Data protection

Thank you for your interest in our website. The protection of your personal data is very important to us. At this point we would like to inform you about data protection in our company. Of course, we observe the legal provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), the Telemedia Act (TMG) and other data protection regulations.


You can trust us with your personal data! They are encrypted by modern security systems and transmitted to us. Our websites are protected against damage, destruction or unauthorized access by technical and organizational measures.



Data subjects' rights

You will receive information about your data stored by us at any time without giving reasons.


You have the right:


  • to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a Right to complain, the origin of your data, if not collected from us, and the existence of automated decision-making including profiling and, if necessary, meaningful information about their details;

  • in accordance with Art. 16 GDPR to immediately request the correction of incorrect or incomplete personal data stored by us;

  • to request the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert , exercise or defense of legal claims is required;

  • According to Art. 18 GDPR, to demand the restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful, but you refuse to delete it and we no longer need the data, you However, you need this to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR;

  • in accordance with Art. 20 GDPR to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request transmission to another person responsible;

  • according to Art. 7 Para. 3 GDPR to revoke your consent given to us at any time. As a result, we are no longer allowed to continue the data processing based on this consent for the future and

  • to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or work or our company.


Right of withdrawal

You can have the data we have collected blocked, corrected or deleted at any time, provided that your personal data is processed on the basis of legitimate interests in accordance with Article 6 Paragraph 1 Sentence 1 lit. f GDPR and allows for pseudonymised data collection and storage Oppose optimization purposes of our website. This objection is based on Art. 21 GDPR. You can also revoke your consent to data collection and use at any time without giving reasons. To do this, please use the contact address provided. We are always at your disposal for further questions about our information on data protection and the processing of your personal data.


Note that data protection regulations and data protection practices, e.g. B. at Google, can change continuously. It is therefore advisable and necessary to keep up to date with changes in legal provisions and company practice, e.g. B. Google.



Data security

We use the widespread SSL method (Secure Socket Layer) in connection with the highest level of encryption supported by your browser. You can recognize this by the key or lock symbol in your browser.


We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. We continuously improve our security measures in line with technological developments.



Object of data protection

The subject of data protection is personal data. According to Art. 4 Para. 1 GDPR, these are individual details about personal or factual circumstances of a specific or identifiable natural person. This includes e.g. B. Information such as name, postal address, e-mail address or telephone number, but possibly also usage data such as your IP address.



Further definitions for better understanding

It is important to us that you can easily understand our data protection declaration, which is why we would like to briefly explain important terms at this point:


Data subject:

This is you as the owner of your own data. Within the scope of your rights as a data subject, you may have a say in how your data is processed and may also revoke the processing.


Responsible:

This is us, as we are responsible for the proper processing of your data.


Processing:

This is the process or a series of processes in connection with personal data from the collection of the data through use to deletion or destruction. We can carry this out ourselves or service providers directly commissioned by us are involved.


Pseudonymization:

In the case of pseudonymization, the data is processed in such a way that it can no longer be assigned to a specific data subject without additional information. In principle, however, pseudonymization can always be canceled if the relevant data is brought together.


Anonymization:

The personal data will be deleted or alienated in such a way that, under normal circumstances, it is no longer possible to identify the individual person. Whenever we make evaluations or statistics, we try to work with anonymous data wherever possible.



Scope of data collection and storage

Calling up our website


Data subjects can generally use our website without having to provide any information about their personal data. However, the processing of personal data may become necessary if the person concerned would like to receive certain services, such as our newsletter or further product information.


When you visit our website, we collect the following data that is technically necessary for us. We need the data to show you our website and to ensure stability and security:


  • IP address of the requesting computer,
  • Date and time of the request
  • Name and URL of the retrieved file,
  • Website from which the request comes (referrer URL),
  • Browser used and, if applicable, the operating system of your computer and the name of your access provider.

The data mentioned will be processed by us for the following purposes:


  • Ensuring comfortable use of our website,
  • Ensuring a smooth connection to the website,
  • Evaluation of system security and stability as well as
  • for other administrative purposes in the context of contract performance or to meet legal or regulatory requirements.

The processing is based on Art. 6 I lit. a GDPR if you have given us your consent to the processing of your personal data for one or more specific purposes.


The processing is based on Art. 6 I lit. b GDPR if the processing is necessary to fulfill a contract to which the data subject is a party. This also applies to pre-contractual measures taken at the request of the person concerned.


The processing is based on Art. 6 I lit. c GDPR if the processing is necessary to fulfill a legal obligation to which we are subject.


The processing is based on Art. 6 I lit. d GDPR if the processing is necessary to protect the vital interests of the data subject or another natural person. This can then be a rare case if a person concerned is seriously injured and his personal data is therefore passed on to a doctor, for example.


The processing is based on Art. 6 I lit. f GDPR if the processing is necessary to safeguard the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and freedoms of the data subject require the protection of personal data , predominate.



Collection and storage of usage data

In order to optimize our website, we collect and store data such as e.g. B. Date and time of the page view, the page from which you accessed our site and the like, provided you do not object to this data collection and storage.


This is done anonymously without personally identifying the user of the site. If necessary, user profiles are created using a pseudonym. Here, too, there is no connection between the natural persons behind the pseudonym and the usage data collected. We also use cookies to collect and store usage data.


These are small text files that are stored on your computer and are used to store statistical information such as the operating system, your Internet usage program (browser), IP address, the previously accessed website (referrer URL) and the time. We collect this data exclusively for statistical purposes in order to further optimize our website and to make our website even more attractive.


The collection and storage takes place exclusively in an anonymous or pseudonymised form and does not allow any conclusions to be drawn about you as a natural person.



Contact form

If you have an inquiry for our company, you have the option of contacting us via a contact form provided on our website. A valid e-mail address is required so that we know who sent the request and can respond to it. All other details are optional.


Data processing for the purpose of contacting us takes place in accordance with Article 6 Paragraph 1 Sentence 1 lit. a GDPR on the basis of your voluntarily given consent.



Provision of services and delivery of goods

In order for us to be able to provide our services, we may need your personal data. This applies to the sending of information material or ordered goods as well as to answering individual inquiries. We collect this data to meet your request. This data will only be used for a specific purpose.


If you commission us to provide a service or send goods, we only collect and store your personal data to the extent that it is necessary for the provision of the service or the execution of the contract and for legal reasons. It may be necessary to pass on your personal data to companies that we use to provide the service or to process the contract. These are e.g. B. Transport companies or other service providers. We oblige these service providers to comply with data protection requirements within the framework of the statutory provisions.


Once the contract has been completed, your data will be blocked and deleted once the tax and commercial law regulations have expired, unless you have expressly consented to further use of the data.



Inclusion of third-party content and services


Data collection through the use of Google Analytics and cookies


Our website uses Google Analytics, a web analytics service provided by Google Inc. ( https://www.google.de/about ), 1600 Amphitheater Parkway, Mountain View, CA 94043, USA), hereinafter “Google”. Google Analytics uses so-called "cookies" and pseudonymised usage profiles are created in this context. "Cookies" are text files that are stored on your computer and enable an analysis of your use of the website. For example:


  • Operating system information
  • to the browser
  • your IP address (host name of the accessing computer)
  • the website you previously accessed (referrer URL)
  • Date and time of the server request.

The information generated by this text file about the use of our website is transmitted to a Google server in the USA and stored there. Google will use this information to evaluate your use of our website, to compile reports on website activity for website operators and to provide other services related to website activity and internet usage for the purposes of market research and the needs-based design of these websites. If this is required by law or if third parties process this data on behalf of Google, Google will also pass this information on to these third parties. This use is anonymous or pseudonymised (IP masking).


You can prevent the installation of cookies by making the appropriate settings in your internet user program (browser). However, we would like to point out that this may mean that not all functions can be used. To do this, you must switch off the storage of cookies in your Internet browser. For more information on this, please refer to the instructions for use of your Internet browser. In addition, you can prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on ( https://tools.google.com/dlpage/gaoptout?hl=en ).


The data processed by cookies are required for the stated purposes to protect our legitimate interests and those of third parties in accordance with Article 6 Paragraph 1 Sentence 1 lit. f GDPR.


More data protection information from Google can be found at: https://www.google.de/intl/ de/policies/privacy



Use of a "Content Delivery Network" (cdnmns.com)

In particular for foreign access, we use the "cdnmns.com" service from Tucows Inc., 96 Mowat Avenue, Toronto, ON M6K 3M1 on our website. This so-called "Content Delivery Network" (CDN) is primarily used for faster delivery of website data. If JavaScript is activated in your browser, it may transmit personal data to "Tucows". The legal basis for data processing is Article 6 Paragraph 1 Letter f GDPR. Our legitimate interest lies in the error-free functioning of the website and the technically flawless and speedy response to website calls. In addition, the requests are distributed better and relieve the IT infrastructure.



Online map service "Google Maps"

The website integrates the online map service "Google Maps" ("map service"). The service is provided and operated by "Google" Ireland Limited, Gordon House, Barrow Street, Dublin 4 ("Google")". Google is incorporated and operated under the laws of Ireland (registered number: 368047).

We integrate the map service for the purpose of being able to show you an interactive map directly on our website. The map service enables you to use the website conveniently. The map service enables us to offer you this helpful function and thus expand our website with an exciting and user-friendly function.

We integrate the map service on our website via an interface. The interface is a so-called inline frame (“iframe”). An iframe is a website element (HTML element) that is used to embed web content, such as the map service, as an independent document on a website. To protect your data, the interface is only activated when you click on the map service (so-called two-click solution). The two-click solution works like this: first click = you come to our site; second click = you click on the map service and activate it.

We implement the integration of the map service via the interface and the two-click solution because the map service is integrated by us on the website, but is first provided and executed by our cooperation partner Google. The provision and execution of the map service takes place as follows: Your browser sends a request (so-called HTTP request) to the Google server. Your browser transmits, among other things, your IP address (including other connection data), the content of your search query and the coordinates (degrees of longitude and latitude) via the Internet to the Google server in order to establish a connection to the server and so that Google can then give you a correct answer to send you your map service search request.

The legal basis for our integration of the map service on our website is Art. 6 Para. 1 Sentence 1 Letter f GDPR. Our legitimate interest is to enable you to use the map service and thus add an exciting and user-friendly function to our website. The legal basis for saving and reading the cookie on your computer that documents the activation of the map service is Art. 6 Para. 1 Sentence 1 Letter a GDPR (your consent). You explain this via our consent banner. We delete the cookie after 6 months. The period begins after the end of your visit to our website.

In order to map the embedding of the map service and the data protection responsibilities, we have concluded an agreement “Google Controller-Controller Data Protection Terms” (“Agreement”) with Google. This agreement regulates the processing of your data by Google and us. We have agreed with Google that each of us is responsible for our own part. For their part, everyone determines the purposes and means of processing in accordance with the provisions of the GDPR and other applicable data protection laws. We have also agreed that data can only be transferred to third countries on the basis of and in accordance with the GDPR. As the data subject within the meaning of the GDPR, you can contact Google and us regarding all rights.

Please note: After activating the map service, Google is responsible under data protection law for this data transmission and other associated data processing. If you are logged in to Google, Google can assign the processed data directly to your Google user account. If you do not want such an assignment by Google, you should log out of your Google user account in advance. Even if you are not logged in, Google can assign you an identification number ("ID") and recognize you as a user. Google may store this data in the form of user profiles and use it for advertising, market research and/or needs-based design of the website, e.g. to be able to offer you products tailored to your interests.

It is possible that your data could be transferred to the USA or another third country. According to Clause 5 of the agreement, such a transmission could only take place in accordance with the GDPR.

Further information on the processing of your data by Google can be found here:
https://policies.google.com/privacy (privacy policy)
https://policies.google.com/terms (Terms of Service)


Use of Google Web Fonts

This site uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into a buffer in your browser (“browser cache”) in order to display text and fonts correctly. For this purpose, the browser you are using must connect to the Google servers. This gives Google knowledge that Google Web Fonts have been requested via your IP address. This use is in the interest of a uniform and appealing presentation of our online presence and represents a legitimate interest within the meaning of Article 6 Paragraph 1 lit. f GDPR. If your browser does not support web fonts, a standard font will be used by your computer . For more information about Google Web Fonts, see https://developers.google.com/fonts/faq/ and in Google's privacy policy https://www.google.de/intl/de/policies/privacy



Duration of storage and routine deletion and blocking of personal data

We only store your personal data for the period of time that results from the purpose-specific processing or other legal regulations. For the duration of storage, we comply with the statutory retention periods. Your data will then be blocked or deleted as a matter of routine if the storage purpose no longer applies or the statutory retention period has expired.

Protecting your own legitimate interests can be used to justify the temporary storage of the IP addresses of website visitors, for example, if this is necessary to ensure the security of the website against attacks.



Existence of automated decision-making

We do not use automated decision-making.



Appropriate use of data

We observe the principle of earmarked use of data and only collect, process and store your personal data for the purposes for which you have given it to us. Your personal data will not be passed on to third parties without your express consent, unless this is necessary for the provision of the service or for the execution of the contract. The transmission to state institutions and authorities entitled to receive information also only takes place within the framework of the statutory information obligations or if we are obliged to provide information by a court decision.


We also take internal data protection very seriously. Our employees and the service companies commissioned by us have been committed to secrecy and to compliance with data protection regulations.



Currentness and changes to this data protection declaration

This data protection declaration is currently valid and has the status of January 2022. The further development of our website and our offer as well as legal and official requirements require the regular review and, if necessary, amendment of our data protection guidelines. The current status of our data protection declaration can be accessed at any time on our website.

BWH hotels are independently owned and privately operated. ©2023 Best Western International, Inc. All rights reserved.