Privacy policy

Scope

This privacy policy applies to all pages of www.bwhhotels.de. It does not cover any linked websites of other providers.

Controller

The following party is known as the controller under data protection law and therefore responsible for the processing of personal data within the scope of this privacy policy:
BWH Hotels Central Europe GmbH
Frankfurter Straße 10-14 65760 Eschborn Germany
+49 6196 47240 / +49 6196 4724200
info@bwhhotels.de

Questions about data protection

If you have any questions about data protection with regard to our company or our website, you can contact our data protection officer:
SPIRIT LEGAL Rechtsanwaltsgesellschaft mbH
Attorney-at-law and data protection officer
Peter Hense
Postal address:
Data protection officer
c/o BWH Hotels Central Europe GmbH, Frankfurter Straße 10-14, 65760 Eschborn
Contact via encrypted online form:
Contact data protection officer
If you have any questions about data protection with regard to our company or our website, you can contact us using the contact details provided under “Controller”.

Security

We have taken comprehensive technical and organisational precautions to protect your personal data from unauthorised access, abuse, loss and other external disruption. To this end, we regularly review our security measures and adapt them to the latest standards.

Your rights

You have the following rights with regard to the personal data concerning you that you can assert against us:

Right of access: You can request access to the personal data concerning you which we process, as set forth in Art. 15 GDPR.
Right to rectification: If the information concerning you is not (or no longer) correct, you can request its rectification in accordance with Art. 16 GDPR. If your data is incomplete, you can request that it be completed.
Right to erasure: You may request the erasure of your personal data in accordance with Art. 17 GDPR.
Right to restriction of processing: Pursuant to Art. 18 GDPR, you have the right to demand that the processing of your personal data be restricted.
Right to object to processing: Pursuant to Art. 21(1) GDPR, you have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data which occurs based on Art. 6(1) Sentence 1(e) or (f) GDPR. If you object, we will not process your data further, unless we can prove compelling legitimate reasons for the processing which override your interests, rights and freedoms. Processing will also continue if the processing serves to establish and exercise or defend against legal claims (Art. 21(1) GDPR). Furthermore, under Art. 21(2) GDPR you have the right to object at any time to the processing of your personal data for direct marketing purposes, which includes profiling to the extent that this is related to such direct marketing. In this privacy policy, we draw your attention to this right to object when describing each processing operation.
Right to withdraw your consent: If you have given your consent for processing, you have a right to withdraw that consent under Art. 7(3) GDPR.
Right to data portability: You have the right to receive the personal data you have given us in a structured, commonly used, machine-readable format (“data portability”) and the right to transfer this data to another controller, if the prerequisites of Art. 20(1)(a), (b) GDPR are fulfilled (Art. 20 GDPR).

You can assert your rights by informing us using the contact details specified under “Controller” above or by contacting the data protection officer designated by us.

If you believe that the processing of your personal data violates data protection law, then under Art. 77 GDPR you also have the right to lodge a complaint with a data protection supervisory authority of your choice. This includes the data protection supervisory authority responsible for the controller:
The Hessian Commissioner for Data Protection and Freedom of Information, Postfach 31 63, 65021 Wiesbaden, visitor address: Gustav-Stresemann-Ring 1, 65189 Wiesbaden, phone: +49 (0)611/14080, email: poststelle@datenschutz.hessen.de, www.datenschutz.hessen.de

Using our website

In principle, you can use our website for purely informational purposes without disclosing your identity. When you access the individual pages of the website in this sense, this only results in access data being transferred to our web hosting service so that the website can be displayed to you. This involves the following data being processed:

Browser type/version
Operating system used
Language and version of the browser software
Date and time of access
Hostname of the accessing device
IP address
Content of the request (specific page)
Access status / HTTP status code
Websites accessed via the website
Referrer URL (website visited before)
Notification of whether the access was a success
Volume of data transferred and
Time zone difference from GMT.

It is necessary for this data to be processed temporarily in order to make it technically possible for you to visit our website and to deliver the website to your device. The access data is not used to identify individual users and is not combined with other data sources. The data is also stored in log files, in order to ensure the functionality of the website and the security of the information technology systems. The legal basis for the processing is Art. 6(1) Sentence 1(f) GDPR. We have legitimate interests in ensuring the functionality, integrity and security of the website. Storing access data in log files, in particular the IP address, for a longer period of time enables us to detect and prevent misuse. This includes, for example, defending against requests that would overload the service as well as against bots. The access data will be erased as soon as it is no longer required for achieving the purpose of its processing. In the case of recording the data to provide the website, this is the case when you end your visit to the website. The log data is generally stored directly and in such a way that it can only be accessed by administrators, and it is erased after seven days at the latest. After that, it is only indirectly available by reconstructing backups, and is finally erased after a maximum of seven days.

You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Controller” above. Upon request, we will provide you with the balancing of interests free of charge.

Technically necessary device information

In addition to the aforementioned access data, technologies are used when you use the website which store information on your device (e.g. desktop PC, laptop, tablet or smartphone) or access information which is already stored on your device. These technologies may include, for example, cookies, pixels, local storage, session storage, IndexedDB or browser fingerprinting technologies. These technologies can be used to recognise you across devices and websites.

According to Sect. 25(1) of the German Telecommunications and Digital Services Data Protection Act (TDDDG), we generally require your consent for the use of these technologies. According to Sect. 25(2) TDDDG, this is only not required if the technologies either enable the transmission of a message via a public telecommunications network or if they are strictly necessary to provide a telemedia service that you have expressly requested.

Some elements of our website serve the sole purpose of transmitting a message (Sect. (2) No. 1 TDDDG) or are strictly necessary to provide you with our website or individual features thereof (Sect. 25(2) No. 2 TDDDG):

Language settings.

The elements are erased after storage is no longer required.
You can prevent processing by adjusting your browser settings accordingly. For elements whose storage duration is not limited to the session, you can adjust your browser settings so that the elements are erased after your session has expired.

Technically non-essential device information

Our website also uses elements that are not technically essential. We only use these technologies with your consent in accordance with legal requirements. Information about the individual technologies and features can be found in our settings within the consent management platform (cookie banner) as well as in the following information, which is sorted according to the individual features.

Consent management platform

To make it easier for us to ask for your consent to the use of cookies or other tracking technologies so that we can process your device information and personal data when you visit our website, we use a consent tool. This gives you the opportunity to accept or decline the processing of your device information and personal data using cookies or other tracking technologies for the purposes listed. Such processing purposes may include the integration of external elements, integration of streamed content, statistical analysis, reach measurement, personalised product recommendations, or personalised advertising.

You can grant or refuse your consent for all processing purposes, or grant or refuse your consent for individual purposes or third-party providers.

You can change your settings again later on. The purpose of integrating the consent management platform is to allow users of our website to decide whether to allow cookies and similar technologies, and to offer them the opportunity to change settings that they have already made when they continue to use our website.

When the consent management platform is used, we process personal data as well as information from the devices used. The information about the settings you have made is also stored on your device.

The legal basis for the processing is Art. 6(1) Sentence 1(c) GDPR in conjunction with Art. 7(1) GDPR, insofar as the processing serves to fulfil the legally standardised obligations to provide evidence for the granting of consent. Otherwise, Art. 6(1) Sentence 1(f) GDPR is the relevant legal basis. Our legitimate interests in this processing lie in the storage of users settings and preferences with regard to the use of cookies and the evaluation of consent rates.

A new request for your consent will be made twelve months after you saved your user settings. Your user settings will then be saved again for this period, unless you delete the information about your user settings yourself beforehand in your device settings.

You may object to the processing, insofar as processing is based on Art. 6(1) Sentence 1(f) GDPR. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Controller” above. Upon request, we will provide you with the balancing of interests free of charge.

The recipient of the personal data processed in this context is the provider of the consent management platform we use:

consentmanager GmbH (Eppendorfer Weg 183, 20253 Hamburg) with regard to the “consentmanager” consent ma-
nagement platform.

Contacting our company

When you contact our company, e.g. by email or using the contact form on the website, we will process the personal data you provide so that we can respond to your request. In order for us to process enquiries submitted via the contact form, it is essential that you provide a first and last name, a valid email address, the hotel and the location. The legal basis for this processing is Art. 6(1) Sentence 1(f) GDPR and Art. 6(1) Sentence 1(b) GDPR, if the contact is made with the intention of concluding a contract. If the request is aimed at concluding a contract, it is necessary for you to provide your data. If you do not provide your data, it will not be possible to conclude/execute a contract and process the request. The other data processed during the submission process serves to prevent any misuse of the contact form and to ensure the security of our information technology systems. As soon as processing is no longer necessary, we will erase the data generated here or, if statutory retention obligations apply, restrict processing of the data. You may object to the processing, insofar as it is based on Art. 6(1) Sentence 1(f) GDPR. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Controller” above. Upon request, we will provide you with the balancing of interests free of charge.

Establishment, exercise or defence of legal claims

We also process personal data for the establishment, exercise or defence of legal claims. The legal basis for this processing is Art. 6(1) Sentence 1(c) GDPR and Art. 6(1) Sentence 1(f) GDPR. In these cases, we have a legitimate interest in the assertion or defence of claims. You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Controller” above. Upon request, we will provide you with the balancing of interests free of charge.

Fulfilment of other legal obligations

We may also process the aforementioned personal data to fulfil other legal obligations, in particular if there is an enforceable official or court order or if we are obliged to do so by law. The legal basis in such cases is Art. 6(1) Sentence 1(c) GDPR.

Marketing via email and messenger services

Advertising to existing customers

We reserve the right to use the email address you provide when ordering in accordance with the statutory provisions in order to send you the following content by email at the time of or after your order, unless you have already objected to this processing of your email address:

Attractive offers from our portfolio, in particular regarding services related to brand affiliation with BWH Hotels
Individual customer support
New offers involving our products and services
Invitations to company events.

The legal basis of the data processing is Art. 6(1) Sentence 1(f) GDPR. Our legitimate interests in the processing described lie in enhancing and optimising our services, conducting direct marketing and ensuring customer satisfaction. We will erase your data when you stop using the service, but no later than three years after termination of the contract. We use an external email marketing service to send the emails. For more information on this service provider, please refer to the “Email marketing services” section.

We would like to point out that you can object to receiving direct marketing and to the processing of the data for direct marketing purposes at any time without incurring any costs other than the transmission costs according to the basic rates. Here you have a general right of objection without giving reasons (Art. 21(2) GDPR). To do this, click on the unsubscribe link in the relevant email or send us your objection to the contact details provided under “Controller”. Upon request, we will provide you with the balancing of interests free of charge.

You have the option of receiving email notifications when products become available again, as well as subscribing to our email newsletter, through which we will regularly inform you about the following content:

Attractive offers from our portfolio, in particular regarding services related to brand affiliation with BWH Hotels
Individual customer support
New offers involving our products and services
Invitations to company events.

To receive the newsletter, you must provide your email address (for the newsletter we send by email) and specify a recipient (name or pseudonym). We process this data for the purpose of sending the email newsletter and for as long as you have subscribed to the newsletter.
We use an external marketing service provider to send the newsletter. For more information, please refer to the “Marketing service provider” section.
The legal basis for the processing is Art. 6(1) Sentence 1(a) GDPR. We will process your data until you withdraw your consent.
You can withdraw your consent to the processing of your email address for the purpose of sending you the newsletter at any time, either by clicking directly on the unsubscribe link in the newsletter or by sending us a message using the contact details provided under “Controller”. This will not affect the lawfulness of the processing carried out on the basis of the consent prior to the withdrawal.

Double opt-in procedure

In order to document your newsletter registration and to prevent abuse of your personal data, we use what is known as a double opt-in procedure for email newsletter registrations. Once you have entered the data marked as mandatory, we will send you an email to the email address you have provided, in which we ask you to expressly confirm your subscription to the newsletter by clicking on a confirmation link. We process your IP address, the date and time of your registration for the newsletter and the time of your confirmation. This is how we ensure that you really want to receive our email newsletter. We are legally obliged to be able to demonstrate that you have consented to the processing of your personal data in connection with registering for the newsletter (Art. 7(1) GDPR). Due to this legal obligation, this data processing is carried out on the basis of Art. 6(1) Sentence 1(c) GDPR.

You are not obliged to provide your personal data during the registration process. However, if you do not provide the required personal data, we may not be able to process your subscription or process it in full. If you do not confirm your newsletter subscription, we will block the information transmitted to us and erase it automatically after one month at the latest. Once you confirm your registration, we will process your data for as long as you have subscribed to the newsletter.

Newsletter tracking

We also statistically evaluate newsletter opening rates, the number of clicks on links in newsletters and the reading time. For this purpose, user activity on our websites and within the newsletters we send out is evaluated on the basis of device-specific information (e.g. email client used and software settings). For this analysis, the emails sent out contain so-called web beacons or tracking pixels, which constitute single-pixel image files that are also embedded on our website.

The legal basis of the processing is Art. 6(1) Sentence 1(a) GDPR. We will erase your data if you unsubscribe from the newsletter.
You can withdraw your consent at any time, either by sending us a message (see the contact details under “Controller”) or by clicking directly on the unsubscribe link in the newsletter. This will not affect the lawfulness of the processing carried out on the basis of the consent prior to the withdrawal.

Opt-out list

If you cancel your registration by withdrawing your consent or, in the case of advertising to existing customers, by exercising your right of objection, we will continue to process your data, in particular your email address, to ensure that you do not receive any more newsletters from us. For this purpose, we will add your email address to an opt-out list, which makes it possible to prevent you from receiving any further newsletters from us. The legal basis for the data processing is Art. 6(1) Sentence 1(c) GDPR, in order to comply with our obligations to provide evidence, and failing this, Art. 6(1) Sentence 1(f) GDPR. In this case, we have a legitimate interest in complying with our legal obligations to make sure that we stop sending you newsletters.

Marketing service provider

We use the following marketing services to advertise to existing customers:

„Optimizely, which is provided by Optimizely GmbH (Wallstraße 59, 10179 Berlin) and Optimizely Inc. (119 Fifth Avenue, 7th Floor, New York, NY 10003 US). Optimizely also processes your data in the US. The EU Commission has issued an adequacy decision for data transfers to the US. Optimizely Inc. is certified under this. In addition, standard data protection clauses have been concluded with Optimizely in order to commit Optimizely to an appropriate level of data protection. You can request a copy of the standard data protection clauses from Episerver by sending an email to: dpo@optimizely.com For more information about the storage period, please refer to the Optimizely privacy policy at: www.optimizely.com/de/legal/datenschutz/

You may object to the processing, insofar as it is based on Art. 6(1) Sentence 1(f) GDPR. Your right of objection exists if you have reasons arising from your particular situation. You may send us your objection using the contact details specified under “Controller” above. Upon request, we will provide you with the balancing of interests free of charge.

Enforcement of rights, address investigation, debt collection

In the event of non-payment, we reserve the right to pass on the data provided at the time of ordering to a lawyer and/or to external companies (e.g. Verband der Vereine Creditreform e.V., Hellersbergstraße 12, 41460 Neuss, Germany) in order to ascertain an address and/or enforce our rights. The legal basis of the processing is Art. 6(1) Sentence 1(f) GDPR. Our legitimate interests lie in fraud prevention and avoiding default risks. In addition, we may pass on your data to the extent necessary in order to safeguard our rights, as well as the rights of our affiliates, our partners, our employees and/or users of our website. Under no circumstances will we sell or rent your data to third parties. The legal basis for the processing is Art. 6(1) Sentence 1(f) GDPR. We have a legitimate interest in the processing for the purpose of enforcing our rights. As soon as storage is no longer necessary, we will erase the data generated or, if statutory retention obligations apply, restrict processing of the data.

Hosting

We use external hosting services provided by Mittwald CM Service GmbH & Co. KG (Königsberger Str. 4-6, 32339 Espelkamp), which serve to provide the following services: infrastructure and platform services, computing capacity, storage resources and database services, security and technical maintenance services. For these purposes, all of the data required for the operation and use of our website – including the access data mentioned under “Using our website” – is processed. The legal basis for this processing is Art. 6(1) Sentence 1(f) GDPR. By using hosting services, we are pursuing our legitimate interests in making our website efficient and secure.

Services for statistical, analysis and marketing purposes

We use services from third parties for statistical, analysis and marketing purposes. This enables us to offer you a user-friendly, optimised experience when visiting the website. The third-party providers use cookies, pixels, browser fingerprinting or other tracking technologies to control their services. In the following, we inform you about the services from external providers currently in use on our website, about the related processing in each case, and about how you can withdraw your consent.

AdUp Ads retargeting

Our website also uses the AdUp Ads analytics and retargeting features from Axel Springer Teaser Ad GmbH, Axel-Springer-Str. 65, 10969 Berlin (hereinafter referred to as “AdUp”). In particular, AdUp uses cookies, AdUp pixels and fingerprinting methods to process the information generated about how your device uses our website, in order to record specific user behaviour on our website and evaluate the. To this end, AdUp assigns a unique identifier to your browser (browser ID) when you visit our website in order to process your interactions with our website. Information stored on users’ devices is also processed, such as in particular user agent, browser information (such as browser ID, timestamp), request ID, type of interaction (such as page view) and other data mentioned under “Using our website”. This enables us to target users of our website with interest-based ads, tailor our advertising campaigns to users’ interests and preferences, and measure the effectiveness of our ads. Thanks to the AdUp tracking technologies used, your browser automatically establishes a direct connection to the AdUp servers. We do not perform any personal identification of individual users. The maximum storage period with AdUp is twelve months. With regard to the storage of and access to information on your device, the legal basis is Sect. 25(1) TDDDG; for further processing, the legal basis is Art. 6(1) Sentence 1(a) GDPR. For further information about the protection of your data and how long AdUp stores your data, please refer to: www.adup-tech.com/rechtliches/datenschutz

You can withdraw your consents to the processing at any time by moving the slider back in the consent tool advanced settings. This does not affect the lawfulness of the processing carried out on the basis of the consent prior to the withdrawal.

eTracker

We use the web analysis service “eTracker” (eTracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany) for the statistical evaluation of visitor numbers, page views, downloads, websites visited previously, and for measuring the success of entries in search engines. The eTracker tool uses technologies such as tracking pixels and fingerprinting to record, analyse and categorise the information generated by the user’s device about the use of our website and interactions with our website as well as access data – in particular the IP address, browser information, the website visited previously, the date and time of the server request, and conversion data – for the purpose of statistical analysis and measuring the reach of ads in search engines. We use eTracker with the extension which causes IP addresses to be shortened before processing them further, in order to make it more difficult to identify individuals. With regard to the storage of and access to information in your device, your consent is the legal basis pursuant to Sect. 25(1) of the Telecommunications and Telemedia Data Protection Act (TDDDG); for further processing, your consent is also the legal basis pursuant to Art. 6(1) Sentence 1(a) GDPR. For further information about the protection of your data and how long eTracker stores your data, please refer to:

www.etracker.com/en/data-protection-by-etracker/

You can withdraw your consent to the processing at any time by moving the slider back for the specific third-party provider in the consent tool advanced settings. Please note that this will not affect the lawfulness of the processing before your withdrawal.

Google Ads Remarketing

We use the Google Ads tool with the Dynamic Remarketing feature, which is provided by Google (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland and Google, LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, US; hereinafter referred to as “Google” and “Google Ads”). The Dynamic Remarketing feature allows us to recognise users of our website on other websites within the Google advertising network (in Google Search or on YouTube, so-called Google Ads, or on other websites) and present ads tailored to their interests. Ads may also refer to products and services that you have already viewed on our website. For this purpose, analyses are performed of user interactions on our website, e.g. which offers a user was interested in, so that we can display targeted advertising to users on other sites after they have left our website. When you visit our website, Google Ads stores a cookie on your device. Google uses cookies to process the information generated by your device about the use of our website and interactions with our website as well as the data mentioned under “Using our website”, in particular your IP address, browser information, the website visited before and the date and time of the server request, for the purpose of serving personalised ads. For this purpose, it is also possible to determine whether different devices belong to you or to your household. Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. If a user is registered with a Google service, Google can associate the visit with the user’s account and create and evaluate user profiles across applications. With regard to the storage of and access to information on your device, your consent is the legal basis pursuant to Sect. 25(1) of the Telecommunications and Digital Services Data Protection Act (TDDDG); for further processing, your consent is also the legal basis pursuant to Art. 6(1) Sentence 1(a) GDPR. Google also processes the data in part in the US. The EU Commission has issued an adequacy decision for data transfers to the US. Google, LLC is certified under this. So-called standard contractual clauses have been concluded with Google, LLC in order to commit Google, LLC to an appropriate level of data protection. You can obtain a copy of the standard contractual clauses at: cloud.google.com/terms/sccs. The maximum storage period with Google is 24 months. For further information about the protection of your data and how long Google stores your data, please refer to: policies.google.com/privacy

You can withdraw your consents to the processing at any time by moving the slider back in the consent tool advanced settings. Please note that this will not affect the lawfulness of the processing before your withdrawal.

General information on the processing of personal data for the LinkedIn page of BWH Hotels Central Europe GmbH

This data protection information explains how BWH Hotels Central Europe GmbH (Frankfurter Straße 10–14, 65760 Eschborn, hereinafter referred to as “BWH”, “us” or “we”) processes your personal data in connection with the use of the LinkedIn social network and the content published on our LinkedIn company page (hereinafter referred to as “the LinkedIn page”). We therefore set out below the manner and extent to which we process the personal data of our users. Please read this privacy notice carefully so that you can understand our position and practices regarding your personal data and how we handle it. For terms such as “personal data” and “processing”, the legal definitions pursuant to Art. 4 GDPR apply.

Scope

This data protection information applies to BWH’s LinkedIn page within the scope of our own role as controller and to the processing of your personal data within the scope of our joint controllership with LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, and LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, US; hereinafter referred to as “LinkedIn”). It does not cover any linked websites or pages of other providers, nor to the processing of personal data where LinkedIn is the sole controller.

Processing by BWH Hotels Central Europe GmbH as the provider of the LinkedIn page

Community functions and product promotion

BWH uses the technical infrastructure and functions of the professional social network LinkedIn. Our LinkedIn page is used, among other things, for the purposes of networking with business partners, customers and guests, promoting our products and services, publicising our events, and communicating with users via the post, message, “Like” and comment functions.

Our LinkedIn page offers various community functions enabling you to interact or get in touch with us – for example, by responding to posts, invitations or messages, in particular by leaving comments, marking posts with a “Like”, sharing them, or forwarding them to other users via message. Please note that these areas are publicly accessible, and all personal information you post there may be viewed by others.

The information you provided when registering with LinkedIn may also be publicly visible. We cannot control how other users use such information. In particular, we cannot prevent your public comments or reactions under the “Comments” section from being commented on by other users.

When you use our LinkedIn page, we process personal data such as your LinkedIn username, your profile picture, and any information you share via interactive functions (e.g. “Likes”, comments, shares and messages). The legal basis for processing personal data in connection with the community functions of our LinkedIn page is Art. 6(1) Sentence 1(f) GDPR. We have a legitimate interest in promoting our products and services via the LinkedIn channel and communicating with users, customers, business contacts, guests and prospective customers.

We have no influence over the storage period of your personal data that you have published in connection with our LinkedIn content. We store your data until the purpose of the processing has been fulfilled, or we restrict processing where statutory retention obligations apply. For further information about the protection of your data and how long LinkedIn stores your data, please refer to: https://www.linkedin.com/legal/privacy-policy?trk=content_footer-privacy-policy and https://de.linkedin.com/legal/cookie-policy

You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation. You may send your objection by post to BWH Hotels Central Europe GmbH, Frankfurter Straße 10–14, 65760 Eschborn, or by email to info@bwhhotels.de. Upon request, we will provide you with information about the balancing of interests free of charge.

Community management

We receive messages from you as users via the private messaging function and the “Comments” function, containing content directly addressed to us. If you contact us – for example, to ask questions about an offering promoted on our LinkedIn page – we process your LinkedIn username together with any further data or information you provide to us, in order to process and respond to your enquiry.

In addition, content such as posts, videos or photos that are directly addressed to us or concern us (for example, because BWH products are mentioned) is regularly published publicly on our LinkedIn page and in other public areas of the LinkedIn social network. We process such content – whether sent to us or published on our LinkedIn page or other public areas of the social network – in order to respond to it accordingly. Depending on the nature of the content, we may respond accordingly – for example, by contacting the authors and contacts in order to assist them in using our products and services, or by taking reviews into account when improving our products and services. We also produce analyses of the extent to which content is viewed and interacted with, including “Likes” and other interactions with our content, so as to learn from this and to continuously improve our public relations, marketing strategies and advertising campaigns.

The legal basis for the processing is Art. 6(1) Sentence 1(f) GDPR. We have a legitimate interest in meeting your requests for information and in organising, facilitating and optimising communication with our users as well as public communication.

As soon as processing is no longer necessary – as a rule, within one year after the end of the relevant calendar year – we will erase the data generated in this context or, if statutory retention obligations apply, restrict processing. Content posted on our LinkedIn page or in other public areas of the social network can be erased in the same way as other content you have created. If at any time you wish for posted content to be erased, please send us an email to the email address we have provided.

Communication via LinkedIn messages or email

When you contact us – for example via the messaging function or by email – we process the personal data you provide in order to respond to your enquiry. The legal basis for processing is Art. 6(1) Sentence 1(f) GDPR, or Art. 6(1) Sentence 1(b) GDPR where your enquiry relates to a specific offer or contract. The data is only processed for the purposes of conducting the conversation and communication. We have a legitimate interest in responding to your enquiry and organising communication with you. As soon as processing is no longer necessary, we will erase the data processed in this context or, if statutory retention obligations apply, restrict processing of the data accordingly.

In the course of using the messaging function, certain data that is required for its use is automatically processed, in particular to enable access to the internet. This includes: IP address, date and time of the server request, time zone difference from Greenwich Mean Time (GMT), content of the request (specific browser or app function), access status, volume of data transferred in each case, browser or app from which the request comes, device type, operating system used and its interface (e.g. Android or iOS), language and version of the operating system, and device identifiers. BWH does not process any user data in this context. LinkedIn alone is responsible for this processing. For further information about privacy at LinkedIn, please refer to: https://www.linkedin.com/legal/privacy-policy?trk=content_footer-privacy-policy and https://de.linkedin.com/legal/cookie-policy

Social recruiting

If you wish to apply for a vacancy advertised on our LinkedIn page, we will process the personal data you provide, in particular identification data (first and last name, title, date of birth), contact details (address, email address, etc.), qualification data and other information (e.g. salary expectations, professional priorities, etc.), in order to review your enquiry, assess your suitability for the position in question, handle your application internally and, where applicable, forward it to the relevant department. We process your personal data for the purpose of initiating, carrying out or terminating the application process, communicating with you, complying with the associated statutory obligations, and, where applicable, for legal enforcement purposes. The legal basis for this processing is Art. 6(1) Sentence 1(b) GDPR in conjunction with Sect. 26(1) of the German Federal Data Protection Act (BDSG). Where special categories of personal data that may form part of your application are processed, the legal basis for processing is Art. 9(2)(b) GDPR in conjunction with Sect. 26(3) BDSG, unless we have obtained your prior consent for specific processing operations pursuant to Art. 9(2)(a) GDPR in conjunction with Sect. 26(2) Sentence 1 BDSG. Insofar as the processing of your data for the aforementioned purposes is based on Art. 6(1) Sentence 1(b) GDPR, the provision of your personal data is necessary for the preparation, conclusion, carrying out and/or termination of the application process or for initiating the employment relationship, and in some cases is even required by law. You are not obliged to provide your personal data during the application process. However, if you do not provide your personal data, we may not be able to process your application or enquiry properly or comply with our statutory obligations, meaning that the application process cannot take place. As soon as processing is no longer necessary, we will erase the data processed in this context or, if statutory retention obligations apply, restrict processing of the data accordingly. Application documents are erased no later than six months after the rejection notice has been sent. Further information about data protection in connection with the application procedure can be found in the data protection information for applicants:

Event invitations and event videos

We occasionally announce events on our LinkedIn page, for which you may register via our website or directly on our LinkedIn page, e.g. by means of forms (Lead Gen Forms). You also have the option of sharing the event with other users. If you register for an event, we process the personal data you provide when registering, such as your username, your address, and the contact details and communication information you provide, e.g. telephone number and email address, together with any further information you provide for the purpose of holding the event in question (for example, in order to prepare the guest list, accreditation and access control, room and staff planning, and catering arrangements). The processing of the data you provide also serves the purpose of sending you your invitation and notifications relating to the event in question. In addition, we may use this information, where necessary, for the detection of misuse and for legal defence.

The legal basis for the processing is Art. 6(1) Sentence 1(b) GDPR, insofar as the conduct of the registration process is necessary for participation in the event. This processing is necessary and obligatory for the conclusion of the contract. If you do not provide your data, you will not be able to participate in the event. In all other respects, processing takes place on the legal basis of Art. 6(1) Sentence 1(f) GDPR. We have a legitimate interest in the prevention of fraud and, where applicable, in effective legal defence in the event of abusive requests. If you register for an event, we erase your registration data after a period of three years at the end of the current calendar year.

Where processing is based on Art. 6(1) Sentence 1(f) GDPR, you may object to such processing. Your right of objection exists if you have reasons arising from your particular situation. You may send your objection by post to BWH Hotels Central Europe GmbH, Frankfurter Straße 10–14, 65760 Eschborn, or your withdrawal by email to info@bwhhotels.de. Upon request, we will provide you with information about the balancing of interests free of charge.

Photographs and video recordings may be taken at events for which you have registered (where applicable, by a photographer commissioned by us), in which you may also appear. If you are the central subject of a photograph or video recording, the photographer will ask you beforehand whether you agree and will obtain your consent. We use such recordings to convey impressions of our events for public relations purposes, such as visual reporting, as well as for advertising purposes on our LinkedIn page and websites.

Unless otherwise agreed, any photographs or video recordings of you made at an event will be erased after a period of three years at the end of the calendar year of the event or once the photographs and videos are no longer used for advertising purposes. Data is processed on the basis of statutory provisions permitting such processing. Where you are the central subject of a photograph or video recording, your consent pursuant to Art. 6(1) Sentence 1(a) GDPR constitutes the legal basis for the processing of your personal data.

You can withdraw your consent to the processing at any time by submitting your withdrawal by post to BWH Hotels Central Europe GmbH, Frankfurter Straße 10–14, 65760 Eschborn, or by email to info@bwhhotels.de.

For other photographs and video recordings made for public relations purposes, the legal basis for processing is Art. 6(1) Sentence 1(f) GDPR. We have a legitimate interest in enabling our public relations activities in the form of visual reporting on our event within the framework of statutory provisions, insofar as this is not outweighed by overriding interests of the event participants.

Lead Gen Forms

To attract new prospects for our services and to increase future user and customer demand (lead generation), we use the LinkedIn Lead Gen Forms function in order to reach new target audiences for our services and draw their attention to our company’s services, to tailor our products to the interests of our customers, and to approach them in a targeted and straightforward manner. For LinkedIn’s selection of the users who are to be shown a particular ad with a form, data on search behaviour, lookalike audience data (i.e. information on an initial target audience that enables LinkedIn to identify new target audiences on the basis of our pre-defined criteria), and demographic characteristics such as age, gender, location and language are processed. For this purpose, we specify to LinkedIn, when creating the respective forms, the characteristics that users should meet. If users then click on the call-to-action button in a LinkedIn ad to which a so-called Lead Gen Form is attached, the form is automatically pre-filled with the contact and profile information of that user. This enables users to transmit their data to us as a company without having to enter the data manually or visit the company’s pages, for example to register for a newsletter. The data transmitted in the form may include, for example, industry, qualification and region, insofar as such information has been provided by the LinkedIn user in question. This function also allows us to determine how often specific users decide to submit the form in question (conversion rate), in order to measure the effectiveness of that form. We use the data you transmit to generate newsletter registrations, to offer products, services and discounts, as well as to share invitations and registration options for events. The legal basis for processing within the framework of the use of Lead Gen Forms is your consent pursuant to Art. 6(1) Sentence 1(a) GDPR. We store your data until you withdraw your consent or until the purpose has been achieved. For more information about processing in the context of Lead Gen Forms, please refer to: https://www.linkedin.com/help/lms/answer/a420012/

You may withdraw your consent to processing at any time – by email, by contacting us using the contact details specified under “Questions about data protection”, or by using the unsubscribe link provided in the message you receive – and such withdrawal will apply until it is withdrawn.

eTracker

In the context of LinkedIn Ads, we use the services of eTracker GmbH (Erste Brunnenstraße 1, 20459 Hamburg; hereinafter referred to as “eTracker”) in order to conduct reach analyses by means of tracking links associated with our ads and to measure the success of our marketing factivities. When you click on one of our ads, the personal data collected includes your IP address, browser type, time spent and operating system, together with data on interaction with the target URL and whether you perform on the website the action desired by us as the advertiser (conversion). With regard to the storage of and access to information on your device, your consent is the legal basis pursuant to Sect. 25(1) of the Telecommunications Digital Services Data Protection Act (TDDDG); for further processing, your consent is also the legal basis pursuant to Art. 6(1) Sentence 1(a) GDPR. Once storage is no longer necessary, we will erase the data generated in this context. For information about data processing by eTracker, please refer to: https://www.etracker.com/docs/faq/eu-dsgvo/daten-datenspeicherung/wie-lange-werden-welche-daten-von-etracker-gespeichert/

LinkedIn Ads

By means of the advertising formats (ads) provided by LinkedIn, we are able to display targeted advertising to other users and potential customers in order to draw attention to our content and products and to expand our target audience. Within the marketing functions made available in the LinkedIn Campaign Manager, ads may, for example, be sent to users by direct message (Message Ads), displayed as simple ads on the right-hand side of the LinkedIn feed (Text Ads), or personalised to the profile of the respective user (Dynamic Ads). To make targeted contact with other users, LinkedIn offers the option of communicating with them via direct message (Conversation Ads), which allows us to draw their attention directly to our products and content.

Through the reporting function and the Performance Chart of the LinkedIn Campaign Manager, we are able to evaluate the results of our advertising campaigns across the various advertising formats described above. These reports contain, for example, information about the number of new followers after the advertising campaign and about interactions with our posts and ads. In addition, from the clicks, impressions and interactions recorded, we can determine which campaigns and ad content are most appealing and effective for our target audience. This enables us to target users of our website and users of LinkedIn who belong to a comparable target audience with interest-based ads when they visit the LinkedIn social network (“LinkedIn Ads”).

In the context of the use and evaluation of LinkedIn Ads, aggregated and anonymised analysis data is processed, such as clicks, impressions, click-through rates, numbers of reactions such as likes, comments and shares, as well as demographic user information such as country and language settings. In addition, LinkedIn also processes information stored on users’ devices, such as IP address, browser information, and the date and time of the server request.

The legal basis of the processing is Art. 6(1) Sentence 1(f) GDPR. We have a legitimate interest in increasing the effectiveness and reach of our ad campaigns and in expanding our professional network. We have no influence over the storage period of your personal data that you have published on LinkedIn. We store your data until the purpose of the processing has been fulfilled, or we restrict processing where statutory retention obligations apply. For further information about the protection of your data and how long LinkedIn stores your data, please refer to: https://www.linkedin.com/legal/privacy-policy?trk=content_footer-privacy-policy and https://de.linkedin.com/legal/cookie-policy

Where processing is based on Art. 6(1) Sentence 1(f) GDPR, you may object to such processing. Your right of objection exists if you have reasons arising from your particular situation. You may send your objection by post to BWH Hotels Central Europe GmbH, Frankfurter Straße 10–14, 65760 Eschborn, or by email to info@bwhhotels.de. Upon request, we will provide you with information about the balancing of interests free of charge.

LinkedIn Live

We use the LinkedIn Live function to stream live video content via our LinkedIn page and to interact with our audience. For this purpose, we use a streaming tool that enables us to create, design and transmit live streams. Our objective in using LinkedIn Live is to engage directly with our target audiences in real time, to convey information and to increase our visibility on LinkedIn. When you view our live video content, your personal data is processed. This includes in particular your contact and profile data, technical data such as your IP address, browser and device information, data about the time of access to the stream, its duration and any clicks you make, as well as interaction data relating to your reactions or your communication within the stream. The legal basis for processing in the context of the use of LinkedIn Live is your consent pursuant to Art. 6(1) Sentence 1(a) GDPR, or, where biometric data (facial features, voice) are concerned, pursuant to Art. 9(2)(a) GDPR. We store your data until you withdraw your consent or until the purpose has been achieved. For further information about the protection of your data and how long LinkedIn stores your data, please refer to: https://www.linkedin.com/legal/privacy-policy?trk=content_footer-privacy-policy and https://de.linkedin.com/legal/cookie-policy

You can withdraw your consent to the processing at any time by sending an email to info@bwhhotels.d . This does not affect the lawfulness of the processing carried out on the basis of the consent prior to the withdrawal.

When using LinkedIn Live, we engage the following service providers, who are recipients of your personal data:

StreamYard Inc. (169 Madison Ave, Suite 11218, New York, NY 10016). StreamYard also processes the data in part in the US. So-called standard contractual clauses have been concluded with StreamYard in order to commit StreamYard to an appropriate level of data protection. For further information about data processing by StreamYard, please refer to: https://support.streamyard.com/hc/en-us/articles/15401585037204-Privacy-Policy

Data transfers outside the European Union

LinkedIn also processes the data in part in the US. The EU Commission has issued an adequacy decision for data transfers to the US, under which LinkedIn is certified. You can view the certification here. In addition, we have entered into standard contractual clauses with LinkedIn to ensure that it maintains an appropriate level of data protection. A copy of the standard contractual clauses is available on request. You can also request them from LinkedIn or view them here. For more information, please refer to: https://www.linkedin.com/help/linkedin/answer/62533

Questions about data protection

If you have any questions about data protection with regard to our company or our LinkedIn page, you can contact our data protection officer:

SPIRIT LEGAL Rechtsanwaltsgesellschaft
mbH Attorney-at-law and data protection officer
Peter Hense
Postal address:
Data protection officer
c/o BWH Hotels Central Europe GmbH, Frankfurter Straße 10–14, 65760 Eschborn
Contact via encrypted online form: Contact data protection officer

Your data protection rights:

You have the following rights with regard to the personal data concerning you that you can assert against us:

Right of access: You can request access to the personal data concerning you which we process, as set forth in Art. 15 GDPR.
Right to rectification: If the information concerning you is not (or no longer) correct, you can request its rectification in accordance with Art. 16 GDPR. If your data is incomplete, you can request that it be completed.
Right to erasure: You may request the erasure of your personal data in accordance with Art. 17 GDPR.
Right to restriction of processing: Pursuant to Art. 18 GDPR, you have the right to demand that the processing of your personal data be restricted.
Right to object to processing: Pursuant to Art. 21(1) GDPR, you have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data which occurs based on Art. 6(1) Sentence 1(e) or (f) GDPR. If you object, we will not process your data further, unless we can prove compelling legitimate reasons for the processing which override your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend legal claims (Art. 21(1) GDPR). Furthermore, under Art. 21(2) GDPR you have the right to object at any time to the processing of your personal data for direct marketing purposes, which includes profiling to the extent that this is related to such direct marketing. In this privacy policy, we draw your attention to this right to object when describing each processing operation.
Right to withdraw your consent: If you have given your consent for processing, you have a right to withdraw that consent under Art. 7(3) GDPR.
Right to data portability: You have the right to receive the personal data you have given us in a structured, commonly used, machine-readable format (“data portability”) and the right to transfer this data to another controller, if the prerequisites of Art. 20(1)(a), (b) GDPR are fulfilled (Art. 20 GDPR).

You may exercise your rights by informing us by post: BWH Hotels Central Europe GmbH, Frankfurter Straße 10–14, 65760 Eschborn; by sending an email to info@bwhhotels.de; or by contacting our data protection officer.

Processing within the framework of joint controllership for LinkedIn Page Insights and Matched Audiences

In operating our LinkedIn page, we receive, via the Page Insights function, statistical evaluations of the reach of and user interactions with our posts, videos, content and replies on our LinkedIn page. When processing personal data for the creation of these statistical evaluations and reports within the respective analysis and insights functions, we are joint controllers together with LinkedIn. The purpose of this analysis in connection with Page Insights is to produce statistical evaluations that enable us to adapt and improve customer/guest communication and marketing activities on our LinkedIn page, and through which we can analyse the use of our LinkedIn page.

When you visit our LinkedIn page or use the community and application functions, LinkedIn collects your IP address and other information about your use of our page in the form of cookies and similar tracking technologies (e.g. pixels and Insight Tags) in the browser of your device or when you access the LinkedIn app via your mobile device (e.g. smartphone or tablet). In addition, LinkedIn processes data that the user provides to LinkedIn via their profile, such as function, industry, region, company affiliation, company size and employment status. The information collected is used to create the statistical evaluation for us as the operator of our LinkedIn company pages.

The statistical evaluation by means of Page Insights for operators of LinkedIn company pages contains aggregated data and anonymised statistics on the use of our LinkedIn page by LinkedIn users in the form of (campaign) reports, in particular regarding the attractiveness of our posts and content. In addition, metrics are generated on the number of users reached, the number of clicks and interactions on posts, likes, comments and messages, as well as the number of visitors and followers of our LinkedIn page. The evaluation also includes aggregated data and anonymised information about the users of our LinkedIn page, such as job title, function, industry, company size, employment status, length of service and demographic information relating to country.

For this purpose, LinkedIn measures the reach of our posts, mentions, events, etc., on the basis of the types of access sources, external accesses via websites and apps, impressions (e.g. followers), and how these led to interactions. Interactions with our posts are also recorded, such as the total number of user interactions with a post. This includes all clicks on the post, including comments, likes, messages, “follows”, links and embedded media.

Our legal basis for the processing of the information from the statistical evaluation is Art. 6(4) GDPR in conjunction with Art. 6(1) Sentence 1(f) GDPR. Our legitimate interest in receiving statistical evaluations lies in improving and tailoring our marketing activities on the basis of the information collected and in the ability to learn more about user interaction on our LinkedIn page. For information about the protection of your data and how long LinkedIn stores data in relation to Page Insights, please refer to: https://www.linkedin.com/legal/privacy-policy?trk=content_footer-privacy-policy and https://de.linkedin.com/legal/cookie-policy

Matched Audiences

We use a “customer matching” function called Matched Audiences in order to carry out targeted advertising and to re-engage existing customers. In this context, LinkedIn processes personal data previously provided by our customers or users – for example in the course of a booking or when registering for a newsletter – which is collected by means of corresponding tags and then transmitted to LinkedIn, such as last/first names and email addresses. The information processed here is converted into checksums (known as hash values) using cryptographic methods (Secure Hashing Algorithm 256, or SHA 256) before being transmitted to LinkedIn. After the transfer, LinkedIn automatically compares and evaluates this pseudonymised customer information with available information from LinkedIn accounts. Where such comparison results in a match, this information is used to create audience segments that are used to deliver targeted ads within the LinkedIn social network. If the comparison does not result in a match, the hash values are erased. With regard to the storage of and access to information on your device and the hashing of your personal data, your consent is the legal basis pursuant to Sect. 25(1) TDDDG; for further processing, your consent is also the legal basis pursuant to Art. 6(1) Sentence 1(a) GDPR. We erase audiences at regular intervals depending on the duration of the campaign, usually after no more than 180 days.

As the operator of the LinkedIn company page, we do not collect or process any personal data other than that mentioned above in connection with LinkedIn Page Insights. For more information about the analysis functions and the processing of your personal data by LinkedIn for the provision of Page Insights to operators of company pages, please refer to: https://legal.linkedin.com/pages-joint-controller-addendum and https://www.linkedin.com/help/linkedin/answer/4499/linkedin-page-analytics-overview?lang=en

You may object to the processing. Your right of objection exists if you have reasons arising from your particular situation.

You may send us your objection by post to BWH Hotels Central Europe GmbH, Frankfurter Straße 10–14, 65760 Eschborn, or by email to: info@bwhhotels.de Upon request, we will provide you with information about the balancing of interests free of charge.

LinkedIn also processes the data in part in the US. The EU Commission has issued an adequacy decision for data transfers to the US. LinkedIn Corporation is certified under this. In addition, we have entered into standard contractual clauses with LinkedIn Corporation in order to commit LinkedIn Corporation to an appropriate level of data protection. You can request a copy of the standard data protection clauses from LinkedIn at: https://www.linkedin.com/help/linkedin/ask/ppq

Questions about data protection

If you have any questions about data protection with regard to our LinkedIn page, you can contact our data protection officer:

If you have any questions about data protection with regard to joint controllership, you can contact the responsible data protection officer for LinkedIn via: https://www.linkedin.com/help/linkedin/ask/TSO-DPO; online via: https://www.linkedin.com/help/linkedin/ask/ppq; or by post at LinkedIn Ireland Unlimited Company, Attn: Legal Dept. (Privacy Policy and User Agreement), Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Your data protection rights:

You have the following rights with regard to the personal data concerning you that you can assert against us:

Right of access: You can request access to the personal data concerning you which we process, as set forth in Art. 15 GDPR.
Right to rectification: If the information concerning you is not (or no longer) correct, you can request its rectification in accordance with Art. 16 GDPR. If your data is incomplete, you can request that it be completed.
Right to erasure: You may request the erasure of your personal data in accordance with Art. 17 GDPR.
Right to restriction of processing: Pursuant to Art. 18 GDPR, you have the right to demand that the processing of your personal data be restricted.
Right to object to processing: Pursuant to Art. 21(1) GDPR, you have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data which occurs based on Art. 6(1) Sentence 1(e) or (f) GDPR. If you object, we will not process your data further, unless we can prove compelling legitimate reasons for the processing which override your interests, rights and freedoms or, moreover, the processing serves to establish and exercise or defend legal claims (Art. 21(1) GDPR). Furthermore, under Art. 21(2) GDPR you have the right to object at any time to the processing of your personal data for direct marketing purposes, which includes profiling to the extent that this is related to such direct marketing. In this privacy policy, we draw your attention to this right to object when describing each processing operation.
Right to withdraw your consent: If you have given your consent for processing, you have a right to withdraw that consent under Art. 7(3) GDPR.
Right to data portability: You have the right to receive the personal data you have given us in a structured, commonly used, machine-readable format (“data portability”) and the right to transfer this data to another controller, if the prerequisites of Art. 20(1)(a), (b) GDPR are fulfilled (Art. 20 GDPR).

You may exercise your rights by informing us by post: BWH Hotels Central Europe GmbH, Frankfurter Straße 10–14, 65760 Eschborn; or by sending an email to: info@bwhhotels.de. If you believe that the processing of your personal data violates data protection law, then under Art. 77 GDPR you also have the right to lodge a complaint with a data protection supervisory authority of your choice. With regard to joint controllership in the context of the processing operations of Page Insights, the Irish Data Protection Commission is the competent supervisory authority: Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland.

Notwithstanding this, you can independently make settings within your LinkedIn account in the “Privacy” or “Data Privacy” section under “Settings & Privacy”. Here you will find various options under the heading “How LinkedIn uses your data”, where in particular you can adjust the data processed and the settings regarding the placing of cookies (https://www.linkedin.com/psettings/data-log). In your LinkedIn account settings you can also find out more about exercising your rights as a data subject and, for example, request a copy of the data processed about you (https://www.linkedin.com/psettings/member-data). You can also contact the data protection officer responsible for LinkedIn at: https://www.linkedin.com/help/linkedin/ask/TSO-DPO

Processing under LinkedIn’s independent controllership

We have no knowledge of how LinkedIn uses personal data for its own purposes, how long LinkedIn stores data or whether LinkedIn discloses data to third parties.

If you are currently logged in to LinkedIn as a user, a cookie with your LinkedIn identifier or a link between your LinkedIn ID and the advertising ID is present on your device when you access the LinkedIn app via your mobile device (e.g. smartphone or tablet). This enables LinkedIn to trace the fact that you have accessed a LinkedIn account or content and how you have used it. The same applies to all other LinkedIn content or LinkedIn pages. LinkedIn also receives and processes information when, for example, you view content, even if you have not created a LinkedIn account. Such so-called “log data” may include your IP address, browser type, operating system, information about the previously visited website and the pages you accessed, your location, your mobile operator, the device you use (including device ID and application ID), the search terms you used and cookie information. Through LinkedIn buttons or plug-ins embedded in websites, LinkedIn is also able to record your visits to those websites and associate them with your LinkedIn account.

LinkedIn also processes your freely given data, such as name and username, email address, telephone number, profile information, password, any contacts from your address book (if you synchronise your address book with LinkedIn), calendar data and, where applicable, your profile picture. In addition, payment and billing information (e.g. credit card details) may be processed if you register for a LinkedIn Premium service. LinkedIn also analyses the content you share or create to determine the topics in which you are interested, processes and scans messages you send directly to other users for the purpose of providing suggested replies, and may also determine your location on the basis of GPS data, information on wireless networks or your IP address.

This data can be used to tailor content or advertising to you. Where advertising is displayed to you on LinkedIn, we have no influence over which ads are selected. LinkedIn controls the ads on the basis of your usage behaviour within LinkedIn. If you wish to avoid this, you should log out of LinkedIn or deactivate the “stay logged in” function, delete the cookies stored on your device, and close and restart your browser, or deactivate the advertising IDs (IDFA for Apple and GAID for Google) on your mobile device. In this way, LinkedIn information that can directly identify you will be erased. This enables you to use our LinkedIn page without your device’s advertising identifier being disclosed. When you access interactive functions (likes, shares, etc.), a new browser window opens and LinkedIn is called up. After logging in, you will again be recognisable to LinkedIn as a specific user.

You can restrict the processing of your data in the general settings of your LinkedIn account, under “Privacy” or “Data privacy”. In addition, on mobile devices (smartphones, tablets) you can restrict LinkedIn’s access to contact and calendar data, photos, location data, etc., in the respective settings. This, however, depends on the operating system used.

Information about the conclusions LinkedIn draws regarding you can be found here: https://de.linkedin.com/legal/privacy-policy For information about the available personalisation and privacy settings, please refer to: https://www.linkedin.com/help/linkedin/answer/1569/ihre-konto-und-datenschutzeinstellungen-verwalten-ubersicht?lang=de

By using LinkedIn, your personal data is also transferred to and processed by LinkedIn Corporation and, irrespective of your place of residence, transferred to and processed in the United States, Ireland and any other country in which LinkedIn Corporation conducts business. The EU Commission has issued an adequacy decision for data transfers to the US, which can be viewed here. LinkedIn provides standard contractual clauses on request, by which LinkedIn has undertaken to comply with an appropriate level of data protection. You can submit such a request via the following contact form: https://LinkedIn.ethicspointvp.com/custom/LinkedIn/forms/data/form_data.asp

For more information about the personal data collected by LinkedIn, how such data is used and the storage period, please refer to: https://de.linkedin.com/legal/privacy-policy and https://de.linkedin.com/legal/cookie-policy

Meta Custom Audiences | Lookalike Audiences

Our website also uses the Website Custom Audience targeting feature for ads, which is provided by Meta (the provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, and Meta Platforms Inc. 1601 Willow Rd, Menlo Park, California, US; hereinafter referred to as “Meta”). So-called web beacons, such as the Meta Pixel, are used to record information about how you use our website, which is then processed by Meta. This allows visitors to our website to be matched with users on Meta. This makes it possible to display interest-based ads (“Meta Ads”) to users of the website, and users of Meta who belong to a comparable audience, when they visit the Meta social network and to analyse their interactions with our website. We also use Meta’s extended Lookalike Audience feature to create new audiences/recipients based on an original audience defined by us, to whom we can then serve interest-based ads when they visit the Meta social network. Meta then uses this original audience to identify new audiences based on our pre-defined criteria, such as interests (“lookalike audience”). Your browser uses Meta Pixels – small graphics that are also embedded on our website, are automatically loaded when you visit our website, and enable tracking of user activity – to automatically establish a direct connection to the Meta server. Embedding Meta Pixels allows Meta to process the information generated in this way about the use of our website by your device – such as the fact you accessed a specific website – and to process the access data mentioned under “Using our website” , in particular the IP address, browser information, Meta ID, device ID, language settings, date and time of the server request and event data such as page views, button views and other interactions for the purpose of serving personalised ads. For this purpose, it is also possible to determine whether different devices belong to you or to your household. If you are registered with a Meta service, Meta can associate the information recorded with your user account. Even if you are not registered with Meta or have not logged in, it is possible that the provider will obtain and process your IP address and other identifying information. With regard to the storage of and access to information on your device, your consent is the legal basis pursuant to Sect. 25(1) of the Telecommunications and Digital Services Data Protection Act (TDDDG); for further processing, your consent is also the legal basis pursuant to Art. 6(1) Sentence 1(a) GDPR. Meta also processes the data in part in the US. The EU Commission has issued an adequacy decision for data transfers to the US. Meta Platforms, Inc. is certified under this. Standard data protection clauses have also been concluded with Meta Platforms, Inc. in order to commit Meta Platforms, Inc. to an appropriate level of data protection. You can request a copy of the standard data protection clauses from Meta at: www.facebook.com/help/contact/341705720996035. The information in Facebook cookies will be stored for a maximum of 90 days.

For further information about the protection of your data and how long Meta stores your data, please refer to: www.facebook.com/privacy/policy/ and www.facebook.com/policies/cookies/

You can withdraw your consent to the processing at any time by moving the slider back in the Advanced Settings of the consent tool www.bwhhotels.de/en/. This does not affect the lawfulness of the processing carried out on the basis of the consent prior to the withdrawal.

When using the aforementioned Meta Business Tools, your personal data (Business Tools data) will be processed both by us and by Meta. The processing of personal data described above in connection with the use of Meta Business Tools and, in particular, the processing of your hashed contact data and event data, i.e. information obtained in connection with the analysis of your interactions with our website or online presence, is carried out by us and Meta as joint controllers in accordance with Art. 26 GDPR, whereby the responsibility for fulfilling the data protection obligations under the GDPR may vary depending on the processing phase. The purpose of the processing is to optimise the relevant marketing campaigns and analyses, in particular the comparison with Meta user IDs for serving targeted ads, for which we use Meta Business Tools as a means.

We have entered into a joint controllership agreement with Meta in accordance with Art. 26(1) Sentence 2 GDPR and defined who fulfils the applicable obligations under the GDPR for each processing phase:

As BWH, we are independently responsible for the processing of personal data processed in Meta Business Tools used to conduct analysis, measure audience reach and generate campaign reports, and for matching it with user IDs, including combining it with event data collected.
We are jointly responsible with Meta Ireland Limited for the collection and transmission of event data and the Meta Pixels embedded on our website, including the Meta Conversions API.
In addition, Meta is an independent controller pursuant to Art. 4 No. 7 GDPR, in particular for any downstream processing of personal data contained in Meta Business Tools.

You may exercise your rights as a data subject against both us and Meta. We and Meta will notify each other without undue delay of any rights exercised by data subjects. We will provide each other with all the information necessary to respond to the relevant requests from data subjects. Irrespective of the responsibility for the respective processing phases in connection with the use of Meta Business Tools, we provide data subjects with the necessary information in accordance with Art. 13 and 14 GDPR and in accordance with Art. 26(2) GDPR in the context of this data protection information in a concise, transparent, intelligible and easily accessible form, using clear and simple language, free of charge. We and Meta provide each other with all the necessary information from our respective areas of responsibility.

The legal basis for the joint processing is your consent according to Sect. 25(1) TDDDG and for the further processing Art. 6 (1) Sentence 1(a) GDPR. For further information about the processing, in particular in the context of joint processing with Meta, please visit: www.facebook.com/legal/terms/businesstools_jointprocessing, www.facebook.com/legal/terms/businesstools/preview and www.facebook.com/about/privacy. You can access the agreement concluded with Meta regarding joint controllership in connection with Meta Business Tools at: www.facebook.com/legal/controller_addendum

Microsoft Ads (formerly Bing Ads)

Our website uses the tracking features of Bing Ads, which is provided by Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, US; hereinafter referred to as “Microsoft” and “Microsoft Ads”). Microsoft stores a cookie on the user’s device to measure the reach of our ads and to enable us to attribute the success of an ad. The Microsoft Ads online advertising service uses technologies such as cookies, tracking pixels and device fingerprinting in order to serve ads that are relevant to users and to improve campaign performance reports. This involves processing information that is stored on users’ devices. Microsoft Ads makes it possible to display interest-based ads to users that are related to search results in Bing and Yahoo search engines. Ads may also refer to products and services that users have already viewed on our website. For this purpose, analyses are first performed of user interaction on our website, such as which offers users are interested in, so that we can display targeted advertising to the users on other sites after they have left our website. When users visit our website, Microsoft Ads stores a cookie on the user’s device. Microsoft uses cookies and tracking pixels to process the information generated by users’ devices about the use of our website and interactions with our website as well as access data, in particular the IP address, browser information, the website visited before and the date and time of the server request, across devices for the purpose of serving and analysing personalised ads. For this purpose, it is also possible to determine whether different devices belong to you or to your household. In addition, the Microsoft Ads online advertising service allows us to measure the reach of our ads and to track the success of a particular ad. This involves using “ad server cookies”, which can be used to measure certain reach measurement parameters, such as the display of ads, how long they were viewed, or clicks by users. With regard to the storage of and access to information on your device, your consent is the legal basis pursuant to Sect. 25(1) of the Telecommunications and Digital Services Data Protection Act (TDDDG); for further processing, your consent is also the legal basis pursuant to Art. 6(1) Sentence 1(a) GDPR. Microsoft also processes the data in part in the US. The EU Commission has issued an adequacy decision for data transfers to the US. Microsoft Corporation is certified under this. In addition, so-called standard contractual clauses have been concluded with Microsoft Corporation in order to commit Microsoft Corporation to an appropriate level of data protection. A copy of the standard contractual clauses can be requested at: go.microsoft.com/fwlink/p/. The information in Microsoft Ads cookies will be stored for a maximum of 14 months. For more information about the protection of your data and how long Microsoft Ads stores your data, please refer to: www.microsoft.com/de-de/privacy/privacystatement