The following information is intended to give you an overview of the processing of your personal data in connection with the following services and services and to inform you about your rights under the GDPR:
• in the course of general contact
• in the course of using the website
• in the context of newsletters, acquisition of existing customers
• in the context of the documentation of changes, corrections of personal data
I. Information on processing of personal data
By way of introduction, we would like to draw your attention to our extensive information on creating transparency according to Articles 13 and 14 GDPR.
1. Controller for data processing
The controller for data processing on this website pursuant to Article 4 No 7 GDPR and the provider of the website (service provider) within the meaning of the German Tele Media Act (Telemediengesetz – TMG) is
Steigenberger Hotels AG
Lyoner Straße 25
60528 Frankfurt am Main
Telefon: +49 69 66564-460
Fax: +49 69 66564-888
Complete details pursuant to section 5 TMG (Imprint)
2. Contact details of the Data Protection Officer
You can reach our Data Protection Officer at
TÜV Informationstechnik GmbH
Am TÜV 1
3. Your personal data
3.1 General contact
In the course of general contact, we receive, process and store the personal data listed under point 3.9 according to the requirements of the request.
3.2 Useage of the website
Some functions on the website, such as the contact form or booking a hotel stay, require the collection, processing and storage of the personal data listed under point 3.9.
3.3 Newsletter, acquisition of existing customers
Within the framework of the acquisition of existing customers as well as the sending of newsletters, we collect the personal data listed under point 3.5.
3.4 Documentation of changes and corrections of personal data
In accordance with our duty of documentation, we process and store all changes and corrections to the personal data listed under point 3.5.
3.5 Your personal data
We collect the following personal data and process it in accordance with the GDPR.
• Name and surname
• Communication addresses
• Sex and form of address
• E-mail address(es)
• Telephone number(s)
• Other personal data that you share with us
In Part I point 9 “Your rights as a data subject“, you will find information on the correction or deletion of personal data.
4. Purposes and legal basis for processing personal data
We process your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR), the new German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG-new) as well as all other relevant legislation for the purposes and on the legal basis as set out below:
(a) For the purpose of processing your enquiries, information and complaints, insofar as the processing is connected with the fulfilment of a contract or is necessary for the implementation of pre-contractual measures, the legal basis for the processing of your personal data is Art. 6 para. 1 sentence 1 lit. b) GDPR. In other cases, the legal basis is our legitimate interest in the effective processing of inquiries addressed to us in accordance with Art. 6 Para. 1 S. 1 lit. f) GDPR.
(b) For sending our e-mail newsletter including the management of your subscription to the newsletter. The legal basis for this is your consent pursuant to Art. 6 Paragraph 1 S. 1 lit. a) GDPR
(c) To process your application – more detailed information on this can be found in the separate data privacy declaration in our application portal at https://deutschehospitality.jobbase.io/policy.
(d) For advertising to existing customers for our offers and services - the legal basis for this is Art. 6 (1) sentence 1 lit. f) GDPR. You will find more details on the acquisition of existing customers under Part II No. 4.2 of this Data Protection Notice.
(e) In order to safeguard domestic authority, to prevent and resolve criminal offences (in particular also by means of video surveillance), to assert and defend legal claims and to safeguard interests in legal disputes, to ensure IT security and IT operation, to identify credit risks - the legal basis for this is Art. 6 Paragraph 1 Sentence 1 lit. f) GDPR. Our overriding legitimate interests result from our obligation to ensure a safe stay of our guests in the hotel as well as from our interest in enforcing our material and immaterial claims and safeguarding our rights and in defending against unjustified claims. Furthermore, the processing of personal data to the extent absolutely necessary for the prevention of fraud also constitutes a legitimate interest of our company in accordance with recital 47 of the GDPR.
Minors may not transmit any personal data to us without the consent of a parent or guardian. Furthermore, we do not store any personal data of minors without the consent of their parents or guardians. Through this website, we do not process personal data of minors that we knowingly obtain.
6. Categories of personal data recipients
If and to the extent necessary for the purposes set out in point 4 above, we will also disclose your personal data to the following recipients or categories of recipients in accordance with Art. 4 No. 9 GDPR:
Within our company, only those entities will be granted access to your data (to the extent necessary in each case) that need it to fulfil our contractual and statutory obligations.
We may also obtain personal data for these purposes from service providers (e.g. within the scope of order processing in accordance with Art. 28 GDPR) and vicarious agents. These are companies in the following categories: credit services and payment processing, IT services, cleaning services, logistics, printing services, telecommunications, debt collection, consulting and advisory services, and sales and marketing. The respective service providers can be seen from the list of service providers/processors, which is updated regularly.
Furthermore, data may be passed on to public bodies and institutions if there is a legal obligation to do so (e.g. financial authorities, law enforcement agencies).
Other data recipients may be those entities for which you have given us your consent to transfer data.
7. Transfer of personal data to a third country
A transfer of personal data to bodies in states outside the European Union (so-called third countries) takes place insofar as
(a) it is required by law
(b) you have given us your consent
As can be seen in detail from the list of service providers/processors, our company uses service providers for certain tasks who are based in a third country or belong to an international group with companies in third countries or who in turn cooperate with service providers based in a third country. Personal data may be transferred to such service providers if the European Commission has decided that an adequate level of protection exists in the third country in question (in accordance with Art. 45 GDPR). If the Commission has not made such a decision, our company or the service provider may only transfer personal data to a third country or to an international organisation if appropriate safeguards are in place and enforceable rights and effective legal remedies are available (Art. 46 (1) GDPR).
Beyond the cases mentioned above, our company does not transfer personal data to bodies in third countries or to international organisations.
8. Period of retention of personal data and criteria for determining that period
We process and store your personal data as long as it is necessary for the fulfilment of our contractual and legal obligations. If the data are no longer required for the fulfilment of contractual obligations, they are regularly deleted, unless their temporary further processing is necessary due to
(a) national commercial and fiscal retention periods at the place of data collection or contract implementation
9. Your rights as a data subject
Every data subject whose personal data are processed has the right of access by the controller to the personal data concerned in accordance with Art. 15 GDPR, the right of rectification in accordance with Art. 16 GDPR, the right of deletion in accordance with Art. 17 GDPR, the right to limit processing in accordance with Art. 18 GDPR, the right to object to processing in accordance with Art. 21 GDPR and the right of transferability in accordance with Art. 20 GDPR. The right of information and the right of deletion are also subject to the restrictions pursuant to Articles 34 and 35 of the new Federal Data Protection Act.
Please find more information on your right to object to processing under I.12.
If the processing of your personal data is based on a consent granted to us, you have the right to revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation.
Furthermore, you have the right of appeal to the competent data protection supervisory authority in accordance with Art. 77 GDPR in conjunction with § 19 BDSG-neu.
10. Obligation to provide data
If you want us to make contact with you, we will need (i) your name, and (ii) your telephone number or your e-mail address at the very least. If you wish to apply for a vacant position, we will need a certain amount of information as a minimum for the processing of your application; more information on this is provided in the separate data privacy statement of the application portal.
If you do not provide us with the necessary information, we may not be able to provide the services you have requested or may not be able to provide them completely.
11. Automated decision-making and profiling
When establishing and executing our contractual relationship, you will not be subjected to a decision based solely on automated processing, including profiling, pursuant to Article 22 GDPR, which produces legal effects concerning you or similarly affects you in a serious way.
12. Additional information on your right to object pursuant to Article 21 GDPR
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you that is carried out on the basis of Article 6(1)(e) DPA (processing in the public interest) or Article 6(1)(f) DPA (processing based on a balancing of interests); this also applies to profiling based on this provision in accordance with Article 4(4) DPA.
If you file an objection, we will no longer process your personal data unless we can demonstrate compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.
If your personal data are processed by us in order to acquire existing customers, you have the right to object at any time to the processing of personal data relating to you for the purpose of such advertising; this also applies to profiling, insofar as it is connected with such acquisition of existing customers.
The objection is possible by using the unsubscribe function in digital media, corresponding settings in the Member Area or Subscriber Area, using the contact form on the website or by sending an informal letter to the contact data mentioned under point 2.
II. Ergänzende Informationen zur Datenverarbeitung auf dieser Webseite
1. Digital offers (newsletter), acquisition of existing customers
1.1 Advertising (newsletter)
With the e-mail newsletter, we will regularly inform you about the offers and services of the hotels belonging to Deutsche Hospitality as well as offers within the framework of membership in the H Rewards loyalty programme, according to the preferences you specify.
If you would like to receive the e-mail newsletter, we need a valid e-mail address from you. We use the so-called double-opt-in procedure to register for our newsletter. This means that after your registration we will send you an e-mail to the e-mail address you have provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within two weeks, your information will be blocked and automatically deleted after one month. In addition, we store your IP address and the time of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
1.2 Acquisition of existing customers
We reserve the right to send our guests offers from our range of services by means of advertising to existing customers via e-mail. Our legitimate interest in conducting advertising to existing customers consists of being able to offer our guests target-group-oriented individual offers that are created on the basis of a previous booking (transaction) and/or an existing customer relationship.
The personal data you share with us in the case of a booking can be processed by us for the purposes of sending advertising to you as an existing customer for a period of 12 months after a transaction. If you do not make any further bookings or transactions of any other kind within this time frame, your personal data will no longer be processed for the purposes of advertising to you as an existing customer and will be deleted accordingly, provided that you have not subscribed to a newsletter or your personal data do not have to be stored further due to any other regulations.
1.3 Revocation of consents and contradiction to existing customer and member advertising
1.3.1 Revocation of consents
As a subscriber to the e-mail newsletter, you can revoke your consent to the processing of your e-mail address to send the e-mail newsletter at any time. The revocation can be made via the relevant link in each e-mail newsletter or by e-mail with the subject "Unsubscribe" to firstname.lastname@example.org.
1.3.2 Contradiction to the use of personal data
You can object to the use of your e-mail address for the purpose of sending advertising to existing customers or members at any time without incurring any costs other than the transmission costs according to the basic rates. For more information on exercising your right to object to the use of your e-mail address for direct marketing purposes, please refer to Part I No. 9 of this Privacy Notice.
2.1 General cookie information
- Necessary features: These cookies make a significant contribution towards improving the surfing and reservation experience on our website. Basic functions and applications, such as the shopping cart or electronic settlement processes, are optimized as a result of this, and handling is also made easier. These cookies do not collect any information about you that could be used for marketing activities or statistical analyses. These cookies are necessary for the use of the website. The legal basis for these cookies is Art. 6 (1) (b) of the GDPR.
- Statistical analysis: Statistical analysis is the processing and presentation of data about user actions and interactions on websites and apps (e.g. number of page visits, number of unique visitors, number of returning visitors, entry and exit pages, length of stay, bounce rate, activation of buttons) and, if applicable the division of users into groups based on technical data about the software settings used (e.g. browser type, operating system, language setting, screen resolution). The legal basis for these cookies is consent given pursuant to Art. 6 (1) (a) of the GDPR.
- Reach measurement: Reach measurement is the evaluation of visitor actions by analyzing usage behavior in relation to determining certain user actions and measuring the effectiveness of online advertising. Actions measured include the number of visitors that reach websites or apps by clicking on ads. The rate of users performing a specific action (e.g. registration for the newsletter) can also be measured. The legal basis for these cookies is consent given pursuant to Art. 6 (1) (a) of the GDPR.
- Personalized advertising: Certain features of websites and apps are used to show users personalized advertising material (ads or commercials) in other contexts, such as on other websites, platforms or apps. To this end, conclusions are drawn about the interests of users from demographic information, search terms used, contextual content, user behavior on websites and in apps or from the location of users. On the basis of these interests, advertising material is chosen and displayed on online content of other providers in the future. The legal basis for these cookies is consent given pursuant to Art. 6 (1) (a) of the GDPR.
Setting cookies using our cookie consent tool
You can use our cookie consent tool at any time to adjust your cookie settings. To do this, you can use the link below to access the tool and set the above-mentioned categories of cookies by giving or not giving consent to the use of these cookies in your browser.
Setting cookies via the browser
You can configure your browser so that cookies can only be accepted with your specific permission. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or that a message always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you will not be able to use all of the features of our website. If you only want to accept Deutsche Hospitality cookies, but no cookies from partners, then please select “Block cookies from third-party providers” in your browser. In the menu bar of your browser, you will find a help function that will show you how to reject new cookies and deactivate existing ones. When using a shared computer, which accepts cookies and so-called flash cookies, we recommending logging out completely after you have finished surfing.
3. Providers of cookies
Period of storage
max. 90 days
Further information on the providers of cookies providers of personalized advertising:
recipient: Toedt, Dr. Selk & Coll. GmbH, Augustenstr. 79, 80333, München, Germany
This website makes use of Mapp Intelligence, a web analytics service from Webtrekk GmbH based in Berlin, Germany.
recipient: Webtrekk GmbH, Robert-Koch-Platz 4, 10115 Berlin, Germany
Functionality: The web analytics service Mapp Intelligence uses technologies like cookies, tracking pixels and device fingerprinting to identify a particular user behavior on websites and to send information about this to a Mapp server located in Nuremberg, Germany, where it is then stored. Information is also processed that is stored on users’ end devices. With the help of the tracking pixels integrated into websites and the cookies stored on users’ end devices, Mapp Intelligence processes the information generated about the use of our website by users’ end devices, e.g. that a certain website was accessed, and access data for the purpose of statistical analysis of website use. The access data includes, in particular, the IP address, browser information, the website previously visited and the date and time of the server request. According to information from Mapp, the IP addresses are immediately anonymized and deleted during the course of processing.
On behalf of the operator of this website, Mapp will use the information collected through Mapp Intelligence to analyze your use of the website, to compile reports on website activities and to render other services related to the use of the website and of the Internet in general to the website operator.
You’ll find more information on the terms and conditions of usage and data protection of Mapp at https://docs.mapp.com/display/CDBD/Allgemeine+Nutzungsbedingungen and https://www.webtrekk.com/privacy-notice.html
Furthermore, the providers mentioned also use the “conversion” function to draw attention to our attractive offers with the help of advertising material on external websites. In relation to the data from the advertising campaigns, we can determine how successful the individual advertising measures are. These advertising materials are delivered by the providers via “ad servers.” To do so, we use ad server cookies, through which certain parameters for range measurement, e.g. display of ads, duration of viewing or clicks by users, can be measured. Information that is stored on users’ end devices is also processed. If users access our website via an ad from the provider, the provider will stores a cookie on the user’s end device. With the help of cookies and tracking pixels, the provider processes the information generated by the users’ end devices about interactions with our advertising material (accessing a specific website or clicking on an advertising medium) and users’ access data, in particular IP address, browser information, the website previously visited and the date and time of the server request, for the purpose of analyzing and visualizing the reach of our ads. Due to the marketing tools used, users’ browsers automatically establish a direct connection with the provider’s server.
3.1 Embedding of services and content of third-party providers (e.g. registration of the IP address by third-party services)
Third-party content (hereinafter referred to as “third-party providers”) is integrated into the website. In order to use these contents, transmission of the user’s IP address to the respective third-party provider is technically necessary. This is because without an IP address the third-party providers are unable to send the contents embedded in the website to the respective user’s browser. We have no control over whether a third-party provider uses the IP address e.g. for statistical purposes or otherwise. We use the following third-party providers on our website:
Mapbox Inc, 50 Beale St floor 9, San Francisco, CA 94105, USA
display maps (via service “Mapbox“) on websites
maintaining, guaranteeing and improving the quality of products and services, in particular to improve the user experience
Google Captcha Breaker
preventing the use of forms on the website by bots/hackers
securing the website from SPAM attacks
Monotype Imaging Holdings, Inc., 600 Unicorn Park Drive, Woburn, Massachusetts 01801 USA
Myfonts.com – display text on webpages
maintaining, guaranteeing and improving the quality of products and services, in particular to improve the user experience
Current version of the private policy
This private policy shall apply with effect from 03.04.2022.
We will update this Private Policy from time to time to reflect relevant changes to our website, changes in the processing of personal data or amendments to legislation. The revised version shall apply as of the published effective date. In the event of any material amendments to this Private Policy, we will inform you in good time prior to the effective date of such amendments by posting a notice on our website. Where applicable, we will also inform our guests of the amendments by e-mail or other means.