that assignment to the inquiring client (data subject) is no longer possible.

5. Option for objection and elimination

The collection of data in order to make the website available and the storage of data in log files is necessary for operating the website. Therefore, the user has no right of objection.

V. Contact form / e-mail contact

1. Description and scope of data processing

Insofar as a contact form is provided on our website, this may be used to make contact electronically. Should a user contact us via the contact form, the data entered in the input template shall be transferred to us and then stored. This data includes: first name, family name*, company, address, phone number, e-mail address*, subject, message*. (* mandatory fields).

It is also possible to contact us using the e-mail address provided. In this case, personal data of the user which is transmitted along with the e-mail shall be stored. 

No data shall be disclosed to third parties in this context. Data shall be used exclusively for the purposes of correspondence.

2. Legal basis for data processing

The legal basis for the processing of the data is in the presence of the consent of the user according to Art. 6 Abs. 1 lit. a GDPR.

If the purpose of making contact is to conclude a contract, the initiation of a business relationship or of a contractual relationship shall constitute the additional legal basis for data processing according to Art. 6 Abs. 1 lit. b GDPR.

3. Purpose of data processing

We only process personal data taken from the input template of the contact form for the purposes of making contact. If we are contacted by e-mail, we also have a necessary legitimate interest to process data.

Other personal data processed during the submission process serves to prevent misuse of the contact form and to guarantee the security of our IT systems.

4. Storage duration

Data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by e-mail, data is deleted when the respective correspondence with the user has ended. Correspondence concludes when it can be inferred from the circumstances that the matter in question has been conclusively resolved.

If contact is made based on a pre-contractual relationship (offer or reservation request), the transmitted data shall be additionally stored in our hotel and/or event software and used for executing contracts. Should no contractual relationship arise, we shall delete the data regularly. 

5. Option for objection and elimination

The inquirer (data subject) can revoke his/her consent to the processing of personal data at any time. We have set up the e-mail address widerruf@bestwestern-leipzig.de for this purpose.

Please note that in the case of an objection, correspondence cannot be continued, and we cannot continue to make offers, etc.

In this case, all personal data stored at the time of making contact shall be deleted.

VI. Online booking via the website

1. Description and scope of data processing

Within the scope of the legal provisions, we collect and process inventory data during the request / booking as well as during the stay in the hotel, which are necessary to fulfill the contract. This data includes: first and family name, address, birth date, phone number and/or e-mail adress, payment details (credit card), data on services. 

The online reservation system of the Best Western Hotels Central Europe carries out online bookings made via our website. All booking details provided by you shall be transferred in encrypted form. Our contracting partner has agreed to handle your transmitted data in a manner compliant with data protection, and takes all organisational and technical measures to protect your data.

No data shall be disclosed to third parties in this context. Data is used exclusively for processing bookings and for the purposes of correspondence.

2. Legal basis for data processing

The conclusion of an accommodation contract with the user shall constitute the legal basis for data processing according to Art. 6 Abs. 1 lit. b GDPR.

The transmitted data shall be stored in our hotel software and used for executing contracts.

To increase our services, reservation data will be shared with central offices of the franchisor Best Western Hotels Central Europe, as well as with central offices of the hotel group. Responsible body is the hotel, in which is booked. The respective booking data can only be viewed by the responsible body. Used together are the master data of the guests, e.g. to make a reservation for another hotel, rebook or carry out marketing activities centrally. Central services such as reservation and marketing access this data. The legal basis for the processing of the data is our legitimate interest in the processing of data in accordance with Art. 6 para. 1 lit. f GDPR in the context of central administration and use of the data of our customers and business partners within the hotel group.

3. Purpose of data processing

We only process personal data taken from the input template of the contact form for the purposes of processing booking inquiries and completing payment transactions.

4. Storage duration

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of a contractual relationship, we will delete the data received as soon as national, commercial, statutory or contractual retention requirements are met.

5. Option for objection and elimination

The inquirer (data subject) can revoke his/her consent to the processing of personal data at any time. We have set up the e-mail address widerruf@bestwestern-leipzig.de for this purpose. 

Please note that in the case of an objection, we cannot complete the booking or continue to carry out correspondence. 

VII. Online booking via other websites

1. Description and scope of data processing

The Best Western Hotel Leipzig City Center provides interested parties with the opportunity to book rooms and make arrangements via hotel reservation portals (third-party providers). If a user makes use of this opportunity, the data entered in the input template will be transmitted to us and stored to the extent permitted by the respective hotel reservation portal in accordance with its own privacy policy. Data may include the following: first name, surname, e-mail address, telephone, address, number of guests, expected time of arrival, requests/wishes, payment information (credit card).

The data provided will be transferred to our hotel software via a so-called Channel Manager. All received booking data is encrypted. The Best Western Hotels Central Europe GmbH, as the provider of the channel manager, has committed to the data privacy. It takes all organizational and technical measures to protect your data.

No data shall be disclosed to third parties in this context. Data is used exclusively for processing the booking and for the purposes of correspondence, where appropriate.

2. Legal basis for data processing

The conclusion of an accommodation contract with the user shall constitute the legal basis for data processing according to Art. 6 Abs. 1 lit. b GDPR.

The transmitted data shall be stored in our hotel software and used for executing contracts.

To increase our services, reservation data will be shared with central offices of the franchisor Best Western Hotels Central Europe GmbH, as well as with central offices of the hotel group. Responsible body is the hotel, in which is booked. The respective booking data can only be viewed by the responsible body. Used together are the master data of the guests, e.g. to make a reservation for another hotel, rebook or carry out marketing activities centrally. Cen-tral services such as reservation and marketing access this data. The legal basis for the processing of the data is our legitimate interest in the processing of data in accordance with Art. 6 para. 1 lit. f GDPR in the context of central administration and use of the data of our customers and business partners within the hotel group.

3. Purpose of data processing

We only process personal data taken from the input template of the contact form for the purposes of processing booking inquiries and completing payment transactions.

4. Storage duration

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of a contractual relationship, we will delete the data received as soon as national, commercial, statutory or contractual retention requirements are met. 

The Best Western Hotel Leipzig City Center has no control over how long the respective hotel reservation portal stores data. 

5. Option for objection and elimination

The inquirer (data subject) can revoke his/her consent to the processing of personal data at any time. We have set up the e-mail address widerruf@bestwestern-leipzig.de for this purpose.

Please note that in the case of an objection, we cannot complete the booking or continue to carry out correspondence.

VIII. Newsletter Service

1. Description and scope of data processing

There are a number of different options provided on our website for subscribing to our newsletter service. Should a user contact us via the contact form, the data entered in the input template shall be transferred to us and then stored. This data includes: first name, family name*, company, e-mail address*, birth date, place, language* (*mandatory fields).

If you subscribe to our newsletter, the data will be stored in our newsletters tool of Artegic AG, based in Bonn, Germany. The Artegic AG has committed to the data privacy. It takes all organizational and technical measures to protect your data.

Should we otherwise receive an e-mail address where the recipient clearly informs us that he/she would like to receive our newsletter, we shall collect his/her data using the input template provided on our website.

No data shall be disclosed to third parties in this context. Data shall be used exclusively for the purposes of sending the newsletter.

2. Legal basis for data processing

The provision of the recipient’s consent shall constitute the legal basis for data processing according to Art. 6 Abs. 1 lit. a GDPR. This is ensured through a double opt-in procedure.

3. Purpose of data processing

We process personal data exclusively for the purposes of sending the individual newsletter.

4. Storage duration

Data shall be deleted as soon as the newsletter service is unsubscribed.

5. Option for objection and elimination

The recipient can revoke his/her consent to the processing of personal data at any time. Every newsletter provides the option for a recipient to unsubscribe. We have set up the e-mail address widerruf@bestwestern-leipzig.de for this purpose.

IX. Business Customers

1. Description and scope of data processing

In order to provide support, advice and advertising to corporate clients, in addition to information about the business partner or potential business partner, we also collect and use information about the contact person, telephone number and postal address. The information is taken from a variety of sources, either by requesting it (e-mail or by phone) or at events, fairs, from business cards received by our sales staff, etc.

Data is used exclusively for the aforementioned purposes.

2. Legal basis for data processing

Our legitimate interest in data processing shall otherwise constitute the legal basis for data processing according to Art. 6 Abs. 1 lit. f GDPR. If the purpose of making contact is to conclude a contract, the initiation of a business relationship or of a contractual relationship shall constitute the additional legal basis for data processing.

3. Purpose of data processing

We use this contact information exclusively for our own purposes and for the needs-based design of our own sales activities.

4. Storage duration

Basically, no retention period is provided. However, should our sales department have had no contact with the company within three years, the sales department decides whether the contact person of the company contact is to be deleted.

If the contact is a pre-contractual relationship (offer or reservation request), the transmitted data are also stored in our hotel software and used for contract execution. If there is no contractual relationship, we delete the data after one year at the end of the year.

5. Option for objection and elimination

The contact person of the company can revoke his/her consent to the processing of personal data at any time. We have set up the e-mail address widerruf@bestwestern-leipzig.de or this purpose.

All personal data of the contact person saved to the business partner will be deleted in this case.

X. Business information, debt collection

1. Description and scope of data processing

We transmit your data in the event of a credit risk (name, address, e-mail address, details of the company and if applicable, contract and claim data) to IHD Gesellschaft für Kredit und Forderungsmanagement mbH, Augustinusstr. 11 B, 50226 Frechen, and possibly to other cooperating credit reporting agencies.

2. Legal basis for data processing

The legal basis of this transfer is Article 6 (1) of the DSGVO and Article 6 (1) of the DSGVO. Transfers on the basis of Art. 6 I f DSGVO may only be made to the extent necessary to safeguard the legitimate interests of our company and do not outweigh the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data.

3. Purpose of data processing

Purpose of the processing is the credit check as well as the check on deliverability of the given address and the dept collection processing. You can find detailled information of our service provider, the IHD, according to Art. 14 GDPR, the business purpose, the purpose of the data collection, the legal basis and the data recipient, to the right of self-information and the right of deletion, correction as well as profiling under www.ihd.de/datenschutz/Artikel14.html  

You can find information about their contracting partners in the field of credit reporting agencies under: www.ihd.de/datenschutz#vertragspartner

4. Storage duration

The storage duration of the data at the IHD is based on the voluntary commitment of the association „Die Wirtschaftsauskunfteien e.V.*. The data will be deleted three years to the day after their completion. For further information please refer to the privacy policy of the IHD.

5. Option for objection and elimination

The data processing may be contradicted for reasons that arise from the particular situation of the person concerned.

The objection is to be addressed: IHD Gesellschaft für Kredit- und Forderungsmanagement mbH, Datenschutz, Augustinusstr. 11 B, 50226 Frechen.

XI. Use of Cookies

1. Description and scope of data processing

Cookies are small files that enable us to store specific user-related information on your computer when visiting our website. Cookies help us to determine the number of users who have used our website and the usage frequency, and they allow us to organise our products and services in the most convenient and effective way possible for you.

We use ‘session cookies’, which are stored temporarily on your computer for the period in which you use our website. Session cookies are stored on your data carrier and are used to ensure specific settings and functionalities on our website through your browser. The cookies we use will be deleted at the end of the browser session, i.e. when you close your browser.

2. Legal basis for data processing

Our legitimate interest in data processing shall constitute the legal basis for the processing of personal data using cookies that are technically necessary according to  Art. 6 Abs. 1 lit. f GDPR.

The provision of the user’s consent for this specific purpose shall constitute the legal basis for the processing of personal data using analysis-based cookies. According to Art. 6 Abs. 1 lit. a GDPR.

3. Purpose of data processing

Cookies which are technically necessary are used to simplify website use for users. Some of our website’s functions cannot be offered without the use of cookies. These services require the browser to be recognised again following a page change. The user data collected by technically necessary cookies will not be used to create user profiles.

Analysis cookies are used to improve the quality of our website and its content. Such cookies enable us to learn how the website is used so that we can continually improve our offer.

4. Storage duration, option for objection and elimination

Cookies are stored on the user’s computer, which will transmit them to our website. The setting of the cookies for analysis and tracking purposes takes place only after approval by the user. For this, when visiting the website, a banner with the appropriate selection option appears. Furthermore, by changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Previously stored cookies can be deleted at any time. Cookies can also be deleted automatically. In the event that cookies are deactivated for our website, certain features of our website may no longer be available.

If you are concerned about third-party cookies, you can disable just these cookies and still enable the cookies which allow our website to function properly.
Cookie settings

Here are some instructions on how to disable cookies:

Mozilla Firefox: http://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

Google Chrome: https://support.google.com/chrome/bin/answer.py?hl=de&answer=95647&p=cpn_cookies

Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11

Safari: http://support.apple.com/kb/PH11913

Please note, however, that these changes may affect the way in which the website is displayed or limit its functionality.

5. Supplementary information

In addition to the information provided above regarding the use of cookies, we would like to draw your attention to the following:

Use of Google Analytics, Google DoubleClick Cookies, Google Convers Tracking and Google Remarketing

Our website may use Google Analytics, Google DoubleClick Cookies, Google Convers Tracking and Google Remarketing. These services are provided by Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (‘Google’).

This website uses Google Analytics, a web analysis service provided by Google Inc. (‘Google’). Google Analytics uses so-called ‘cookies’. These are text files stored on the user’s computer which facilitate an analysis of website usage. The information generated by the cookie about the use of this website by the user is generally sent to a Google server in the USA and stored there. In the event that IP anonymisation is activated on this website however, your IP address will first be truncated by Google within the member states of the European Union or in other states that are parties to the Agreement on the European Economic Area. The full IP address will only be sent to a Google server in the USA and truncated there in exceptional cases. IP anonymisation is active on this website. On behalf of the operator of this website, Google will use this information to evaluate the use of the website, to compile reports on website activities and to provide the website operator with other services related to website activity and Internet usage. The IP address provided by your browser as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by changing the respective settings in your browser software; however, please note that you may not be able to use all features of this website in full. You may also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de. As an alternative to using the browser add-on or within browsers on mobile devices, please click this link to prevent future detection by Google Analytics within this website. This will store an opt-out cookie on your device. If you delete your cookies, you must click this link again. The explanations provided above in Section XI No. 1 to 4 shall apply accordingly.

Deactivation of Google advertising

http://www.google.com/privacy_ads.html) or on the opt-out page of the Network Advertising Initiative (http://www.networkadvertising.org/managing/opt_out.asp)

XII. Use of Facebook, Google+ und Twitter

On our website so-called social plugins (“plugins”) of the social networks Facebook and Google+ as well as the microblogging service Twitter are used. These services are provided by the companies Facebook Inc., Google Inc. and Twitter Inc. (“Provider”).

Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). An overview of Facebook’s plug-ins and their looks can be found here: https://developers.facebook.com/docs/plugins

Google+ is operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). For an overview of Google’s plugins and their look, visit: https://developers.google.com/+/web/

Twitter is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”). An overview of the Twitter buttons and their appearance can be found here: https://about.twitter.com/en_us/company/brand-resources.html

When you visit our website, the plugins are deactivated. Only with your activation of the plugins, your browser establishes a direct connection to the servers of Facebook, Google or Twitter. The content of the plugin is transmitted by the respective provider directly to your browser and integrated into the page. By activating the plugins, the providers receive the information that your browser has accessed the corresponding page of our website, even if you do not have a profile or are currently not logged in. This information (including your IP address) is transmitted by your browser directly to a server of the respective provider in the USA and stored there. If you are logged in to one of the services, the providers can immediately assign the visit to our website to your profile on Facebook, Google+ or Twitter.  If you interact with the plugins, for example the “Like”, the “+1” or the “Tweet” button, the corresponding information is also transmitted directly to a provider’s server and stored there. The information will also be posted on the social network, on your Twitter account and displayed there to your contacts.

The purpose and scope of the data collection and the further processing and use of the data by the providers as well as their rights in this regard and setting options for the protection of your privacy, please refer to the privacy policy of the provider.

Privacy policy of Facebook: http://www.facebook.com/policy.php

Privacy policy of Google: www.google.com/intl/de/+/policy/+1button.html

Privacy policy of Twitter: https://twitter.com/privacy

XIII. Facebook-Fanpage

On our Facebook Fanpage we use plugins of the provider Facebook.com, which are provided by the company Facebook Inc., 1601 S. California Avenue, Palo Alto, CA 94304 in the USA. By using the fan page, data is forwarded to the Facebook servers, which contain information about your visits to our fanpage. For logged-in Facebook users, this results in the usage data being assigned to their personal Facebook account. As soon as you actively use the Facebook plug-in as a logged-in Facebook user (for example by clicking on the “Like” button or using the comment function), this data will be transferred to your Facebook account and published. This can only be avoided by logging out of your Facebook account.

We do not know exactly which data Facebook stores and uses. As a user of the fan page, you must therefore expect that Facebook also saves your actions on the fan page without gaps.

Facebook receives your IP address, processor type and browser version by clicking on the “Like” button. Through your IP address, Facebook, along with other information and your real name, if you have provided this on your Facebook profile, could identify your identity and habits under this profile. If you always log in to Facebook via this user profile, Facebook could in particular find out your preferences, contacts and way of life.

Incidentally, the General Terms of Use of Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland unter https://www.facebook.com/terms.php

With regard to data protection on Facebook, please note the following privacy policy of Facebook Ireland Limited: https://www.facebook.com/about/privacy/

XIV. Integration of services and contents of third parties

Within our website, based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our website within the meaning of Art. 6 (1) lit. f GDPR), we use content or services from third-party providers, such as videos or fonts (collectively referred to as “content”). Therefore it is necessary, that the service provider perceive the IP address of the users, otherwise they could not send the content to their browsers. The IP address is therefore required for the presentation of this content. We endeavor to use only content whose respective providers use the IP address solely for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include, but is not limited to, technical information about the browser and operating system, referring web sites, visit time, and other information regarding the use of our website.

The following presentation provides an overview of third-party providers as well as their contents, as well as links to their data protection statements, which contain further information on the processing of data and, for already mentioned here, contradictory possibilities (so-called opt-out). Externe Schriftarten von Google, LLC., https://www.google.com/fonts („Google Fonts“).

·       The integration of Google fonts is done by a server call on Google (usually in the US). Privacy Policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated.

·       Maps of the service “Google Maps” of the third party Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, gestellt. Datenschutzerklärung: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.

·       Videos from the platform “YouTube” of the third-party Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Datenschutzerklärung: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated.

XV. Protection of minors

This service is directedly mainly at adults. We do not currently market any services specifically aimed at children. As a result, we do not knowingly collect age rating information, nor do we knowingly collect personal information from children under the age of 16. We do, however, advise all visitors to our website who are under the age of 16 to avoid disclosing or providing any personal information to our service. In the event that we discover that a child under the age of 16 has provided personal information to us, we shall delete the child’s personal information from our files, insofar as this is technically possible. 

XVI. Rights of the data subject

When your personal data is processed, you become the data subject within the meaning of the GDPR and you shall have the following rights in relation to us (‘the data controller’):

You have a right to information about the personal data stored about you, including the purpose of processing, as well as about any transfer of data to third parties and the duration of data storage.

Should the data be incorrect or no longer required for the original purpose for which it was collected, you can request that the data be corrected, deleted or the processing of data restricted. Insofar as provided for in the processing procedures, you can also view and correct your data yourself as necessary. You shall have the right to object at any time, on compelling legitimate grounds relating to your particular situation, to the processing of your personal data, insofar as the processing is based on a legitimate interest. Following an objection, the data controller shall no longer process the personal data relating to you unless the data controller can prove compelling reasons for processing which warrant protection and which outweigh your interests, rights and freedoms, or can prove that the processing serves the purpose of asserting, exercising or defending legal claims. If the personal data relating to you is processed for the purpose of direct advertising, you have the right to object at any time to the processing of the personal data relating to you for the purpose of such advertising; this also applies to profiling insofar as it is directly connected with such direct advertising. If you object to processing for the purposes of direct advertising or profiling, the personal data relating to you shall no longer be used for these purposes.

You have the right to revoke your declaration of consent under data protection law at any time. Revocation of consent does not affect the legality of processing carried out on the basis of consent up to the time of revocation.

Should you have any questions relating to your rights and how to exercise your rights, please contact the Responsible Body or the Data Protection Officer.

XVII. Right to lodge a complaint with a regulatory authority

Without prejudice to any other administrative or judicial remedy, you (the data subject) have the right to lodge a complaint with a regulatory authority for data protection, in particular in the member state of your habitual residence, place of work or the place of the alleged infringement if you believe that the processing of personal data relating to you infringes data protection.

The regulatory authority with which the complaint has been lodged shall inform the complainant about the progress and the outcome of the complaint including the possibility of judicial remedy.

XVIII. Security

In line with Article 32 GDPR, the Best Western Hotel Leipzig City Center uses technical and organisational security measures to protect the data which we manage against accidental or deliberate manipulation, loss, destruction or access by unauthorised persons. Our security measures are subject to constant improvement to match the pace of technological developments. Access to this data is permitted only to a few authorised individuals and those persons concerned with the relevant technical, commercial and editorial support of these servers.

XIX. User declaration of consent

By using our websites and the offers contained therein, you agree that we can store the personal data you have voluntarily submitted to us and process and use this data in compliance with the data privacy policy.

We reserve the right to change, update or supplement these data protection guidelines at any time. Any revised data protection guidelines shall apply only to personal data that has been collected or changed since the revised guideline entered into force.

Last revised | September 2021