DATENSCHUTZ

INFORMATION ON DATA PROCESSING
IN ACCORDANCE WITH ARTS. 13, 14 GDPR

We are delighted that you are visiting our website and thank you for your interest in our hotel. The way we interact with our customers and prospective guests is a matter of trust. The trust you place in us is of great importance, and therefore also entails the responsibility and obligation to handle your data with care and to protect it from misuse.

So that you feel safe and comfortable when visiting our website, we take the protection of your personal data and its confidential handling very seriously. We therefore act in accordance with the applicable legal provisions on the protection of personal data and data security. With this privacy information, we would like to inform you when we store which data and how we use it—of course in compliance with the applicable case law.

Hotel Zoo Berlin aligns in particular with the EU General Data Protection Regulation (GDPR) and the current Federal Data Protection Act (BDSG). When using the internet, we orient ourselves towards the Telemedia Act (TMG) of the Federal Republic of Germany to protect your personal data. Below, we explain which information we collect during your visit to our websites and how it is used.

Name and Address of the Controller

The controller within the meaning of the GDPR and other national data protection laws of the Member States as well as other data protection regulations is:

Hotel Zoo Berlin Betriebs GmbH
Kurfürstendamm 25, 10719 Berlin, Germany
Tel.: +49 (0) 30 884 37 0
Email: info@hotelzoo.de

Name and Address of the Data Protection Officer

The controller’s data protection officer is:

Andreas Thurmann, Datasolution Lud GmbH
Isarstr. 13, 14974 Ludwigsfelde, Germany
Tel.: +49 (0) 3378 202513
Email: mail@hoteldatenschutz.de

General Information on Data Processing

Scope of the Processing of Personal Data

In principle, we collect and use our users’ personal data only insofar as this is necessary to provide a functional website and our content and services. The collection and use of our users’ personal data generally takes place only with the user’s consent. An exception applies in cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by statutory provisions.

Legal Basis for the Processing of Personal Data

Where we obtain the data subject’s consent for processing operations involving personal data, Art. 6(1)(a) GDPR serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations necessary to carry out pre-contractual measures.
Where processing of personal data is necessary to comply with a legal obligation to which our company is subject (e.g. under federal registration laws), Art. 6(1)(c) GDPR serves as the legal basis.
Where processing is necessary for the purposes of legitimate interests pursued by our company or a third party, and the interests, fundamental rights and freedoms of the data subject do not override those interests, Art. 6(1)(f) GDPR serves as the legal basis.

Data Deletion and Storage Duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also take place if provided for by European or national legislators in EU regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted when a statutory retention period expires, unless continued storage is necessary for the conclusion or performance of a contract.

Email Contact

Description and Scope of Data Processing

Our website provides the option to contact us via a provided email address. In this case, the personal data transmitted with the email will be stored in our email account.

Legal Basis for Data Processing

The legal basis for processing the data is initially our legitimate interest in processing data in the context of contact initiated by the requesting party. If the contact aims at concluding a contract, an additional legal basis applies for processing within the framework of a business initiation relationship and/or contractual relationship.

Purpose of Data Processing

The data received will be used exclusively to process the conversation. Processing of personal data when contacting us by email serves solely to handle the enquiry.

Storage Duration

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation has ended. A conversation is deemed ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
If the contact constitutes a pre-contractual relationship (offer or reservation enquiry), the transmitted data will additionally be stored in our hotel software and used for contract performance. If no contractual relationship is established, we delete the data after one year at the end of the year.

Right to Object

You have the option at any time to object to the processing of your data. For this purpose, we have set up the email address datenschutz@hotelzoo.de. We point out that if you object, the conversation cannot be continued and we cannot prepare offers, etc.
All personal data stored in the course of contacting us will then be deleted.

Online Booking via the Website

Description and Scope of Data Processing

Our website offers the option to book rooms and packages at Hotel Zoo Berlin. If you use this option, the data entered in the input form will be transmitted to us and stored. This data includes: first name, last name, email address, arrival dates, requests, payment data, if applicable address, telephone number, date, time.

When you make an online booking via our website, this is done through the online reservation system of TravelClick, Inc., 7 Times Square, 38th Floor, New York, USA. All booking data you enter is transmitted in encrypted form. Our contractual partner has committed to handling your transmitted data in compliance with data protection requirements and takes all organisational and technical measures to protect your data.

Legal Basis for Data Processing

The legal basis for processing the data is the conclusion of an accommodation agreement.
The transmitted data is stored in our hotel software and used for contract performance. If no contractual relationship is established, we delete the data after one year at the end of the year.

Purpose of Data Processing

The processing of the data serves to handle the booking enquiry and to process payments.

Storage Duration

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of a contractual relationship, we will delete the data as soon as national, commercial, statutory or contractual retention obligations have been fulfilled—i.e. no later than after 10 years.

Right to Object

You have the option at any time to object to the processing of your data. For this purpose, we have set up the email address datenschutz@hotelzoo.de. We point out that if you object, the booking cannot be completed and/or the conversation cannot be continued.

Online Booking via Other Websites

Description and Scope of Data Processing

Hotel Zoo Berlin offers interested parties the option to book rooms and packages via hotel reservation portals (third-party providers). If you use this option, the data entered in the input form will be transmitted to us and stored to the extent permitted by the respective portal in accordance with its own data protection provisions. Data may include: first name, last name, email address, telephone number, address, number of accompanying persons, expected arrival time, requests, payment data (credit card).

Legal Basis for Data Processing

The legal basis for processing the data is the conclusion of an accommodation agreement.
The transmitted data is stored in our hotel software and used for contract performance. If no contractual relationship is established, we delete the data after one year at the end of the year.

Purpose of Data Processing

The processing of the data serves exclusively to handle the booking enquiry and to process payments.

Storage Duration

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of a contractual relationship, we will delete the data as soon as national, commercial, statutory or contractual retention obligations have been fulfilled—i.e. no later than after 10 years.
Hotel Zoo Berlin has no influence on the storage periods at the respective booking portal.

Right to Object

You have the option at any time to object to the processing of your data. For this purpose, we have set up the email address datenschutz@hotelzoo.de. We point out that if you object, the booking cannot be completed and/or the conversation cannot be continued.

Sending Emails Before Arrival

Description and Scope of Data Processing

Before arrival, we would like to send a welcome email to those guests whose email address we received as part of the booking. A few days before arrival, these guests receive a reservation overview and information about the reservation and available additional services.

These emails are sent via the RIMS platform of MP-Network GmbH, Anemonenweg 5, D-85586 Poing, Germany. MP-Network GmbH has committed to handling your transmitted data in compliance with data protection requirements and takes all organisational and technical measures to protect your data.

Legal Basis for Data Processing

The legal basis is initially our legitimate interest in data processing in connection with the booking, i.e. within the pre-contractual relationship.

Purpose of Data Processing

Our contact is intended to enable our guests to book additional services quickly and conveniently.

Storage Duration

The data will be deleted as soon as it is no longer necessary to achieve the purpose.

Right to Object

You have the option at any time to object to the processing of your data. For this purpose, we have set up the email address datenschutz@hotelzoo.de.

Purchase of a Voucher via the Website

Description and Scope of Data Processing

Our website offers the option to purchase vouchers. If you use this option, the data entered in the input form will be transmitted to us and stored. This data includes: first name, last name, email address, address, telephone number, voucher value, voucher personalisation (personal details for the recipient), password for the user account, shipping options, payment data via third-party providers.
In this context, no further disclosure of the data to third parties takes place.

Legal Basis for Data Processing

The legal basis is the conclusion of a purchase agreement.

Purpose of Data Processing

Processing the personal data entered in the form serves solely to handle the voucher purchase and to process payments.

Storage Duration

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of a contractual relationship, we will delete the data as soon as national, commercial, statutory or contractual retention obligations have been fulfilled.

Right to Object

You have the option at any time to object to the processing of your data. For this purpose, we have set up the email address datenschutz@hotelzoo.de.

Newsletter Service

Description and Scope of Data Processing

To regularly inform our guests about promotions and special offers, we would like to use the email addresses we receive during the booking or stay for our newsletter service. To do so, we store this data (email address, salutation, first name, last name) in our newsletter tool “Sitepackage”.

Newsletters are sent via the online newsletter tool of Wigital GmbH, Wall 42, D-24103 Kiel, Germany. Wigital has committed to handling your transmitted data in compliance with data protection requirements and takes all organisational and technical measures to protect your data. Further information is available in Wigital’s privacy policy.
In this context, no further disclosure of the data to third parties takes place.

Legal Basis for Data Processing

The legal basis for processing is our legitimate interest and consent pursuant to Arts. 6(1)(a), (f), 7 GDPR in conjunction with Section 7(3) UWG (German Act Against Unfair Competition).

Purpose of Data Processing

Processing the personal data serves solely to send individual newsletters.

Storage Duration

The data will be deleted as soon as the newsletter service is cancelled.

Right to Object

As a recipient, you can object to the processing of your data at any time. You can unsubscribe from the newsletter service via each newsletter. In addition, we have set up the email address datenschutz@hotelzoo.de—please provide us with your email address there.

Online Reviews

Description and Scope of Data Processing

Former guests may submit a review of their stay after check-out. For this purpose, we would like to send you an email within 14 days after departure asking you to provide a hotel review. Each review can be published anonymously or under a pseudonym upon request. If you did not feel comfortable in our hotel, we would like to take the opportunity to contact you.

If you submit an online review for our hotel, it can be accessed via our website and other review portals. We use the review tool HotelNavigator by Toocan GmbH, Florastr. 86, 13187 Berlin, Germany, in which we store guests’ personal data. We note that you can submit the review anonymously or under a pseudonym at any time. Toocan GmbH has committed to handling your transmitted data in compliance with data protection requirements and takes all organisational and technical measures to protect your data.

If, as a former guest, you use this option of online reviewing, data will be stored from you in the review form. This data includes: email address and voluntary information such as first name, last name, language, and the review information.
In this context, no further disclosure of the data to third parties takes place.

Legal Basis for Data Processing

The legal basis is our legitimate interest in conjunction with Section 7(3) UWG.

Purpose of Data Processing

The data is used exclusively for publishing the review and for dispute resolution in the event of poor reviews. The purpose of hotel reviews is to communicate and summarise opinions of hotel guests via our website so that interested parties can form their own impression of our services. In addition, the results serve our internal quality management.

Storage Duration

The data is not deleted.

Right to Object and Right to Erasure

You have the option at any time to have the publication of the review deleted (“right to be forgotten”). For this purpose, we have set up the email address datenschutz@hotelzoo.de. Please tell us which review is concerned.

Support, Consulting and Marketing to Corporate Customers

Description and Scope of Data Processing

For the support, consulting and marketing of corporate customers, in addition to the business partner (or potential business partner) we also collect and use the contact person, telephone number and postal address. We obtain the information from various sources: for example through an enquiry (email or phone), but also via events, trade fairs, business cards received by our sales staff, etc.

Legal Basis for Data Processing

The legal basis is our legitimate interest in data processing. If the contact aims at concluding a contract, an additional legal basis is the business initiation relationship and/or contractual relationship.

Purpose of Data Processing

We use the contact data exclusively for our own purposes and to tailor our sales activities to needs.

Storage Duration

In principle, no deletion deadline is предусмотрено. However, if our sales department has had no contact with the corporate contact within three years, the sales department decides whether the contact person will be deleted.
If the contact is a pre-contractual relationship (offer, booking or reservation enquiry), the transmitted data will additionally be stored in our hotel software and used for contract performance. If no contractual relationship is established, we delete the data after one year at the end of the year.

Right to Object

The corporate contact may object to the processing of their personal data at any time. For this purpose, we have set up the email address datenschutz@hotelzoo.de.
All personal data of the contact person stored in relation to the business partner will then be deleted.

Your Application for a Job Vacancy

Description and Scope of Data Processing

On our website and via online portals (in particular hotelcareer.de), you can apply for advertised vacancies. If an applicant uses this option, the data transmitted to us may be stored and used. This data includes:

• Salutation, first name, last name

• Contact data (email address, phone)

• Application-related data (current position, notice period, possible start date, salary expectations)

• Cover letter

• Attachment with full application documents
  Initially, no further disclosure of data to third parties takes place.

Legal Basis for Data Processing

The legal basis is the initiation of a contract and/or the conclusion of a contract.

Purpose of Data Processing

Processing the personal data serves solely to process the application.

Storage Duration

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected, at the latest six months after rejection.

Right to Object

As an applicant, you may object to the processing of your data at any time. For this purpose, we have set up the email address datenschutz@hotelzoo.de.

Provision of the Website and Creation of Log Files

Description and Scope of Data Processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device. The following data is collected:

• Information about browser type and version used

• The user’s operating system

• The user’s IP address

• Date and time of access

• Websites from which the user’s system accesses our website

• Websites accessed by the user’s system via our website

This data is also stored in our system’s log files. Storage of this data together with other personal data of the user does not take place. Personal user profiles cannot be created. The stored data is evaluated only for statistical purposes.

Legal Basis for Data Processing

The legal basis for temporary storage of the data and the log files is processing for the purposes of our legitimate interest, i.e. that of Hotel Zoo Berlin.

Purpose of Data Processing

Temporary storage of the IP address by the system is necessary to deliver the website to the user’s device. For this purpose, the user’s IP address must remain stored for the duration of the session.
Storage in log files takes place to ensure the functionality of the website. In addition, the data helps us optimise the website and ensure the security of our IT systems. No evaluation of the data for marketing purposes takes place in this context.
These purposes also constitute our legitimate interest in data processing.

Storage Duration

The data is deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of data collection to provide the website, this is the case when the respective session ends.
In the case of storage in log files, this is the case after no later than seven days. Longer storage is possible. In this case, users’ IP addresses are deleted or anonymised so that identification of the accessing client is no longer possible.

Right to Object and Removal

The collection of data to provide the website and the storage of the data in log files is mandatory for operating the website. Therefore, the user has no right to object.

Use of Cookies and Scripts

Description and Scope of Data Processing

Cookies are small text files that are sent by us to your device’s browser during your visit to our websites and stored there. Alternatively, information can also be stored in your browser’s local storage. Some functions of our website cannot be offered without cookies or local storage (technically necessary cookies). Other cookies enable various analyses, allowing us, for example, to recognise the browser you use when you revisit our website and to transmit certain information to us (non-essential cookies).

With the help of cookies, we can make our online offering more user-friendly and effective, for example by tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly via your browser. Cookies do not cause damage to your device. They cannot execute programs and do not contain viruses.

We provide information about the services for which we use cookies in the individual processing operations. Detailed information on the cookies used can be found in this privacy policy.

Cookies We Use

Domain | Name | Description | Storage duration

• audionow.de | __cf_bm | Cookie required to support Cloudflare Bot Management (currently private beta). As part of our bot management service, this cookie helps manage incoming traffic that meets bot criteria. | 31 minutes

• www.hotelcareer.de | AWSALBCORS | Managed by AWS and used for load balancing. | approx. 7 days

• youtube.com | VISITOR_INFO1_LIVE | Set by YouTube to track user preferences for embedded videos; may also determine whether the visitor uses the new or old YouTube interface. | approx. 6 months

• youtube.com | YSC | Set by YouTube to track views of embedded videos. | session

• .travelclick.com | _gcl_au | Used by Google AdSense for experimenting with advertising efficiency on websites using its services. | 3 months

• .travelclick.com | _hjFirstSeen | Google Tag Manager. | session

• .travelclick.com | _hjTldTest | Google Tag Manager. | session

• .travelclick.com | _hjid | Sets a unique ID for the session so the website can obtain data about visitor behaviour for statistical purposes. | 1 year

• .travelclick.com | _uetsid | Collects visitor behaviour data across multiple websites to present more relevant advertising; also limits how often the same ad is shown. | 1 day

• .travelclick.com | _uetvid | Used to track visitors across multiple websites to present relevant advertising based on the visitor’s preferences. | 2 weeks

Legal Basis for Data Processing

The legal basis for processing personal data using technically necessary cookies is our legitimate interest in data processing. The legal basis for processing personal data using cookies for analysis purposes is the user’s consent, where such consent has been given.

Purpose of Data Processing

The purpose of using technically necessary cookies is to simplify website use. Some functions require that the browser is recognised even after a page change. User data collected through technically necessary cookies is not used to create user profiles.
Analysis cookies are used to improve the quality of our website and its content. Through them, we learn how the website is used and can continuously optimise our offering.

Storage Duration / Objection and Removal Options

Cookies are stored on the user’s computer and transmitted from there to our website. Therefore, as a user you have full control over the use of cookies. By changing settings in your internet browser, you can deactivate or restrict the transmission of cookies. Already stored cookies can be deleted at any time, including automatically. If cookies are deactivated for our website, not all functions may be fully usable.

Script Blockers in Your Browser

You can also use our offerings without cookies and scripts. You can deactivate cookies and scripts in your browser, restrict them to certain websites, or set your browser to notify you as soon as a cookie is sent. You can also delete cookies at any time from your hard drive.
To block scripts, you can install browser add-ons, such as NoScript for Firefox or ScriptSafe for Google Chrome. These block not only JavaScript but also selected trackers, Java, Flash and other plugins on websites.

If you are concerned about cookies from third parties, you can reject only those and still keep the cookies necessary for our website to function properly.

Use of Analysis and Tracking Tools

Google Analytics

Our offering uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses cookies—text files stored on users’ computers that enable an analysis of website use. The information generated by the cookies about use of this website is usually transmitted to a Google server in the USA and stored there. If IP anonymisation is activated on this website, Google will shorten the user’s IP address within EU Member States or other EEA states beforehand. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. IP anonymisation is active on this website.

On behalf of the operator of this website, Google will use this information to evaluate website use, compile reports on website activity and provide other services related to website and internet use. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.

Users can prevent the storage of cookies via their browser settings; however, this may mean that not all website functions can be fully used. Users can also prevent collection of data generated by the cookie and relating to their use of the website (including IP address) as well as processing by Google by downloading and installing the browser plugin available at: http://tools.google.com/dlpage/gaoptout?hl=de. Alternatively, click the opt-out link (especially on mobile devices) to prevent Google Analytics from collecting data in the future by setting an opt-out cookie. If you delete your cookies, you must click the link again.

Deactivation of Google Advertising

( http://www.google.com/privacy_ads.html ) or on the Network Advertising Initiative opt-out page ( http://www.networkadvertising.org/managing/opt_out.asp )

Google Tag Manager

We use Google Tag Manager by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags via an interface and enables us to control the exact integration of services on our website. This allows us to flexibly integrate additional services in order to evaluate user access to our website.
Google Tag Manager is used on the basis of our legitimate interests, i.e. our interest in optimising our services.
The specific storage duration of the processed data cannot be influenced by us and is determined by Google Ireland Limited. Further information can be found in the Google Tag Manager privacy policy.

Use of Google Services

Google DoubleClick

We have integrated components of DoubleClick by Google on our website. DoubleClick is a Google brand under which specialised online marketing solutions are marketed primarily to advertising agencies and publishers. DoubleClick transfers data to the DoubleClick server with each impression and with clicks or other activities.

Each of these data transfers triggers a cookie request to the browser of the data subject. If the browser accepts this request, DoubleClick sets a cookie in your browser. DoubleClick uses a cookie ID that is required to carry out the technical process, for example to display an ad. The cookie ID also enables DoubleClick to record which ads have already been displayed in a browser to avoid duplicate displays. In addition, DoubleClick can use the cookie ID to record conversions (e.g. if a user was shown a DoubleClick ad and later completes a purchase on the advertiser’s website using the same browser).

A DoubleClick cookie does not contain personal data but may contain additional campaign identifiers. A campaign identifier is used to identify campaigns you have already interacted with on other websites. Within this service, Google obtains knowledge of data that also enables Google to create commission statements. Among other things, Google can track that you clicked certain links on our website. In this case, your data is transferred to the operator of DoubleClick, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Further information and applicable privacy policies can be accessed at policies.google.com/privacy.

We process your data with the help of the DoubleClick cookie for the purpose of optimising and displaying advertising on the basis of your consent. You give your consent via the cookie settings (cookie banner/consent manager) and you can withdraw it at any time with effect for the future in accordance with Art. 7(3) GDPR. The cookie is used, among other things, to display user-relevant advertising and to create or improve reports on advertising campaigns and to avoid multiple displays of the same advertising. Each time one of the individual pages of our website on which a DoubleClick component is integrated is accessed, your browser automatically transmits data for the purpose of online advertising and commission billing to Google. There is no legal or contractual obligation to provide your data. If you do not provide your consent, you can still visit our website without restriction; however, not all functions may be fully available.

The specific storage duration of the processed data cannot be influenced by us and is determined by Google Ireland Limited. Further information can be found in the Google DoubleClick privacy policy.

Google Ads

We have integrated Google Ads on our website. Google Ads is a service provided by Google Ireland Limited to display targeted advertising to users. Google Ads uses cookies and other browser technologies to evaluate user behaviour and recognise users.

Google Ads collects information about visitor behaviour across different websites. This information is used to optimise the relevance of advertising. Google Ads also delivers targeted advertising based on behavioural profiles and geographic location. Your IP address and other identifiers, such as your user agent, are transmitted to the provider.

If you are registered with a Google Ireland Limited service, Google Ads can associate your visit with your account. Even if you are not registered or not logged in, it is possible that the provider obtains and stores your IP address and other identifiers.

In this case, your data is transferred to the operator of Google Ads, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

We process your data with the help of Google Ads for the purpose of optimising our website and for marketing purposes on the basis of your consent.

The specific storage duration of the processed data cannot be influenced by us and is determined by Google Ireland Limited. Further information can be found in the Google Ads privacy policy.

Google CDN

We use Google CDN to properly provide the content of our website. Google CDN is a service of Google Ireland Limited which functions as a content delivery network (CDN) on our website.

A CDN helps deliver content of our online offering—especially files such as graphics or scripts—more quickly by using regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of Google CDN.

Use of the CDN is based on our legitimate interests, i.e. interest in a secure and efficient provision and the optimisation of our online offering.

The specific storage duration of the processed data cannot be influenced by us and is determined by Google Ireland Limited. Further information can be found in the Google CDN privacy policy.

Google Fonts

We use Google Fonts, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to provide fonts for our online offering. To retrieve these fonts, you establish a connection to servers of Google Ireland Limited, and your IP address is transmitted.

Use of Google Fonts is based on our legitimate interests, i.e. interest in uniform presentation and optimisation of our online offering.

The specific storage duration of the processed data cannot be influenced by us and is determined by Google Ireland Limited. Further information can be found in the Google Fonts privacy policy.

Google reCAPTCHA

We have integrated components of Google reCAPTCHA on our website. Google reCAPTCHA is a service of Google Ireland Limited and enables us to distinguish whether a contact request comes from a natural person or is automated by a program. When you access this content, you establish a connection to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and your IP address and possibly browser data such as your user agent are transmitted. In addition, Google reCAPTCHA records the time spent and mouse movements to distinguish automated requests from human ones. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of Google reCAPTCHA.

Use of the service is based on our legitimate interests, i.e. to protect form submissions.

The specific storage duration of the processed data cannot be influenced by us and is determined by Google Ireland Limited. Further information can be found in the Google reCAPTCHA privacy policy.

Google Services (General)

We use Google services from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to access further services and data from Google Ireland Limited. In doing so, your IP address is transmitted to Google Ireland Limited. Please note that there is a separate section in this privacy policy for each additional Google service we use.

Use is based on our legitimate interests, i.e. interest in optimising our online offering.

The specific storage duration of the processed data cannot be influenced by us and is determined by Google Ireland Limited. Further information can be found in the Google services privacy policy.

Google Maps

This website uses the Google Maps API, a map service provided by Google Inc. (“Google”), to display an interactive map and to create directions. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

When using Google Maps, information about your use of this website (including your IP address) may be transmitted to a Google server in the USA and stored there. Google may transfer the information obtained via Maps to third parties where required by law or where third parties process the data on Google’s behalf.

Google will not associate your IP address with other Google data. However, it is technically possible that Google could identify at least individual users based on the received data. It would be possible that personal data and personality profiles of website users could be processed by Google for other purposes over which we have no influence.

The legal basis for using Google Maps is our legitimate interest in data processing. The purpose of using Google Maps is to show users our location on the website and enable them to determine different routes using Google Maps services.

You can deactivate Google Maps and thus prevent data transfer to Google by disabling JavaScript in your browser. However, we point out that in this case you will not be able to use the map display on our website.

Google Firebase

We have integrated Google Firebase on our website. Google Firebase is a development platform for web applications provided by Google Ireland Limited.

Firebase provides us with software development kit tools and infrastructure enabling us to more easily and efficiently provide functions via APIs across various platforms.

When you access our services, you establish a connection to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and your IP address and possibly browser data such as your user agent are transmitted.

Use of Google Firebase is based on our legitimate interests, i.e. interest in optimising our services.

The specific storage duration of the processed data cannot be influenced by us and is determined by Google Ireland Limited. Further information can be found in the Google Firebase privacy policy.

Social Media, Plugins and Tools

Facebook Plugins

Our website uses social plugins (“plugins”) of the social network facebook.com operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). The plugin is marked with a Facebook logo and can be activated directly by the user.

We have no influence on Facebook’s data collection and further processing. Nor can we see the scope, location or duration of storage, whether Facebook complies with deletion obligations, what evaluations and links are made with the data, or to whom the data is disclosed. If you want to prevent Facebook from processing personal data transmitted by you to us, please contact us via other means.

Further information is available in Facebook’s privacy policy. If you do not want Facebook to associate your visit to our pages with your user account, please log out of your Facebook user account.

Facebook Fan Page

On our Facebook fan page (facebook.com/pg/hotelzooberlin) we use plugins from facebook.com provided by Facebook Inc., 1601 S. California Avenue, Palo Alto, CA 94304, USA.

Using the fan page transmits data to Facebook servers containing information about your visits to our fan page. For logged-in users, this means usage data is associated with their personal Facebook account. If you actively use the Facebook plugin while logged in—e.g. by clicking the “Facebook” logo or using the comment function—this data is transmitted to your Facebook account and published. You can avoid this only by logging out of your Facebook account beforehand.

We do not know exactly which data Facebook stores and uses. As a user of the fan page, you should therefore assume that Facebook stores your actions on the fan page comprehensively.

Otherwise, the general terms of use of Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland apply.
The legal basis for this data processing is Art. 6(1)(a), (f) GDPR.

Any depicted person as well as other third parties may object at any time to the publication of their personal data (photos). For this purpose, we have set up the email address datenschutz@hotelzoo.de. The right to object applies in particular to the future publication of images.

It may happen that we inadvertently publish images of persons without consent. If publication is not desired, we will immediately take all steps to comply with your rights. For group photos, we reserve the right to distort faces.

Instagram Plugins

Our website and our fan page (instagram.com/hotelzooberlin) use social plugins (“plugins”) of the social network Instagram, offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.

This may include content such as images, videos or text and buttons that allow you to express approval of content, subscribe to the authors of the content or subscribe to our posts. If you are a member of Instagram, Instagram may associate access to the above content and functions with your profile.

The legal basis for this data processing is Art. 6(1)(a), (f) GDPR.

Any depicted person as well as other third parties may object at any time to the publication of their personal data (photos). For this purpose, we have set up the email address datenschutz@hotelzoo.de. The right to object applies in particular to the future publication of images.

It may happen that we inadvertently publish images of persons without consent. If publication is not desired, we will immediately take all steps to comply with your rights. For group photos, we reserve the right to distort faces.

Further information on Instagram’s handling of user data can be found in Instagram’s privacy policy.

YouTube Plugins

Our website uses social plugins (“plugins”) from the Google-operated site YouTube. The operator of the pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

The plugin is marked with a YouTube logo and can be activated directly by the user. If you activate it, a connection to YouTube servers is established and the YouTube server is informed which of our pages you have visited.

YouTube may also store various cookies on your device. With the help of these cookies, YouTube can obtain information about visitors to our website. This information is used, among other things, to compile video statistics, improve user-friendliness and prevent fraud attempts. The cookies remain on your device until you delete them.

If you are logged into your YouTube account, you enable YouTube to directly associate your surfing behaviour with your personal profile. You can prevent this by logging out of your YouTube account.

Further information on the handling of user data can be found in YouTube’s (Google’s) privacy policy.

YouTube NoCookie

We have integrated YouTube NoCookie on our website. YouTube NoCookie is a component of YouTube, LLC’s video platform, on which users can upload content, share it over the internet and obtain detailed statistics.

YouTube NoCookie enables us to embed platform content into our website. It uses cookies and other browser technologies to evaluate user behaviour, recognise users and create user profiles. This information is used, among other things, to analyse activity relating to accessed content and to create reports. If a user is registered with YouTube, LLC, YouTube NoCookie may associate played videos with the profile.

When you access this content, you establish a connection to YouTube, LLC servers and your IP address and possibly browser data such as your user agent are transmitted.

Use is based on our legitimate interests, i.e. interest in platform-independent provision of content.

The specific storage duration cannot be influenced by us and is determined by YouTube, LLC. Further information can be found in YouTube NoCookie’s privacy policy.

Our Podcast

On our website, we use the AudioNow player of Audio Alliance GmbH, Kurfürstendamm 207-208, 10719 Berlin, Germany. When you call up a podcast audio file via the player, Audio Alliance processes IP addresses and device information (browser and operating system) to enable podcast downloads/playback and to determine statistical data such as access numbers. IP addresses are pseudonymised by Audio Alliance before storage. It is excluded to infer the user or restore the IP.

Storage takes place on the basis of legitimate interest to provide audio files via our website. Further information and objection options can be found in Audio Alliance’s privacy policy.

Use of Zapier

We use Zapier Inc. (548 Market Street, San Francisco, USA) as a processor to automate business processes. A Data Processing Addendum (DPA) has been concluded. It provides for international data transfers under the EU-US/UK-US/Swiss-US Data Privacy Framework (DPF) and—additionally—Standard Contractual Clauses (SCC) pursuant to Art. 46 GDPR.

Zapier protects data technically via TLS 1.2 and AES-256, is SOC 2 Type II certified, and uses subprocessors (e.g. AWS) only on the basis of a binding process. The publicly available subprocessor list can be found in the Zapier Trust Center.

Personal data in Zaps and Zap histories is automatically deleted after a maximum of 69 days; at least 29 days are retained. Data subject rights (access, rectification, erasure, restriction, portability) can be asserted in writing to us; Zapier supports these within the DPA.

Further information and documents (DPA, DPF/SCCs, subprocessors, retention periods) are available here:
Zapier Data Processing Addendum – https://zapier.com/legal/data-processing-addendum
Zapier Data Privacy Overview – https://zapier.com/legal/data-privacy
Zapier Standard Contractual Clauses – https://zapier.com/legal/standard-contractual-clauses
Zapier Subprocessor List – https://zapier.com/legal/subprocessors

Use of Revinate

We use Revinate Inc. (1 Letterman Dr., Building C, Suite CM100, San Francisco, CA 94129, USA) as a processor. A legally valid Data Processing Addendum (DPA) is in place which regulates processing on our instructions, retention periods, data subject rights and deletion deadlines.

Data transfers to third countries (e.g. USA) take place on the basis of the EU-US, UK-US and Swiss-US Data Privacy Framework (DPF). Revinate is certified under the DPF (29 August 2024). If this arrangement does not apply, EU Standard Contractual Clauses (SCC) are used as set out in the DPA.

Revinate protects data with TLS encryption, access controls, penetration tests and meets the requirements of SOC 2 Type II, PCI DSS and DPF certification.
Data subject rights such as access, rectification, erasure, restriction and portability can be asserted against us; Revinate provides legal and technical support for this.
Revinate uses subprocessors (e.g. AWS, Google, Salesforce, Twilio, Stripe, etc.), which are approved via a binding process. The current subprocessor list is publicly available.

Further information and documents are available:
Revinate DPA – https://www.revinate.com/wp-content/uploads/2023/12/
Revinate Subprocessor List – https://www.revinate.com/subprocessors
Revinate Solutions Privacy Policy – https://www.revinate.com/privacy/
DPF Certification details – https://www.revinate.com/press-releases/revinate-achieves-data-privacy-framework-dpf-certification

Use of AskSuite

We use AskSuite Tecnologia LTDA as a processor to operate our hotel chatbot and automate guest communication. AskSuite processes personal data exclusively on our instructions as the data controller.

Data categories may include names, emails, telephone numbers, IP addresses, messages, access times and usage statistics. This data is used for chat identification, service provision and performance analysis.

Data may be transferred to third countries (outside the EEA). These transfers are based on legal safeguards such as consent, adequacy decisions or Standard Contractual Clauses (SCC) pursuant to Art. 46 GDPR.

Personal data is retained only as long as necessary. AskSuite implements security measures (HTTPS, access control, deletion policies).
Data subject rights under Arts. 15–20 GDPR (access, rectification, erasure, restriction, portability) can be exercised via us; we coordinate with AskSuite to process such requests.

Additional information:
AskSuite Privacy Policy – https://asksuite.com/privacy-policy/
Details on international transfers/SCC – see “International Transfers” section of the privacy policy
Retention & security – see “How Long Will the Data be Stored?” and “Information Security”
Contact & data subject rights – see “How to Contact AskSuite”

Protection of Minors

This service is aimed primarily at adults. We currently do not market any special areas for children. Accordingly, we neither knowingly collect information to determine age nor knowingly collect personal data from children under 16. However, we advise all visitors under 16 not to disclose or provide any personal data via our service. If we learn that a child under 16 has provided us with personal data, we will delete that data from our files as far as technically possible.

Rights of the Data Subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

You have the right to information about the personal data stored about you, the purposes of processing, any transfers to other entities, and the duration of storage.

If data is incorrect or no longer necessary for the purposes for which it was collected, you may request rectification, erasure or restriction of processing. Where provided for in the processing procedures, you may also view your data yourself and, if applicable, correct it.

If your particular personal situation gives rise to reasons against processing of your personal data, you may object to such processing insofar as it is based on a legitimate interest. The controller will then no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to processing for such direct marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object to processing for direct marketing purposes or profiling, your personal data will no longer be processed for these purposes.

You have the right to withdraw your data protection consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

For questions about your rights and how to exercise them, please contact the controller or the data protection officer.

Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes data protection law.

The supervisory authority with which the complaint has been lodged will inform you of the status and outcome of the complaint, including the possibility of a judicial remedy.

More information is available on the website of the Federal Commissioner for Data Protection and Freedom of Information—please follow the link there.

Security

Hotel Zoo Berlin implements technical and organisational security measures pursuant to Art. 32 GDPR to protect the data managed by us against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security measures are continuously improved in line with technological developments. Access is restricted to a small number of authorised persons who are specially obliged to maintain confidentiality and who are involved in the technical, administrative or editorial management of data.

We reserve the right to change, update or supplement this privacy policy at any time. Each revised privacy policy applies only to personal data collected or changed after the revised policy enters into force.

Status | December 2020