Age of Kids *

Data Security Information

Welcome to the Maritim Hotels Homepage!

We are very pleased that you have taken the time to visit our webpages and thank you for your interest in our company. The technological advances in our everyday lives open up a whole host of unimagined possibilities. This calls for a high level of responsibility among the companies with whom we share our personal data. We at Maritim Hotels are fully aware of this responsibility and protecting your privacy when you use our webpages is something that is particularly important to us. We comply with the applicable provisions for the protection of personal data, in particular the data protection provisions of the EU General Data Protection Regulation (GDPR).

This Data Security Policy (hereinafter referred to as the "Policy") applies solely to the webpages provided by Maritim Hotelgesellschaft mbH, its subsidiaries and all hotels within the Maritim portfolio (hereinafter referred to as "Maritim", "we" or "us").

1. Name and address of the Controller

The Controller pursuant to the General Data Protection Regulation and other national data protection laws of the Member States and other data protection provisions is:

Maritim Hotelgesellschaft mbH
Herforder Strasse 2
32105 Bad Salzuflen
Germany
Phone: +49 (0) 5222 953-0
E-mail: info.vkd@maritim.de
Website: www.maritim.com

2. Name and address of the Data Protection Officer

The Controller's Data Protection Officer is:

Manfred Schneider
Datenschutz und Datensicherheitsberatung proDS
Sonnenberg 12
33100 Paderborn
Germany
Phone: +49 (0) 5293 9327900
E-mail: datenschutz@maritim.de

Object of Data Security

The object of data protection is personal data.
Personal data pursuant to the German Federal Data Protection Act (BDSG) is any individual information relating to the personal or material circumstances of a specific or identifiable natural person. The GDPR further defines "personal data" as any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data or an online identifier.

A Data Subject is any identified or identifiable natural person whose personal data is processed by the Controller responsible for processing.

Processing entails any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

3. General Information on Data Processing

3.1 Scope of personal data processing

In principle, we only gather and use the personal data of our users to the extent necessary to enable us to provide a functional website and our content and services. We only gather and use the personal data of our users regularly with the consent of the user. An exception applies to cases in which prior consent cannot be obtained for material reasons and the processing of the data is permitted by law.

3.2 Legal basis for personal data processing

If we obtain the consent of the data subject for the processing of personal data, Article 6 (1) a) EU General Data Protection Regulation (GDPR) shall serve as the legal basis.

When we process the personal data necessary for the fulfilment of a contract to which the data subject is a party, Article 6 (1) b) GDPR shall serve as the legal basis This also applies to processing operations necessary in order to implement pre-contractual measures.

Insofar as it is necessary to process personal data in order to fulfil a legal obligation pertaining to our company, Article 6 (1) c) GDPR shall serve as the legal basis.

In the event that the vital interests of the Data Subject or any other natural person require the processing of personal data, Article 6 (1) d) GDPR shall serve as the legal basis

If processing is necessary in order to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the Data Subject do not prevail over the primary interest, Article 6 (1) f) GDPR shall serve as the legal basis for processing.

3.3 Data deletion and storage period

The personal data belonging to the Data Subject will be deleted or blocked as soon as the reason for storage no longer applies. Further storage may be permitted if this is provided for by the European or national legislators in EU regulations, laws or other rules incumbent on the Controller. The data shall also be blocked or deleted when a storage period prescribed by the standards mentioned expires, unless it is necessary to continue to store the data for the purpose of concluding a contract or fulfilling a contract.

4. Provision of the Website and Creation of Log Files

4.1 Description and scope of data processing

Each time our website is accessed, our system automatically gathers data and information from the computer system of the calling computer.

The following data is collected:

  • Information about the browser type and the version used
  • User's operating system
  • User's Internet service provider
  • User's anonymised IP address
  • Date and time of access
  • Websites from which the user's system accesses our website
  • Websites that the user's system accesses from our website
  • Keywords entered
  • Information about the device type used
  • Language settings
  • The frequency with which pages are called

The data is also stored in the log files of our system. This data is not stored together with other personal data belonging to the user.

4.2 Legal basis for data processing

The legal basis for the temporary storage of data and log files is Article 6 (1) f) GDPR.

4.3 Purpose of data processing

It is necessary for the IP address to be stored temporarily by the system in order to allow the website to be delivered to the user's computer. For this, the user's anonymised IP address must be stored for the duration of the session.

It is stored in log files to ensure the functionality of the website. In addition, the data is used to optimise the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context. For these purposes, our legitimate interest lies in the processing of data pursuant to Article 6 (1) f) GDPR.

4.4 Storage duration

The data will be deleted as soon as it is no longer required for the purpose for which it was gathered. If the data is gathered for the purpose of providing the website, this is the case when the respective session is terminated. When data is stored in log files, this is the case after a maximum of seven days. Longer storage is possible. In this case, the IP addresses of the users are deleted or anonymised, so that they can no longer be linked to the calling client.

4.5 Objections and remedies

The gathering of data for the provision of the website and the storage of the data in log files are essential for the operation of the website. There is consequently no possibility for the user to object.

5. Use of Cookies

5.1 Description and scope of data processing

Our website uses cookies. Cookies are small text files that are saved in the Internet browser or stored by the Internet browser on the user's computer system. When a user visits a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is next reopened.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser should be identified even after a change of page.

The following data is stored and transmitted in the cookies:

  • Language settings
  • Information about the pull-down status of the quick booking screen
  • A session cookie (for the duration of the browser session) to temporarily save filter selections or completed forms

In addition, we also use cookies on our website to enable us to analyse our users' browsing behaviour.

The following data can be transmitted in this way:

  • Information about the browser type and the version used
  • User's operating system
  • User's Internet service provider
  • User's anonymised IP address
  • Date and time of access
  • Websites from which the user's system accesses our website
  • Websites that the user's system accesses from our website
  • Keywords entered
  • Information about the device type used
  • Language settings
  • The frequency with which pages are called

The data belonging to users collected in this way is pseudonymised using technical measures This means it is no longer possible to link data to the calling user. The data is not stored along with other personal data belonging to the user. When they access our website, users will see an info banner informing them of the use of cookies for analysis purposes and referring them to this Data Security Policy. In this context, there is also a note indicating how the user can prevent the storage of cookies in his/her browser settings. In the YourOnlineChoices preference management system you can decline usage-based online advertising from individual companies or all companies.

5.2 Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Article 6 (1) f) GDPR.

The legal basis for the processing of personal data using cookies for analysis purposes is Article 6 (1) f) GDPR, provided the user has granted the appropriate consent.

5.3 Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some features of our website cannot be offered without the use of cookies. For these, it is necessary that the browser should be recognised, even after a new page is accessed.

We need cookies for the following applications:

  • Shopping basket
  • Language settings
  • Information about the pull-down status of the quick booking box
  • A session cookie (for the duration of the browser session) to temporarily save filter selections or completed forms

The user data collected by means of technically essential cookies will not be used to create user profiles.

Analysis cookies are used for the purpose of improving the quality of our website and its contents. Through the use of analysis cookies, we learn how the website is used and can optimise our offer continuously.
For these purposes, our legitimate interest also lies in the processing of personal data pursuant to Article 6 (1) f) GDPR.

5.4 Storage duration, objections and remedies

Cookies are stored on the user's computer and are transmitted by it to our site. This means that you, as a user, have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transfer of cookies. Already saved cookies can be deleted at any time. This process can also be automated. If cookies are deactivated for our website, it may not be possible to use all the functions of the website to the full extent.

6. Newsletter

6.1 Description and scope of data processing

You can subscribe to a free newsletter on our website. When you sign up for the newsletter, the following data from the input mask will be sent to us:

  • User's e-mail address

The following data will also be collected when you subscribe:

  • IP address of the calling computer
  • Date and time of registration

To enable data to be processed, you will be asked for your consent as part of the registration process and referred to the Data Security Policy.

To document your consent to receive the newsletter and to prevent misuse of your data, we use the "double-opt-in" process. This process enables us to ensure that the recipient wishes to receive our newsletter. After your registration you will receive an e-mail asking you to confirm your subscription to the newsletter. We will only send you our newsletter after we receive your confirmation.

Newsletter subscriptions are logged in order to verify the registration process in accordance with legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Similarly, changes to your stored data are also logged.

If you purchase goods or services on our website and save your e-mail address here, this can subsequently be used by us to distribute a newsletter. In such a case, the newsletter will only be used as direct marketing for our own goods or services. There shall be no disclosure of data to third parties in connection with the processing of data for the distribution of newsletters. The data will solely be used to distribute the newsletter.

The newsletter will be distributed using the web-based dailypointTM marketing software, a marketing platform provided by Toedt, Dr. med. Selk & Coll. GmbH, Augustenstr. 79, 80333 Munich, Germany.

The e-mail addresses of our newsletter recipients, as well as their further data described in the context of this information shall be stored on the servers of Toedt Dr. Selk & Coll. GmbH in Germany.

Toedt, Dr. Selk & Coll. GmbH shall use this information to distribute and evaluate the newsletter on our behalf. Furthermore, Toedt, Dr. Selk & Coll. GmbH can use this data to optimise or improve its own services, e.g. for the technical enhancement of the dispatch and presentation of the newsletter. Toedt, Dr. Selk & Coll. GmbH shall not, however, use the data of our newsletter recipients to contact the said recipients on its own behalf and shall not disclose this data to third parties.

Furthermore, we have concluded an "order fulfilment agreement" with Toedt, Dr. Selk & Coll. GmbH. In this agreement, Toedt, Dr. Selk & Coll. GmbH commits itself to protect the data of our users, to process the said data in accordance with its data protection provisions on our behalf and, in particular, not to disclose this data to third parties. The data protection provisions operated by Toedt, Dr. Selk & Coll. GmbH can be viewed here.

6.2 Legal basis for data processing

The legal basis for the processing of data after the user has subscribed to the newsletter is Article 6 (1) a) GDPR, provided the user has granted the appropriate consent.

The legal basis for sending the newsletter as a result of the sale of goods or services is Article 7 (3) German Unfair Competition Act (UWG).

6.3 Purpose of data processing

The user's e-mail address will be saved in order to deliver the newsletter. The gathering of other personal data in the context of the registration process helps to prevent the misuse of services or the email address used.

6.4 Storage duration

The data will be deleted as soon as it is no longer required for the purpose for which it was gathered. The e-mail address of the user, as well as the date and time of registration, will be saved for as long as the subscription to the newsletter remains active. The other personal data collected as part of the registration process will normally be deleted after a period of seven days.

6.5 Objections and remedies

The subscription to the newsletter may be terminated at any time by the relevant user. A corresponding link is provided in each newsletter for this purpose. This also allows the consent to allow the storage of the personal data gathered during the registration process to be revoked.

6.6 Statistical survey and analyses

The newsletters contain a "web-beacon", i.e. a pixel-sized file that is retrieved when you open the newsletter from the Toedt, Dr. Selk & Coll. GmbH server. This call initially involves gathering technical information, such as information about the browser and your system, as well as your IP address and time of retrieval. This information will be used to improve the technical performance of services based on their specifications or target audiences and their reading habits, according to their access locations (which can be determined using the IP address) or access times.

Statistical surveys also involve determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be linked to the individual newsletter recipients. However, it is not our intention, or that of Toedt, Selk & Coll. GmbH, to monitor individual users. Instead, we use the evaluations to identify the reading habits of our users and to adapt our content to them or to distribute different content tailored to the interests of our users.

Declarations of consent to the transfer of e-mail addresses are based on Article 6 (1) a), Article 7 GDPR and Article 7 (2) 3 and (3) para. 3 German Unfair Competition Act (UWG). The use of the Toedt, Dr. med. Selk & Coll. GmbH forwarding service, the implementation of statistical surveys and analyses, as well as the logging of the registration process, are performed on the basis of our legitimate interests according to Article 6 (1) f) GDPR. Our interests focus on the use of a user-friendly and secure newsletter system that corresponds both to our commercial interests, such as direct marketing, as well as to the expectations of users.

If we use your personal data for direct marketing, you can opt-out of this at any time according to Article 21 GDPR by sending us a notification.

7. Registration and bookings

7.1 Description and scope of data processing

There is a booking engine on our website that allows our users to make online bookings with Maritim Hotels. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and our software partner Pegasus Solutions Companies, 4 Aston Avenue, Harrow, Middlesex HA3 0DB, GB and saved.

This data includes:

  • User's correct form of address
  • User's first name and last name
  • User's e-mail address
  • User's phone number
  • User's booking data
  • User's full postal address
  • User's country
  • The booked guest's title
  • The booked guest's first name and last name
  • The purpose of the stay (business or personal)
  • Further information/messages for the hotel – if provided
  • User's payment method
  • User's credit card data

To simplify and speed up the processing of future bookings, the user can also register online with a profile and save a personal password. This password will not be sent to us.

This data includes:

  • User's correct form of address
  • User's first name and last name
  • User's e-mail address
  • User's phone number
  • User's booking data
  • User's full postal address
  • User's country
  • The booked guest's title
  • The booked guest's first name and last name
  • The purpose of the stay (business or personal)
  • Further information/messages for the hotel – if provided
  • User's payment method
  • User's credit card data

7.2 Legal basis for data processing

The legal basis for the processing of data is Article 6 (1) a) GDPR, provided the user has granted the appropriate consent.

7.3 Purpose of data processing

The personal data provided in the input mask will solely be processed by us to manage the online booking and the guest's stay at the hotel. When an online booking is made via our website, this also presupposes the necessary legitimate interest in the processing of the data. The other personal data processed during the submission process is intended to prevent misuse of the online booking and to ensure the security of our IT systems.

Furthermore, we have concluded an "order fulfilment agreement" with Pegasus Solutions Companies. In this agreement, Pegasus Solutions Companies commits itself to protect the data of our users, to process the said data in accordance with its data protection provisions on our behalf and, in particular, not to disclose this data to third parties. The data protection provisions operated by Pegasus Solutions Companies can be viewed here.

7.4 Storage duration

The data will be stored for the duration of the session and then deleted if the user does not complete the booking. When an online booking is made, all data entered by the user will be stored and transmitted to the hotel for reservation and billing purposes.

In general, personal data will only be stored by Maritim Hotelgesellschaft mbH and Pegasus Solutions Companies, 4 Aston Avenue, Harrow, Middlesex HA3 0DB, UK for the period required in order to achieve the purpose of storage, or insofar as required by European regulators or other legislators in laws or regulations incumbent on the Controller.

When the purpose of storage no longer applies or when a storage period prescribed by the European regulator or any other relevant legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

7.5 Objections and remedies

The user can withdraw his consent to the processing of his personal data at any time. If the user contacts us by e-mail, he may decline the storage of his personal data at any time. In such a case he will no longer be able to make online bookings using the Maritim website.

In case you wish to decline the processing of your personal data by us, please send an e-mail to widerspruch@maritim.de.

All personal data stored as part of online reservations will be deleted in this case.

8. Contact Form and E-mail Contact

8.1 Description and scope of data processing

Our website contains a contact form that can be used for online contacts. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and saved.

This data includes:

  • User's correct form of address
  • Subject
  • User's first name and last name
  • User's full postal address
  • User's e-mail address
  • User's country
  • User's message
  • User's title – not mandatory
  • User's phone number – not mandatory
  • User's company – not mandatory

At the time the message is sent, the following data is also stored:

  • User's IP address
  • Date and time of registration
  • User's correct form of address
  • Subject
  • User's first name and last name
  • User's full postal address
  • User's e-mail address
  • User's country
  • User's message
  • User's title – if provided
  • User's phone number – if provided
  • User's company – if provided

To enable data to be processed, you will be asked for your consent as part of the submission process and referred to the Data Security Policy. Alternatively, it is possible to make contact using the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored. Data stored in this context will not be disclosed to third parties. The data will solely be used to process the conversation.

8.2 Legal basis for data processing

The legal basis for the processing of data is Article 6 (1) a) GDPR, provided the user has granted the appropriate consent.

The legal basis for the processing of the data transmitted when an e-mail is sent is Article 6 (1) f) GDPR. If the intention behind the e-mail contact is to conclude a contract, the additional legal basis for the processing of the data is Article 6 (1) b) GDPR.

8.3 Purpose of data processing

The personal data provided in the input mask will solely be processed by us to manage contact. When contact is made by e-mail, this also presupposes the necessary legitimate interest in the processing of the data. The other personal data processed during the submission process is intended to prevent misuse of the contact form and to ensure the security of our IT systems.

8.4 Storage duration

The data will be deleted as soon as it is no longer required for the purpose for which it was gathered. In the case of the personal data entered in the input screen of the contact form and sent by e-mail, this is when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant matter has been finally clarified.

The additional personal data collected as part of the submission process will be deleted after a period of seven days at the latest.

8.5 Objections and remedies

The user can withdraw his consent to the processing of his personal data at any time. If the user contacts us by e-mail, he may decline the storage of his personal data at any time. In such cases, we will not be able to continue the conversation.

In case you wish to decline the processing of your personal data by us, please send an e-mail to widerspruch@maritim.de.

All personal data stored when contact is established will be deleted in this case.

9. Enquiry Form and E-Mail Requests for Quotes

9.1 Description and scope of data processing

Our website contains a form that can be used to request an online quote. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and saved.

This data includes:

  • User's correct form of address
  • User's first name and last name
  • User's e-mail address
  • User's message
  • User's full postal address – not mandatory
  • User's phone number – not mandatory
  • User's company – not mandatory

At the time the message is sent, the following data is also stored:

  • User's IP address
  • Date and time of registration
  • User's correct form of address
  • User's first name and last name
  • User's e-mail address
  • User's message
  • User's full postal address – if provided
  • User's phone number – if provided
  • User's company – if provided

To enable data to be processed, you will be asked for your consent as part of the submission process and referred to the Data Security Policy. Alternatively, it is possible to make contact using the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored. Data stored in this context will not be disclosed to third parties. The data will solely be used to process requests for a quote.

9.2 Legal basis for data processing

The legal basis for the processing of data is Article 6 (1) a) GDPR, provided the user has granted the appropriate consent.

The legal basis for the processing of the data transmitted when an e-mail is sent is Article 6 (1) f) GDPR. If the intention behind the e-mail contact is to conclude a contract, the additional legal basis for the processing of the data is Article 6 (1) b) GDPR.

9.3 Purpose of data processing

The personal data provided in the input mask will solely be processed by us to manage the request for a quote. When contact is made by e-mail, this also presupposes the necessary legitimate interest in the processing of the data. The other personal data processed during the submission process is intended to prevent misuse of the enquiry form and to ensure the security of our IT systems.

9.4 Storage duration

The data will be deleted as soon as it is no longer required for the purpose for which it was gathered. In the case of the personal data entered in the input screen of the enquiry form and sent by e-mail, this is when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant matter has been finally clarified.

The additional personal data collected as part of the submission process will be deleted after a period of seven days at the latest.

9.5 Objections and remedies

The user can withdraw his consent to the processing of his personal data at any time. If the user contacts us by e-mail, he may decline the storage of his personal data at any time. In such cases, we will not be able to continue the conversation.

In case you wish to decline the processing of your personal data by us, please send an e-mail to widerspruch@maritim.de.

All personal data stored as part of offer enquiries will be deleted in this case.

10. Brochure request form and e-mail brochure request

10.1 Description and scope of data processing

Our website contains a request form that can be used to request an electronic copy of our brochures. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and saved.

This data includes:

  • User's first name and last name
  • User's full postal address
  • User's e-mail address
  • User's country – not mandatory
  • User's company – not mandatory

At the time the message is sent, the following data is also stored:

  • User's IP address
  • Date and time of registration
  • User's first name and last name
  • User's full postal address
  • User's e-mail address
  • User's country – if provided
  • User's company – if provided

To enable data to be processed, you will be asked for your consent as part of the submission process and referred to the Data Security Policy. Alternatively, it is possible to make contact using the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored. Data stored in this context will not be disclosed to third parties. The data will solely be used to process brochure orders.

10.2 Legal basis for data processing

The legal basis for the processing of data is Article 6 (1) a) GDPR, provided the user has granted the appropriate consent.

The legal basis for the processing of the data transmitted when an e-mail is sent is Article 6 (1) f) GDPR. If the intention behind the e-mail contact is to conclude a contract, the additional legal basis for the processing of the data is Article 6 (1) b) GDPR.

10.3 Purpose of data processing

The personal data provided in the input mask will solely be processed by us to manage the request for a brochure. When contact is made by e-mail, this also presupposes the necessary legitimate interest in the processing of the data. The other personal data processed during the submission process is intended to prevent misuse of the brochure request form and to ensure the security of our IT systems.

10.4 Storage duration

The data will be deleted as soon as it is no longer required for the purpose for which it was gathered. In the case of the personal data entered in the input screen of the brochure request form and sent by e-mail, this is when the respective brochure request has been processed. Processing is complete when the ordered brochures have been posted or sent as a PDF by e-mail or, in the case of regular mailings, when the guest declines to receive further brochures.

The additional personal data collected as part of the submission process will be deleted after a period of seven days at the latest.

10.5 Objections and remedies
The user can withdraw his consent to the processing of his personal data at any time. If the user contacts us by e-mail, he may decline the storage of his personal data at any time. In such cases, we will not be able to process the request for a brochure.

In case you wish to decline the processing of your personal data by us, please send an e-mail to widerspruch@maritim.de.

All personal data stored when a brochure is requested will be deleted in this case.

11. Conference Enquiry Form and E-Mail Conference Enquiries

11.1 Description and scope of data processing

Our website contains a form that can be used to make online enquiries about conferences. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and saved.

This data includes:

  • User's company
  • User's first name and last name
  • User's full postal address
  • User's phone number
  • User's e-mail address
  • User's message
  • User's mobile phone number – not mandatory
  • User's fax number – not mandatory

At the time the message is sent, the following data is also stored:

  • User's IP address
  • Date and time of registration
  • User's company
  • User's first name and last name
  • User's full postal address
  • User's phone number
  • User's e-mail address
  • User's message
  • User's mobile phone number – if provided
  • User's fax number – if provided

To enable data to be processed, you will be asked for your consent as part of the submission process and referred to the Data Security Policy. Alternatively, it is possible to make contact using the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored. Data stored in this context will not be disclosed to third parties. The data will solely be used to process the conference enquiry.

11.2 Legal basis for data processing

The legal basis for the processing of data is Article 6 (1) a) GDPR, provided the user has granted the appropriate consent.

The legal basis for the processing of the data transmitted when an e-mail is sent is Article 6 (1) f) GDPR. If the intention behind the e-mail contact is to conclude a contract, the additional legal basis for the processing of the data is Article 6 (1) b) GDPR.

11.3 Purpose of data processing

The personal data provided in the input mask will solely be processed by us to manage the conference enquiry. When contact is made by e-mail, this also presupposes the necessary legitimate interest in the processing of the data. The other personal data processed during the submission process is intended to prevent misuse of the conference enquiry form and to ensure the security of our IT systems.

11.4 Storage duration

The data will be deleted as soon as it is no longer required for the purpose for which it was gathered. In the case of the personal data entered in the input screen of the conference enquiry and sent by e-mail, this is when the user has received a quote or a contract has been concluded. The conference enquiry is ended when it can be inferred from the circumstances that the relevant matter has been finally clarified.

The additional personal data collected as part of the submission process will be deleted after a period of seven days at the latest.

11.5 Objections and remedies

The user can withdraw his consent to the processing of his personal data at any time. If the user contacts us by e-mail, he may decline the storage of his personal data at any time. In such cases, we will not be able to process the conference enquiry.

In case you wish to decline the processing of your personal data by us, please send an e-mail to widerspruch@maritim.de.

All personal data stored when a conference inquiry is received will be deleted in this case.

12. Catering Enquiry Form and E-Mail Catering Enquiries

12.1 Description and scope of data processing

Our website contains a form that can be used to make an online catering enquiry. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and saved.

This data includes:

  • User's first name and last name
  • User's full postal address
  • User's phone number
  • User's e-mail address
  • User's message
  • User's company – not mandatory
  • User's mobile phone number – not mandatory
  • User's fax number – not mandatory

At the time the message is sent, the following data is also stored:

  • User's IP address
  • Date and time of registration
  • User's first name and last name
  • User's full postal address
  • User's phone number
  • User's e-mail address
  • User's message
  • User's company – if provided
  • User's mobile phone number – if provided
  • User's fax number – if provided

To enable data to be processed, you will be asked for your consent as part of the submission process and referred to the Data Security Policy. Alternatively, it is possible to make contact using the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored. Data stored in this context will not be disclosed to third parties. The data will solely be used to process catering enquiries.

12.2 Legal basis for data processing

The legal basis for the processing of data is Article 6 (1) a) GDPR, provided the user has granted the appropriate consent.

The legal basis for the processing of the data transmitted when an e-mail is sent is Article 6 (1) f) GDPR. If the intention behind the e-mail contact is to conclude a contract, the additional legal basis for the processing of the data is Article 6 (1) b) GDPR.

12.3 Purpose of data processing

The personal data provided in the input mask will solely be processed by us to manage the catering enquiry. When contact is made by e-mail, this also presupposes the necessary legitimate interest in the processing of the data. The other personal data processed during the submission process is intended to prevent misuse of the catering enquiry form and to ensure the security of our IT systems.

12.4 Storage duration

The data will be deleted as soon as it is no longer required for the purpose for which it was gathered. In the case of the personal data entered in the input screen of the catering enquiry and sent by e-mail, this is when the user has received a quote or a contract has been concluded. The catering enquiry is ended when it can be inferred from the circumstances that the relevant matter has been finally clarified.

The additional personal data collected as part of the submission process will be deleted after a period of seven days at the latest.

12.5 Objections and remedies

The user can withdraw his consent to the processing of his personal data at any time. If the user contacts us by e-mail, he may decline the storage of his personal data at any time. In such cases, we will not be able to process the catering enquiry.

In case you wish to decline the processing of your personal data by us, please send an e-mail to widerspruch@maritim.de.

All personal data stored when a catering enquiry is received will be deleted in this case.

13. SME Contract Enquiry Form and E-mail SME Contract Enquiries

13.1 Description and scope of data processing

Our website contains a form that can be used to make an SME contract enquiry. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and saved.

This data includes:

  • User's correct form of address
  • User's company
  • User's first name and last name
  • User's full postal address
  • User's phone number
  • User's e-mail address
  • User's country
  • User's message
  • User's title – not mandatory

At the time the message is sent, the following data is also stored:

  • User's IP address
  • Date and time of registration
  • User's correct form of address
  • User's company
  • User's first name and last name
  • User's full postal address
  • User's phone number
  • User's e-mail address
  • User's country
  • User's message
  • User's title – not mandatory

To enable data to be processed, you will be asked for your consent as part of the submission process and referred to the Data Security Policy. Alternatively, it is possible to make contact using the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored. Data stored in this context will not be disclosed to third parties. The data will solely be used to process SME contract enquiries.

13.2 Legal basis for data processing

The legal basis for the processing of data is Article 6 (1) a) GDPR, provided the user has granted the appropriate consent.

The legal basis for the processing of the data transmitted when an e-mail is sent is Article 6 (1) f) GDPR. If the intention behind the e-mail contact is to conclude a contract, the additional legal basis for the processing of the data is Article 6 (1) b) GDPR.

13.3 Purpose of data processing

The personal data provided in the input mask will solely be processed by us to manage the SME contract enquiry. When contact is made by e-mail, this also presupposes the necessary legitimate interest in the processing of the data. The other personal data processed during the submission process is intended to prevent misuse of the SME contract enquiry form and to ensure the security of our IT systems.

13.4 Storage duration

The data will be deleted as soon as it is no longer required for the purpose for which it was gathered. In the case of the personal data entered in the input screen of the SME contract enquiry and sent by e-mail, this is when the user has received the offer of a contract or a contract has been concluded. The SME contract enquiry is ended when it can be inferred from the circumstances that the relevant matter has been finally clarified.

The additional personal data collected as part of the submission process will be deleted after a period of seven days at the latest.

13.5 Objections and remedies

The user can withdraw his consent to the processing of his personal data at any time. If the user contacts us by e-mail, he may decline the storage of his personal data at any time. In such cases, we will not be able to process the SME contract enquiry.

In case you wish to decline the processing of your personal data by us, please send an e-mail to widerspruch@maritim.de.

All personal data stored when an SME contract inquiry is received will be deleted in this case.

14. Order Form for Geese and E-mail Enquiries for Catering Services

14.1 Description and scope of data processing

Our website contains an order form that can be used to place online orders for geese or other catering services. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and saved.

This data includes:

  • User's correct form of address
  • User's first name and last name
  • User's full postal address
  • User's e-mail address
  • User's message
  • User's company – not mandatory
  • User's phone number – not mandatory

At the time the message is sent, the following data is also stored:

  • User's IP address
  • Date and time of registration
  • User's correct form of address
  • User's first name and last name
  • User's full postal address
  • User's e-mail address
  • User's message
  • User's company – not mandatory
  • User's phone number – not mandatory

To enable data to be processed, you will be asked for your consent as part of the submission process and referred to the Data Security Policy. Alternatively, it is possible to make contact using the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored. Data stored in this context will not be disclosed to third parties. The data will solely be used to process orders.

14.2 Legal basis for data processing

The legal basis for the processing of data is Article 6 (1) a) GDPR, provided the user has granted the appropriate consent.

The legal basis for the processing of the data transmitted when an e-mail is sent is Article 6 (1) f) GDPR. If the intention behind the e-mail contact is to conclude a contract, the additional legal basis for the processing of the data is Article 6 (1) b) GDPR.

14.3 Purpose of data processing

The personal data provided in the input mask will solely be processed by us to manage the order. When contact is made by e-mail, this also presupposes the necessary legitimate interest in the processing of the data. The other personal data processed during the submission process is intended to prevent misuse of the order form and to ensure the security of our IT systems.

14.4 Storage duration

The data will be deleted as soon as it is no longer required for the purpose for which it was gathered. In the case of the personal data entered in the input screen of the order form and sent by e-mail, this is when the user has received an order confirmation and/or the order has been collected from the hotel or delivered to the user. The order for geese and/or other catering services is ended when it can be inferred from the circumstances that the relevant matter has been finally clarified.

The additional personal data collected as part of the submission process will be deleted after a period of seven days at the latest.

14.5 Objections and remedies

The user can withdraw his consent to the processing of his personal data at any time. If the user contacts us by e-mail, he may decline the storage of his personal data at any time. In such cases, we will not be able to process the order.

In case you wish to decline the processing of your personal data by us, please send an e-mail to widerspruch@maritim.de.

All personal data stored when we receive an order for geese and/or other catering services will be deleted in this case.

15. Application Form and E-Mail Requests for Quotes to the Maritim Hotel Travel Service

15.1 Description and scope of data processing

Our website contains a form for the Maritim Hotel Travel Service, Kuelpstrasse 2, 64293 Darmstadt, Germany, that can be used to request an online quote. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and saved.

This data includes:

  • User's correct form of address
  • User's name
  • User's e-mail address
  • User's message
  • User's travel date
  • User's full postal address – not mandatory
  • User's phone number – not mandatory

At the time the message is sent, the following data is also stored:

  • User's IP address
  • Date and time of registration
  • User's correct form of address
  • User's name
  • User's e-mail address
  • User's message
  • User's travel date
  • User's full postal address – if provided
  • User's phone number – if provided

To enable data to be processed, you will be asked for your consent as part of the submission process and referred to the Data Security Policy. Alternatively, it is possible to make contact using the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored. Data stored in this context will not be disclosed to third parties. The data will solely be used to process requests for a quote.

15.2 Legal basis for data processing

The legal basis for the processing of data is Article 6 (1) a) GDPR, provided the user has granted the appropriate consent.

The legal basis for the processing of the data transmitted when an e-mail is sent is Article 6 (1) f) GDPR. If the intention behind the e-mail contact is to conclude a contract, the additional legal basis for the processing of the data is Article 6 (1) b) GDPR.

15.3 Purpose of data processing

The personal data provided in the input mask will solely be processed by us to manage the request for a quote. When contact is made by e-mail, this also presupposes the necessary legitimate interest in the processing of the data. The other personal data processed during the submission process is intended to prevent misuse of the enquiry form and to ensure the security of our IT systems.

15.4 Storage duration

The data will be deleted as soon as it is no longer required for the purpose for which it was gathered. In the case of the personal data entered in the input screen of the enquiry form and sent by e-mail, this is when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant matter has been finally clarified.

The additional personal data collected as part of the submission process will be deleted after a period of seven days at the latest.

15.5 Objections and remedies

The user can withdraw his consent to the processing of his personal data at any time. If the user contacts us by e-mail, he may decline the storage of his personal data at any time. In such cases, we will not be able to continue the conversation.

In case you wish to decline the processing of your personal data by us, please send an e-mail to widerspruch@maritim.de.

All personal data stored as part of offer enquiries will be deleted in this case.

16. Maritim PartnerCard Application Form

16.1 Description and scope of data processing

Our website contains a contact form that can be used to apply for a Maritim PartnerCard. The Maritim PartnerCard is the central customer loyalty programme used by Maritim Hotelgesellschaft mbH. The applicant has to print out and complete the form, which must also be signed. Thus, the actual application takes place offline by post rather than online. The data gathered offline can be viewed at www.maritim.com/en/partner-card.

The data will solely be used to process the application and to operate the Maritim Hotelgesellschaft card system. All data that you have provided to us as part of your membership of the Maritim PartnerCard programme will be processed and stored by our partner arvato systems Perdata GmbH, Brook 1, 20457 Hamburg, Germany.

Acting on behalf of Maritim Hotelgesellschaft, arvato systems Perdata GmbH handles the processing, storage and archiving of customer master data, as well as the evaluation of this data at the request of the hotel company. All data described in the context of this information will be stored on the servers of arvato systems Perdata GmbH in Germany.

arvato systems Perdata GmbH will use this information to communicate with our Maritim PartnerCard members under existing contracts on our behalf. arvato systems Perdata GmbH will not use the data of our Maritim PartnerCard holders to contact them on its own behalf and will not disclose this data to third parties.

Furthermore, we have concluded an "order fulfilment agreement" with arvato systems Perdata GmbH. In this agreement, arvato systems Perdata GmbH commits itself to protect the data of our users, to process the said data in accordance with its data protection provisions on our behalf and, in particular, not to disclose this data to third parties. The data protection provisions operated by arvato systems Perdata GmbH can be viewed here.

16.2 Legal basis for data processing

The legal basis for the processing of data is Article 6 (1) a) GDPR, provided the user has granted the appropriate consent.

16.3 Purpose of data processing

By processing the personal data from the application form we are able to process the application and to operate the card system.

16.4 Storage duration

Personal data will only be stored by Maritim Hotelgesellschaft mbH and arvato systems Perdata GmbH for the period required in order to achieve the purpose of storage, or insofar as required by European regulators or other legislators in laws or regulations incumbent on the Controller.

When the purpose of storage no longer applies or when a storage period prescribed by the European regulator or any other relevant legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

16.5 Objections and remedies

The user can terminate his Maritim PartnerCard at any time and withdraw his consent to the processing of his personal data at any time. If the user contacts us by e-mail, he may also decline the storage of his personal data at any time. In such a case, it is no longer possible to continue to participate in the Maritim Hotelgesellschaft loyalty card programme.

In case you wish to decline the processing of your personal data by us, please send an e-mail to widerspruch@maritim.de.

All personal data stored when we receive in relation to participation in the Maritim Hotelgesellschaft loyalty card programme will be deleted in this case.

17. Statistical Evaluations and Plug-Ins

We gather additional data relating to individual services from our Company for statistical purposes, for example. In order to establish a basis for our media data, we determine, for example, how often pages are accessed or which of our online offers are particularly popular. Some of our sites also have integrated plug-ins or add-ons, such as Facebook for example.

17.1 Google Analytics Universal

This website uses Google Analytics Universal, web analysis service of Google Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how you use the site. The information generated by the cookie concerning your use of this website generally will be passed on to a Google server in the USA and saved there. We wish to expressly point out that the website uses Google Analytics with the "anonymizeIp" add-on, which means that IP addresses are only processed in truncated form to prevent any direct reference to a particular person. The full IP address will only be transmitted to a Google server in the US and truncated there in exceptional cases. Acting on behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and Internet usage to the website operator. The IP address provided by your browser as part of Google Analytics will not be merged with other Google data. You may refuse to allow the storage of cookies by selecting the appropriate settings in your browser software, however please note that if you do this you may not be able to use the full functionality of this website. In addition, you may prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) by Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following Link. As an alternative to the browser add-on or within browsers on mobile devices, please click this link to prevent the gathering of data by Google Analytics within this website in the future (the opt-out only applies in the particular browser and only for this domain). This involves placing an opt-out cookie on your device. To delete cookies in the respective browser, you must click this link again.

Sessions generally end after 30 minutes of inactivity, while campaigns end after six months. The time limit for campaigns can be a maximum of two years. For more information on Terms of Use and Data Security see: https://www.google.com/analytics/terms/de.html

17.2 Hotjar

This website uses Hotjar, an analysis software from Hotjar Ltd. ("Hotjar") (www.hotjar.com, 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe). Hotjar allows you to measure and evaluate usage patterns (clicks, mouse movements, scrolling depths, etc.) on our website. The information generated by the "Tracking Code" and "Cookie" about your visit to our website will be transmitted to the Hotjar servers in Ireland and stored there. You can prevent data from being gathered by Hotjar by clicking on the following link and following the instructions there.

17.3 Google Tag Manager

Google Tag Manager is used on our websites to manage our website tags by means of an interface. The Tag Manager itself is a cookie-free domain that does not gather personal data. The task of the tool is to trigger other tags, which in turn may capture data under certain circumstances. However, Google Tag Manager does not access this data. Of course it is possible to obtain additional information about this and to disable the service if necessary. Click here to opt-out of tracking by Google Tag Manager.

17.4 Google Maps

We use maps from Google Maps on the website to help you find your way around. Google Maps is a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). When you call the contact pages, your web browser will be instructed to load the necessary functions and map data directly from the Google server. These servers can be located in the US or other countries around the world. We have no control over this and do not receive information from Google indicating whether you have exchanged map information when visiting our site. We do not know whether Google only provides you with the technically necessary information or whether it stores and evaluates other information about you or your system, such as IP addresses, information about your browser, etc. Google publishes a Data Security Policy that also applies to Google Maps. In particular, we would point out that Google handles the following categories of data: device-based information, IP address, hardware settings, browser type, browser language, date and time of your request and referral URL, cookies (can be blocked by you in the browser settings, see also above), location-related information. Google may link the data with other information about you and use the data collected through the services to provide, maintain, protect and improve Google services, to develop new services, and to protect Google and its users. Google also uses this information to provide you with tailored content - for example, to deliver more relevant search results and advertising. By using data collected through cookies and other technologies, such as pixel tags, Google improves your overall experience and the quality of Google's services. For example, Google allows you to save your preferred language setting in order to display services in your preferred language. Google will ask for your consent before it uses information for purposes other than those listed in Google's Data Security Policy. With your consent, Google will also share information with third parties for order data processing and for legal reasons. You can also change your privacy settings on Google when you log in. Google also adheres to several self-regulatory commitments, including the EU-US Privacy Shield Agreement, and also deals with complaints.

17.5 Google AdWords

Conversion Tracking is used as part of the Google AdWords ("AdWords") advertising program of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google") in order to analyse campaign performance on this website. The information gathered using the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for Conversion Tracking. Customers are told the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive information can be used to identify specific users.

If you click on an ad displayed by Google, a cookie will be placed on your computer. The information gathered by the AdWords cookie is used to generate conversion statistics. The cookies used in the context of conversion tracking lose their validity after 30 days, contain no personal data and are therefore cannot be used for personal identification. If our website is accessed before the deadline expires, both we and Google can use the cookie to see that the user clicked on the ad and was redirected to this page. Each Google AdWords customer is given a different cookie. Thus, there is no way that cookies can be tracked through the websites of AdWords customers.

If you do not wish to participate in the tracking process, you can also refuse to allow the necessary cookie to be set- for example, via a browser setting that generally disables the automatic setting of cookies.
You may permanently deactivate the use of cookies by Google by modifying the following link and the settings for managing cookies:

17.6 Google Remarketing

On this website, we also use the Remarketing function of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). This function makes it possible to target visitors to the website with personalised, interest-based advertising. Interest-based advertising is seen to the visitor as soon as he searches for something on Google or on websites operated by search network partners.

In order to analyse website use, Google uses cookies that form the basis for the creation of interest-based advertisements. The cookie records website visits as well as anonymised data on the use of the website. However, personal data is not saved. Subsequent visits to other sites in the Google Search Network will then display ads that are likely to reflect the product and information areas previously accessed by the site visitor.

However, if you do not wish to use Google Remarketing, you can always disable it by making the appropriate settings in the link below.

17.7 Facebook

The website uses social plug-ins (hereafter referred to as "plug-ins") of the facebook.com social network, which is operated by Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA (hereinafter referred to as "Facebook"). The plug-ins can be identified by one of the Facebook logos (a white letter "f" on a blue tile or a "thumbs up" symbol) or are marked with the "Facebook Social Plug-in" add-on. The list of Facebook Social Plug-ins and what they look like can be seen here.

When a user visits a page of this website that contains such a plug-in, his browser will make a direct connection to the Facebook servers. The content of the plug-in will be transmitted by Facebook directly to the user's browser, which will incorporate this into the webpage. This means that the provider has no influence on the amount of data that Facebook collects using this plug-in. According to the provider's current knowledge, Facebook operates as follows:

The incorporation of the plug-ins, tells Facebook that a user has accessed the relevant page of the provider's website. If the user is logged into Facebook, Facebook can link the visit to his Facebook account. When users interact with the plug-ins, e.g. by using the "Like" or by leaving a comment, the relevant information is transmitted directly from the user's browser to Facebook and stored there. If a user is not a member of Facebook, it is still possible for Facebook to identify and save his IP address. According to Facebook, only an anonymised IP address is stored in Germany.

The purpose and scope of data gathering and further processing and use of the data by Facebook, as well as the rights and setting options to protect users' privacy, can be found in Facebook's Data Security Policy.

Users who are also Facebook user and who do not want Facebook to collect data about them via the provider's website and link it with their user data stored at Facebook must log out of Facebook before visiting the website. It is also possible to block Facebook social plug-ins with add-ons for the user's browser, for example with the "Facebook Blocker".

17.8 XING

At this point we would like to inform you about the processing of personal data through the XING Share button function.

The "XING Share button" is used on this website. When you access this website, your browser will briefly connect to XING SE ("XING") servers which are used to provide the "XING Share Button" functions (in particular the calculation/display of the counter value). XING does not store personal data about you when this website is called. In particular, XING does not store IP addresses Likewise, there is no evaluation of your usage behaviour through the use of cookies in connection with the "XING Share button". The current data protection information relating to the "XING Share button" and additional information can be found on the website.

17.9 YouTube

Our site uses provider YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA for the integration of videos.
Usually, when you visit an embedded video page, your IP address will be sent to YouTube and cookies will be installed on your machine. However, we have incorporated our YouTube videos with enhanced data protection mode. In this case, YouTube will still contact the Google DoubleClick service, however, in line with Google's Data Security Policy, personal information will not be evaluated.

According to YouTube, in "enhanced data protection mode", data, in particular details of which of our webpages you have visited, is only transmitted to the YouTube server if you watch the video. If you click the video, your IP address will be sent to YouTube, and YouTube will know that you have watched the video. If you are logged into YouTube at the same time, this information will be linked to your user account on YouTube. You can prevent this by logging out of your user account before visiting our website.

We have no knowledge of the possible collection and use of your data by YouTube at this point and have no influence over this. You will find more information in the YouTube Data Security Policy. In addition, we would also refer you to our general presentation in this Data Security Policy in relation to the general handling and deactivation of cookies.

17.10 Twitter

This website uses Twitter buttons. These buttons are provided by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (hereinafter referred to as "Twitter"). These can be recognised by terms such as "Twitter" or "Follow", linked to a stylised blue bird. Using the Twitter buttons, it is possible to share a post or page of this website on Twitter or follow the provider on Twitter.

When a user visits a page of this website that contains such a Twitter button, his browser will make a direct connection to the Twitter servers. The content of the Twitter buttons will be transmitted by Twitter directly to the user's browser. This means that the provider has no influence on the amount of data that Twitter collects using this plug-in. According to Twitter, only the IP address of the user and the URL of the respective website are transmitted when the Twitter button is used; this data is only used to display the Twitter button.

Further information about the Twitter service and the Twitter buttons can be found in Twitter's Data Security Policy.

17.11 Google Plus

The website uses the "+1" button of the Google Plus social network, which is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (hereinafter referred to as "Google"). The button is recognised by the "+1" symbol on a white or coloured background.

When a user visits a page of this website that contains such a button, his browser will make a direct connection to the Google servers. The content of the "+1" button will be transmitted by Google directly to his browser, which will then incorporate this into the webpage. This means that the provider has no influence on the amount of data that Google collects using this button. According to Google, no personal information is gathered unless the user clicks the "+1" button; Google will only gather and process personal data belonging to logged-in Google+ users, such as the IP address.

Users can find out more about the purpose and scope of data gathering and further processing and use of the data by Google, as well as the privacy settings in Google's data protection statements regarding the "+1" button here.

17.12 Retargeting

Our websites and online services use AdRoll technology (AdRoll, 972 Mission Street, San Francisco, CA 94103, USA) to evaluate fully anonymised information about the browsing habits of visitors to our websites for internal marketing purposes. This technology enables the recommendations and ads that match our users' interests to be displayed when they visit third-party websites. Cookies are used for this purpose. Cookies are already explained under point 5. It is impossible to identify the user in person from this data. The data gathered by AdRoll is used for the sole purpose of providing relevant content and online offers to users of our websites. Users of our website can prevent the use of cookies by our website, as described above, at any time by making an appropriate setting in their Internet browser or under AdRoll, thus permanently preventing the setting of cookies.

Our websites and online services use also Sojern (Sojern INTL Limited, 7-8 Mount Street Upper, Dublin 2, D02FT59, Ireland) to evaluate fully anonymised information about the browsing habits of visitors to our websites for internal marketing purposes. This technology enables the recommendations and ads that match our users' interests to be displayed when they visit thirdparty websites. Pixel-Tags (Web Beacons), Cookies and other tracking technologies are used for this purpose. It is impossible to identify the user in person from this data. The data gathered by Sojern is used for the sole purpose of providing relevant content and online offers to users of our websites. Users of our website can prevent the use of cookies by our website, as described above, at any time by making an appropriate setting in their Internet browser, thus permanently preventing the setting of cookies.

Should you visit our website using your mobile device, an advertising service may also collect your device's unique identifier, or location, and attempt to synchronize your mobile website visit with other website visits.

When a relevant advertisement is served to you on another website that uses data collected from this website, it's referred to as an "Interest-Based" Ad and the advertisement should include a blue "Adchoices" icon in the upper-right hand corner. If you click on the Adchoices icon, you can learn more about the facilitating advertising service, and your opportunity to opt-out of Interest-Based ads from that service. We do not have access to, nor control over, these advertising services use of cookies when Interest-Based ads are served to you. However, you may choose to opt-out of the use of this information by clicking here.

Please note that by opting out, you will continue to see ads, but they may not be as relevant based on your travel interests.

18. Transfer of Personal Data to Countries Outside the European Union (Third Countries)

Personal data will be transferred to locations in third countries if

  • this is necessary in order to implement the website user's booking and to manage the guest's stay at the hotel
  • it is required by law
  • or it has been approved by the user

As already mentioned elsewhere in this Data Security Policy, for certain tasks our company co-operates with service providers whose corporate headquarters are located in third countries, whose parent company is located in third countries or which themselves cooperate with companies located in third countries. Such cooperation is permissible if it has been determined by the European Commission that an adequate level of protection exists in the third countries in question (Article 45 GDPR). In addition, we have concluded an "order fulfilment agreement" with the service providers. In this agreement, the service providers commit themselves to protect the data of our users, to process the said data in accordance with its data protection provisions on our behalf and, in particular, not to disclose this data to third parties. When appropriate guarantees and remedies are in place and when rights can be enforced effectively, we may also transfer personal data to companies resident in third countries, insofar as no such a determination has been made by the European Commission (Article 46 (1) GDPR). We shall not perform any further transfer of personal data beyond the described type of cooperation.

Personal data will only be stored by Maritim Hotelgesellschaft mbH for the period required in order to achieve the purpose of storage, or insofar as required by European regulators or other legislators in laws or regulations incumbent on the Controller.

When the purpose of storage no longer applies or when a storage period prescribed by the European regulator or any other relevant legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

External service providers, such as the mail service or mailing companies that process personal data on behalf of Maritim Hotelgesellschaft mbH are subject to the statutory data protection regulations and may only process the data provided for the specific purpose in hand.

External links

To offer you the best possible information, you will find links on our pages that refer to third-party websites. If such links are not obviously apparent, we point out that these are external links. Maritim Hotelgesellschaft mbH has no influence on the content and design of these websites and the data protection practices of third parties. We cannot accept any responsibility for this. The details of our Data Security Policy do not apply there. Thus, if you click on an advertisement or a third-party link, you should be aware that you are leaving the Maritim Hotelgesellschaft mbH service and that any personal data you provide will no longer be covered by this Data Security Policy. Please read the data protection statements of the other website owners to find out how your personal information is gathered and processed on these websites.

Declaration of consent by the user

By using our websites and online offers, you agree that the data voluntarily provided and transmitted by you may be stored by us and used and processed in compliance with this Data Security Policy.

19. Rights of the Data Subject

If you process personal data, you are a Data Subject under the terms of the GDPR and you have the following rights in relation to the Controller:

1. Right to information

You may ask the Controller to confirm whether personal data relating to you is processed by us.

If such processing is taking place, you can request information from the Controller about the following:

  1. the purposes for which personal data is being processed;
  2. the categories of personal data being processed;
  3. the recipients or categories of recipients to whom the personal data relating to you has been disclosed or is still being disclosed;
  4. the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
  5. the existence of a right to the correction or deletion of personal data concerning you, a right to restrict processing by the Controller or a right to object to such processing;
  6. the existence of a right of appeal to a supervisory authority;
  7. all available information on the origin of the data if the personal data is not gathered from the Data Subject;
  8. the existence of automated decision-making, including profiling, under Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on the Data Subject.

You have the right to request information about whether your personal data is transferred to a third country or an international organisation. In this context, you can request the appropriate guarantees pursuant to Article 46 GDPR in connection with the transfer.

2. Right of correction

You have a right to correction and/or completion in relation to the Controller, if the processed personal data relating to you is incorrect or incomplete. The Controller must carry out the correction without delay.

3. Right to restrict processing

You may demand that the processing of your personal data should be restricted under the following conditions:

  1. if you contest the accuracy of the personal data relating to you for a period of time that enables the Controller to verify the accuracy of your personal data;
  2. processing is unlawful and you refuse to allow the personal data to be deleted and instead request restriction of the use of the personal data;
  3. the Controller no longer requires personal data for the purposes of processing, but you need this data to assert, exercise or defend legal claims, or
  4. if you objected to processing pursuant to Article 21 (1) GDPR and it is not yet certain whether the justified grounds of the Controller take precedence over your grounds.

If the processing of personal data relating to you has been restricted, apart from storage this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of important public interest for the European Union or a Member State.

If the restriction on processing is limited according to the aforementioned conditions, you will be informed by the Controller before the restriction is lifted.

4. Right of deletion

a) Duty of deletion
You may require the Controller to delete your personal data without delay, and the Controller is required to delete that information immediately if one of the following grounds applies:

  1. Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
  2. You revoke your consent to processing pursuant to Article 6 (1) a) or Article 9 (2) a) GDPR and there is no other legal basis for processing.
  3. You object to processing pursuant to Article 21 (1) GDPR and there are no overriding justifiable reasons for processing, or you object to processing pursuant to Article 21 (2) GDPR.
  4. The personal data relating to you has been processed illegally.
  5. It is necessary to delete personal data relating to you in order to fulfil a legal obligation under European Union law or the law of the Member States incumbent on the Controller.
  6. The personal data relating to you was gathered in relation to an information society service pursuant to Article 8 (1) GDPR.

b) Information to third parties

If the Controller has made the personal data relating to you public and if he is obliged to delete it pursuant to Article 17 (1) of the GDPR, it shall take the appropriate steps, including technical measures, taking into account available technology and implementation costs, to inform Controllers responsible for data processing who process the personal data that you, as a Data Subject, have demanded the deletion of all links to such personal data or copies or duplicates of such personal data.

c) Exceptions

The right of deletion does not exist if processing is necessary

  1. in order to exercise the right to freedom of expression and information;
  2. to fulfil a legal obligation required by the law of the European Union or of the Member States incumbent on the Controller, or to implement a task in the public interest or in the exercise of the official authority conferred on the Controller;
  3. for reasons of public interest in the area of public health pursuant to Article 9 (2) h) and Article 9 (3) GDPR;
  4. for archival purposes of public interest, scientific or historical research purposes or for statistical purposes pursuant to Article 89 (1) GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously impair the achievement of the objectives of this processing, or
  5. to assert, exercise or defend legal claims.
Right to information

If you have the right of correction, deletion or restriction of processing in relation to the Controller, the latter is obliged to notify all recipients to whom your personal data has been disclosed of this correction or deletion of data or restriction of processing, unless this proves to be impossible or requires disproportionate effort.

You are entitled to require the Controller to reveal the identity of these recipients to you.

Right to data transferability

You have the right to receive the personal data that you have supplied to the Controller in a structured, current, machine-readable format. In addition, you have the right to transfer this data to another Controller without hindrance from the Controller to whom the personal data was supplied, provided that

  1. processing is based on consent pursuant to Article 6 (1) a) GDPR or Article 9 (2) a) GDPR or on a contract pursuant to Article 6 (1) b) GDPR and
  2. processing involves an automated procedure.

In exercising this right, you are also entitled to require that the personal data relating to you should be transmitted directly from one Controller to another Controller, insofar as this is technically feasible. This must not impair the freedoms and rights of other persons.

The right to data portability does not apply to the processing of personal data necessary for to implement a task in the public interest or in the exercise of the official authority conferred on the Controller.

Right of objection

You have the right to object to processing of your personal data at any time, for reasons that arise from your particular situation pursuant to Article 6 (1) e) or f) GDPR; this also applies to profiling based on these provisions.

The Controller will no longer process personal data relating to you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or processing is for the purpose of enforcing, exercising or defending legal claims.

If the personal data relating to you is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct marketing.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

Directive 2002/58/EC notwithstanding, you have the option, in the context of the use of information society services, of exercising your right to object through automated procedures that use technical specifications.

Questions/right of appeal to a supervisory authority

If you have further questions regarding the protection of your personal data, this Data Security Policy, declarations of consent and the processing of your personal data or complaints about data protection, you can contact our Data Protection Officer at the following e-mail address: datenschutz@maritim.de

Without prejudice to other administrative or judicial remedies, you shall have the right of appeal to a supervisory authority, in particular in the Member State of your place of residence, employment or the place of the alleged breach, if you believe that the processing of your personal data violates the GDPR.

The supervisory authority is the Data Protection Authority for North Rhine-Westphalia in Dusseldorf.

20. Data Security

We take corporate data protection very seriously. We use modern data storage and security techniques to ensure your data gets the best possible protection. Naturally, our security measures are constantly being improved in line with technological developments. Our employees and subcontractors engaged by us (service providers) have been contractually bound by us to confidentiality and compliance with the IT/security regulations and the applicable data protection regulations.

Both we and our contracting partners protect your personal data from unauthorised access, loss, use or disclosure, and ensure that your personal data is kept in a controlled secure environment that complies with legal requirements and that prevents unauthorised access, loss or disclosure.

Technical and organisational measures have been taken in our company to meet the legal requirements of the BDSG and the GDPR and to protect your data against damage, destruction, falsification, manipulation and unauthorised access. Your data is transferred in encrypted form and then stored in a database. All systems in which your personal data is stored are protected against access and are only accessible to a specific group of persons responsible for personnel.

In order to avoid unnecessary amounts of data, we only gather, process and use your personal data insofar as this is necessary within the scope of our service offer.

Data is collected by Maritim Hotelgesellschaft mbH as well as by subcontractors engaged by it.

21. Amendments to the Data Security Policy

Please note that data protection regulations and data protection practices are subject to constant change and the contents of this Data Security Policy may need to be amended. If so, we will explain the changes to you in a transparent manner. It is also advisable to familiarise yourself with any changes in the legal provisions and practices of our company.

Date 24th of May 2018

 

Book online cancel booking
close

Online booking

Age of Kids *

View/cancel booking