Privacy Policy
1. An overview of data protection
General
The following gives a simple overview of what happens to your personal information when you visit our website. Personal information is any data with which you could be personally identified. Detailed information on the subject of data protection can be found in our privacy policy found below.
Data collection on our website
Who is responsible for the data collection on this website?
The data collected on this website are processed by the website operator. The operator's contact details can be found in the website's required legal notice.
How do we collect your data?
Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form.
Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.
What do we use your data for?
Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.
What rights do you have regarding your data?
You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.
Analytics and third-party tools
When visiting our website, statistical analyses may be made of your surfing behavior. This happens primarily using cookies and analytics. The analysis of your surfing behavior is usually anonymous, i.e. we will not be able to identify you from this data. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following privacy policy.
You can object to this analysis. We will inform you below about how to exercise your options in this regard.
2. General information and mandatory information
Data protection
The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this privacy policy.
If you use this website, various pieces of personal data will be collected. Personal information is any data with which you could be personally identified. This privacy policy explains what information we collect and what we use it for. It also explains how and for what purpose this happens.
Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.
Notice concerning the party responsible for this website
The party responsible for processing data on this website is:
McDreams Hotel GmbH
Kapellenstr. 14
85622 Feldkirchen
Telephone: 0821 59982860
Email: info@mcdreamshotels.de
Data security official:
Florian Frischkorn (Email: datenschutz@mcdreamshotels.de)
The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).
Revocation of your consent to the processing of your data
Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
Right to file complaints with regulatory authorities
If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Right to data portability
You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar.
If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
Encrypted payments on this website
If you enter into a contract which requires you to send us your payment information (e.g. account number for direct debits), we will require this data to process your payment.
Payment transactions using common means of payment (Visa/MasterCard, direct debit) are only made via encrypted SSL or TLS connections. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon in your browser line is visible.
In the case of encrypted communication, any payment details you submit to us cannot be read by third parties.
Information, blocking, deletion
As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.
Opposition to promotional emails
We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements with regard to sending promotional and informational materials not expressly requested. The website operator reserves the right to take specific legal action if unsolicited advertising material, such as email spam, is received.
3. Data collection on our website
Cookies
Some of our web pages use cookies. Cookies do not harm your computer and do not contain any viruses. Cookies help make our website more user-friendly, efficient, and secure. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit. Other cookies remain in your device's memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.
You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.
Cookies which are necessary to allow electronic communications or to provide certain functions you wish to use (such as the shopping cart) are stored pursuant to Art. 6 paragraph 1, letter f of DSGVO. The website operator has a legitimate interest in the storage of cookies to ensure an optimized service provided free of technical errors. If other cookies (such as those used to analyze your surfing behavior) are also stored, they will be treated separately in this privacy policy.
Contact form
Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.
We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
Processing of data (customer and contract data)
We collect, process, and use personal data only insofar as it is necessary to establish, or modify legal relationships with us (master data). This is done based on Art. 6 (1) (b) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract. We collect, process and use your personal data when accessing our website (usage data) only to the extent required to enable you to access our service or to bill you for the same.
Collected customer data shall be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.
Data transferred when signing up for services and digital content
We transmit personally identifiable data to third parties only to the extent required to fulfill the terms of your contract with us, for example, to banks entrusted to process your payments.
Your data will not be transmitted for any other purpose unless you have given your express permission to do so. Your data will not be disclosed to third parties for advertising purposes without your express consent.
The basis for data processing is Art. 6 (1) (b) DSGVO, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
4. Analytics and advertising
Google Analytics
This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called "cookies". These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
Google Analytics cookies are stored based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.
Browser plugin
You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
Objecting to the collection of data
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics.
For more information about how Google Analytics handles user data, see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.
Outsourced data processing
We have entered into an agreement with Google for the outsourcing of our data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Demographic data collection by Google Analytics
This website uses Google Analytics' demographic features. This allows reports to be generated containing statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This collected data cannot be attributed to any specific individual person. You can disable this feature at any time by adjusting the ads settings in your Google account or you can forbid the collection of your data by Google Analytics as described in the section "Refusal of data collection".
Google Analytics Remarketing
Our websites use the features of Google Analytics Remarketing combined with the cross-device capabilities of Google AdWords and DoubleClick. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
This feature makes it possible to link target audiences for promotional marketing created with Google Analytics Remarketing to the cross-device capabilities of Google AdWords and Google DoubleClick. This allows advertising to be displayed based on your personal interests, identified based on your previous usage and surfing behavior on one device (e.g. your mobile phone), on other devices (such as a tablet or computer).
Once you have given your consent, Google will associate your web and app browsing history with your Google Account for this purpose. That way, any device that signs in to your Google Account can use the same personalized promotional messaging.
To support this feature, Google Analytics collects Google-authenticated IDs of users that are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad promotion.
You can permanently opt out of cross-device remarketing/targeting by turning off personalized advertising in your Google Account; follow this link: https://www.google.com/settings/ads/onweb/.
The aggregation of the data collected in your Google Account data is based solely on your consent, which you may give or withdraw from Google per Art. 6 (1) (a) DSGVO. For data collection operations not merged into your Google Account (for example, because you do not have a Google Account or have objected to the merge), the collection of data is based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing anonymous user behavior for promotional purposes.
For more information and the Google Privacy Policy, go to: https://www.google.com/policies/technologies/ads/.
Google AdWords and Google Conversion Tracking
This website uses Google AdWords. AdWords is an online advertising program from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States ("Google").
As part of Google AdWords, we use so-called conversion tracking. When you click on an ad served by Google, a conversion tracking cookie is set. Cookies are small text files that your internet browser stores on your computer. These cookies expire after 30 days and are not used for personal identification of the user. Should the user visit certain pages of the website and the cookie has not yet expired, Google and the website can tell that the user clicked on the ad and proceeded to that page.
Each Google AdWords advertiser has a different cookie. Thus, cookies cannot be tracked using the website of an AdWords advertiser. The information obtained using the conversion cookie is used to create conversion statistics for the AdWords advertisers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, advertisers do not obtain any information that can be used to personally identify users. If you do not want to participate in tracking, you can opt-out of this by easily disabling the Google Conversion Tracking cookie by changing your browser settings. In doing so, you will not be included in the conversion tracking statistics.
Conversion cookies are stored based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.
For more information about Google AdWords and Google Conversion Tracking, see the Google Privacy Policy: https://www.google.de/policies/privacy/.
You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.
Google reCAPTCHA
We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on our websites. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google").
reCAPTCHA is used to check whether the data entered on our website (such as on a contact form) has been entered by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, how long the visitor has been on the website, or mouse movements made by the user). The data collected during the analysis will be forwarded to Google.
The reCAPTCHA analyses take place completely in the background. Website visitors are not advised that such an analysis is taking place.
Data processing is based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in protecting its site from abusive automated crawling and spam.
For more information about Google reCAPTCHA and Google's privacy policy, please visit the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.
5. Plugins and tools
Google Web Fonts
For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
For this purpose your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.
If your browser does not support web fonts, a standard font is used by your computer.
Further information about handling user data, can be found at https://developers.google.com/fonts/faq and in Google's privacy policy at https://www.google.com/policies/privacy/.
Google Maps
This site uses the Google Maps map service via an API. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use Google Maps, it is necessary to save your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
The use of Google Maps is in the interest of making our website appealing and to facilitate the location of places specified by us on the website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.
Further information about handling user data, can be found in the data protection declaration of Google at https://www.google.de/intl/de/policies/privacy/.
Weather display
This website uses widgets to provide current weather forecasts for our corresponding hotel locations. For this purpose, current weather data of the provider https://de.nachrichten.yahoo.com/wetter (Oath (EMEA) Limited, 5-7 Point Square, North Wall Quay, Dublin 1 m) is loaded. In this process, the IP address can be transmitted to the provider's server.
The weather forecast is displayed in order to provide an appealing and informative presentation of our online offering. This constitutes a legitimate interest within the meaning of Article 6 (1) Point (f) of the GDPR.
TrustYou hotel reviews
This website uses tools to download current customer ratings of our hotel from the review portal trustyou.de (TrustYou GmbH, TrustYou Headquarters, Munich Center of Technology, Agnes-Pockels-Bogen 1, 80992 Munich, Germany) and display them on the website.
For this purpose, the IP address is transferred to the server of the review portal. The customer ratings are displayed in order to provide comprehensive, neutral information about our corresponding hotel. This constitutes a legitimate interest within the meaning of Article 6 (1) Point (f) of the GDPR.
Booking System (LikeMagic)
1.1. General information
From booking to check-in and access to our facilities and even check-out, we predominantly use digital processes in our hotel so that we can offer our guests a unique hotel service and stay which can be organized and designed by our guests according to their needs via their mobile device (hereinafter “Guest Journey”). The following explanations for the website also apply analogously for apps and other channels that are used by us to create the Guest Journey.
We use the software-supported hotel management solution and central data management platform likeMagic from SV (Schweiz) AG, Memphispark, Wallisellenstrasse 57, 8600 Dübendorf, Switzerland (hereinafter “Platform”) for the Guest Journey, which enables the management, support, processing, analysis and evaluation of lodging processes in hotel facilities and in which all functions in the areas of reservation, front office, and property management functions are combined in one user interface. Interfaces connect the Platform with other applications and infrastructure for operating and managing our hotel. Furthermore, the Platform bundles access for us via corresponding interfaces to application programs that we license from third parties and thereby supports defined services in essential operational processes typical for hotels within the framework of the Guest Journey, such as booking, billing, guest check-in and guest check-out processing, guest communication, guest catering, locking system management, facility management, etc. The data entered into the Platform is in our responsibility (McDreams Hotel GmbH) and is stored on Google’s servers in Switzerland.
We have entered into a data processing agreement with SV (Schweiz) AG to ensure that your personal data is protected. By agreeing to this privacy policy, you hereby authorize SV (Schweiz) AG to use the personal data that we process for proprietary research and product development purposes.
1.2. Categories of personal data
The personal data that we collect from you and other people (e.g., family members, companion) via our website, apps, and other channels in connection with the Guest Journey are entered into and processed in the aforementioned Platform (see also section 1.3).
In particular, this concerns the following categories of personal data:
- Data and information that is provided to us during bookings (particularly title, first and last name, address, e-mail address, date of birth, telephone number, language, reservation details [date of stay, number of rooms, room category, number of people on the booking, selected additional packages, etc.], credit card information (encrypted as per PCI/DSS), date and time of booking [time stamp]; where applicable, the expected arrival time, desired bed type and/or other preferences, comments)
- Data and information related to your stay at our hotel that are disclosed to us or become known to us, particularly for complying with statutory registration requirements (first and last name, address and canton, date of birth, place of birth, nationality, day of arrival and departure; incl. copy of official identification document and signature, room number), along with the purchase of additional (fee-based) services such as restaurant, mini bar, wellness, excursion offerings, sports offerings, etc. (particularly first and last name, object of performance, time of service procurement/rendering), or about which you inform us (e.g. preferences)
- Data and information that is generated in conjunction with the use of our facilities, common areas and your room (e.g. date and time of entry)
- Data and information that is provided to us when using the communication functions and during communication with you (particularly first and last name and/or user name, where applicable; communication channel; communication product/solution; e-mail address and/or telephone number; date and time of communication; status of messages (opened, read, clicked); content of communication)
- Data that is provided to us when opening a customer account (particularly first and last name, e-mail address, password [encrypted as a hash with salt], date and time of registration [time stamp], status of the e-mail verification)
- Data that is provided to us when logging into the customer account, depending on the type of login that you have chosen (e-mail login authentication data [e-mail address, password] and/or social login authentication data [e-mail address, ID token], data and time of login [time stamp])
Personal data are generally collected from our guests themselves. However, they can also be collected via third parties such as when a guest provides personal information from other people/companions (e.g. family members) or, for instance, a third person makes a booking. If you provide us with personal data from other people (e.g. family members, companions), we ask that you ensure that these people are familiar with this privacy policy and only share their personal data with us if you are authorized to do so and if this personal data is correct.
We will obtain certain data of you via interfaces that connect the Platform with application programs licensed from third parties in connection with the Guest Journey and that deal with essential operational processes that are typical for hotels such as booking, billing, guest check-in and guest check-out, guest communication, guest catering, locking system management, facility management etc., along with the remaining applications and infrastructure of our hotel.
If a booking or check-in is made using a customer account, the required booking and/or check-in data that is already saved in the customer account such as title, first and last name, address, e-mail address, date of birth, telephone number, language and registration form data are used by us for that purpose.
If you book your stay via a third-party platform, we obtain many different kinds of personal data from the respective platform service provider that we enter into and process in the Platform that we use. This is essentially data and information that we also collect in case of a booking that we receive without a third party platform, i.e. title, first and last name, address, e-mail address, date of birth, telephone number, language, reservation details (date of stay, number of rooms, room category, number of people in the booking, selected additional packages, etc., date and time of the booking [time stamp]; where applicable, expected arrival time, type of bed and/or other preferences, comments).
1.3. Centralized storage and linking of your data
The data and information mentioned in section 1.2 above, which we particularly collect in connection with the Guest Journey, are systematically collected and linked by us for the purpose of processing your booking and providing the contractual services. As mentioned above, we use likeMagic, a software-assisted hotel management solution and central data management platform from SV (Schweiz) AG, Dübendorf, Switzerland to that end. Your personal data is entered into the Platform via interfaces that the Platform connects with application programs licensed from third parties in connection with the Guest Journey in the area of essential operational processes that are typical for hotels such as booking, billing, guest check-in and guest check-out, guest communication, guest catering, locking system management, facility management etc., along with other applications and infrastructure of our hotel.
In order to store and link the personal data of our guests, a standalone guest ID for the respective hotel and/or a hotel group is created for each guest. Accordingly, we also aim to identify the guest in our database each time a booking is made. If you have previously stayed with us and we are authorized to do so, we furthermore will compare your personal data with personal information we may have saved in order to keep our customer data in particular up to date, to make check-in efficient for you and to ensure that your stay is tailored to your needs.
We base this processing on our legitimate interest in efficiently managing and directing our hotel and in customer-friendly and efficient customer data management.
Furthermore, please note that – with your permission by consenting to this privacy policy – we may also use the personal data and information aforementioned in section 1.2, which we save and link in the Platform, with the help of the software-assisted hotel management solution we employ to analyze certain personal aspects such as personal preferences, interests, etc. We may use the knowledge gained from this to tailor your stay to your needs or to present you with offers that are tailored to your personal interests and preferences. Furthermore, such data generally assists us to increase the efficiency of our operational processes and to consistently improve our offer for our guests.
1.4. Disclosure of personal data
The personal data collected from you in the course of the Guest Journey will be passed on, if necessary, to internal recipients or, via corresponding interfaces, to external service providers domestically and abroad – particularly when processing and handling your booking and your stay. In addition to the aforementioned SV (Schweiz) AG, Dübendorf, Switzerland, there are additional processors and service providers to which your personal data may be forwarded and/or who have or may have access to them (including IT service providers, service providers for processing booking data [property management] or CRM, payment processing, digital key solution, etc.). An overview of the processors and service providers associated with the Platform can be found on SV (Schweiz) AG’s website at www.likemagic.tech.
We contractually ensure the protection of your personal data (e.g. by using the EU standard contractual clauses for data transfers) if – in association with the procurement of an external service provider – your personal information needs to be transferred to a country whose level of data protection does not match that of Switzerland or Europe.
Furthermore, we disclose your personal information only if you have explicitly agreed to do so, if it is necessary for initiating or processing the contract, if there is a legal obligation to do so, or if it is necessary for enforcing our rights – particularly for enforcing claims arising from the contractual relationship or other rights – or if the processing is carried out to protect a legitimate interest on our part or on the part of third parties. In rare cases, it may be necessary to disclose personal data in order to protect the vital interests of the person concerned or another natural person.
1.5. Retention period
Without your consent, we store your personal information on the Platform beyond the retention period only to the extent necessary to meet our statutory obligations or if we have a legitimate interest in doing so (such as an interest in furnishing evidence in case of claims, documenting compliance of legal or other provisions, or an interest in non-personal evaluations). For instance, we particularly store contractual data according to statutory retention obligations. Retention obligation that oblige us to retain data originate from provisions regarding the right to report, financial reporting, and fiscal law. According to these provisions, business communications (incl. e-mails), concluded agreements and booking receipts must be stored for up to 10 years. If we no longer require this data to render the services for you, the data shall be blocked. This means that, afterwards, the data may be used only for invoicing and fiscal purposes.
If we are authorized to process your personal data beyond contract initiation and execution of the contract processing, we generally process this data for an indefinite time period. We store this data for as long as necessary to achieve the contractual purposes or until you request that we cease this processing (and for a short period of time afterwards so that we can comply with your request), unless we have other legally permissible grounds to continue storing your personal data. We also record the fact that you have ask to stop processing your data so that we can continue to carry out your wish. The consent to retention may be revoked at any time, with effect for the future, by sending an e-mail to datenschutz@mcdreamshotels.de.
If you have a customer account, we will save the data saved in your customer account and/or linked with it until you delete your customer account, unless otherwise stipulated by statutory retention obligations or our legitimate interests.