DATA PROTECTION NOTICE
Hotel Xenia (subsequently referred to as “we”) greatly respects your privacy. As a result, we take the task of protecting your personal data such as name, date of birth, address, email address, telephone number and in general any information from which we are able to identify you, very seriously.
This Data Protection Notice regulates the collection, processing and utilisation of your personal data when you visit our websites. When handling this data, we will proceed by taking into full account the relevant legal data protection regulations and the following principles.
1. DATA AVOIDANCE AND DATA MINIMISATION
We will observe the principles of data avoidance and data minimisation. That means that we will collect, process and use as little personal data as possible and only when the law allows us to.
2. PERSONAL DATA AND CONSENT
We will collect, process and use your personal data only if this is necessary for substantiating, implementing or terminating a contractual customer relationship or when we need to comply with a legal obligation.
In the remainder of cases, we will only collect, process and use your personal data following your prior consent. Your personal data will only be used for the purpose and to the extent to which you have consented. For example, we will only inform you of our products and services once your express opt-in consent has been received.
You can withdraw your consent with future effect at any time. On receipt of your withdrawal request your data will be deleted. Requesting the withdrawal of your data should be sent to the following email address:
3. AUTOMATICALLY GENERATED DATA
In the course of using the pages on our websites personal data may be automatically processed. Typically, this relates to the name of your internet provider, your IP address, the browser you are using, your operating system, the web pages you visited on our website and the website from which you accessed our website.
In all the above cases the processing of such data is carried out anonymously, that is to say it is impossible to assign and therefore identify any individual person from this data.
A cookie is a small data file that certain web sites write to your hard drive when you visit them. The only personal information a cookie can obtain is information a user supplies him or herself. A cookie cannot read data from your hard disk or read cookie files created by other sites. Cookies, however, enhance our web site performance in a number of ways, including providing a secure way for us to verify your identity during your visit to our web site and personalising your experience on our site, making it more convenient for you.
5. THIRD PARTY ACCESS TO YOUR PERSONAL DATA
The collection, processing and utilisation of personal data is carried out by ourselves and – insofar as we have not explicitly excluded this – also by other companies or service providers authorised by us, Hotel Xenia. In the latter two cases, we will ensure that group companies and service providers adhere to the relevant legal data protection regulations and the resulting obligations from this Data Protection Notice. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may engage third party processors of personal data when we send goods or promotional material to our clients or potential clients, or in the case of competitions.
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
In the remainder of cases third parties will not have access to your personal data. We will not sell your data or use it for other means. Only as a result of magisterial or legal requirements, as well as obligations to notify, will your data be processed and in particular passed on to government authorities.
We have enforced technical and organisational measures to protect your data against loss, alterations, theft or access by unauthorised third parties.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Whenever we transfer your personal data within the group companies, we ensure that all the organisations follow the same rules so that similar standards of protection are afforded to your personal data.
The collection of personal data relating to persons under the age of 15 years is not within our interests. Should it come to our attention that such data has been passed to us without the approval of the parents or legal guardian, this data will be deleted immediately. Thereby we are reliant on the parents or legal guardians providing us with the appropriate information.
8. DELETION AND RESTRICTION
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We will delete your personal data where there is no good reason for us continuing to process it or upon your specific request. For instance, we will delete the data collected for a competition if you have not consented to your data being collected, processed and used for any other purpose. In cases of consent being given, we will delete your data following the retraction of your approval or the discontinuation of the purpose of your consent. (Item No. 2).
If requested, we will restrict the processing of your personal data as required. With regard to this arrangement you are to inform us of the extent and the duration that this should be carried out for. As long as this is technically possible, you will be able here to exclude your data from being processed and used for certain purposes.
9. SUBJECT ACCESS REQUEST
You have the right to request access to your personal data; this enables you to receive copy of the personal data we hold about you and to check that we are lawfully processing it. You should send your access request at the following email address;
Our web pages may contain hyperlinks. These are electronic cross-references that allow the web pages from other companies to be accessed. On these linked websites this Data Protection Notice does not apply, only the data protection regulations for that particular website.
11. ALTERATIONS TO THIS DATA PROTECTION NOTICE
We keep this Data Protection Notice constantly up-to-date. As a result, it may be necessary to adapt this Data Protection Notice to accommodate any factual or legal changes to the basic conditions. By using our websites you have accepted these adaptations.
It is also important that the personal data we hold about you is accurate and current.
Please keep us informed if your personal data changes during your relationship with us.
You are more than welcome to contact us at any time should you have questions relating to the collection, processing and utilisation of your personal data including any requests to exercise your legal rights under data protection laws. We will also gladly provide you with general information regarding data protection. For this purpose, please contact us using the following email address: firstname.lastname@example.org