Privacy policy of appartello Berlin GmbH

We are pleased that you are visiting our website and thank you for your interest in our hotel. The protection of personal data is important to us. Therefore, the processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, is carried out in accordance with the applicable European and national legislation.

If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.

In the following, appartello Berlin GmbH (hereinafter referred to as "we", "us", etc.) would like to inform the public about the type, scope and purpose of the personal data it processes. Furthermore, data subjects are informed of their rights by means of this privacy policy.

Right to revoke any consent you may have given for data processing

If the data processing is based on Art. 6 para. 1 lit. a GDPR, i.e. your express consent, you have the right to revoke this consent at any time (pursuant to Art. 7 para. 3 sentence 1 GDPR). The respective legal basis on which processing is based can be found in this privacy policy.

The lawfulness of the data processing carried out until the revocation remains unaffected by the revocation (pursuant to Art. 7 para. 3 sentence 2 GDPR).

Right to object to data collection in special cases and to direct advertising

IF THE DATA PROCESSING IS BASED ON ART. 6 ABS. 1 LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA CONCERNED UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 PARA. 1 GDPR).

IF YOUR PERSONAL DATA ARE PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21 PARA. 2 GDPR).

Definitions of terms

Our data protection declaration is based on the terms used by the European legislator for the adoption of the EU General Data Protection Regulation (hereinafter referred to as "GDPR"). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance.

We use the following terms, among others, in this privacy policy and on our website:

Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject" or "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients.

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Rights of the data subject

As a data subject affected by the processing of your data, you can assert certain rights against us in accordance with the GDPR and other relevant data protection regulations. In particular, you have the following rights as a data subject under the GDPR

Right to information

You can request information from us at any time about the data we hold about you. This information concerns, among other things, the categories of data processed by us, the purposes for which we process them, the origin of the data if we have not collected them directly from you and, if applicable, the recipients to whom we have transmitted your data. You can receive a copy of your data from us free of charge. If you are interested in further copies, we reserve the right to charge you for the additional copies.

Right to rectification

You can request that we correct your data. We will take reasonable steps to keep the data we hold and process about you accurate, complete and up to date, based on the most recent information available to us.

Right to erasure

You can request that we erase your data if the legal requirements for this are met. In accordance with Art. 17 GDPR, this may be the case if, for example

the data is no longer required for the purposes for which it was collected or otherwise processed;
you withdraw your consent, which is the basis for the data processing, and there is no other legal basis for the processing
you object to the processing of your data and there are no overriding legitimate grounds for the processing, or you object to data processing for direct marketing purposes
the data has been processed unlawfully
if the processing is not necessary
to ensure compliance with a legal obligation that requires us to process your data, in particular with regard to statutory retention periods
to assert, exercise or defend legal claims.

Right to restriction of processing

You can demand that we restrict the processing of your data if

you contest the accuracy of the data, for the period necessary for us to verify the accuracy of the data;
the processing is unlawful and you oppose the erasure of your data and request the restriction of its use instead;
we no longer need your data, but you need it to assert, exercise or defend legal claims
you have objected to processing pending the verification whether our legitimate grounds override yours.

Right to data portability

At your request, we will transfer your data to another controller if this is technically possible. However, you only have this right if the data processing is based on your consent or is necessary to fulfil a contract. Instead of receiving a copy of your data, you can also ask us to transfer the data directly to another controller specified by you.

Right to object

You can object to the processing of your data at any time for reasons arising from your particular situation, provided that the data processing is based on your consent or on our legitimate interests or those of a third party. In this case, we will no longer process your data. The latter does not apply if we can demonstrate compelling legitimate grounds for the processing which override your interests or if we need your data for the establishment, exercise or defence of legal claims.

Right to withdraw consent under data protection law

You have the right to withdraw your consent to the processing of personal data at any time.

Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the EU General Data Protection Regulation (GDPR), other data protection laws applicable in the Member States of the European Union or other provisions of a data protection nature. A list of the state data protection officers and their contact details can be found at the following link

https:// www.bfdi.bund.de/DE/Service/Anschriften/anschriften_table.html

The data protection supervisory authority responsible for us is

The Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Str. 22
20459 Hamburg
Phone: +49 40 42854-4040
E-mail: mailbox@datenschutz.hamburg.de

Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis.

When processing personal data that is necessary for the fulfilment of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which we are subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

Routine erasure and blocking of personal data

The controller processes (in this sense also: stores) personal data of the data subject only for the period necessary to achieve the purpose of storage or if this has been provided for by the European Directive and Regulation Giver or another legislator in laws or regulations to which the controller is subject.

If the storage purpose no longer applies or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be routinely blocked or erased in accordance with the statutory provisions.

Cooperation with processors and third parties

If we disclose data to other persons and companies (processors or third parties) as part of our processing, transfer it to them or otherwise grant them access to the data, this is only done on the basis of legal permission (e.g. if the transfer of data to third parties, such as payment service providers, is necessary for the fulfilment of the contract in accordance with Art. 6 para. 1 lit. b GDPR), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

If we commission third parties to process data on the basis of a so-called "order processing contract", this is done on the basis of Art. 28 GDPR.

Data protection for applications and in the application process

The controller collects and processes the personal data of applicants for the purpose of handling the application process. Processing may also be carried out electronically. This is particularly the case if an applicant submits relevant application documents electronically, for example by e-mail, to the controller. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, unless deletion conflicts with any other legitimate interests of the controller. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

Information on video surveillance on site

Video surveillance is a particularly intensive form of personal data processing. Almost everyone feels uncomfortable when they are under video surveillance. This is also referred to as "surveillance pressure". Not being exposed to this pressure is almost a basic human need.

However, another human need is the desire for security. Individuals and communities, but also inanimate things such as objects and systems, benefit greatly from an environment that is free from security risks or dangers.

Video surveillance is subject to strict data protection regulations for good reasons. On the other hand, the security interests of the person responsible must also be assessed fairly. After all, these interests are often not limited to the controller alone. Employees, interested parties, suppliers, customers, tenants, guests, visitors, etc. may also have a need for security, which can be satisfied by the appropriate and sensible use of video surveillance.

Even if some of the following information is already mentioned elsewhere in this privacy policy, we would like to list all information in this text section, as it can also be found in a downstream video sign (information sheet according to Art. 13 GDPR):

Name and contact details of the controller and, if applicable, their representative:

To be found at the bottom of this privacy policy.

Contact details of the data protection officer:

Can be found at the bottom of this privacy policy

Purposes and legal basis of data processing:

Investigation and detection of criminal offences and other security-relevant events.

Art. 6 para. 1 lit. f EU General Data Protection Regulation.

Legitimate interests that are pursued:

Security of employees, suppliers, guests, visitors, etc.

Protection of property, exercise of domiciliary rights.

Storage duration or criteria for determining the duration:

Image data is usually deleted from our properties after 72 hours at the latest, provided that the purpose for which it was stored no longer applies at this time.

In doing so, we are following a recommendation of the independent federal and state data protection authorities (Data Protection Conference - DSK).

With a storage period of 72 hours, according to the DSK's reasoning, the monitoring party can regularly pursue its security interests, while at the same time the interests of the data subjects worthy of protection are safeguarded.

If necessary, a special surveillance purpose may justify a longer storage period. However, this must be sufficiently justified.

Recipients or categories of recipients of the data (if data transfer takes place):

The controller will not transfer the personal data to a third country or an international organisation

Information on the rights of data subjects

See also the section "Rights of the data subject" at the top of this privacy policy. The following applies to video surveillance in summary:

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the information specified in Art. 15 GDPR.

The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her and, where applicable, the completion of incomplete personal data (Art. 16 GDPR).

The data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the grounds listed in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued(right to erasure).

The data subject has the right to obtain from the controller restriction of processing where one of the conditions listed in Art. 18 GDPR applies, e.g. if the data subject has objected to processing, for the duration of the verification by the controller.

The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her. The controller will then no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims (Art. 21 GDPR).

Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to him or her infringes the GDPR (Art. 77 GDPR). The data subject may exercise this right before a supervisory authority in the Member State of their habitual residence, place of work or place of the alleged infringement. The competent supervisory authority in Hamburg is

The Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Str. 22
20459 Hamburg
Phone: +49 40 42854-4040
E-mail: mailbox@datenschutz.hamburg.de

Data security

We take numerous technical and organisational measures to protect your personal data against unintentional or unlawful deletion, alteration or loss and against unauthorised disclosure or access.

Nevertheless, internet-based data transmissions, for example, can generally have security gaps, meaning that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

Encryption

This site uses TLS encryption for security reasons and to protect the transmission of confidential content, such as the enquiries you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in the browser line.

If encryption is activated, the data you transmit to us cannot be read by third parties.

Collection of general data and information

Our website collects a range of general data and information each time the website is accessed by a data subject or an automated system. This general data and information is stored in the server log files. The following can be recorded

the browser types and versions used
the operating system used by the accessing system
the website from which an accessing system reaches our website (so-called referrer)
the sub-websites that are accessed via an accessing system on our website
the date and time of access to the website
a web protocol address (IP address)
the internet service provider of the accessing system
other similar data and information used for security purposes in the event of attacks on our information technology systems

When using this general data and information, we do not draw any conclusions about the data subject. Rather, this information is required to

deliver the content of our website correctly
optimise the content of our website and any advertising for it
ensure the long-term functionality of our information technology systems and the technology of our website
provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack

This collected data and information is therefore analysed by us both statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

This data is not merged with other data sources.

This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website - the server log files must be recorded for this purpose.

Enquiry by email, telephone or fax

If you contact us by e-mail, telephone or fax, we will store and process your enquiry including all personal data (name, enquiry) for the purpose of processing your request. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.

The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

Data transmission from forms

The data subject has the option of registering on the controller's website by providing personal data for data transmission via forms. Which personal data is transmitted to the controller is determined by the respective input mask used for the entries. The personal data entered by the data subject is collected and stored exclusively for internal use by the controller and for the controller's own purposes. Data transmission from forms is always encrypted.

The controller may arrange for the data to be passed on to one or more processors (e.g. a parcel service provider), who will also use the personal data exclusively for internal use attributable to the controller.

When data is transmitted on the controller's website, the IP address assigned by the data subject's Internet service provider (ISP), the date and time of the transmission are also stored. This data is stored against the background that this is the only way to prevent misuse of the services offered and, if necessary, to enable criminal offences and copyright infringements to be investigated. In this respect, the storage of this data is necessary to safeguard the controller. This data is not passed on to third parties unless there is a legal obligation to pass it on or the passing on serves the purpose of criminal or legal prosecution.

The registration of the data subject with voluntary provision of personal data serves the controller to offer the data subject content or services which, due to the nature of the matter, can only be offered to these users.

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.

DialogShift chat application and other communication services

Our website uses the communication services of DialogShift GmbH, Torstr. 201, 10115 Berlin (hereinafter referred to as "DialogShift").

These include a chat application, e-mail communication and telephone communication. The applications process (in this sense also: store) data for the purpose of web analysis, operating the communication services and responding to enquiries.

To operate the chat function, the chat texts are saved and a cookie with a unique ID is set - this is used to recognise you as a customer. In the case of e-mail and telephone communication, the communication content is also stored temporarily to ensure eﬃcient processing of your enquiries.

A cookie is a small text file that is stored locally in the cache on your device. With the help of this cookie, our application recognises the device and can call up past chat logs. This cookie is stored for 90 days since it was last used. You can deactivate the storage of cookies in your browser settings. However, the chat function cannot be executed without the use of cookies.

The possible disclosure of e.g. name, e-mail address or a telephone number is voluntary and with your consent to temporarily use and store this data for the purpose of establishing contact until the end of the contact.

This personal data will be deleted after 90 days. When using the Journey Messaging Service, your contact details may also be used for the transmission of travel-related information (such as check-in information) if you have consented to this.

The legal basis for data processing is in accordance with Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TDDDG on the basis of your consent.

We have concluded an order processing contract with DialogShift in accordance with Art. 28 para. 3 GDPR. This is a contract in which DialogShift undertakes to protect the data of our users, to process it on our behalf in accordance with its data protection provisions and, in particular, not to pass it on to third parties.

DialogShift offers further information on the processing (in this sense also: collection and use) of the data as well as on your rights and options for protecting your privacy at https://www.dialogshift.com/datenschutz.

Booking system OnePageBooking

We use the OnePageBooking service from HotelNetSolutions GmbH, Genthiner Straße 8, 10785 Berlin for online room reservations. Click on the corresponding button to open a browser window which will redirect you to the OnePageBooking website.

If you would like to book a room with us, it is necessary for the conclusion of the contract that you provide your personal data, which we need to process your booking. Mandatory information required for the processing of contracts is marked separately, other information is voluntary. The data is entered into an input mask and transmitted to us and stored.

Data is also passed on to the relevant payment service providers. Data will only be passed on to third parties if this is necessary for the purpose of processing the contract or for billing purposes or to collect the payment or if you have expressly consented to this. In this respect, we only pass on the data required in each case. The data recipients are: the respective delivery/shipping company (forwarding of name and address), debt collection companies if the payment has to be collected (forwarding of name, address, order details), payment institutions for the purpose of collecting receivables if you have selected direct debit as the payment method and payment service providers - depending on the payment method selected.

The legal basis is Art. 6 para. 1 lit. b GDPR. With regard to the voluntary data, the legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR. There is an order processing contract between us and HotelNetSolutions GmbH.

The mandatory data collected is required to fulfil the contract with the user (for the purpose of providing the goods or services and confirming the content of the contract). We therefore use the data to answer your enquiries, to process your booking, to check your creditworthiness or to collect a debt and for the technical administration of the website. The voluntary information is provided to prevent misuse and, if necessary, to investigate criminal offences.

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. Due to commercial and tax law requirements, we are obliged to store your address, payment and order data for a period of ten years after fulfilment of the contract. However, we restrict processing after 6 years, i.e. your data will only be used to fulfil legal obligations. If there is a continuing obligation between us and the user, we store the data for the entire term of the contract and for a period of 10 years thereafter (see above). With regard to the data provided voluntarily, we will delete the data 6 years after fulfilment of the contract, unless another contract is concluded with the user during this time; in this case, the data will be deleted 6 years after fulfilment of the last contract.

If the data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion. Otherwise, you are free to have the personal data provided during registration completely deleted from the controller's database. With regard to the voluntary data, you can declare your cancellation to the controller at any time. In this case, the voluntary data will be deleted immediately.

Information on data protection at HotelNetSolutions GmbH can be found here: https://hotelnetsolutions.de/Datenschutz/

Newsletter dispatch

If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. No further data is collected, or only on a voluntary basis. We use this data exclusively for sending the requested information and for the purpose of statistically analysing the newsletter campaigns.

When you open a sent email, a file contained in the email (known as a "web beacon") connects to our servers. This allows us to determine whether a newsletter message has been opened and how many links have been clicked on. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients.

If you do not wish to be analysed, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.

Data processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the cancellation.

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted from the servers after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this.

OptinMonster

OptinMonster is a plugin from Retyp LLC, 7732 Maywood Crest Dr., West Palm Beach, FL 33412, USA. This enables us to provide our visitors with additional offers via pop-up layers on our website, for example to enable them to register their e-mail address for a newsletter or to draw attention to promotions.

OptinMonster uses cookies for this purpose. Personal data is only collected through an active action by the customer (e.g. the customer registers for the newsletter via a pop-up). OptinMonster does not store the collected data on its own servers, but forwards such data directly to us.

The data entered in a form is processed exclusively on the basis of the consent given in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. The consent given for the use and storage of the data can be revoked at any time with effect for the future.

We have concluded an order processing contract with OptinMonster within the meaning of Art. 28 para. 3 GDPR, in which we oblige OptinMonster to protect your data in accordance with the applicable provisions of the GDPR.

The setting of cookies required for the use of the plugin can be prevented by deleting existing cookies and deactivating the automatic setting of cookies in the web browser settings.

Further information and details on the handling of personal data by OptinMonster can be found in OptinMonster's privacy policy at https://optinmonster.com/privacy/ (in English)

Links to other websites

This website contains links to other websites (so-called external links).

As the provider, we are responsible for our own content in accordance with the applicable European and national legislation. Links to content provided by other providers must be distinguished from our own content. We have no influence on whether the operators of other websites comply with the applicable European and national legal provisions. Please refer to the data protection declarations provided on the respective websites.

Cookies

We use cookies to make our website user-friendly for you and to optimise it to your needs. Cookies are small text files that are sent from a web server to your browser and stored locally on your end device (PC, notebook, tablet, smartphone, etc.) as soon as you visit a website.

Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a character string that allows websites and servers to be assigned to the specific web browser in which the cookie was stored. This enables the websites and servers visited to distinguish the individual browser of the data subject from other web browsers that contain other cookies. A specific web browser can be recognised and identified via the unique cookie ID. This information is used to automatically recognise you when you visit the website again with the same end device and to make navigation easier for you.

You can also consent to or reject cookies - including for web tracking - via your web browser settings. You can configure your browser so that the acceptance of cookies is refused in principle or you are informed in advance if a cookie is to be stored. In this case, however, the functionality of the website may be impaired (e.g. when placing orders). Your browser also offers a function to delete cookies (e.g. via "Delete browser data"). This is possible in all common web browsers. You can find further information on this in the operating instructions or in the settings of your browser.

First-party cookies: First-party cookies are permanent cookies that are stored on the computer and only lose their validity when the expiry date assigned to them has expired. The word "party" refers to the domain from which the cookie originates. In contrast to third-party cookies, first-party cookies usually originate from the website operator itself. They are therefore not accessible by browsers across domains. For example, website A issues a cookie A, which is not recognised by website B, but can only be recognised by website A. This means that data cannot be passed on to third parties.

Third-party cookies: With a third-party cookie, the cookie is set and collected by a third party. These cookies are mostly used by advertisers who use the cookies to collect information about the website visitor via their adverts on other websites. These are data records that are stored in the user's web browser when they visit a page with an advert. If they visit a page with advertising from the same provider again, they will be recognised.

Further distinguishing features:

Transient cookies: Transient cookies are automatically deleted when you close the browser. These include session cookies in particular. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.

Persistent cookies: Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies at any time in the security settings of your browser.

Cookiebot

A web service of the company Cybot A/S, Havnegade 39, 1058 Copenhagen, DK (hereinafter referred to as "Cookiebot") is loaded on our website. Cookiebot enables us to inform you accurately and transparently about the use of cookies on our website. You will receive an up-to-date and data protection-compliant cookie notice and decide for yourself which cookies you wish to allow.

For this purpose, Cookiebot shows you a list of cookies organised by function group when you visit our website for the first time. Here you can switch on the cookies by clicking on the corresponding box. Please note that the technical cookies are already stored when you access the website and the relevant box is preset. If you deselect technical cookies, the use of the website or individual functions on the website may be restricted or even impossible.

If you allow cookies, the following data will be transmitted to Cybot

IP address (in anonymised form, the last 3 digits are set to 0)
Date and time of your consent
our website URL
technical browser data
encrypted, anonymous key
the cookies that you have authorised (as proof of consent)

The legal basis for the use of Cookiebot results from our legitimate interest in functional cookie management and is therefore carried out in accordance with Art. 6 para. 1 lit. f GDPR. A further legal basis arises from the fulfilment of data protection requirements in connection with cookies requiring consent (e.g. also due to the "cookie ruling" of the European Court of Justice) and is therefore carried out in accordance with Art. 6 para. 1 lit. c GDPR.

If you have consented to the setting of cookies when visiting this website, you can revoke your consent by calling up Cookiebot (see below) and deselecting the relevant cookie category. In addition to the cancellation option via Cookiebot, you can deactivate cookies directly with a cookie provider or prevent the processing of data through browser plug-ins. An additional option for controlling the use of cookies is to make the appropriate settings in most browsers.

Further information about "Cookiebot" and the company behind it, Cybot, can be found in the privacy policy at https://www.cookiebot.com/de/privacy-policy/

Google Analytics 4

If you have given your consent, Google Analytics 4, a web analytics service provided by Google LLC, is used on this website. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

Type and purpose of processing

Google Analytics uses cookies that enable your use of our website to be analysed. The information collected by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there.

We use the User ID function. With the help of the user ID, we can assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and analyse user behaviour across devices.

We use Google Signals. This enables Google Analytics to collect additional information about users who have activated personalised ads (interests and demographic data) and ads can be delivered to these users in cross-device remarketing campaigns.

In Google Analytics 4, the anonymisation of IP addresses is activated by default. Due to IP anonymisation, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

During your visit to the website, your user behaviour is recorded in the form of "events". Events can be

Page views
First visit to the website
Start of the session
Visited web pages
Your "click path", interaction with the website
Scrolls (whenever a user scrolls to the bottom of the page (90%))
Clicks on external links
Internal search queries
Interaction with videos
file downloads
Ads viewed / clicked on
language setting

Also recorded:

Your approximate location (region)
Date and time of the visit
Your IP address (in abbreviated form)
Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
Your internet provider
the referrer URL (via which website/advertising medium you came to this website)

Purposes of the processing

On behalf of the operator of this website, Google will use this information to analyse your pseudonymous use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyse the performance of our website and the success of our marketing campaigns.

Recipients

Recipients of the data are/may be

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR)
Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

Third country transfer

The European Commission adopted its adequacy decision for the USA on 10 July 2023. Google LLC is certified under the EU-US Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (for example to Singapore) cannot be completely ruled out, we have also concluded the EU standard contractual clauses with the provider.

Storage period

The data sent by us and linked to cookies is automatically deleted after 2 months. The maximum lifespan of Google Analytics cookies is 2 years. Data whose retention period has been reached is automatically deleted once a month.

Legal basis

The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG.

Revocation

You can withdraw your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

You can also prevent the storage of cookies from the outset by configuring your browser software accordingly. However, if you configure your browser to reject all cookies, this may restrict the functionality of this and other websites. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by clicking on the following link:

not giving your consent to the setting of the cookie or
downloading the browser add-on to deactivate Google Analytics here: https://tools.google.com/dlpage/gaoptout?hl=de and installing it.

You can find more information on the terms of use of Google Analytics and data protection at Google at https://marketingplatform.google.com/about/analytics/terms/de/ and at https://policies.google.com/?hl=de

Google Tag Manager

We use Google Tag Manager on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager enables us to manage and play website tags centrally via a user interface. Google Tag Manager may process personal data such as your IP address in particular. In addition, it cannot be ruled out that Google may use this data for its own purposes (e.g. to optimise the service or for error analysis).

The Google Tag Manager itself does not set any cookies and does not directly access the data collected by the tags used. Nevertheless, integration only takes place after your express consent via our content banner.

The data collected is stored and processed in the USA, i.e. a third country for which there is no adequacy decision by the European Commission.

However, Google bases the data transfer to the USA on the EU-U.S. Data Privacy Framework of the European Commission.

The legal basis for the use of Google Tag Manager is your consent in accordance with Art. 6 para. 1 lit. a GDPR and, if applicable, § 25 para. 1 TDDDG (for access to terminal device information).

You can revoke your consent at any time with effect for the future by adjusting the cookie settings on our website.

You can find more information about Google Tag Manager in Google's usage policy at: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/

Google Fonts

Google Fonts(https://fonts.google.com/ ) are used to visually improve the presentation of various information on this website. The web fonts are transferred to the browser cache when the page is called up so that they can be used for the display.

No cookies are stored when the website visitor accesses the page. Data that is transmitted in connection with the page view is sent to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. They are not associated with data that may be collected or used in connection with the parallel use of authenticated Google services such as Gmail.

The data collected is stored and processed in the USA, i.e. a third country for which there is no adequacy decision by the European Commission.

However, Google bases the data transfer to the USA on the EU-U.S. Data Privacy Framework of the European Commission.

You can prevent the collection and processing of your data by this web service by refusing your consent when entering the website, deactivating the execution in your browser or installing a script blocker in your browser. If your browser does not support Google Fonts or you prevent access to the Google servers, the text will be displayed in the system's default font.

The legal basis for the use of this web service is your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG.

You can find information about Google Fonts' privacy policy at: https://developers.google.com/fonts/faq#Privacy

General information on data protection can be found in the Google Privacy Centre at: https://policies.google.com/privacy

Google Maps

This website uses the map service Google Maps, which is provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there.

The data collected is stored and processed in the USA, i.e. a third country for which no adequacy decision has been issued by the European Commission.

However, Google bases the data transfer to the USA on the EU-U.S. Data Privacy Framework of the European Commission.

The provider of this website has no influence on this data transfer. If Google Maps is activated, Google may use Google Fonts for the purpose of standardising the display of fonts. When you call up Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

The use of Google Maps is in the interest of an appealing presentation of our online offers and to make it easy to find the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Further details can be found here:

https://privacy.google.com/businesses/gdprcontrollerterms/ and

https:// privacy.google.com/businesses/gdprcontrollerterms/sccs/

You can find more information on the handling of user data in Google's privacy policy:

https:// policies.google.com/privacy?hl=de

Meta Pixel

This website uses the visitor action pixel from Meta (formerly "Facebook Pixel") to measure conversions. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter referred to as "Meta"). However, according to Meta, the data collected is also transferred to the USA and other third countries.

The storage and processing of the collected data takes place in the USA, i.e. a third country for which there is no adequacy decision by the European Commission.

However, Meta bases the data transfer to the USA on the EU-U.S. Data Privacy Framework of the European Commission.

Meta Pixel can be used to track the behaviour of site visitors after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimised.

The data collected is anonymous for us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Usage Policy(https://de-de.facebook.com/about/privacy/ ). This enables Facebook to place adverts on Facebook pages and outside of Facebook. This use of the data cannot be influenced by us as the website operator.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

We use the advanced matching function within the meta pixel. Advanced matching allows us to transmit various types of data (e.g. place of residence, federal state, postcode, hashed email addresses, names, gender, date of birth or telephone number) of our customers and interested parties that we collect via our website to Meta (Facebook). This activation enables us to tailor our advertising campaigns on Facebook even more precisely to people who are interested in our offers. In addition, the extended comparison improves the allocation of website conversions and expands custom audiences.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its transfer to Facebook. The processing carried out by Facebook after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing. You can find the wording of the agreement at

https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook.

You can find further information on protecting your privacy in Facebook's data protection information: https://de-de.facebook.com/about/privacy/

You can also deactivate the remarketing function "Custom Audiences" in the settings for adverts at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You must be logged in to Facebook to do this.

If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/

Microsoft Advertising

Our website uses conversion tracking from Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA), whereby Microsoft Advertising places a cookie on your computer if you have reached our website via a Microsoft Advertising advert. In this way, Microsoft Advertising and we can recognise that someone has clicked on an ad, has been redirected to our website and has reached a predetermined target page (conversion page). We only learn the total number of users who clicked on a Bing advert, for example, and were then forwarded to the conversion page. No personal information about the identity of the user is disclosed. If you do not wish to participate in the tracking process, you can also reject the setting of a cookie required for this - for example, by changing your browser settings to generally deactivate the automatic setting of cookies.

The data collected is stored and processed in the USA, i.e. in a third country for which there is no adequacy decision by the European Commission.

However, Microsoft bases the data transfer to the USA on the EU-U.S. Data Privacy Framework of the European Commission.

The legal basis for the use of Microsoft Advertising is your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG.

Further information on data protection and the cookies used by Microsoft Bing can be found on the Microsoft website:

https:// privacy.microsoft.com/de-de/privacystatement

Vimeo

Videos are integrated on this website via Vimeo.com. This is a service provided by Vimeo, Inc, 555 West 18th Street, New York, New York 10011, USA (hereinafter referred to as "Vimeo"). When you access videos via Vimeo, a connection is established to the Vimeo servers in the USA. As a result, certain information is transmitted to Vimeo. Vimeo may also store cookies on your end device. Vimeo also enables the use of certain other functions, such as rating or sharing videos. This may require you to log in to your user account with Vimeo or certain third-party providers (such as Facebook or Twitter) so that they can assign the information you have transmitted to your respective user account. These functions are offered exclusively by Vimeo and the respective third-party providers and you should check their privacy policies carefully before using the respective functions. We have no knowledge of the content of the data collected by Vimeo or third-party providers and have no influence on their use. Through the integration, Vimeo can also receive the information that your browser has accessed the corresponding page of this website, even if you do not have a user account with Vimeo or are not currently logged in to Vimeo.

The data collected is stored and processed in the USA, i.e. a third country for which there is no adequacy decision by the European Commission.

However, Vimeo bases the data transfer to the USA on the EU-U.S. Data Privacy Framework of the European Commission.

The legal basis for the use of Vimeo is your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. We have no knowledge of the storage period at Vimeo and have no influence on it.

You can prevent Vimeo from loading by changing your browser settings (deactivating JavaScript and iFrames). Please refer to your browser manufacturer's instructions to find out how this works in detail. For some browsers, there are also add-ons that make it easier for you to make these settings, e.g. for Mozilla Firefox the script blocker "NoScript" (noscript.net/) or the ad blocker "Adblock Plus" (adblockplus.org/en) in combination with the "EasyPrivacy" list (easylist.to).

Further information on the collection and use of your data by Vimeo and your rights in this regard can be found in Vimeo's privacy policy at: https://vimeo.com/privacy

Akamai (CDN)

We use the Content Delivery Network (CDN) from Akamai Technologies Inc, 150 Broadway, Cambridge, MA 02142, USA, German branch Akamai Technologies GmbH, Parkring 20-22, 85748 Garching (Akamai) to speed up our website. CDN is a service that enables content to be delivered faster with the help of regionally distributed servers connected via the Internet. Your data is processed solely for the aforementioned purposes and to maintain the security and functionality of the CDN.

Akamai transfers personal data from the log files (e.g. IP addresses) to the USA each time data is processed, as certain servers for processing the log files are only located in the USA. The data is stored for up to 24 hours so that content can be provided more quickly during a visit.

The data collected is stored and processed in the USA, i.e. a third country for which there is no adequacy decision by the European Commission.

However, Akamai bases the data transfer to the USA on the EU-U.S. Data Privacy Framework of the European Commission.

Data processing at Akamai is carried out solely to speed up delivery. The legal basis for the processing is Art. 6 para. 1 lit. f GDPR (legitimate interest). Our legitimate interest lies in the provision of a high-performance website.

You can find more information on data protection at Akamai Technologies Inc. at the following link

https://www.akamai.com/de/legal/compliance/privacy-trust-center (in English)

CloudFlare

We use the "Cloudflare" service. The provider is Cloudflare Inc, 101 Townsend St., San Francisco, CA 94107, USA (hereinafter referred to as "Cloudflare").

Cloudflare offers a globally distributed content delivery network with DNS. The information transfer between your browser and our website is technically routed via the Cloudflare network. This enables Cloudflare to analyse the data traffic between your browser and our website and to serve as a filter between our servers and potentially malicious data traffic from the Internet. Cloudflare may also use cookies or other technologies to recognise Internet users, but these are used solely for the purpose described here.

The data collected is stored and processed in the USA, i.e. a third country for which there is no adequacy decision by the European Commission.

However, Cloudflare bases the data transfer to the USA on the EU-U.S. Data Privacy Framework of the European Commission.

The use of Cloudflare is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 para. 1 lit. f GDPR).

We have concluded a data processing agreement ("DPA") for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that the service only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Further information on security and data protection at Cloudflare can be found here: https://www.cloudflare.com/privacypolicy/ ( in English)

Gstatic

A web service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter: Gstatic) is reloaded on our website. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to Gstatic.

The data collected is stored and processed in the USA, i.e. a third country for which there is no adequacy decision by the European Commission.

However, Google bases the data transfer to the USA on the EU-U.S. Data Privacy Framework of the European Commission.

The legal basis for the use of this web service is your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG.

You can prevent the collection and processing of your data by Gstatic by refusing your consent when entering the website, deactivating the execution of script code in your browser or installing a script blocker in your browser.

The data will be deleted as soon as the purpose for which it was collected has been fulfilled. Further information on the handling of the transferred data can be found in Google's privacy policy: https://policies.google.com/privacy

HOTELCLASS widget

Our website uses a widget from HOTELCLASS to display the current star category of our hotel. The provider of this widget is DEHOGA Deutsche Hotelklassifizierung GmbH, Am Weidendamm 1A, 10117 Berlin, Germany (hereinafter referred to as "DEHOGA").

When a website with an embedded HOTELCLASS widget is accessed, a connection to the DEHOGA servers is established. The following data is automatically collected and stored in server log files

Referrer URL (the previously visited page)
Browser type and version
Operating system used
IP address (anonymised)
Time of the server request
HTTP status code
Amount of data transferred

This data is analysed exclusively to ensure trouble-free operation of the widget and to improve the service. This data is not merged with other data sources.

This data is processed on the basis of Art. 6 para. 1 lit. f GDPR, based on our legitimate interest in an appealing and informative presentation of our hotel classification.

Further information on data protection at DEHOGA Deutsche Hotelklassifizierung GmbH can be found at https://www.dehoga-bundesverband.de/datenschutz/

GreenSign

Our website uses content and services of GreenSign Institut GmbH, Nürnberger Straße 49, 10789 Berlin, Germany, to present our sustainability certification (hereinafter referred to as "GreenSign").

When a page with embedded GreenSign content is accessed, a connection to the GreenSign servers is established. The following data is transmitted:

IP address
Date and time of access
Browser type and version
operating system
Referrer URL

This data is used exclusively to display the embedded content and to ensure the security and stability of the systems.

The processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR, based on our legitimate interest in an appealing and informative presentation of our sustainability certification.

Further information on data protection at GreenSign can be found in GreenSign's privacy policy: https://www.greensign.de/datenschutz/

Our social media presence

Data processing through social networks

We maintain publicly accessible profiles on social networks. The individual social networks we use are listed below.

Social networks such as Facebook, "X" etc. can generally analyse your user behaviour comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presences triggers numerous data protection-relevant processing operations. In detail:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies that are stored on your end device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are logged in or have been logged in.

Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.

Legal basis

Our social media presences are intended to ensure the widest possible presence on the internet. This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR).

Controller and assertion of rights

If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can assert your rights (information, rectification, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. Facebook).

Please note that, despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing procedures of the social media portals. Our options are largely determined by the company policy of the respective provider.

Storage duration

The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for its storage no longer applies, you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory provisions - in particular retention periods - remain unaffected.

We have no influence on the storage period of your data that is stored by the operators of social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Facebook

We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter referred to as "Facebook"). According to Facebook, the data collected is also transferred to the USA and other third countries.

We have concluded an agreement with Facebook on joint processing (Controller Addendum).

This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook page. You can view this agreement at the following link

https:// www.facebook.com/legal/terms/page_controller_addendum

You can customise your advertising settings yourself in your user account. To do this, click on the following link and log in:

https:// www.facebook.com/settings?tab=ads

Details can be found in Facebook's privacy policy: https://www.facebook.com/privacy/center/

Instagram

We have a profile on Instagram. The provider is Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA. Details on how they handle your personal data can be found in Instagram's privacy policy: https://privacycenter.instagram.com/

We have a profile on WhatsApp. The provider is WhatsApp Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. Details on how they handle your personal data can be found in WhatsApp's privacy policy: https://www.whatsapp.com/legal/privacy-policy-eea?lang=de_DE

Name and address of the controller:

The controller within the meaning of the EU General Data Protection Regulation (GDPR), other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is

appartello Berlin GmbH
Dörpfeldstrasse 37
12489 Berlin

F 040 60 92 92 15 01
E berlin@appartello.de
www.appartello-berlin.de

Managing directors: Frank Pentzin, Heiko Fuhlendorf

Name and address of the data protection officer:

SHIELD GmbH
Ohlrattweg 5
25497 Prisdorf

T 04101 80 50 600
E info@shield-datenschutz.de

Hamburg, May 2026

Changes to the privacy policy

We reserve the right to change our data protection practices and this privacy policy in order to adapt them to changes in relevant laws or regulations or to better meet your needs. Possible changes to our data protection practices will be announced here accordingly. Please note the current version date of the privacy policy.