Data Protection Statement
Air in Berlin – Hotel GmbH (hereinafter referred to as „Contoller“ or „Hotel Air in Berlin“ or „we“ or „us“) as the operator of the website „www.hotelairinberlin.de“ is happy that you visit our website. Please be assured that the protection of your privacy is particularly important to us when using our website and that we comply with the applicable provisions on the protection of personal data, in particular the data protection provisions of the EU General Data Protection Regulation (GDPR).
In order to let you know what personal data we collect from you and for what purposes we use it, we will inform you below about the processing of personal data when using our website.
Our data protection statement uses terms defined in the GDPR. In order to keep the data protection statement legible and comprehensible, we have explained these terms below:
„Personal data“ Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified directly or indirectly, in particular by attribution to the recognition of a name, identification number, location data, online identifier (e.g. cookie) or to one or more specific characteristics expressing the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This refers to information such as your name, date of birth, address, e-mail address, telephone number and user behaviour.
„Data subjects“ are all identified or identifiable natural persons whose personal data are processed by the Controller responsible for processing.
„Processing“ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
„Restriction of processing“ means the marking of stored personal data with the aim of limiting their processing in the future.
„Controller“ is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the Controller or the specific criteria for its nomination may be provided for by Union or Member State law.
„Processor“ is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
„Recipient“ is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. Public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
„Third Parties“ are a natural or legal person, public authority, agency or body other than the data subject, Controller, processor and persons who, under the direct authority of the Controller or processor, are authorised to process personal data.
„Consent“ is any freely given, specific, informed and unambiguous indication by the data subject of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Name and address of the Controller
The Controller pursuant to the General Data Protection Regulation and other national data protection laws of the Member States and other data protection provisions is:
Air in Berlin – Hotel GmbH
Ansbacher Straße 6
Phone: +49 (0) 30 –21 29 92 – 0
Name and address of the Data Protection Officer
The Controller’s Data Protection Officer is:
Dipl.-Ing., Dipl. Informatiker
Rüdesheimer Platz 5
Phone:+49 (0)30 8224888
Principles relating to processing of personal data
1. Scope of processing of personal data
We generally only collect and use personal data of our users if this is required to provide a functional website or our contents and services. Collection and use of your personal data within the realm of our website usually takes place only with your consent. However, an exception shall apply in such cases where collection of advance consent is not possible for factual reasons and where processing of the data is nevertheless permitted by the law.
2. Legal basis relating to processing of personal data
The data transmitted by or collected from you are only collected, used, processed, stored and – if required by law or contractually required – passed on to third parties only within the context of the applicable data protection laws (GDPR, Federal and state Data Protection Acts and Telemedia Act).
Article 6 GDPR leads to various legal bases for processing of your personal data that are referred to from case to case in this data protection statement:
Art. 6 Abs. 1 a) Article 6(1)(a) GDPR is the legal basis for processing operations of personal data with consent of the data subject.
Art. 6 Abs. 1 b) Article 6(1)(b) GDPR is the legal basis for processing of personal data that is necessary for the performance of a contract to which the data subject is party. This legal basis shall also refer to such processing operations that are necessary in order to take steps prior to entering into a contract.
If we need to process personal data for compliance with a legal obligation of our company, the legal basis for this shall be Article 6(1)(c) GDPR.
Art. 6 Abs. 1 d) Article 6(1)(d) GDPR serves as the legal basis if vital interests of the data subject or any other natural person require processing of his or her personal data.
If processing of personal data is necessary for the purposes of a legitimate interest pursued by our company or by a third party and the interests, fundamental rights and freedoms of the data subject do not override this first interest of our company or a third party, this processing shall take place on the legal basis of Article 6(1)(f) GDPR.
3. Data erasure and storage period
As soon as the purpose of storage of the respective personal data of the data subject no longer applies, they shall be deleted or blocked. However, storage may take place beyond this point of time if this was stipulated in European or national regulations, laws or other rules that we as Controller responsible for processing are subject to. Blocking or erasure of the data shall also take place if a storage period required by the standards named expires, except if further storage of such data is required for entering into a contract or performance of a contract.
General processing activities in connection with the provision of our Website and compilation of log files
1. Description and scope of data processing
The scope and nature of the collection and use of your data varies depending on whether you visit our website exclusively to call up information or also make use of our offers – such as e-mail contact, room booking -.
It is generally not necessary for you to provide us with personal data in order to use our website for information purposes only. Rather, during your visit to our website, we automatically collect, use and store information in the so-called server log files, which are transmitted to us by the browser you are using. Each time you access our website, our system automatically collects the following data and information from the computer system of the accessing computer
- Information on your browser: Type, language and version used by you (e.g. Mozilla Firefox, Microsoft Internet Explorer, Apple Safari, Google Chrome)
- The operating system used by you
- The internet service provider charged by you
- The internet service provider charged by you
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Keywords entered
- The frequency with which pages are called
- Access status/http status code
- The respective data volume transferred
We cannot assign the above data to specific persons. We will not combine these data with any other data sources, i.e. these data will not be stored together with other personal data such as your name, address, phone number or email address.
2. Legal basis
The legal basis for this temporary storage of data and log files is Article 6(1)(f) GDPR, since our legitimate interests as presented below in this storage override your interests, fundamental rights and freedoms: The internet protocol address is considered personal data. The temporary storage of the internet protocol address by the system is necessary in order to permit transfer of our Website to your browser. For this purpose, the internet protocol address must remain stored for the duration of the session. Storage in log files shall take place in order to ensure the function of our Website. We also use the data for optimisation of our Website and to ensure the safety of our information-technical systems. The data are not evaluated for marketing purposes in this context.
3. Storage period
The data are erased as soon as they are no longer required to achieve the purpose of their collection. If data are recorded for provision of our Website, this is the case when the respective session is ended. To the extent that the data were stored in log files, this is the case at the latest after seven (7) days. Storage beyond this is possible as well, however. In this case, however, your internet protocol address will be deleted or changed so that it can no longer be assigned to your person.
4. Right to object and removal options
Recording of the data for provision of our Website and storage of the data in log files is mandatory for operation of the website. Accordingly, you cannot object to this.
- Description and scope of data processing
The following data is stored and transmitted in the cookies:
- Language settings
- Login informationa
- Session cookie (for the duration of the browser session) to temporarily store filter selections or information on completed forms.
- Legal basis relating to processing of personal data
The personal data processed by cookies are necessary for the purposes of our legitimate interests according to Article 6(1)(1)(f) GDPR [sic].
- Purpose of data processing
The user data collected by means of technically essential cookies will not be used to create user profiles.
For these purposes, our legitimate interest also lies in the processing of personal data pursuant to Article 6 (1) f) GDPR.
- Right to object and removal options
Contact form and inquiry via e-mail contact
1. Description and scope of data processing
On our website there is a contact form and an inquiry form for accommodation in our house, which can be used for electronic contact. If you use the contact form to contact us, the data entered in the input mask will be transmitted to us and stored.
As data you can enter in the contact form:
- First name
- E-Mail adress
- Website (optional)
- Your request.
Our website also allows you to contact us via a provided e-mail address. In this case, the personal data transmitted by you with the e-mail (e-mail address, possibly further details such as first and last name or other details) are automatically stored. At the time the message is sent, your IP address and the date and time will also be saved.
The data will not be passed on to third parties in this context. The data will be used exclusively for the processing of the conversation.
2. Legal basis relating to processing of personal data
The legal basis for processing of the data if and to the extent that you have given your consent is Article 6(1)(a) GDPR..
The legal basis for processing of the data transmitted to us in the scope of transmission of an email is also Article 6(1)(f) GDPR. If the email contact is targeted at entering into a contract, Article 6(1)(b) GDPR shall be an additional legal basis for processing.
3. Purpose of data processing
Processing of the personal data from an email sent to us serves solely to process your contact. This is also where the legitimate interest of processing of the data lies if these are processed based on Article 6(1)(f) GDPR.
The other personal data processed during the submission process is intended to prevent misuse of the enquiry form and to ensure the security of our IT systems.
4. Storage period
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the relevant facts have been conclusively clarified. Your personal data will be deleted within seven days after you have declared an objection or revocation (cf. 5. below). However, this data will not be deleted if we are entitled or obliged to further storage on the basis of a legal basis other than your consent or despite your objection (e.g. in connection with a booking).
The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.
5. Right to object and removal options
You have the option at any time to withdraw your consent to processing of the personal data [see below XI. (8) Right to withdraw]. In addition, you can object to the processing of your personal data at any time, if and to the extent that this processing is carried out on the basis of Art. 6 (1) sentence 1 lit. f) GDPR [see below XI. (7) Right to object]. Both the withdrawal and the objection can be send by e-mail to firstname.lastname@example.org. In such a case, however, the conversation cannot be continued.
We have included YouTube videos in our online offering, which are stored at http://www.YouTube.com and can be played directly from our website. These are all integrated in the “enhanced data protection mode”, i.e. no data about you as a user is transferred to YouTube if you do not play the videos. Only when you play the videos will the data referred to in paragraph 2 be transmitted. We have no influence on this data transfer.
YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA, is a company belonging to Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA.. You will find more information in the YouTube Data Security Policy. There you will also find further information about your rights and settings to protect your privacy.: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
On this website we use the offer of Google Maps. This allows us to display interactive maps directly on the website and allows you to conveniently use the map function.
By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under V. of this declaration will be transmitted. This takes place regardless of whether Google provides a user account that you are logged in to or whether there is no user account. If you are logged in at Google, your data will be assigned directly to your account. If you do not want your profile to be associated with Google, you must log out before activating the button. Google stores your data as user profiles and uses them for advertising, market research and / or needs-based design of its website. Such evaluation is carried out in particular (even for users who are not logged in) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.
Partners & External Links
On our website we use the portal Reservix for booking hotel rooms. The operator of these pages is Reservix, Kaiserstraße 69, 60329 Frankfurt am Main. When you visit one of our reservix-pages integrated via iFrame, a connection to the servers of Reservix GmbH is established there. Contact data is only collected there if you make a final booking. Further information on the purpose and scope of data collection and processing by Reservix GmbH can be found in its data protection declaration atwww.adticket.de/datenschutz.html.
As a service, we also offer interesting links on our pages that refer to third-party websites, such as Facebook, Twitter, Google+. In the event that such links are not obviously recognisable, we would like to point out that they are external links. Please note that the Air in Berlin – Hotel GmbH has no influence on the content, design or privacy practices of these web sites and that they are not under the control of their respective owners. If you follow a link to one of these websites, please note that we cannot assume any responsibility or guarantee for third-party content or data protection conditions. Please make sure that you comply with the applicable data protection conditions before submitting personal data to these websites.
Your rights as data subject
If we process your personal data, you are a data subject within the meaning of the GDPR and you have the following rights towards us as the Controller:
1. Right to information
You may request confirmation from us as to whether personal data concerning you will be processed by us.
If such processing is taking place, you can request information from the Controller about the following:
the purposes for which personal data is being processed;
the categories of personal data being processed;
the recipients or categories of recipients to whom the personal data relating to you has been disclosed or is still being disclosed;
the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
the existence of a right to the correction or deletion of personal data concerning you, a right to restrict processing by the Controller or a right to object to such processing;
the existence of a right of appeal to a supervisory authority;
all available information on the origin of the data if the personal data is not gathered from the Data Subject;
the existence of automated decision-making, including profiling, under Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on the Data Subject.
You have the right to request information about whether your personal data is transferred to a third country or an international organisation. In this context, you can request the appropriate guarantees pursuant to Article 46 GDPR in connection with the transfer.
2. Right of correction
You have a right to correction and/or completion in relation to the Controller, if the processed personal data relating to you is incorrect or incomplete. The Controller must carry out the correction without delay.
3. Right to restriction of processing
You have the right to obtain restriction of processing of the personal data concerning you where one of the following conditions applies:
- if you contest the accuracy of the personal data concerning you for a period enabling the Controller to verify the accuracy of the personal data;
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
- we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or
- if you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds asserted by us override your grounds.
Where processing of the personal data concerning you has been restricted, such data shall – with the exception of storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing was restricted according to the above conditions, you will be informed by us before the restriction of processing is lifted.
4. Right to erasure
We have the obligation to erase the personal data concerning you without undue delay if one of the following grounds applies:
- The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- You withdraw consent on which the processing is based according to Article 6(1)(a), or Article 9(2)(a) GDPR, and where there is no other legal ground for the processing.
- You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
- The personal data concerning you have been unlawfully processed.
- The personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject.
- The personal data concerning you have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
Information to third parties
Where we have made the personal data concerning you public and if we are obliged pursuant to Article 17(1) GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers which are processing your personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
The right to erasure shall not exist if processing is necessary
- or exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
- for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) as well as Article 9(3) GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise or defence of legal claims.
5. Right to provision of information
If you have asserted a right to rectification, erasure or restriction of processing towards us, we are obligated to communicate this rectification or erasure of data or restriction of processing to each recipient to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to provision of information about such recipients by us.
6. Right to data portability
You shall have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. In addition to this, you have the right to transmit those data to another controller without hindrance from us as the Controller to which the personal data have been provided, where
- processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and
- the processing is carried out by automated means.
In exercising this right, you further have the right to have the personal data concerning you transmitted directly from us as one Controller to another controller, where technically feasible. Freedoms and rights of others must not be adversely affected by this..
That right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us as the Controller.
7. Right of objection
You have the right to object at any time to the process of your personal data on the basis of Art. 6 (1) (f) GDPR for purposes of direct advertisement without giving any reason.
We will then no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or processing is for the purpose of enforcing, exercising or defending legal claims.
If the personal data relating to you is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Directive 2002/58/EC notwithstanding, you have the option, in the context of the use of information society services, of exercising your right to object through automated procedures that use technical specifications.
Any objection can be made without a form requirement. It suffices for this purpose e.g. to send an email to: email@example.com.
8. Right to withdraw the declaration of consent under data protection law
You shall have the right to withdraw your consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
If you want to exercise your withdrawal right, simply send an email to firstname.lastname@example.org.
9. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which your complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.
Please direct any requests in connection with rights of data subjects to email@example.com. Please note that the firm may demand that you prove that you are actually the person to the personal data of which access is demanded if requests for access are not made in writing, in order to protect the persons concerning whom data are stored.
Please also consider that we cannot store or derive any personal data concerning visitors to our Website if you have not transmitted your personal data freely before, e.g. in order to comment on the blog or to subscribe to the newsletter.
Reservation of changes
We reserve the right to adjust this data protection statement in order to adjust it to the respective applicable provisions at all times, as well as our offers on the website. As of February 2019