Data Protection Statement
Thank you for your interest in our website and our services. For us, data form the basis of excellent service. However, our most important asset is our customers’ trust. It is our highest priority to protect customer data and to only use them in the way that our customers expect. The data protection information below should therefore inform you about the processing of your personal data and your rights regarding this processing in accordance with the European General Data Protection Regulation (“GDPR”) and other applicable data protection provisions.
1. General Information
1.1 Hospitality Digital GmbH, Metro-Straße 1, 40235 Düsseldorf, Germany (hereinafter “H.d”, “we” or “ us”) is responsible for the operation of this website. H.d attaches the utmost importance to the protection of your personal data.
1.2 If you have questions regarding data protection, you can contact our Data Protection Officer using the contact details below: Hospitality Digital GmbH, Data Protection Officer, Metro-Straße 1, 40235 Düsseldorf, Germany, e-mail: email@example.com.
1.3 In this Data Protection Statement, we outline how we collect, process, and use personal data in the context of providing our website. Personal data is individual information about your personal or material circumstances. We process and use personal data that we collect about you, exclusively within the context of the applicable statutory provisions.
2. Processing of personal data and transfer to third parties
2.1 Upon use of our website, some personal data is automatically collected about your device (computer, mobile phone, tablet etc.). The IP address currently being used by your device, date, time, browser, operating system of your device, and the pages retrieved are collected. This happens for the purpose of data security, to optimize our range and to improve our website. With the exception of analysis for statistical purposes, which in that case is strictly in an anonymized form, any other analysis is only performed strictly within the scope of this Data Protection Statement. This personal data is processed on the basis of art. 6, para. 1, sentence 1, letter f) GDPR. The protection of our website and the optimization our services represent a legitimate interest on our part.
2.2 If you contact us (e.g., via a request to firstname.lastname@example.org), we will collect, process and use only such personal data that you have communicated to us and that is necessary to process and answer your request.
2.3 In order to enable the data processing operations stated in this Data Protection Statement, we are deploying service providers as data processors within the meaning of art. 28 GDPR, for example, service providers for cloud hosting, maintenance and other services. The services providers are both external service providers and services providers within the METRO Group that are located in countries within and outside of the European Union (EU) and the European Economic Area (EEC). By way of contractual provisions, we ensure that these service providers process personal data in accordance with the GDPR in order to guarantee a high level of data protection, even when personal data is transferred to another country where another level of data protection is usual and for which there is no decision on adequacy from the EU Commission. There is no further transfer of personal data to other recipients, unless we are legally obliged to do so. For further information regarding the appropriate security precautions regarding the international transfer of data or a copy of thereof, please contact our Data Protection Officer by e-mail at: email@example.com.
4. Provision of personal data and storage periods
Your personal data are provided on a voluntary basis. You are not legally obliged to provide us with your personal data. If you do not want to provide us with your personal data, it does not have any consequences for you other than you cannot use our services. Personal data that you provide to us via our website is only saved until the purpose for which it was processed has been served. Deviating storage periods may arise from a legitimate interest on the part of H.d (e.g., to guarantee data security and to prevent abuse). Personal data, which we must save due to statutory or contractual storage obligations, are blocked.
5. Your rights
To exercise your rights as per the GDPR to
· information on the processing of your personal data and a copy of these data (art. 15 GDPR),
· correction and completion of incorrect and incomplete personal data (art. 16 GDPR),
· deletion of your personal data, and if they have been made public, that H.d. informs the other responsible parties of the application for deletion (art. 17 GDPR),
· a restriction regarding the processing of your personal data (art. 18 GDPR),
· data portability so that you are given your personal data in structured, standard and machine-readable format and the right to transfer this data to another responsible party without obstruction by H.d (art. 20 GDPR),
· revocation of an issued consent; the revocation does not affect the legality of the processing undertaken on the basis of the consent before the revocation (art. 7 GDPR), and
· an objection to the data processing (art. 21 GDPR),
you can contact the Data Protection Officer of H.d (firstname.lastname@example.org) at any time. In addition, you have the right to raise a complaint at the competent supervisory authority, if you regard the data processing to be incompatible with the GDPR (art. 77 GDPR).
As of: May 2018/ AG