The controller (verantwortliche Stelle) within the meaning of the BDSG is Factory Hotel GmbH & Co. KG, represented by its managing partner D-Yard GmbH, which in turn is represented by its managing partner David Deilmann. Please feel free to contact us at the following address:
Factory Hotel GmbH & Co. KG
An der Germania Brauerei 5
T: +49 (0) 251-4188-0
F: + 49 (0) 251-4188-999
II. Collection of personal data
“Personal data” refers to all data that is relatable to you personally – as a natural person – such as your name, address, email addresses and user behaviour.
The collection and storage of your personal data serves fundamentally to initiate, execute and process a contractual relationship; to process potential warranty claims; to respond to your enquiries; to ensure proper accounting; to measure reach; and for our own marketing purposes. Depending on the method of payment (e.g. advance payment, credit card, Giropay or Sofortüberweisung), it may be necessary to transmit data to payment service providers or to the bank tasked with handling the transaction to perform the contract.
For the aforementioned purposes, we record personal data such as your name, date of birth, sex or gender, nationality, passport and visa data (if applicable), address, telephone number, email address, credit card number and employer information (if applicable).
Personal data is collected, stored and processed solely within the framework stipulated by the statutory provisions of the TMG, the BDSG and Article 6 (1) GDPR.
III. Collection and storage of personal data, as well as the nature and purpose of its use
1. Data processing associated with the viewing of our website
When you use our website to obtain information, the browser used on your device automatically sends information to our website’s server. This information is temporarily stored in a log file. In the process, the following information is recorded without your active involvement and stored until it is automatically erased:
- IP address of the computer making the enquiry
- Date and time of access
- Name and URL of the file accessed
- Website visited prior to access (referrer URL)
- Browser used and, if necessary, your computer’s
operating system as well as the name of your access provider
We process the aforementioned data for the following purposes:
- To ensure a smooth connection with our website
- To ensure the convenient use of our website
- To analyse the security and stability of the system
- For other administrative purposes
The legal basis for data processing is Article 6 (1) sentence 1 (f) GDPR. Our legitimate interest is derived from the aforementioned purposes of data collection. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person. Your personal data is not transferred to third parties for purposes other than those stated below. We pass on your personal data to third parties only if:
- You have given your explicit consent for us to do so in accordance with Article 6 (1) sentence 1 (a) GDPR
- It is necessary to pass on your data in accordance with Article 6 (1) sentence 1 (f) GDPR for the establishment, exercise or defence of legal claims and there is no reason to assume that you have a compelling, legitimate interest that would prevent us from passing on your data
- There is a legal obligation to pass on data in accordance with Article 6 (1) sentence 1 (c) GDPR
- Doing so is legally permissible and necessary to process a contractual relationship with you in accordance with Article 6 (1) sentence 1 (b) GDPR
2. Email contact
In accordance with Article 6 (1) sentence 1 (b) GDPR, we save the data you share with us (your email address, name, telephone number, etc.) when you contact us by email via email@example.com in order to answer your questions. We erase the data produced in this context once it is no longer necessary to store it or limit its processing if it may not be erased due to statutory provisions.
3. Hotel reservations
You can use our website to book a hotel room through our reservation portal SynXis.com, which is operated by the service provider Sabre GLBL Inc., 3150 Sabre Drive, Southlake, TX 76092 USA (https://www.sabre.com/about/privacy/). To process your reservation, we require your contact and address data, as well as information about the services you wish to book (including dates of travel, number of guests and any special requests related to meals or amenities). The legal basis for this is Article 6 (1) (b) GDPR. This data will be erased once it is no longer needed for the purpose of its collection. Even after the conclusion and performance of the contractual relationship, it may be necessary to store data in order to meet contractual and legal obligations such as statutory guidelines on retention.
4. Table reservations
On our website, we offer the option of reserving a table at the restaurants operated by Factory Hotel GmbH & Co. KG. To do so, you enter the necessary data yourself, which is then transmitted to us for storage. This service is provided by Bookatable GmbH & Co. KG, Deichstraße 48, 20459 Hamburg, Germany. Provided you have given consent, the legal basis for data processing in this instance is Article 6 (1) (a) GDPR. If registration is necessary for the performance of a contract or in order to take steps prior to entering into a contract, this processing is subject to Article 6 (1) (b) GDPR. This data will be erased once it is no longer needed to fulfil the purpose of its collection. Even after the conclusion and performance of the contract, there may be a need to meet contractual or legal obligations such as statutory guidelines on retention.
5. Credit checks
Factory Hotel GmbH & Co. KG may obtain credit reports on the basis of mathematical and statistical methods from mediafinanz AG, Weiße Breite 5, 49084 Osnabrück, Germany, for the purposes of its legitimate interests in accordance with Article 6 (1) (f) GDPR. To do so, we transmit the personal data required for a credit check to mediafinanz AG, Weiße Breite 5, 49084 Osnabrück, Germany, and use the information received pertaining to the statistical probability of a payment default to make an informed decision regarding the establishment, performance or termination of the contractual relationship. The credit report may contain probability values (scores) that have been calculated on the basis of scientifically valid mathematical and statistical methods as well as information such as address-related data. Your legitimate interests will be taken into account in accordance with the statutory provisions.
6. Hotel reviews
Former guests may review our hotel after checking out. To do so, we intend to send you an email asking you to review our hotel. All reviews may be published anonymously on request. In the event that you did not enjoy your stay at our hotel, we would like to take the opportunity to contact you personally.
Any data pertaining to online reviews submitted on our website will be stored using the review tool provided by CA Customer Alliance GmbH, Ullsteinstr. 118, Tower B, 12109 Berlin, Germany. CA Customer Alliance GmbH has agreed to handle your transmitted data in accordance with data protection guidelines.
Data from any former guests who take advantage of the opportunity to submit an online review will be stored in the review form. This data includes your email address, as well as voluntary information such as your first and last name, language and information about your review.
No further data will be passed on to third parties in this context. The data will be used solely to publish your review and for any conflict resolution measures in the event of poor reviews.
The legal basis for processing is our legitimate interest in accordance with Article 6 (1) (f). The purpose of any hotel review is to communicate and summarize any opinions voiced by hotel guests through our website so as to allow potential guests to inform themselves about our amenities and services. The findings are also used for our own internal quality management purposes. In most cases, the data is not erased.
Our website also offers you the opportunity to subscribe to our newsletter. To do so, you need to enter your email address. We will pass on your information to our newsletter service provider XQueue GmbH, Christian-Pleß-Str. 11-13, 63069 Offenbach am Main, Germany, which is responsible for the technical realisation of our newsletter.
Records will be kept of your registration for our newsletter so as to allow us to meet our obligation under data protection law to present evidence of your registration. To do so, we will store your IP address, the time of your registration and the time at which you click on the link in the confirmation email that you receive from us (metadata).The legal basis for the storage of your personal data as stated during registration for the newsletter is your consent in accordance with Article 6 (1) sentence 1 (a) GDPR.
The legal basis for the storage of the aforementioned metadata is Article 6 (1) sentence 1 (c) GDPR, as we are obliged under competition law to be able to present evidence that you have given your consent to receive our newsletter.We will store all personal data generated or gathered in connection with your registration for our newsletter until such time as you cancel your subscription to our newsletter or withdraw your consent to the processing of your personal data. We will store the aforementioned metadata and your email address as evidence that you have given your consent to receive newsletters. This data is processed solely to potentially defend ourselves against any claims. You may obtain the immediate erasure of your data if you immediately confirm the original existence of consent.
8. Job application portal
Our website uses software provided by softgarden e-Recruiting GmbH, Tauentzienstr. 14, 10789 Berlin, Germany, to process data related to job applications.We will use the personal data transmitted by you solely for the purpose of processing your application for the advertised position. Only relevant persons who are involved in the application process will be privy to your personal data. All staff members responsible for data processing are obliged to maintain the confidentiality of your data. We will not pass on your personal data to third parties unless you have consented to the forwarding of your data or we are obliged to forward your data due to statutory provisions and/or official or court orders. By submitting your application, you create an account on our careers website where you can view and manage your application.Your data will be stored for up to six (6) months after completion of the application process unless statutory provisions exist that require the further storage of your data for the purpose of presenting evidence or you have expressly consented to a longer period of storage.
9. Links to other websites
Our website contains links to other websites. The operators of those websites are responsible for their content and for the processing of data on said websites. Please refer to the privacy policies contained on those websites for more information.
- Transient cookies
- Persistent cookies
- Third-party cookies
Transient cookies are automatically erased when you close your browser. In particular, this kind of cookie includes session cookies, which store a session ID that can be used to attribute various enquiries by your browser to the particular session. This allows our website to recognise your computer when you return to our website. Session cookies are erased when you log out or close your browser.
Persistent cookies are automatically erased after a given period of time that may differ from cookie to cookie. You can erase cookies at any time in your browser’s security settings.
Third-party cookies are cookies that are used by other providers than the operator responsible for the website.You can change the cookie settings in your browser and refuse certain cookies or all cookies, for example. Cookies already stored can be deleted. You may not be able to use all features of the website if you do not allow cookies.
11. Google Maps
12. Google Analytics
13. Google Dynamic Remarketing
14. MyFonts Counter web analysis service
15. Social plug-ins
In addition, our website uses social plug-ins provided by various social networks. Your browser therefore connects directly to the servers of the respective social networks as soon as you visit our website. The social network transfers the plug-in’s content directly to your browser and embeds it into the website. By embedding the plug-ins, the social networks are notified that you have accessed our website using the plug-ins. The social network can link the visit to your social media account if you are logged in. We use the following social networks:
On this website, we use plug-ins provided by the social network Facebook (Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA). The Facebook plug-in can be identified by the Facebook logo on our website. An overview of Facebook plug-ins is available at http://developers.facebook.com/docs/plugins/.
Please log out of Facebook prior to visiting our website if you do not want Facebook Inc. to attribute the data collected via our website directly to your Facebook profile.
Furthermore, we use a plug-in provided by the social network instagram.com (Instagram LLC, 1601 Willow Rd., Menlo Park, California 94025, USA; “Instagram”). The plug-in is indicated by the Instagram logo in the shape of a camera. An overview of Instagram plug-ins and their appearance is available at http://blog.instagram.com/post/36222022872/introducing-instagram-badges
When you visit our website, which features a plug-in of this nature, your browser connects directly to Instagram’s servers. Instagram transfers the plug-in’s content directly to your browser and embeds it into the website. By doing so, Instagram is notified that your browser has accessed our website with the plug-in even if you do not have an Instagram profile or are currently not logged in to Instagram.
Please log out of Instagram prior to visiting our website if you do not want Instagram to attribute the data collected via our website directly to your Instagram account.An active plug-in stores a cookie with an identifier every time you access the corresponding website. For the sake of completeness, we therefore wish to point out once again that websites with active social plug-ins may send data to social networks even if you are not logged in to the social networks in question. This cookie is sent without being asked every time you connect to a network server. As a result, user data may be collected, analysed and attributed to a natural person.
You can deactivate the social plug-ins with a single click on our website if you would like to prevent social networks from collecting data about you via active plug-ins, or you can block cookies by changing your browser’s settings. However, doing so may prevent you from using all of our website’s features.
IV. Right to object and right to withdraw consent
In accordance with Article 21 GDPR, you have the right to object to the processing of your personal data on grounds relating to your personal situation, or if your objection is related to direct marketing, provided that your personal data is processed on the basis of legitimate interests in accordance with Article 6 (1) sentence 1 (f) GDPR. In the case of direct marketing, you have a general right to object with which we will comply without the need for you to state grounds relating to your personal situation.
You may withdraw your data protection declaration of consent at any time. However, the lawfulness of the processing of data on account of the declaration of consent completed prior to the withdrawal will not be affected by the withdrawal of consent.
You may exercise your right to object or your right to withdraw consent by sending an email to mailfactoryhotelde.
V. Further data subject rights
In addition, you have the right:
- To obtain information about your personal data processed by us, in accordance with Article 15 GDPR. In particular, you may obtain information about the purposes of the processing; the category of personal data; the categories of recipients to whom your personal data has been or will be disclosed; the envisaged period for which the data will be stored; the existence of the right to rectification, erasure, restriction of processing or to object to processing; the right to lodge a complaint; information as to the source of your data if such data is not collected by us; and the existence of automated decision-making, including profiling, and meaningful information about the details (if applicable).
- To obtain the rectification of inaccurate personal data or to have incomplete personal data completed, in accordance with Article 16 GDPR.
- To obtain the erasure of your personal data stored by us to the extent that processing is not necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims, in accordance with Article 17 GDPR.
- To obtain restriction of processing of your personal data if you contest the accuracy of the data; the processing is unlawful but you oppose its erasure and we no longer need the data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or you have objected to processing pursuant to Article 21 GDPR, in accordance with Article 18 GDPR.
- To receive the personaldata that you have provided to us in a structured, commonly used and machine-readable format or to transmit those data to another controller, in accordance with Article 20 GDPR.
- To withdraw your consent at any time, in accordance with Article 7 (3) GDPR. As a result, we will no longer be permitted to continue the data processing based on this consent in the future.
- To lodge a complaint with a supervisory authority, in accordance with Article 77 GDPR. In most cases, you may do so by contacting the supervisory authority in the place of your habitual residence, place of work or our registered office (see above).
VII. Data protection and privacy contact
Please feel free to contact our data protection officer at the following address, telephone number or email address if you have any further questions about data protection at Factory Hotel GmbH & Co. KG:
bits + bytes it-solutions GmbH & Co. KG
Bahnhof Weidenau 6
T: +49 (0) 700 / 2030 1030
The supervisory authority responsible for us is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen