Notice of confidentiality

1. General information
2. Information about the person responsible
3. What is personal data?
4. Data protection of minors
5. Purposes of data processing and legal basis
6. Data access
7. Data exchange within the relexa group
8. Transfer of data to third countries and legal basis
9. Transfer of data to law enforcement authorities
10. Retention period
11. Personal rights to your data
11.1. Right to information and data transfer
11.2. Right to rectification, restriction and deleting of your data
11.3. Right of appeal
11.4. Right of withdrawal
11.5. Rights under the automated individual decision
11.6. Right to appeal to the supervisory authority
11.7. Contact details
12. Data transmission via web-forms
13. Hotel room reservation
14. Meeting and events request
15. Request for hosting weddings and other family celebrations
16. Table reservation in the restaurant
17. Use of our voucher store
18. Booking of train tickets
19. Recruitment selection procedure
20. Data processing with regards to external marketing activities
20.1. Postal advertising
20.2. Subscription to the relexa newsletter
20.3. Subscription to the travel magazine relexa revue
20.4. Profiling (cookies and web tracking)
20.4.1. Basics about cookies
20.4.2. Evaluation of newsletter user
20.4.3. Google analytics
20.4.4. YouTube video embedded using iFrame in extended data privacy mode
20.4.5. Social media plugins
20.5. Online feedback questionnaire
20.6. Raffles or similar promotions
21. Recipient of the data
22. Data transfer to third countries and legal basis
23. Data security

1. General information

The relexa hotel Verwaltungs GmbH is operator of the website https://www.relexa-hotels.de/en. We would like to inform you of the following data protection policy and to what extent data is collected when using our website and for what purpose this data is used. Furthermore, the relexa hotel GmbH would like to point out what rights you are entitled to in this context. 

Please note: This data protection policy applies exclusively to the site https://www.relexa-hotels.de, including any subpages and subdomains, such as:

• https://www.relexa-hotels.de/en/newsletter
• https://www.relexa-hotels.de/en/holiday/relexa-revue
• https://www.relexa-hotels.de/en/service/contact-and-feedback
• https://www.relexa-hotels.de/en/meeting-request
• https://www.relexa-hotels.de/en/service/train-ticket
• https://www.relexa-hotel-bad-salzdetfurth.de/en
• https://www.relexa-hotel-bad-steben.de/en
• https://www.relexa-hotel-berlin.de/en
• https://www.relexa-hotel-braunlage.de/en
• https://www.relexa-hotel-duesseldorf.de/en
• https://www.relexa-hotel-frankfurt.de/en
• https://www.relexa-hotel-hamburg.de/en
• https://www.relexa-hotel-muenchen.de/en
• https://www.relexa-hotel-ratingen.de/en
• https://www.relexa-hotel-stuttgart.de/en
• https://www.relexa-hotels.de/gutscheine
• https://www.relexa-hotel-berlin.de/kulinarisches/hochzeiten/hochzeitsarrangements/wedding-superior
• https://www.relexa-hotel-bad-salzdetfurth.de/en/rooms-prices/our-new-beverage-package
• https://www.relexa-hotel-berlin.de/en/dining/table-reservation
• https://www.relexa-hotel-stuttgart.de/en/hotel/pictures/video
• https://reservations.travelclick.com/10850?hotelId=10850&languageid=7#/guestsandrooms
• https://www.relexa-hotels.de/service/jobs

You can browse to the other websites via https://www.relexa-hotels.de. There are individual privacy statements that are available on the restective pages. The relevant operators of these websites are responsible for the content, status and completeness of the data processing according to Article 4 (No.7) DSGVO (GDPR).

The carefull handling of your personal data has the highest priority at relexa hotel GmbH. When processing your data, we adhere to the statutory provisions of the Datenschutz-Grundverordnung (DSGVO) (English: General Data Protection Regulation GDPR) as well as the associated national requirements.

When you visit our website, for the purpose of system security, the web servers temporarily retain by default and the connection data of the requesting computer, the web pages you visit, the date and duration of the visit, the identification data of the type of browser and operating system used, as well as the website which directed you to us. 

This record consists of

• the page from which the file was requested
• the name of the file
• the date and time of the request
• the amount of data transferred
• the access status (file transfer, file not found)
• the description of the type of web browser used
• the IP address of the requesting computer is shortened to the last eight digits

This data is stored anonymously. The creation of personal user profiles is thus excluded. In addition, we collect personal information from you in other circumstances, such as:

• when requesting offers
• when booking a room

·for business meeting enquiries and weddings and other family celebrations

• when reserving a table
• when processing orders and order vouchers via our gift voucher shop
• when requesting or booking train tickets
• when contacting us via the web form
• when subscribing to the relexa newsletter or the travel magazine relexa revue
• when evaluating our hotels
• through the software used for website tracking and cookies
• to secure our web server and to ensure the functionality of our online services
• when applying for one of our job vacancies

The processing of personal data takes place exclusively for a specific purpose. We also regularly review our data processing practices to ensure that we process as little personal information as possible. 

2. Details of the person responsible

Please find below details of the person responsible i.S.v. Article 4 (No.7) DSGVO (GDPR):

Company Name & Legal Status:	relexa hotel Verwaltungs GmbH
Representative:	Axel Steinwarz
Head office address i.S.v. Article 4 (No.16) DSGVO (GDPR)	Carmerstrasse 6, 10623 Berlin, Germany
Contact Details:	Telephone: +49(0)30 / 2201167-50 Telefax: +49(0)30 2201167-56 Email: kontakt@relexa-hotel.de
Contact Details for the Data Protection Officer:	Email: datenschutz@relexa-hotel.de

Please find below details of other persons responsible i.S.v. Article 26 DSGVO (GDPR):

Company & Legal Status:	Oranien Hotelbetriebs GmbH relexa hotel Stuttgarter Hof  (relexa hotel Berlin)
Representative:	Axel Steinwarz
Head office address i.S.v. Article 4 (No.16) DSGVO (GDPR)	Anhalter Strasse 8-9, 10963 Berlin, Deutschland
Contact Details:	Telephone: +49 (0) 30 26483-0 Telefax: +49 (0) 30 26483-900 Email: berlin@relexa-hotel.de
Contact Details for the Data Protection Officer:	Email: datenschutz@relexa-hotel.de

3. What is personal data?

Personal data means any information relating to an identified or identifiable person (a person is regarded as identifiable in such that they can be identified directly or indirectly, in particular by assigning with an identifier such as a name). Personal data includes information such as: your name, address, telephone number and date of birth (if specified). Statistical information that cannot be directly or indirectly linked to you, such as for example the popularity of individual web pages of our website or the number of users on our website is not classified as personal data.

4. Data protection of minors

Our website is not intended for minors and we do not knowingly collect personal information from minors.

Any person under the age of 16 transfering personal data to us, has to get permission of the parent or guardians. For this purpose, the contact details of the parent or legal guardian must be communicated to us in accordance with Article 8 Para 2 DSGVO (GDPR) in order to show us that consent of the parents or the legal guardian has been given. This data as well as the the data of the minor will then be processed in accordance with this Data Protection Policy.

If we find that a minor under the age of 16 has sent us personal information without the parent's consent, or consent of the guardian, we will promptly delete the information.

5. Purpose of data processing and legal basis

The processing of your personal data takes place for the following purposes based on the following legal basis:

• Initiation and settlement of contracts in accordance with Article 6 Para 1 (b) DSGVO (GDPR) 
• Applicant selection procedure in accordance with Article 6 Para 1 (a) (b) DSGVO (GDPR) i.V.m. § 26 BDSG-new (Federal Data Protection Act)
• Guest management according to Article 6 Para 1 (b) (f) DSGVO (GDPR) 
• Communication and data exchange in accordance with Article 6 Para 1 (a) (b) (c) (f) DSGVO (GDPR) 
• External presentation and advertising in accordance with Article 6 Para 1 (a) (f) DSGVO (GDPR) 
• Implementation of declarations of consent in accordance with Article 6 Para 1 (a) DSGVO (GDPR) 
• Ensuring the proper operation of a data processing system in accordance with Article 6 Para 1 (c) (f) DSGVO (GDPR) 

6. Data access

The access to your personal data stored by us is limited to our employees, and the service providers that we entrust to handle this personal data due to their tasks.

If third parties have access to your data, we have to obtain permission from you, or there is a legal basis for this.

We also use service providers for the provision of services and processing of your data (e.g. for hosting, the newsletter dispatch, the delivery of goods ordered, the payment processing, the sending of letters or e-mails as well as maintenance and analysis of databases, security of our web servers or for website tracking). 

As far as these special provisions apply, we have carried these out in the following with the respective service for you. The service providers process the data exclusively on instructions from us and have been obliged to comply with the applicable data protection regulations. All processors have been carefully selected and will only have access 

to your data that is necessary for the provision of the services, or to the extent to which you have consented to the processing and use of the data. 

7. Data exchange within the relexa group

Data exchange within the group of companies to which we belong takes place exclusively within the EU / EEA and serves only for internal administrative purposes. By "group of companies" we mean affiliated companies within the meaning of Article 4 (No.19) DSGVO (GDPR).

8. Transfer of data to third countries and legal basis

The servers of some of the providers we use are located in the United States and other countries outside the European Union. In these countries companies are subject to a data protection law that generally does not protect personal data to the same extent as member states of the European Union. If your data is processed in a country that does not have a recognized level of data protection, such as the European Union, we will use contractual or other recognized means to ensure that your personal data is adequately protected. In the context of individual services, we explicitly point this out to you.

 If a transfer of personal data takes place to third countries, this is done on the basis of the adequacy decision of the EU Commission on the EU-US Privacy Shield pursuant to Article 45 DSGVO (GDPR) or the EU Standard Contract 2010 pursuant to Article 46 Para 2 (c) DSGVO (GDPR) i.V.m. with the decision of the European Commission dated 05.02.2010 (2010/87/EU) or on the basis of your consent in accordance with Article 49 Para 1 (a) DSGVO (GDPR).

9. Transfer of data to law enforcement authorities

In exceptional cases, we provide personal data to law enforcement agencies. This happens based on corresponding legal obligations, for example from the Code of Criminal Procedure, the Regulation of Taxation, the Money Laundering Act or the State Police Act.

10. Retention period

We retain personal data within the scope of statutory provisions or your given consent.
 In order to determine the actual retention period, we use the following criteria:

We retain personal data until the purposes for which it was collected are voided (e.g. upon termination of a contractual relationship or by the last activity, if there is no permanent agreement, or in case of withdrawal of your consent for the specific data processing).

Retention beyond that takes place only if

• statutory retention obligations (e.g. according to AO (German Tax Code) and HGB (Commercial Code)) exist
• the data is still needed to assert and exercise legal rights or to defend against legal claims, e.g. due to technological and forensic requirements to prevent attacks on our web servers and their prosecution
• the deletion would be contrary to the legitimate interest of the data subjects
• any other derogation in accordance to Article 17 Para 3 DSGVO (GDPR) applies

11. Rights of the parties concerned

11.1. Right to get information and data transfer

You have the right to get information about any personal data concerning you and processed by us in accordance with Article 15. DSGVO (GDPR) at any time.

Provided that the data process is in accordance with Article 6 Para 1 (a). DSGVO (GDPR) by your consent or in accordance with Article 6 Para 1 (b) DSGVO (GDPR), you may request pursuant to Article 20 Para 1 DSGVO (GDPR), to obtain your personal data in a structured, common and machine-readable format, or to have it transferred to a third partie system. You therefor have the right to direct forwarding of your data.

11.2. Right to rectification, restriction and deletion of your data

In accordance with Article 16 to 18 DSGVO (GDPR), you may request an adjustment, restriction (blocking) or deletion of your personal data if the data has been processed incorrectly by us; if there is a reason for restricting further data processing; or if the data processing has become unlawful for various reasons; or if its storage is invalid for other legal reasons. We would point out that your right to deletion may be restricted by statutory retention periods.

11.3. Right of appeal

If our data processing is based solely on our legitimate interest in accordance with Article 6 Para 1 (f) DSGVO (GDPR), you may appeal against this processing in accordance with Article 21 Para 1 DSGVO (GDPR). We will then cease processing your data unless we can demonstrate legitimate grounds for processing that outweigh your interests, rights and freedoms or the processing is for the purpose of enforcing, pursuing or defending a legal claim. Furthermore, you always have the right to object to the use of your data for the purpose of direct marketing with immediate effect according to Article 21 Para 2 DSGVO (GDPR).

11.4. Right to withdraw

If you have allowed us to process your personal data by consent, you have a right of withdrawal in accordance with Article 7 Para 3 DSGVO (GDPR) with immediate effect.

11.5. Rights under the automated individual decision

In principle, you have the right not to be subjected to an automated individual decision according to Article 22 Para 1 DSGVO (GDPR).
In this case of an automated individual decision pursuant to Article 22 Para 2 (a) to (c) DSGVO (GDPR), the following rights are granted to you in accordance with Article 22 Para 3 DSGVO (GDPR):

• right to express one's own point of view
• right of objection to the intervention of an individual by the person responsible
• right to challenge the automated individual decision (right of appeal)

11.6. Right to appeal to the supervisory authority

You are free to file an appeal with a supervisory authority if you believe that our processing of your personal data violates the European Data Protection Regulation or 

other national and international data protection laws, Article 77 DSGVO (GDPR).
 The contact details of our supervisory authority is:

Name	Berlin Commissioner for Data Protection and Freedom of Information
Address	Friedrichstrasse 219, 10969 Berlin
Telephone number	+49 (0) 30 13889 – 0
E-mail address	mailbox@datenschutz-berlin.de
Web address	https://www.datenschutz-berlin.de/
Complaint form	https://www.datenschutz-berlin.de/beschwerde.html

11.7. Contact details

In order to exercise your rights, you can send us an informal message to the following contact details. Likewise, please direct the withdrawal of your consent to the following contact details stating which declaration of consent you wish to revoke:

Company Name & Legal Status	relexa hotel Verwaltungs GmbH
Address	Carmerstrasse 6, 10623 Berlin
E-mail	kontakt@relexa-hotel.de
Online form	https://www.relexa-hotels.de/en/service/contact-and-feedback

12. Data transmission via webforms

Via the webform "Contact & Feedback" under https://www.relexa-hotels.de/en/service/contact-and-feedback, or via the respective button "Request Quotation" we ask for the following data:

• Interests (beauty/wellness, romance, family, bank holidays & holidays, culinary, business & conference, city breaks) (optional)
• Hotel choice (optional)
• Title (required)
• Name (required)
• E-mail address (required)
• Address (optional)
• Telephone number (optional)
• Message (optional)

• Data that you submit to us via the webform will be processed for the purposes of communication and data exchange as well as for the initiation of the contract. This data is stored as long as the processing is necessary for its purposes, or until expiration of any subsequent retention periods.

13. Hotel room reservation

We offer you the possibility to book hotel rooms via our website. You can reach this page with the contact form "Book Room". To process your booking request we require the following data:

• Hotel choice (required)
• Check-in and check-out date (required)
• Number of guests (adults, children) (required)
• Special requests (e.g. extra pillows)
• Additional comments
• Discount code
• Title
• Name (required)
• E-mail address (required)
• Telephone number
• Address
• Invoice address
• Payment method (American Express, Visa, MasterCard, Diners Club, Instant GmbH, Paypal, Invoice)
• Credit card owner
• Credit card number
• Expiry date of credit card (month/year)

14. Meeting and Events request

We offer you the possibility via our website to make enquires about meetings and other events under the form "Request Meeting" or under https://www.relexa-hotels.de/en/meeting-request and https://www.relexa-hotels.de/en / business / meeting / meeting request. To process your request we require the following data:

• Hotel choice
• Company
• Title
• Name (required)
• Address
• E-mail address (required)
• Telephone number (required)
• Fax number

15. Request for hosting weddings and other family celebrations

We offer you the opportunity to enquire about weddings and family celebrations through our website. To process your request we require the following data:

• Title
• Name (required)
• Address
• E-mail address (required)
• Telephone number 

Details of event:

• Date (wedding date) (required)
• Venue
• Number of guests (adults/children)

Details of accommodation:

• Arrival and departure date
• Number of single rooms
• Number of double rooms
• Message

Data that you send us via the enquiry form will be processed for the purposes of communication, contract processing and guest management. This data is stored as long as the processing is necessary for its purposes or until the expiration of any subsequent retention periods.

16. Table reservation in the restaurant

We offer you the opportunity to book a table in our hotel restaurants through our website. To process your request we require the following data:

• Title (required)
• Name (required)
• E-mail address (required)
• Telephone number (required)
• Date, time (required)
• Number of guests (adults/children) (required)
• Message

Data that you send us via the enquiry form will be processed for the purposes of communication, contract processing and guest management. This data is stored as long as the processing is necessary for its purpose or until the expiration of any subsequent retention periods.

17. Use of our voucher store

As part of our gift shop you may purchase gift vouchers at https://www.relexa-hotels.de/gutscheine. To process your request we require the following data:

• Voucher layout (required)
• Company (optional)
• Title (required)
• Name (required)
• E-mail address (required)
• Telephone number (optional)
• Address (required)
• Price / value of voucher (required)
• Payment (required)
• Payment method (American Express, Visa, MasterCard, Diners Club, Sofort GmbH, Paypal, invoice)

As well as other personal and transaction-based data (e.g. data of requested arrangements in the shopping basket, and their eventual point of delivery, the shopping list and order details).

Relexa hotel Verwaltungs GmbH will process these personal and transaction-based data on its own behalf in technical and logistical terms, as long as this is necessary for the implementation of the requested services and for a possible credit check.

18. Booking of train tickets

We offer you the possibility to book train tickets via our website. You can make a corresponding booking on the page https://www.relexa-hotels.de/en/service/train-ticket by clicking on the button "Ticket Online Booking". You will be redirected to a separate website of the Deutsche Bahn AG, where a separate data protection policy applies, which can be accessed on that website.
 To process your request we require the following data:

• Interest (optional)
• Hotel choice (optional)
• Title (required)
• Name (required)
• E-mail address (required)
• Telephone number (optional)
• Address (optional)
• Message (optional)

Data that you send us via the enquiry form will be processed for the purposes of communication, contract processing and guest management. This data is stored as long as the processing is necessary for its purposes or until the expiration of any subsequent retention periods.

19. Payment methods

On our website we offer you a selection of different payment methods to purchase our products (Points 13 and 18).

We use the data collected during these transactions to complete the contract, in particular to enable you to purchase and receive vouchers via electronic delivery and to be able to process the payment.

In this context we might also process the data for credit checks, provided this is necessary for the execution of the contract, Article 6 Para 1 (b) DSGVO (GDPR), or we have a legitimate interest according to Article 6 Para 1 (f) DSGVO (GDPR). Our legitimate interest exists when the conclusion of a contract with you is imminent, so that a financial default risk is coupled to us and the conclusion of the contract is dependent on your creditworthiness.

We also forward the data necessary for the execution of the payment and if necessary the risk management to the payment service provider chosen by you. The following additional information and regulations apply to this:

19.1. Payment method PayPal

Within our online shop, we enable you to make payments using the payment service provider; PayPal. The payment is processed either via your PayPal or via PayPal using your credit card or bank account. PayPal also offers buyer protection and fiduciary services.     

By selecting the payment service provider PayPal via the online shop, data is transferred automatically to PayPal. Herein you expressly consent to the transfer of personal data (first and last name, address, e-mail address, IP address, telephone number (s), order data, delivery data) for the purpose of carrying out the payment and the prevention of fraud. 

The exchange of data takes place not only for the purpose of carrying out the payment, but also identification, fraud prevention and the reduction of our default risk, and in this case also data on past purchase and payment behaviour are exchanged. PayPal also exchanges data with credit bureaus, provided that they have a legitimate interest and do not conflict with the interests of the person concerned.

Data may be passed on to affiliated companies; this also applies to downstream service providers (processors, joint controllers and third parties, insofar as necessary for the execution of the contract).

You may revoke this consent to PayPal at any time with immediate effect. Revocation does not have effect on transfers carried out in the past.

The current privacy policy for PayPal is available at https://www.paypal.com/webapps/mpp/ua/privacy-full.

Data recipient: PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg

19.2 Payment method Credit Card

As part of our online shop, we enable you to pay by credit card by means of a payment service provider (here you can specify who is the payment provider). The necessary credit card details are entered directly into an embedded form of our payment service provider.

 When you select the payment method "credit card", data is automatically transferred to our service provider. Herein you expressly consent to the transfer of personal data (first name and surname, address, purchase price) for the purpose of carrying out the payment by credit card as well as fraud prevention.

Data may be passed on to affiliated companies; this also applies to downstream service providers (processors, joint controllers and third parties, insofar as necessary for the execution of the contract).

You can revoke this consent at any time with immediate effect towards our service provider. Revocation does not have any effect on transfers carried out in the past.

Recipient of the data: please insert name, address of the service provider (If a service provider from a third country is used here, then if necessary, Point 22 must be used).

19.3 Payment method Sofortüberweisung (immediate payment transfer)
 
Within our online shop, we allow payment by means of Sofortüberweisung using the payment service provider SOFORT GmbH.

By means of the above payment method, a real-time payment confirmation is possible to us, so that we can start with the delivery of your order immediately.

By selecting the payment method 'Sofortüberweisung', data is automatically transferred to SOFORT GmbH. Herein you expressly consent to the transmission of personal data (first and last name, address, e-mail address, IP address, telephone number (s), bank details, PIN, TAN, purchase price) for the purpose of payment and fraud prevention.

The exchange of data takes place not only for the purpose of carrying out the payment, but also for identification, and fraud prevention and the reduction of our default risk. As long as it is necessary, data on past purchase and payment behaviour are exchanged. In this context, the SOFORT GmbH data are also exchanged with credit bureaus, provided that there is a legitimate interest and does not prevent the interests of the person concerned being protected.

Data may be passed on to affiliated companies; this also applies to downstream service providers (processors, joint controllers and third parties, insofar as necessary for the execution of the contract).

You can withdraw the above consent at any time with effect for the future from SOFORT GmbH. Revocation has no effect on past transmissions.

The current data protection regulations of SOFORT GmbH can be found at https://www.sofort.com/ger-DE/datenschutzerklaerung-sofort-gmbh/.

Recipient of the data: SOFORT GmbH, Fussbergstrasse 1, 82131 Gauting, Germany.

20. Recruitment selection procedure

We offer you the opportunity to view our current job vacancies at https://www.relexa-hotels.de/service/jobs and apply for suitable positions by sending us requested personal details. The data processing is according to Article 6 Para 1 (b) DSGVO (GDPR), § 26 BDSG-New (Federal Data Protection Act). You can send us your application by e-mail or by post. Please note that applications you send to us by e-mail will be sent unencrypted.

Your application data as well as the corresponding documents will be accepted by the Personnel Department and only forwarded to the relavant department responsible for the respective job, or to the person entrusted with the processing. All parties will treat your application data and the corresponding documents with due diligence and absolute confidentiality. Upon completion of the selection process, we will retain your application documents for 3 months and then delete or destroy any copies, unless we have concluded an employment contract with you.

Should we wish to include your application documents in our application pool, we will contact you accordingly. In the notification you can actively consent to the further storage of your documents.

21. Data processing with regards to external marketing activities

We use your data as described in more detail below for purposes of external publicity and advertising in accordance with Article 6 Para 1 (a) and (f) DSGVO (GDPR).

21.1. Postal advertising

We use your name and postal address within the legal limits for sending advertisements for your preferred offers. Of course, you can object to the processing of this data for advertising purposes at any time. A message in writing to the above contact details is sufficient.

21.2. Subscription to the relexa newsletter

You have the possibility to register to our newsletter via our website at https://www.relexa-hotels.de/en/newsletter. The newsletter regularly informs about the company as well as current offers at the relexa hotel GmbH and the Oranien Hotelbetriebs GmbH. For the registration we require the following data:

• Title (optional)
• Name (optional)
• E-mail address (required)

You are not required to give us your name, but if you choose to it would allow us to address you more personally.

If you have subscribed to the newsletter, you have submitted the following declaration of consent:
I confirm that I would like to receive the relexa newsletter on a regular basis from the relexa hotel Verwaltungs GmbH as well as from Oranien Hotelbetriebs GmbH, sent to my given e-mail address. In addition, I agree that user data will be collected from me and evaluated (newsletter user analysis). I acknowledge that I can revoke my consent to the use of my data for e-mail advertising at any time, e.g. by clicking on the unsubscribe link at the end of each newsletter, or in writing to relexa hotel Verwaltungs GmbH, Carmerstrasse 6, 10623 Berlin, or by e-mail to kontakt@relexa-hotel.de. I have read and accepted the Data Protection Policy. 

In order to confirm your e-mail address and consent, you will first receive a separate e-mail (confirmation e-mail). We will not register your consent until you have clicked on the confirmation link contained in this e-mail.

You will receive an e-mail to the specified address requesting that you click on a link to confirm that you have subscribed to the newsletter. Only through your confirmation will your e-mail address be activated for sending the newsletter (double-opt-in procedure). Otherwise your data submitted via the registration form will be deleted after 3 weeks.

You can revoke your consent with immediate effect or contradict the further processing of your personal data to the newsletter at any time by pressing the "unsubscribe" link in the newsletter, or send us a message in writing to the above mentioned contact.

Your data will then be deleted from the mailing list and you will no longer receive a relexa newsletter by email. The data that uses the double-opt-in procedure or your data protection consent form as well as your revocation or objection are then detained for a further 6 years pursuant to Article 17 Para 3 (e) DSGVO (GDPR). During this time, however, your personal data will be blocked against further processing.

For information on data processing in the newsletter user analysis, see point 20.4.2.

21.3. Subscription of the travel magazine relexa revue

In addition to our newsletter you have the opportunity to subscribe to our travel magazine revue. Simply visit our website at https://www.relexa-hotels.de/en/holiday/relexa-revue to register. The travel magazine informs you twice yearly about the company and current offers of relexa hotel Verwaltungs GmbH and Oranien Hotelbetriebs GmbH. For the registration we require the following data:

• Title (optional)
• Name (optional)
• Email address (required)

You are not required to give us your name, but if you choose to it would allow us to address you more personally.

As soon as you have registered for the travel magazine revue, you have submitted the following declaration of consent: 

“I confirm that I would like to receive the twice-yearly travel magazine from the relexa hotel Verwaltungs GmbH as well as from Oranien Hotelbetriebs GmbH, sent to my given e-mail address. I acknowledge that I can revoke my consent to the use of my data for e-mail advertising at any time, e.g. by clicking on the unsubscribe link at the end of each travel magazine, or in writing to relexa hotel GmbH, Carmerstrasse 6, 10623 Berlin, or by e-mail to kontakt@relexa-hotel.de. I have read and accepted the Data Protection Policy.” 

In order to confirm your e-mail address and consent, you will first receive a separate e-mail (confirmation e-mail). We will not register your consent until you have clicked on the confirmation link contained in this e-mail.

Thereafter, you will receive an e-mail to the specified e-mail address requesting that you click on a link to confirm that you have subscribed to the travel magazine. Only after your confirmation will your e-mail address be activated for sending the travel magazine revue (double-opt-in procedure). Otherwise your data submitted via the registration form will be deleted after 3 weeks.
 Of course, you can revoke your consent with immediate effect or the further processing of your personal data to the travel magazine at any time by pressing the "unsubscribe" link in the magazine, or send us a message in writing to the above mentioned contact.
 Your data will then be deleted from the mailing list and you will no longer receive the travel magazine relexa revue by email. The data that uses the double-opt-in procedure or your data protection consent form as well as your revocation or objection are then retained for a further 6 years pursuant to Article 17 Para 3 (e) DSGVO (GDPR). During this time, however, your personal data will be blocked against further processing.

For information on data processing in the newsletter user analysis, see point 20.4.2. 

21.4. Profiling (cookies and web tracking)

Profiling is based on Article 6 Para 1 (a) or (f) DSGVO (GDPR).

21.4.1 Basic information about cookies We use so-called cookies in some areas of our website, for example, to recognize the preferences of our visitors and to make the website as optimal as possible. This allows for easier navigation and a high level of usability on our website. Cookies also help us identify particularly popular areas of our website. Cookies are small files that are stored on a visitor hard disk. They allow information to be kept for a certain period of time and to identify the visitor's computer. For better user guidance and individual performance we use permanent cookies. We also use so-called session cookies, which are automatically deleted when you close your browser. You can set your browser to inform you about the placement of cookies. This makes the use of cookies transparent to you. This is done to verify the authorization of actions and the authentication of the requesting user of our services. The legal basis is Article 6 Para 1 (c) i.V.m. Article 32 and Article 6 Para 1 (f) DSGVO (GDPR). Our legitimate interest is to secure our web server in order to to defend against attacks for example, and to ensure the functionality of our services. We do not place technically necessary cookies until you have given us your express consent, which you can of course revoke at any time.  As part of our cookie information on our website, you have agreed to the following statement: This website uses tracking cookies or tracking software to provide the full range of functions of our website and thus a better online experience. Further information on the cookies and web tracking methods used by us, as well as the consent you have given can be found in our data protection policy at https://www.relexa-hotels.de/en/notice-of-confidentiality . However technically unnecessary cookies or our tracking software will only activated after you have given us your consent. [Agreed] If you completely exclude the use of cookies, you will not be able to use individual functions of our website - including the possibility of cookie-based opt-out of tracking. Please allow the opt-out cookies of those services where you would like to stop tracking. Please also keep in mind that deleting all cookies will result in opt-out cookies being deleted as well. You may have to reset them if necessary. Cookies are also browser-bound, e.g. they must always be set separately for each browser you use on each device you use. The necessary links can be found below in the description of the respective service.  The following cookies are used by us - if you allowed this and have not set one or more opt-out cookies - for a specific purpose: Name of Cookie Intended use Duration of storage Technically necessary Revocation of consent (if cookie is not technically necessary) Depending on the hotel locationt:   _gat_UA-48412522-1   _gat_UA-27650178-1   _gat_UA-28640890-1   _gat_UA-28642335-1   _gat_UA-28626952-1   _gat_UA-28643127-1   _gat_UA-27663405-1   28643338_1   _gat_UA-28643909-1   _gat_UA-13179828-1 This cookie is used by Google Analytics to control the frequency of requests. one day no see below SX-SESSION This cookie is used by the website to ensure the functionality of the voucher shop. The data stored is encrypted and can only be read from the website. one day yes not possible because it is essential for your purchase resolution Stores the visitor resolution and the pixel density. These values are used to deliver the smallest possible pictures to the visitor. always valid not possible, as it is essential for reasonable presentation. _gid This cookie is used by Google Analytics to differentiate between users. one day no see below _ga This cookie is used by Google Analytics to differentiate between users. two years no see below

21.4.2. Evaluation of newsletter usage

Our newsletter / travel magazine contains counting pixels. A counting pixel is an invisible graphic in HTML e-mails with the purpose of enabling a log file recording as well. 

as a record of the links activated from the newsletter with subsequent analysis when opening the e-mail. The following user data is collected:

• status (newsletter / travel magazine open, date and time)
• clicked links (to articles, advertisements etc.)
• opening the newsletter / travel magazine via e-mail or browser
• device information (e.g. Android, iOS)
• time of opening

This allows us to use statistics to evaluate the success of our newsletter campaigns and to optimize our newsletter so that you get better up to date topics and offers with regards to your needs and interests. When registering for our newsletter / travel magazine, you have issued the following declaration of consent:
“In addition, I agree that usage data is collected from me and evaluated (newsletter user analysis).”

The personal data collected in this way is processed by our service provider mentioned below. If you do not agree, you can unsubscribe from the newsletter / travel magazine by clicking on the link "Unsubscribe" attached to this in the newsletter / travel magazine or by sending us a text message to the above contact details. If you withdraw your consent, we will remove your e-mail from the newsletter distribution so that the newsletter / travel magazine will no longer be sent to you and delete the user data collected from you. The data that proves the double opt-in procedure as well as the revocation of your consent will then be kept for a further 6 years according to Art 17 Para 3 (e) DSGVO (GDPR). During this time your personal data will be blocked against further processing.

 Receiver of the data:
 Serenata SERENATA INTRAWARE GMBH
 Neumarkt St. 18
 81673 Munich

21.4.3 Google Analytics

This website uses Google Analytics, a web analytics service provided by Google LLC ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer that allow an analysis of the use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, by means of our IP anonymization procedure on this website, your IP address will be shortened by Google beforehand within member states of the European Union or other contracting states to the agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the United States and shortened there. 

On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide further services related to website activity and internet user by the website operator. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data. One way to object to web analytics through Google Analytics is to set an opt-out cookie that instructs Google not to store or use your information for web analytics purposes. Please note that with this solution, the web analysis will only be made as long as the opt-out cookie is saved by the browser. If you want to set the opt-out cookie now, please click here.

You can also prevent the storage of cookies by setting your browser software accordingly; however we point out that in this case you may not be able to use all the functions of this website in full. In addition, you may prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading the browser plug-in available under the following link and install. 

The current link is: https://tools.google.com/dlpage/gaoptout?hl=en.
Recipient of the data: Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA
Privacy-Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

21.4.4. YouTube video embedded using iFrame in enhanced privacy mode

We use YouTube, a service provided by Google, to show video content. To protect your privacy we have enabled the enhanced privacy mode. YouTube also uses cookies to collect information about visitors to its website. YouTube uses it to capture video statistics, prevent fraud, and improve usability. Viewing a video usually also leads to a connection to the Google DoubleClick network. If you start the video, this could trigger further data processing, especially if you are already logged in to YouTube. We have no influence on that.

By pressing the start button on the video you consent to the transmission of the data to YouTube LLC.

For more information about privacy on YouTube, see their privacy policy (http://www.YouTube.com/t/privacy_at_YouTube). Recipient of the data: YouTube LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA

Privacy-Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active 

21.4.5. Social media plugins

We use social media buttons on our website (Facebook, Twitter, Flickr, YouTube, Instagram,Pinterest etc.) from Facebook, Twitter, Google etc.
These social media buttons are not integrated as plugins via a so-called iFrame, but as external links. By pressing the social media buttons, you will be redirected to the page of the respective provider. The respective provider is responsible for the compliance with the current data protection regulation, the correctness and completeness of the information provided for the data processing in Article 4 (No.7) (No.17) DSGVO (GDPR).

21.5. Online feedback questionnaire

With your consent or as permitted by law, we will send you a feedback request by e-mail 2 days after your stay in one of our hotels.
 As soon as you click on the “Review” button within the feedback request, you will be redirected to the website of TrustYou GmbH.

By clicking on the "Review" button you give your consent:
"If you click on the link in the e-mail to submit your feedback rating, you will be redirected to the pages of TrustYou GmbH. You agree that the data which you provide in the online feedback questionnaire will be transmitted to TrustYou GmbH, Munich Center of Technology, Agnes-Pockels-Bogen 1, 80992 Munich. TrustYou GmbH is responsible for providing the necessary information on this data processing, including its feature requirements. You can revoke your consent at any time with immediate effect.”

TrustYou GmbH collects the minum following data from you according to your terms of use:

• Name (optional)
• E-mail address 
• Cookie-settings
• IP address
• Referring URL
• Date of use
• Movement profile of the entire session (via pixel tags)
• Hotel feedback

After you have completed and sent the questionnaire, we will only receive the following data from TrustYou GmbH: name details (optional), date of use, hotel evaluation. Your review with indication of the date is provided exclusively on our website: https://www.relexa-hotels.de/en/service/hotel-review

21.6. Raffles or similar promotions

From time to time customers have the opportunity to participate in raffles or similar promotions on our website. As part of these actions, personal data (e-mail address, name, address and other data necessary) may also be collected and stored for the purpose of processing. Personal information that you provide to us in connection with such deeds will only be used to process the action (e.g. in the case of a raffle, for the determination of winnings, prize notifications and sending of the prize). After the action is completed, the data of the participants will be deleted.
The data processing is based on Article 6 Para 1 (a) (c) (f) DSGVO (GDPR).

22. Recipient of the data

The access to your stored personal data is limited to our employees and the service providers contracted by us, such as TravelClick Inc., who have to deal with this personal data due to their task.
 An exchange of data within the group of companies that we belong to takes place exclusively within Germany and therefore within the European Union and serves only for internal administrative purposes.

 The following recipients are added as part of the web tracking process:

• Google Inc. for Google Analytics and YouTube videos via iFrame
• TrustYou GmbH
• Serenata Intraware GmbH

Your review with indication of the date is provided exclusively on our website: https://www.relexa-hotels.de/en/service/hotel-review

23. Data transfer to third countries and legal basis

The transfer of personal data to third countries will only take place

• in the context of the use of Google Analytics on the basis of the adequacy decision of the EU Commission on the EU-US Privacy Shield according to Article 45 DSGVO (GDPR)
 • in the context of the activation of the YouTube videos, if you have consented in accordance to Article 49 Para 1 (a) DSGVO (GDPR) .
 • in the context of hotel reservation using TravelClick Inc., via corresponding standard contractual clauses in accordance to Article 46 Para 2 (c) DSGVO (GDPR) .
 • in the context of providing evaluation using TrustYou via the corresponding standard contractual clauses in accordance to Article 46 Para 2 (c) DSGVO (GDPR) .

24. Data security

We maintain various security measures i.S.v Article 32 DSGVO (GDPR) (Security of Processing) for the protection of your personal data.

For a secure transfer of the data that you send us, we offer SSL/TLS encryption with the current encryption protocol TLS v1.2. We point out that the comprehensive encryption of the transmission path also depends on your internet browser. We therefor recommend that you keep your internet browser up-to-date, so that the encryption according to TLS v1.2 automatically builds up when you visit our website.

We must point out that if you contact us by e-mail, the confidentiality of the information transmitted is not guaranteed. The content of the e-mails may be viewed by third parties. We therefor recommend that you send confidential information by post or via an https-encrypted contact form.