Data Security Information

Welcome to the Maritim Hotels Homepage!

We are very pleased that you have taken the time to visit our webpages and thank you for your interest in our company. The technological advances in our everyday lives open up a whole host of unimagined possibilities. This calls for a high level of responsibility among the companies with whom we share our personal data. We at Maritim Hotels are fully aware of this responsibility and protecting your privacy when you use our webpages is something that is particularly important to us. We comply with the applicable provisions for the protection of personal data, in particular the data protection provisions of the EU General Data Protection Regulation (GDPR).

This Data Security Policy (hereinafter referred to as the "Policy") applies solely to the webpages provided by Maritim Hotelgesellschaft mbH, its subsidiaries and all hotels within the Maritim portfolio (hereinafter referred to as "Maritim", "we" or "us").

Close-up with rose, coffee, water and magazine on glass table at the Maritim Hotel Stuttgart

Name and address of the Controller

Name and address of the Data Protection Officer

General Information on Data Processing

Scope of personal data processing

In principle, we only gather and use the personal data of our users to the extent necessary to enable us to provide a functional website and our content and services. We only gather and use the personal data of our users regularly with the consent of the user. An exception applies to cases in which prior consent cannot be obtained for material reasons and the processing of the data is permitted by law.

Legal basis for personal data processing

If we obtain the consent of the data subject for the processing of personal data, Article 6 (1) a) EU General Data Protection Regulation (GDPR) shall serve as the legal basis.

When we process the personal data necessary for the fulfilment of a contract to which the data subject is a party, Article 6 (1) b) GDPR shall serve as the legal basis This also applies to processing operations necessary in order to implement pre-contractual measures.

Insofar as it is necessary to process personal data in order to fulfil a legal obligation pertaining to our company, Article 6 (1) c) GDPR shall serve as the legal basis.

In the event that the vital interests of the Data Subject or any other natural person require the processing of personal data, Article 6 (1) d) GDPR shall serve as the legal basis

If processing is necessary in order to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the Data Subject do not prevail over the primary interest, Article 6 (1) f) GDPR shall serve as the legal basis for processing.

Data deletion and storage period

The personal data belonging to the Data Subject will be deleted or blocked as soon as the reason for storage no longer applies. Further storage may be permitted if this is provided for by the European or national legislators in EU regulations, laws or other rules incumbent on the Controller. The data shall also be blocked or deleted when a storage period prescribed by the standards mentioned expires, unless it is necessary to continue to store the data for the purpose of concluding a contract or fulfilling a contract.

Provision of the Website and Creation of Log Files

Description and scope of data processing

Each time our website is accessed, our system automatically gathers data and information from the computer system of the calling computer.

The following data is collected:

Information about the browser type and the version used
User's operating system
User's Internet service provider
User's anonymised IP address
Date and time of access
Websites from which the user's system accesses our website
Websites that the user's system accesses from our website
Keywords entered
Information about the device type used
Language settings
The frequency with which pages are called

The data is also stored in the log files of our system. This data is not stored together with other personal data belonging to the user.

Legal basis for data processing

The legal basis for the temporary storage of data and log files is Article 6 (1) f) GDPR.

Purpose of data processing

It is necessary for the IP address to be stored temporarily by the system in order to allow the website to be delivered to the user's computer. For this, the user's anonymised IP address must be stored for the duration of the session.

It is stored in log files to ensure the functionality of the website. In addition, the data is used to optimise the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context. For these purposes, our legitimate interest lies in the processing of data pursuant to Article 6 (1) f) GDPR.

Storage duration

The data will be deleted as soon as it is no longer required for the purpose for which it was gathered. If the data is gathered for the purpose of providing the website, this is the case when the respective session is terminated. When data is stored in log files, this is the case after a maximum of seven days. Longer storage is possible. In this case, the IP addresses of the users are deleted or anonymised, so that they can no longer be linked to the calling client.

Objections and remedies

The gathering of data for the provision of the website and the storage of the data in log files are essential for the operation of the website. There is consequently no possibility for the user to object.

Use of Cookies

Description and scope of data processing

Our website uses cookies. Cookies are small text files that are saved in the Internet browser or stored by the Internet browser on the user's computer system. When a user visits a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is next reopened.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser should be identified even after a change of page.

The following data is stored and transmitted in the cookies:

Language settings
Information about the pull-down status of the quick booking screen
A session cookie (for the duration of the browser session) to temporarily save filter selections or completed forms

In addition, we also use cookies on our website to enable us to analyse our users' browsing behaviour.

The following data can be transmitted in this way:

Information about the browser type and the version used
User's operating system
User's Internet service provider
User's anonymised IP address
Date and time of access
Websites from which the user's system accesses our website
Websites that the user's system accesses from our website
Keywords entered
Information about the device type used
Language settings
The frequency with which pages are called

The data belonging to users collected in this way is pseudonymised using technical measures This means it is no longer possible to link data to the calling user. The data is not stored along with other personal data belonging to the user. When they access our website, users will see an info banner informing them of the use of cookies for analysis purposes and referring them to this Data Security Policy. In this context, there is also a note indicating how the user can prevent the storage of cookies in his/her browser settings. In the YourOnlineChoices preference management system you can decline usage-based online advertising from individual companies or all companies.

Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Article 6 (1) f) GDPR.

The legal basis for the processing of personal data using cookies for analysis purposes is Article 6 (1) f) GDPR, provided the user has granted the appropriate consent.

Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some features of our website cannot be offered without the use of cookies. For these, it is necessary that the browser should be recognised, even after a new page is accessed.

We need cookies for the following applications:

Shopping basket
Language settings
Information about the pull-down status of the quick booking box
A session cookie (for the duration of the browser session) to temporarily save filter selections or completed forms

The user data collected by means of technically essential cookies will not be used to create user profiles.

Analysis cookies are used for the purpose of improving the quality of our website and its contents. Through the use of analysis cookies, we learn how the website is used and can optimise our offer continuously.
For these purposes, our legitimate interest also lies in the processing of personal data pursuant to Article 6 (1) f) GDPR.

Storage duration, objections and remedies

Cookies are stored on the user's computer and are transmitted by it to our site. This means that you, as a user, have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transfer of cookies. Already saved cookies can be deleted at any time. This process can also be automated. If cookies are deactivated for our website, it may not be possible to use all the functions of the website to the full extent.

Use of Cookies

Description and scope of data processing

Our website uses cookies. Cookies are small text files that are saved in the Internet browser or stored by the Internet browser on the user's computer system. When a user visits a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is next reopened.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser should be identified even after a change of page.

The following data is stored and transmitted in the cookies:

Language settings
Information about the pull-down status of the quick booking screen
A session cookie (for the duration of the browser session) to temporarily save filter selections or completed forms

In addition, we also use cookies on our website to enable us to analyse our users' browsing behaviour.

The following data can be transmitted in this way:

Information about the browser type and the version used
User's operating system
User's Internet service provider
User's anonymised IP address
Date and time of access
Websites from which the user's system accesses our website
Websites that the user's system accesses from our website
Keywords entered
Information about the device type used
Language settings
The frequency with which pages are called

The data belonging to users collected in this way is pseudonymised using technical measures This means it is no longer possible to link data to the calling user. The data is not stored along with other personal data belonging to the user. When they access our website, users will see an info banner informing them of the use of cookies for analysis purposes and referring them to this Data Security Policy. In this context, there is also a note indicating how the user can prevent the storage of cookies in his/her browser settings. In the YourOnlineChoices preference management system you can decline usage-based online advertising from individual companies or all companies.

Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Article 6 (1) f) GDPR.

The legal basis for the processing of personal data using cookies for analysis purposes is Article 6 (1) f) GDPR, provided the user has granted the appropriate consent.

Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some features of our website cannot be offered without the use of cookies. For these, it is necessary that the browser should be recognised, even after a new page is accessed.

We need cookies for the following applications:

Shopping basket
Language settings
Information about the pull-down status of the quick booking box
A session cookie (for the duration of the browser session) to temporarily save filter selections or completed forms

The user data collected by means of technically essential cookies will not be used to create user profiles.

Analysis cookies are used for the purpose of improving the quality of our website and its contents. Through the use of analysis cookies, we learn how the website is used and can optimise our offer continuously.
For these purposes, our legitimate interest also lies in the processing of personal data pursuant to Article 6 (1) f) GDPR.

Storage duration, objections and remedies

Cookies are stored on the user's computer and are transmitted by it to our site. This means that you, as a user, have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transfer of cookies. Already saved cookies can be deleted at any time. This process can also be automated. If cookies are deactivated for our website, it may not be possible to use all the functions of the website to the full extent.

Newsletter

Bookings

Description and scope of data processing

There is a booking engine on our website that allows our users to make online bookings with Maritim Hotels. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and saved.

This data includes:

User's correct form of address
User's first name and last name
User's e-mail address
User's phone number
User's booking data
User's full postal address
User's country

Further information/messages for the hotel – if provided

User's payment method
User's credit card data

Legal basis for data processing

Our legal basis for the processing of your personal data in connection with a specific booking is the booking contract or the initiation of such a contract within the meaning of Art. 6 para. 1 lit. b) GDPR. The legal basis for our tracking of the opening and click rates of our booking-related emails is our legitimate interest in determining whether the user in question has received and opened the message in accordance with Art. 6 para. 1 lit. f GDPR.

Purpose of data processing

The personal data provided in the input mask will solely be processed by us to manage the online booking and the guest's stay at the hotel. When an online booking is made via our website, this also presupposes the necessary legitimate interest in the processing of the data. The other personal data processed during the submission process is intended to prevent misuse of the online booking and to ensure the security of our IT systems. The tracking of opening and click rates of our booking-related emails serves the purpose of establishing that the user in question has received and opened the message.

Objections and remedies

Insofar as our data processing is based on your consent in the context of a booking, you have the option of withdrawing your consent to the processing of personal data at any time. In such a case, it is not possible to make an online booking via the Maritim website. In case you wish to decline the processing of your personal data by us, please send an e-mail to widerspruch@maritim.de.

All personal data stored as part of online reservations will be deleted in this case.

MyMaritim Loyalty programme

Use of the e-charging points provided on our parking areas

For reasons of sustainability and environmental friendliness, we provide electric charging stations at many of our hotels in the respective hotel car parks or underground garages. Our hotel guests & visitors are welcome to use these e-charging stations.

For the purpose of providing the charging stations, we have employed a service provider. This service provider takes care of the planning and installation of charging stations and the technically secure operation of the charging points. Furthermore, our service provider enables authentication and billing between the users of the e-charging stations and their e-mobility electricity providers. This service provider is Team eMobility GmbH, Reuschstraße 61 in 73092 Heiningen. We have concluded a contract with this service provider for commissioned data processing.

If you use our e-charging stations, the following personal data will be processed:

E-charging station including the address
Your e-mobility electricity provider including address
Meter number of your grid operator
Your E-Mobility Account Identifier (EMAID)
User identification (via app or RFID card)
Start and end of charging
Charging amount in kWh

We receive this data directly from you when you use the e-charging station. Without this data, we cannot provide you with an electric charging service for your vehicle at our e-charging stations.

Your data will only be used by our service provider to authenticate the users of the e-charging stations, to carry out the charging of their vehicles and to enable the proper billing of the electricity with their e-mobility electricity providers.

We process the aforementioned personal data for our hotel guests on the legal basis of the accommodation contract concluded within the meaning of Art. 6 (1) lit. b) DSGVO. Insofar as our employees use the e-charging stations with company vehicles, the legal basis of our data processing is the implementation of the employment relationship on the basis of the employment contract pursuant to Art. 6 para. 1 lit. b) DSGVO.

For employees with private vehicles and other guests, we process this data on the basis of our legitimate interest within the meaning of Art. 6 para. 1 lit. f) DSGVO in providing sustainable charging options at our guest car parks.

Automated decision-making does not take place. There is also no third country transfer of your data outside the EU/EEA. In addition, the following bodies may receive your data:

Relevant e-mobility electricity provider

Subject to any applicable statutory retention periods, we store your personal data for as long as it is required for the fulfilment of our contractual relationship.

Forms

Contact Form and E-mail Contact

Description and scope of data processing

Our website contains a contact form that can be used for online contacts. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and saved.

This data includes:

User's correct form of address
Subject
User's first name and last name
User's full postal address
User's e-mail address
User's country
User's message
User's title
User's phone number
User's company

At the time the message is sent, the following data is also stored:

User's IP address
Date and time of registration
User's correct form of address
Subject
User's first name and last name
User's full postal address
User's e-mail address
User's country
User's message
User's title – if provided
User's phone number – if provided

User's company – if provided

To enable data to be processed, you will be asked for your consent as part of the submission process and referred to the Data Security Policy. Alternatively, it is possible to make contact using the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored. Data stored in this context will not be disclosed to third parties. The data will solely be used to process the conversation.

Legal basis for data processing

The legal basis for the processing of data is Article 6 (1) a) GDPR, provided the user has granted the appropriate consent.

The legal basis for the processing of the data transmitted when an e-mail is sent is Article 6 (1) f) GDPR. If the intention behind the e-mail contact is to conclude a contract, the additional legal basis for the processing of the data is Article 6 (1) b) GDPR.

Purpose of data processing

The personal data provided in the input mask will solely be processed by us to manage contact. When contact is made by e-mail, this also presupposes the necessary legitimate interest in the processing of the data. The other personal data processed during the submission process is intended to prevent misuse of the contact form and to ensure the security of our IT systems.

Storage duration

The data will be deleted as soon as it is no longer required for the purpose for which it was gathered. In the case of the personal data entered in the input screen of the contact form and sent by e-mail, this is when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant matter has been finally clarified.

The additional personal data collected as part of the submission process will be deleted after a period of seven days at the latest.

Objections and remedies

The user can withdraw his consent to the processing of his personal data at any time. If the user contacts us by e-mail, he may decline the storage of his personal data at any time. In such cases, we will not be able to continue the conversation.

In case you wish to decline the processing of your personal data by us, please send an e-mail to widerspruch@maritim.de.

All personal data stored when contact is established will be deleted in this case.

Enquiry Form and E-Mail Requests for Quotes

Description and scope of data processing

Our website contains a form that can be used to request an online quote. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and saved.

This data includes:

User's correct form of address
User's first name and last name
User's e-mail address
User's message
User's full postal address
User's phone number
User's company

At the time the message is sent, the following data is also stored:

User's IP address
Date and time of registration
User's correct form of address
User's first name and last name
User's e-mail address
User's message
User's full postal address – if provided
User's phone number – if provided
User's company – if provided

To enable data to be processed, you will be asked for your consent as part of the submission process and referred to the Data Security Policy. Alternatively, it is possible to make contact using the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored. Data stored in this context will not be disclosed to third parties. The data will solely be used to process requests for a quote.

Legal basis for data processing

The legal basis for the processing of data is Article 6 (1) a) GDPR, provided the user has granted the appropriate consent.

The legal basis for the processing of the data transmitted when an e-mail is sent is Article 6 (1) f) GDPR. If the intention behind the e-mail contact is to conclude a contract, the additional legal basis for the processing of the data is Article 6 (1) b) GDPR.

Purpose of data processing

The personal data provided in the input mask will solely be processed by us to manage the request for a quote. When contact is made by e-mail, this also presupposes the necessary legitimate interest in the processing of the data. The other personal data processed during the submission process is intended to prevent misuse of the enquiry form and to ensure the security of our IT systems.

Storage duration

The data will be deleted as soon as it is no longer required for the purpose for which it was gathered. In the case of the personal data entered in the input screen of the enquiry form and sent by e-mail, this is when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant matter has been finally clarified.

The additional personal data collected as part of the submission process will be deleted after a period of seven days at the latest.

Objections and remedies

The user can withdraw his consent to the processing of his personal data at any time. If the user contacts us by e-mail, he may decline the storage of his personal data at any time. In such cases, we will not be able to continue the conversation.

In case you wish to decline the processing of your personal data by us, please send an e-mail to widerspruch@maritim.de.

All personal data stored as part of offer enquiries will be deleted in this case.

Brochure request form and e-mail brochure request

Description and scope of data processing

Our website contains a request form that can be used to request an electronic copy of our brochures. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and saved.

This data includes:

User's first name and last name
User's full postal address
User's e-mail address
User's country
User's company

At the time the message is sent, the following data is also stored:

User's IP address
Date and time of registration
User's first name and last name
User's full postal address
User's e-mail address
User's country – if provided
User's company – if provided

To enable data to be processed, you will be asked for your consent as part of the submission process and referred to the Data Security Policy. Alternatively, it is possible to make contact using the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored. Data stored in this context will not be disclosed to third parties. The data will solely be used to process brochure orders.

Legal basis for data processing

The legal basis for the processing of data is Article 6 (1) a) GDPR, provided the user has granted the appropriate consent.

The legal basis for the processing of the data transmitted when an e-mail is sent is Article 6 (1) f) GDPR. If the intention behind the e-mail contact is to conclude a contract, the additional legal basis for the processing of the data is Article 6 (1) b) GDPR.

Purpose of data processing

The personal data provided in the input mask will solely be processed by us to manage the request for a brochure. When contact is made by e-mail, this also presupposes the necessary legitimate interest in the processing of the data. The other personal data processed during the submission process is intended to prevent misuse of the brochure request form and to ensure the security of our IT systems.

Storage duration

The data will be deleted as soon as it is no longer required for the purpose for which it was gathered. In the case of the personal data entered in the input screen of the brochure request form and sent by e-mail, this is when the respective brochure request has been processed. Processing is complete when the ordered brochures have been posted or sent as a PDF by e-mail or, in the case of regular mailings, when the guest declines to receive further brochures.

The additional personal data collected as part of the submission process will be deleted after a period of seven days at the latest.

Objections and remedies
The user can withdraw his consent to the processing of his personal data at any time. If the user contacts us by e-mail, he may decline the storage of his personal data at any time. In such cases, we will not be able to process the request for a brochure.

In case you wish to decline the processing of your personal data by us, please send an e-mail to widerspruch@maritim.de.

All personal data stored when a brochure is requested will be deleted in this case.

Conference Enquiry Form and E-Mail Conference Enquiries

Description and scope of data processing

Our website contains a form that can be used to make online enquiries about conferences. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and saved.

This data includes:

User's company
User's first name and last name
User's full postal address
User's phone number
User's e-mail address
User's message
User's mobile phone number
User's fax number

At the time the message is sent, the following data is also stored:

User's IP address
Date and time of registration
User's company
User's first name and last name
User's full postal address
User's phone number
User's e-mail address
User's message
User's mobile phone number – if provided
User's fax number – if provided

To enable data to be processed, you will be asked for your consent as part of the submission process and referred to the Data Security Policy. Alternatively, it is possible to make contact using the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored. Data stored in this context will not be disclosed to third parties. The data will solely be used to process the conference enquiry.

Legal basis for data processing

The legal basis for the processing of data is Article 6 (1) a) GDPR, provided the user has granted the appropriate consent.

The legal basis for the processing of the data transmitted when an e-mail is sent is Article 6 (1) f) GDPR. If the intention behind the e-mail contact is to conclude a contract, the additional legal basis for the processing of the data is Article 6 (1) b) GDPR.

Purpose of data processing

The personal data provided in the input mask will solely be processed by us to manage the conference enquiry. When contact is made by e-mail, this also presupposes the necessary legitimate interest in the processing of the data. The other personal data processed during the submission process is intended to prevent misuse of the conference enquiry form and to ensure the security of our IT systems.

Storage duration

The data will be deleted as soon as it is no longer required for the purpose for which it was gathered. In the case of the personal data entered in the input screen of the conference enquiry and sent by e-mail, this is when the user has received a quote or a contract has been concluded. The conference enquiry is ended when it can be inferred from the circumstances that the relevant matter has been finally clarified.

The additional personal data collected as part of the submission process will be deleted after a period of seven days at the latest.

Objections and remedies

The user can withdraw his consent to the processing of his personal data at any time. If the user contacts us by e-mail, he may decline the storage of his personal data at any time. In such cases, we will not be able to process the conference enquiry.

In case you wish to decline the processing of your personal data by us, please send an e-mail to widerspruch@maritim.de.

All personal data stored when a conference inquiry is received will be deleted in this case.

Catering Enquiry Form and E-Mail Catering Enquiries

Description and scope of data processing

Our website contains a form that can be used to make an online catering enquiry. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and saved.

This data includes:

User's first name and last name
User's full postal address
User's phone number
User's e-mail address
User's message
User's company
User's mobile phone number
User's fax number

At the time the message is sent, the following data is also stored:

User's IP address
Date and time of registration
User's first name and last name
User's full postal address
User's phone number
User's e-mail address
User's message
User's company – if provided
User's mobile phone number – if provided
User's fax number – if provided

To enable data to be processed, you will be asked for your consent as part of the submission process and referred to the Data Security Policy. Alternatively, it is possible to make contact using the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored. Data stored in this context will not be disclosed to third parties. The data will solely be used to process catering enquiries.

Legal basis for data processing

The legal basis for the processing of data is Article 6 (1) a) GDPR, provided the user has granted the appropriate consent.

The legal basis for the processing of the data transmitted when an e-mail is sent is Article 6 (1) f) GDPR. If the intention behind the e-mail contact is to conclude a contract, the additional legal basis for the processing of the data is Article 6 (1) b) GDPR.

Purpose of data processing

The personal data provided in the input mask will solely be processed by us to manage the catering enquiry. When contact is made by e-mail, this also presupposes the necessary legitimate interest in the processing of the data. The other personal data processed during the submission process is intended to prevent misuse of the catering enquiry form and to ensure the security of our IT systems.

Storage duration

The data will be deleted as soon as it is no longer required for the purpose for which it was gathered. In the case of the personal data entered in the input screen of the catering enquiry and sent by e-mail, this is when the user has received a quote or a contract has been concluded. The catering enquiry is ended when it can be inferred from the circumstances that the relevant matter has been finally clarified.

The additional personal data collected as part of the submission process will be deleted after a period of seven days at the latest.

Objections and remedies

The user can withdraw his consent to the processing of his personal data at any time. If the user contacts us by e-mail, he may decline the storage of his personal data at any time. In such cases, we will not be able to process the catering enquiry.

In case you wish to decline the processing of your personal data by us, please send an e-mail to widerspruch@maritim.de.

All personal data stored when a catering enquiry is received will be deleted in this case.

SME Contract Enquiry Form and E-mail SME Contract Enquiries

Description and scope of data processing

Our website contains a form that can be used to make an SME contract enquiry. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and saved.

This data includes:

User's correct form of address
User's company
User's first name and last name
User's full postal address
User's phone number
User's e-mail address
User's country
User's message
User's title

At the time the message is sent, the following data is also stored:

User's IP address
Date and time of registration
User's correct form of address
User's company
User's first name and last name
User's full postal address
User's phone number
User's e-mail address
User's country
User's message
User's title

To enable data to be processed, you will be asked for your consent as part of the submission process and referred to the Data Security Policy. Alternatively, it is possible to make contact using the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored. Data stored in this context will not be disclosed to third parties. The data will solely be used to process SME contract enquiries.

Legal basis for data processing

The legal basis for the processing of data is Article 6 (1) a) GDPR, provided the user has granted the appropriate consent.

The legal basis for the processing of the data transmitted when an e-mail is sent is Article 6 (1) f) GDPR. If the intention behind the e-mail contact is to conclude a contract, the additional legal basis for the processing of the data is Article 6 (1) b) GDPR.

Purpose of data processing

The personal data provided in the input mask will solely be processed by us to manage the SME contract enquiry. When contact is made by e-mail, this also presupposes the necessary legitimate interest in the processing of the data. The other personal data processed during the submission process is intended to prevent misuse of the SME contract enquiry form and to ensure the security of our IT systems.

Storage duration

The data will be deleted as soon as it is no longer required for the purpose for which it was gathered. In the case of the personal data entered in the input screen of the SME contract enquiry and sent by e-mail, this is when the user has received the offer of a contract or a contract has been concluded. The SME contract enquiry is ended when it can be inferred from the circumstances that the relevant matter has been finally clarified.

The additional personal data collected as part of the submission process will be deleted after a period of seven days at the latest.

Objections and remedies

The user can withdraw his consent to the processing of his personal data at any time. If the user contacts us by e-mail, he may decline the storage of his personal data at any time. In such cases, we will not be able to process the SME contract enquiry.

In case you wish to decline the processing of your personal data by us, please send an e-mail to widerspruch@maritim.de.

All personal data stored when an SME contract inquiry is received will be deleted in this case.

Order Form for Geese and E-mail Enquiries for Catering Services

Description and scope of data processing

Our website contains an order form that can be used to place online orders for geese or other catering services. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and saved.

This data includes:

User's correct form of address
User's first name and last name
User's full postal address
User's e-mail address
User's message
User's company
User's phone number

At the time the message is sent, the following data is also stored:

User's IP address
Date and time of registration
User's correct form of address
User's first name and last name
User's full postal address
User's e-mail address
User's message
User's company
User's phone number

To enable data to be processed, you will be asked for your consent as part of the submission process and referred to the Data Security Policy. Alternatively, it is possible to make contact using the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored. Data stored in this context will not be disclosed to third parties. The data will solely be used to process orders.

Legal basis for data processing

The legal basis for the processing of data is Article 6 (1) a) GDPR, provided the user has granted the appropriate consent.

The legal basis for the processing of the data transmitted when an e-mail is sent is Article 6 (1) f) GDPR. If the intention behind the e-mail contact is to conclude a contract, the additional legal basis for the processing of the data is Article 6 (1) b) GDPR.

Purpose of data processing

The personal data provided in the input mask will solely be processed by us to manage the order. When contact is made by e-mail, this also presupposes the necessary legitimate interest in the processing of the data. The other personal data processed during the submission process is intended to prevent misuse of the order form and to ensure the security of our IT systems.

Storage duration

The data will be deleted as soon as it is no longer required for the purpose for which it was gathered. In the case of the personal data entered in the input screen of the order form and sent by e-mail, this is when the user has received an order confirmation and/or the order has been collected from the hotel or delivered to the user. The order for geese and/or other catering services is ended when it can be inferred from the circumstances that the relevant matter has been finally clarified.

The additional personal data collected as part of the submission process will be deleted after a period of seven days at the latest.

Objections and remedies

The user can withdraw his consent to the processing of his personal data at any time. If the user contacts us by e-mail, he may decline the storage of his personal data at any time. In such cases, we will not be able to process the order.

In case you wish to decline the processing of your personal data by us, please send an e-mail to widerspruch@maritim.de.

All personal data stored when we receive an order for geese and/or other catering services will be deleted in this case.

Application Form and E-Mail Requests for Quotes to the Maritim Hotel Travel Service

Description and scope of data processing

Our website contains a form for the Maritim Hotel Travel Service, Kuelpstrasse 2, 64293 Darmstadt, Germany, that can be used to request an online quote. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and saved.

This data includes:

User's correct form of address
User's name
User's e-mail address
User's message
User's travel date
User's full postal address
User's phone number

At the time the message is sent, the following data is also stored:

User's IP address
Date and time of registration
User's correct form of address
User's name
User's e-mail address
User's message
User's travel date
User's full postal address – if provided
User's phone number – if provided

To enable data to be processed, you will be asked for your consent as part of the submission process and referred to the Data Security Policy. Alternatively, it is possible to make contact using the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored. Data stored in this context will not be disclosed to third parties. The data will solely be used to process requests for a quote.

Legal basis for data processing

The legal basis for the processing of data is Article 6 (1) a) GDPR, provided the user has granted the appropriate consent.

The legal basis for the processing of the data transmitted when an e-mail is sent is Article 6 (1) f) GDPR. If the intention behind the e-mail contact is to conclude a contract, the additional legal basis for the processing of the data is Article 6 (1) b) GDPR.

Purpose of data processing

The personal data provided in the input mask will solely be processed by us to manage the request for a quote. When contact is made by e-mail, this also presupposes the necessary legitimate interest in the processing of the data. The other personal data processed during the submission process is intended to prevent misuse of the enquiry form and to ensure the security of our IT systems.

Storage duration

The data will be deleted as soon as it is no longer required for the purpose for which it was gathered. In the case of the personal data entered in the input screen of the enquiry form and sent by e-mail, this is when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant matter has been finally clarified.

The additional personal data collected as part of the submission process will be deleted after a period of seven days at the latest.

Objections and remedies

The user can withdraw his consent to the processing of his personal data at any time. If the user contacts us by e-mail, he may decline the storage of his personal data at any time. In such cases, we will not be able to continue the conversation.

In case you wish to decline the processing of your personal data by us, please send an e-mail to widerspruch@maritim.de.

All personal data stored as part of offer enquiries will be deleted in this case.

Close-up of white rose, cup and open magazine at the Maritim Hotel Stuttgart

Statistical Evaluations and Plug-Ins

We gather additional data relating to individual services from our Company for statistical purposes, for example. In order to establish a basis for our media data, we determine, for example, how often pages are accessed or which of our online offers are particularly popular. Some of our sites also have integrated plug-ins or add-ons, such as Facebook for example.

Google Analytics

This website uses Google Analytics Universal, web analysis service of Google Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how you use the site. The information generated by the cookie concerning your use of this website generally will be passed on to a Google server in the USA and saved there. We wish to expressly point out that the website uses Google Analytics with the "anonymizeIp" add-on, which means that IP addresses are only processed in truncated form to prevent any direct reference to a particular person. The full IP address will only be transmitted to a Google server in the US and truncated there in exceptional cases. Acting on behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and Internet usage to the website operator. The IP address provided by your browser as part of Google Analytics will not be merged with other Google data. You may refuse to allow the storage of cookies by selecting the appropriate settings in your browser software, however please note that if you do this you may not be able to use the full functionality of this website. In addition, you may prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) by Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following Link. As an alternative to the browser add-on or within browsers on mobile devices, please click this link to prevent the gathering of data by Google Analytics within this website in the future (the opt-out only applies in the particular browser and only for this domain). This involves placing an opt-out cookie on your device. To delete cookies in the respective browser, you must click this link again.

Sessions generally end after 30 minutes of inactivity, while campaigns end after six months. The time limit for campaigns can be a maximum of two years. For more information on Terms of Use and Data Security see: https://www.google.com/analytics/terms/de.html

Google TagManager

Google Maps

We use maps from Google Maps on the website to help you find your way around. Google Maps is a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). When you call the contact pages, your web browser will be instructed to load the necessary functions and map data directly from the Google server. These servers can be located in the US or other countries around the world. We have no control over this and do not receive information from Google indicating whether you have exchanged map information when visiting our site. We do not know whether Google only provides you with the technically necessary information or whether it stores and evaluates other information about you or your system, such as IP addresses, information about your browser, etc. Google publishes a Data Security Policy that also applies to Google Maps. In particular, we would point out that Google handles the following categories of data: device-based information, IP address, hardware settings, browser type, browser language, date and time of your request and referral URL, cookies (can be blocked by you in the browser settings, see also above), location-related information. Google may link the data with other information about you and use the data collected through the services to provide, maintain, protect and improve Google services, to develop new services, and to protect Google and its users. Google also uses this information to provide you with tailored content - for example, to deliver more relevant search results and advertising. By using data collected through cookies and other technologies, such as pixel tags, Google improves your overall experience and the quality of Google's services. For example, Google allows you to save your preferred language setting in order to display services in your preferred language. Google will ask for your consent before it uses information for purposes other than those listed in Google's Data Security Policy. With your consent, Google will also share information with third parties for order data processing and for legal reasons. You can also change your privacy settings on Google when you log in. Google also adheres to several self-regulatory commitments and also deals with complaints.

Google Ads

Google Remarketing

Facebook

The website uses social plug-ins (hereafter referred to as "plug-ins") of the facebook.com social network, which is operated by Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA (hereinafter referred to as "Facebook"). The plug-ins can be identified by one of the Facebook logos (a white letter "f" on a blue tile or a "thumbs up" symbol) or are marked with the "Facebook Social Plug-in" add-on. The list of Facebook Social Plug-ins and what they look like can be seen here.

When a user visits a page of this website that contains such a plug-in, his browser will make a direct connection to the Facebook servers. The content of the plug-in will be transmitted by Facebook directly to the user's browser, which will incorporate this into the webpage. This means that the provider has no influence on the amount of data that Facebook collects using this plug-in. According to the provider's current knowledge, Facebook operates as follows:

The incorporation of the plug-ins, tells Facebook that a user has accessed the relevant page of the provider's website. If the user is logged into Facebook, Facebook can link the visit to his Facebook account. When users interact with the plug-ins, e.g. by using the "Like" or by leaving a comment, the relevant information is transmitted directly from the user's browser to Facebook and stored there. If a user is not a member of Facebook, it is still possible for Facebook to identify and save his IP address. According to Facebook, only an anonymised IP address is stored in Germany.

The purpose and scope of data gathering and further processing and use of the data by Facebook, as well as the rights and setting options to protect users' privacy, can be found in Facebook's Data Security Policy.

Users who are also Facebook user and who do not want Facebook to collect data about them via the provider's website and link it with their user data stored at Facebook must log out of Facebook before visiting the website. It is also possible to block Facebook social plug-ins with add-ons for the user's browser, for example with the "Facebook Blocker".

XING

Youtube

X (Twitter)

Retargeting

Google Fonts

Transfer of Personal Data to Countries Outside the European Union (Third Countries)

Personal data will be transferred to locations in third countries if

this is necessary in order to complete the website user's booking and manage the guest's stay at the hotel
it is required by law
or it has been approved by the user

As already mentioned elsewhere in this Privacy Policy, for certain tasks our company cooperates with service providers whose corporate headquarters are located in third countries, whose parent company is located in third countries or which themselves cooperate with companies located in third countries. Such cooperation is permissible if it has been determined by the European Commission that an adequate level of protection exists in the third countries in question (called an Adequacy Decision in Art. 45 GDPR). If this is not the case, it is ensured at all times that, in the case of service providers with a third-country connection without an adequacy decision, the special requirements of the General Data Protection Regulation for third-country transfers (Art. 44 and 46 et seqq. GDPR) are met.

The standard case here is the conclusion of EU standard contractual clauses as part of commissioned data processing (Art. 46 (2) (c) GDPR) in order to contractually bind the respective service providers. In such clauses, the service providers commit to protectingg the data of our users, processing said data in accordance with its data protection provisions on our behalf and, in particular, refraining from disclosing this data to third parties. To minimise the risks for data subjects, supplementary safeguards are established, such as encryption or other contractual, technical or organisational safeguards. We will not perform any further transfer of personal data beyond the described type of cooperation.

Personal data will only be stored by Maritim Hotelgesellschaft mbH for the period required in order to achieve the purpose of storage, or insofar as required by European regulators or other legislators in laws or regulations incumbent on the Controller.

When the purpose of storage no longer applies or when a storage period prescribed by the European regulator or any other relevant legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

External service providers, such as the mail service or mailing companies that process personal data on behalf of Maritim Hotelgesellschaft mbH are subject to the statutory data protection regulations and may only process the data provided for the specific purpose in hand.

External links

To offer you the best possible information, you will find links on our pages that refer to third-party websites. If such links are not obviously apparent, we point out that these are external links. Maritim Hotelgesellschaft mbH has no influence on the content and design of these websites and the data protection practices of third parties. We cannot accept any responsibility for this. The details of our Data Security Policy do not apply there. Thus, if you click on an advertisement or a third-party link, you should be aware that you are leaving the Maritim Hotelgesellschaft mbH service and that any personal data you provide will no longer be covered by this Data Security Policy. Please read the data protection statements of the other website owners to find out how your personal information is gathered and processed on these websites.

Declaration of consent by the user

By using our websites and online offers, you agree that the data voluntarily provided and transmitted by you may be stored by us and used and processed in compliance with this Data Security Policy.

Rights of the Data Subject

If you process personal data, you are a Data Subject under the terms of the GDPR and you have the following rights in relation to the Controller:

1. Right to information

You may ask the Controller to confirm whether personal data relating to you is processed by us.

If such processing is taking place, you can request information from the Controller about the following:

the purposes for which personal data is being processed;
the categories of personal data being processed;
the recipients or categories of recipients to whom the personal data relating to you has been disclosed or is still being disclosed;
the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
the existence of a right to the correction or deletion of personal data concerning you, a right to restrict processing by the Controller or a right to object to such processing;
the existence of a right of appeal to a supervisory authority;
all available information on the origin of the data if the personal data is not gathered from the Data Subject;
the existence of automated decision-making, including profiling, under Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on the Data Subject.

You have the right to request information about whether your personal data is transferred to a third country or an international organisation. In this context, you can request the appropriate guarantees pursuant to Article 46 GDPR in connection with the transfer.

2. Right of correction

You have a right to correction and/or completion in relation to the Controller, if the processed personal data relating to you is incorrect or incomplete. The Controller must carry out the correction without delay.

3. Right to restrict processing

You may demand that the processing of your personal data should be restricted under the following conditions:

if you contest the accuracy of the personal data relating to you for a period of time that enables the Controller to verify the accuracy of your personal data;
processing is unlawful and you refuse to allow the personal data to be deleted and instead request restriction of the use of the personal data;
the Controller no longer requires personal data for the purposes of processing, but you need this data to assert, exercise or defend legal claims, or
if you objected to processing pursuant to Article 21 (1) GDPR and it is not yet certain whether the justified grounds of the Controller take precedence over your grounds.

If the processing of personal data relating to you has been restricted, apart from storage this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of important public interest for the European Union or a Member State.

If the restriction on processing is limited according to the aforementioned conditions, you will be informed by the Controller before the restriction is lifted.

4. Right of deletion

a) Duty of deletion
You may require the Controller to delete your personal data without delay, and the Controller is required to delete that information immediately if one of the following grounds applies:

Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
You revoke your consent to processing pursuant to Article 6 (1) a) or Article 9 (2) a) GDPR and there is no other legal basis for processing.
You object to processing pursuant to Article 21 (1) GDPR and there are no overriding justifiable reasons for processing, or you object to processing pursuant to Article 21 (2) GDPR.
The personal data relating to you has been processed illegally.
It is necessary to delete personal data relating to you in order to fulfil a legal obligation under European Union law or the law of the Member States incumbent on the Controller.
The personal data relating to you was gathered in relation to an information society service pursuant to Article 8 (1) GDPR.

b) Information to third parties

If the Controller has made the personal data relating to you public and if he is obliged to delete it pursuant to Article 17 (1) of the GDPR, it shall take the appropriate steps, including technical measures, taking into account available technology and implementation costs, to inform Controllers responsible for data processing who process the personal data that you, as a Data Subject, have demanded the deletion of all links to such personal data or copies or duplicates of such personal data.

c) Exceptions

The right of deletion does not exist if processing is necessary

in order to exercise the right to freedom of expression and information;
to fulfil a legal obligation required by the law of the European Union or of the Member States incumbent on the Controller, or to implement a task in the public interest or in the exercise of the official authority conferred on the Controller;
for reasons of public interest in the area of public health pursuant to Article 9 (2) h) and Article 9 (3) GDPR;
for archival purposes of public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously impair the achievement of the objectives of this processing, or
to assert, exercise or defend legal claims.

Right to information

If you have the right of correction, deletion or restriction of processing in relation to the Controller, the latter is obliged to notify all recipients to whom your personal data has been disclosed of this correction or deletion of data or restriction of processing, unless this proves to be impossible or requires disproportionate effort.

You are entitled to require the Controller to reveal the identity of these recipients to you.

Right to data transferability

You have the right to receive the personal data that you have supplied to the Controller in a structured, current, machine-readable format. In addition, you have the right to transfer this data to another Controller without hindrance from the Controller to whom the personal data was supplied, provided that

processing is based on consent pursuant to Article 6 (1) a) GDPR or Article 9 (2) a) GDPR or on a contract pursuant to Article 6 (1) b) GDPR and
processing involves an automated procedure.

In exercising this right, you are also entitled to require that the personal data relating to you should be transmitted directly from one Controller to another Controller, insofar as this is technically feasible. This must not impair the freedoms and rights of other persons.

The right to data portability does not apply to the processing of personal data necessary for to implement a task in the public interest or in the exercise of the official authority conferred on the Controller.

Right of objection

You have the right to object to processing of your personal data at any time, for reasons that arise from your particular situation pursuant to Article 6 (1) e) or f) GDPR; this also applies to profiling based on these provisions.

The Controller will no longer process personal data relating to you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or processing is for the purpose of enforcing, exercising or defending legal claims.

If the personal data relating to you is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct marketing.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

Directive 2002/58/EC notwithstanding, you have the option, in the context of the use of information society services, of exercising your right to object through automated procedures that use technical specifications.

Questions/right of appeal to a supervisory authority

If you have further questions regarding the protection of your personal data, this Data Security Policy, declarations of consent and the processing of your personal data or complaints about data protection, you can contact our Data Protection Officer at the following e-mail address: datenschutz@maritim.de

Without prejudice to other administrative or judicial remedies, you shall have the right of appeal to a supervisory authority, in particular in the Member State of your place of residence, employment or the place of the alleged breach, if you believe that the processing of your personal data violates the GDPR.

The supervisory authority is the Data Protection Authority for North Rhine-Westphalia in Dusseldorf.

Data Security

Amendments to the Data Security Policy

Please note that data protection regulations and data protection practices are subject to constant change and the contents of this Data Security Policy may need to be amended. If so, we will explain the changes to you in a transparent manner. It is also advisable to familiarise yourself with any changes in the legal provisions and practices of our company.

Date 24th of August 2023

Object of Data Security

Forms

Statistical Evaluations and Plug-Ins

Amendments to the Data Security Policy