Book

Find your hotel:

Free callback

Do you have further questions about our hotels, our deals, or further services? Looking to plan a trip, or want to organise an event and need advice? Then please complete our callback form. We are happy to call you back between 09.00 and 18.00, Monday to Friday. This service is free of charge.

Information on data processing

We are required by law to inform you about the processing of your personal data (hereinafter, "data") when you use our website. We take the protection of your personal data very seriously. This data protection notice informs you about the details of the processing of your data and about your legal rights in this regard. For terms such as "personal data" or "processing", the legal definitions from Art. 4 GDPR are authoritative. We reserve the right to adapt the Privacy Policy with effect for the future, in particular in the event of further development of the website, the use of new technologies or changes to the legal basis or the corresponding case law. We encourage you to review the Privacy Policy from time to time and to keep a print-out or copy for your records.

1. Controller

The controller within the meaning of Art. 4 (7) of the General Data Protection Regulation (GDPR), other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature for the website www.h-hotels.com is:

H-Hotels GmbH 
Braunser Weg 12 
34454 Bad Arolsen 
Germany 
Tel: +49 (0) 5691 / 878-0 
E-Mail: [email protected]

2. Contact details of the data protection officer

The data protection officer of the controller is: 

Stefan Burghardt 
RKM Data GmbH 
Bertha-von-Suttner-Str. 9 
37085 Göttingen 
Germany 
Tel: +49 (0) 551 707 280 
E-Mail: [email protected]

3. Processing for contractual purposes

We process your personal data if and insofar as this is necessary for the initiation, establishment, execution and/or termination of a legal transaction with our company. The legal basis for this arises from Art. 6 (1)(1)(b) GDPR. The provision of your data is necessary for the conclusion of the contract and you are contractually obligated to provide your data. If you do not provide us with your data, it will not be possible to conclude and/or execute a contract. After the purpose has been achieved (e.g., contract processing), the personal data will be blocked for further processing or erased, unless we are authorised to process it further on the basis of a consent granted by you (e.g., consent to process your e-mail address for sending electronic advertising mail), a contractual agreement, a statutory authorisation (e.g., authorisation to send direct advertising) or on the basis of legitimate interests (e.g., retention for the enforcement of claims).

The forwarding of your personal data to third parties occurs insofar as

  • it is necessary for the establishment, execution or termination of legal transactions with our company (e.g., in the case of the forwarding of data to a payment service provider/shipping company for the processing of a contract with your person), (Art. 6 (1)(1)(b) GDPR), or
  • a subcontractor or vicarious agent that we use exclusively in the course of providing the offers or services you request requires such data (such agents are, unless you are expressly notified otherwise, only authorised to process the data to the extent necessary to provide the offer or service), or
  • there is an enforceable administrative order (Art. 6 (1)(1)(c) GDPR), or
  • there is an enforceable court order (Art. 6 (1)(1)(c) GDPR), or
  • we are obligated to do so by law (Art. 6 (1)(1)(c) GDPR), or
  • processing is necessary in order to protect the vital interests of the data subject or of another natural person (Art. 6 (1)(1)(d) GDPR), or
  • it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority (Art. 6 (1)(1)(e) GDPR), or
  • we can invoke our overriding legitimate interests or those of a third party for forwarding (Art. 6 (1)(1)(f) GDPR).

Any processing of your personal data beyond this to other persons, companies or bodies shall not take place unless you have effectively consented to such a forwarding. The legal basis of the processing is then Art. 6 (1)(1)(a) GDPR. We refer you to the respective recipients within the framework of this data protection information in relation to the respective processing operation.

3.1 Hotel booking

When you book a hotel room, we collect your name and e-mail address. We transmit such data to the responsible operating company that operates the booked hotel . If you wish to make a booking on our website, it is necessary and obligatory for the initiation and conclusion of the contract that you provide personal data such as your first and last name, your address, the duration of your trip and your e-mail address. The mandatory information required for the order and contract processing are marked separately; other information is provided voluntarily. We process your data for order processing and will forward payment data in particular to the payment service provider selected by you or to our principal bank for this purpose. We use the booking system of Krypton Softworks GmbH (Braunser Weg 12, 34454 Bad Arolsen). The legal basis for the processing is Art. 6 (1) (1) (b) GDPR. The provision of your data is necessary and obligatory for the conclusion and execution of the contract. If you do not provide us with your data, it will not be possible to conclude and/or execute a contract. To prevent unauthorised third parties from accessing your personal data, the ordering process on the website is encrypted using SSL technology. We erase the data that arises in this connection after its storage is no longer required, or limit its processing if statutory retention duties exist. Based on mandatory regulations under commercial and tax law, we are obligated to store your address, payment and order data for a period of up to ten years. Two years after termination of the contract, we limit processing and reduce processing to compliance with existing statutory obligations.

If you are a participant in HotMiles, sweepstakes or a holder of a PAYBACK or Miles & More customer card, we will transmit your name, membership number, services rendered and payments made along with other information to HotMiles, PAYBACK or Miles & More. We receive data from HotMiles, PAYBACK and Miles & More from the bonus programme. Details on data protection in this regard can be found separately for HotMiles, PAYBACK, Miles & More and sweepstakes. 

3.2 Payment service provider

3.2.1 PayPal

We offer payment via PayPal on our website. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter: "PayPal"). To make a payment, you need to log in to your PayPal account. Your payment data provided to PayPal will be processed by PayPal for the purpose of payment processing. For more information on data processing by PayPal, click here: https://www.paypal.com/de/webapps/mpp/ua/privacy-full. To be able to allocate your payment, we process your delivery/invoice address, e-mail address and the selected payment method. We will erase the data that arises in this connection after its storage is no longer required, or limit its processing if statutory retention duties exist. Based on mandatory regulations under commercial and tax law, we are obligated to store your address, payment and order data for a period of up to ten years. Two years after termination of the contract, we limit processing and reduce processing to compliance with existing statutory obligations. The legal basis is Art. 6 (1)(1)(b) GDPR. The provision of your payment data is necessary and obligatory for the conclusion or execution of the contract. If the payment data is not provided, it is not possible to conclude and/or execute a contract with the PayPal payment method.

3.2.2 Credit card payment

For the purpose of payment processing, we forward the payment data required for the credit card payment to the credit institution commissioned with the payment or to the payment and invoice service provider commissioned by us, if applicable. The processing takes place on the basis of Art. 6 (1)(1)(b) GDPR. The provision of your payment data is necessary and obligatory for the conclusion and execution of the contract. If the payment data is not provided, it is not possible to conclude and/or execute the contract by means of a credit card payment. The data required for payment processing are transmitted securely via the SSL procedure and processed exclusively for payment processing. We erase the data that arises in this connection after its storage is no longer required, or limit its processing if statutory retention duties exist. Based on mandatory regulations under commercial and tax law, we are obligated to store your address, payment and order data for a period of up to ten years. Two years after termination of the contract, we limit processing and reduce processing to compliance with existing statutory obligations.

3.2.3 Purchase on account

In the case of "purchase on account", we reserve the right to forward your data, which you provide when ordering, to external companies (e.g., Verband der Vereine Creditreform e.V., Hellersbergstraße 12, D-41460 Neuss) for the purpose of carrying out a credit check. The legal basis for the processing is Art. 6 (1)(1)(f) GDPR. Our legitimate interests lie in fraud prevention and the avoidance of default risks because we make advance payments upon a "purchase on account". We process the data transmitted to us by your credit institution within the framework of the "purchase on account" payment processing for the purpose of invoice verification. The legal basis for such processing is Art. 6 (1)(1)(b) GDPR. The provision of your payment data is necessary and obligatory for the conclusion and execution of the contract. If the payment data is not provided, it is not possible to conclude and/or execute a contract by means of a "purchase on account". We erase the data that arises in this connection after its storage is no longer required, or limit its processing if statutory retention duties exist. Based on mandatory regulations under commercial and tax law, we are obligated to store your address, payment and order data for a period of up to ten years. Two years after termination of the contract, we limit processing and reduce processing to compliance with existing statutory obligations.

You may object to the processing insofar as the processing is based on the legal basis of Art. 6 (1)(1)(f) GDPR. Your right to object exists for grounds arising from your particular situation. You can send us your objection via the contact details listed in the "Controller" section.

3.3 Forwarding to Trusted Shops products 

If you choose to use Trusted Shops products after completing the booking on our website, a contract is established between Trusted Shops (provider is Trusted Shops GmbH, Subbelrather Straße 15c, 50823 Cologne) and you. For this purpose, your personal data is automatically provided from the order data for Trusted Shops. Your name, e-mail address, title, order value and the payment method you selected are transmitted to Trusted Shops. In such a case, the data processing is based on Art. 6 (1)(1)(b) GDPR. The provision of the data is necessary and obligatory for the conclusion of the contract. If the data is not provided, it is not possible to conclude or execute a contract between you and Trusted Shops. Further information on data protection at Trusted Shops, in particular on the storage period, can be found at https://www.trustedshops.de/impressum/#datenschutz.

3.4 Legal enforcement / determination of address / debt collection

We reserve the right, in the event of non-payment, to pass on the data provided with the order to an attorney and/or external companies (e.g. Verband der Vereine Creditreform e.V., Hellersbergstraße 12, D-41460 Neuss) for the purposes of determining an address and/or legal enforcement. The legal basis of the processing is Art. 6 (1)(1)(f) GDPR. Our legitimate interests lie in fraud prevention and the avoidance of default risks. In addition, we may forward your data to ensure the exercise of our rights, along with the rights of our affiliated companies, our cooperation partners, our employees and/or the users of our website, and the processing is necessary to that extent. Under no circumstances will we sell or rent your data to third parties. The legal basis for the processing is Art. 6 (1)(1)(f) GDPR. We have a legitimate interest in processing for law enforcement purposes. We erase the data that arises after the storage is no longer necessary, or limit its processing if statutory retention duties exist.

You can object to the processing. Your right to object exists for grounds arising from your particular situation. You can send us your objection via the contact details listed in the "Controller" section.

3.5 Establishing of contact

When you submit inquiries to us, we ask for your name, contact information and other information we need from you. We use the data you provide to respond to inquiries and to comply with statutory requirements. The legal basis for the processing is Art. 6 ( 1 )(1)(f) GDPR or Art. 6 (1)(1)(b) GDPR, if the establishing of contact has the goal of concluding a contract. If the request has the goal of concluding a contract, the information you provide is necessary and obligatory for concluding a contract. If the data is not provided, it is not possible to conclude or execute a contract in the form of establishing contact or processing the inquiry. The processing of personal data from the input mask is solely for the purpose of processing the establishment of contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data. The other data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems. In this connection, the data will not be forwarded to third parties. We erase the data arising in this connection after the processing is no longer necessary (usually two years after the end of the communication) or, if necessary, limit the processing to compliance with existing mandatory statutory retention duties.

You can object to the processing. Your right to object exists for grounds arising from your particular situation. You can send us your objection via the contact details listed in the "Controller" section.

4. Hosting and content delivery networks

4.1 Cloudflare hosting provider 

We use external hosting services of the provider Cloudflare Inc. (101 Townsend St., San Francisco, CA 94107, United States), which serve to provide the following services: Infrastructure and platform services, computing capacity, storage resources and database services, security and technical maintenance services. For such purposes, all data - including the access data mentioned under the item entitled "Use of our website" - that is necessary for the operation and use of our website is processed. The legal basis for the processing is Art. 6 (1)(1)(f) GDPR. By using external hosting services, we pursue an efficient and secure provision of our Internet offer. In the process, your data is transmitted to the provider in the USA. Cloudflare has submitted to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework) and has thus committed itself to compliance with the European data protection standard: https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0&status=Active. For more information on data protection and storage duration at Cloudflare, please visit: https://www.cloudflare.com/de-de/privacypolicy/.

You can object to the processing. Your right to object exists for grounds arising from your particular situation. You can send us your objection via the contact details listed in the "Controller" section.

4.2 Cloudflare content delivery network 

In addition, we use the services of the content delivery network (hereinafter "CDN") of Cloudflare Inc. (101 Townsend St., San Francisco, CA 94107, United States; hereinafter "Cloudfare") on our website for the purpose of the faster ability to retrieve our online offer. When you visit the website, a library from the CDN is cached on your device in order to avoid reloading content. In the process, your IP address is transmitted to the provider in the USA. Cloudflare has submitted to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework) and has thus committed itself to compliance with the European data protection standard: https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0&status=Active. The legal basis of the processing is Art. 6 (1)(1)(f) GDPR. With the use of Cloudflare, we pursue the legitimate interest of faster ability to retrieve along with a more effective and improved presentation of our online offer. For more information on data protection and the storage period at Cloudflare, see: https://www.cloudflare.com/de-de/privacypolicy/.

You can object to the processing. Your right to object exists for grounds arising from your particular situation. You can send us your objection via the contact details listed in the "Controller" section

4.3 Amazon Cloudfront content delivery network

We use the services of the Cloudfront content delivery network from Amazon Web Services, Inc. (440 Terry Ave N, Seattle, WA 98109, United States) for the purpose of the faster ability to retrieve our online offer. When you visit our website, a "library" is loaded and cached on your device in order to avoid reloading content. In the process, your IP address is processed by the provider. Amazon partially processes its data in the United States of America. To nevertheless commit to compliance with European data protection standards, Amazon Web Services has submitted to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework): https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4&status=Active. The legal basis of the data processing is Art. 6 (1)(1)(f) GDPR. With the use of Cloudflare, we pursue the legitimate interest of faster ability to retrieve along with a more effective and improved presentation of our online offer. For more information, in particular on the storage period, see: https://aws.amazon.com/de/privacy/.

You can object to the processing. Your right to object exists for grounds arising from your particular situation. You can send us your objection via the contact details listed in the "Controller" section.

5. E-mail marketing

5.1 Newsletter

If you subscribe to our company's newsletter, the data in the respective input mask will be transmitted to us. When you register for our newsletter, your IP address and the date and time of registration are stored. This serves the purpose of preventing the misuse of the services or the e-mail address of the data subject. This data is only forwarded to our service provider, who is responsible for sending our newsletter. An exception exists if there is a statutory obligation to disclose. Our newsletters regularly contain the following content:

  • information regarding your stay and other travel related offers,
  • information regarding current special offers,
  • information regarding our hotel and services,
  • individual customer service and birth greetings,
  • the sending of catalogues and flyers,
  • inquiries regarding special and individual requests,
  • overview of possible leisure activities and events at our hotels,
  • information on how to travel to a location, e.g. how to arrive by public transport,,
  • customer satisfaction inquiries after your stay. 

The data will be used exclusively for sending our newsletter. The legal basis of the processing is Art. 6 (1)(1)(a) GDPR. We process such data until you exercise your right of revocation by unsubscribing from our newsletter. We erase such data after expiry of the statutory retention duties.

A revocation of your consent to the processing of your e-mail address for the receipt of the newsletter is possible at any time, either by sending a message to us (see the contact details in the "Controller" section) or by directly using the unsubscribe link contained in the newsletter. In doing so, the lawfulness of the processing carried out on the basis of the consent up to the revocation is not affected by the revocation.

In addition, we evaluate the opening/click rates of our newsletters when we send them out. For such evaluation, the e-mails sent contain so-called "web beacons" or "tracking pixels", which are single-pixel image files and are embedded on our website at the same time. The processing takes place for the purpose of analysing the reading behaviour of our newsletters. In doing so, we record when you read our newsletters and which links you click on in them, and infer the interests of our customers from this. The legal basis of the processing is Art. 6 (1)(1)(f) GDPR. Our legitimate interests in such processing consist in measuring the reach and creating statistical analyses of our newsletters along with optimising our e-mail advertising. The information is processed as long as you have subscribed to our newsletter. After unsubscribing, we process the data purely statistically and anonymously.

We would like to point out that you can object to the receipt of direct advertising along with the processing for the purpose of direct advertising at any time without incurring any costs, other than the transmission costs according to basic rates. You have a general right to object without stating any grounds (Art. 21 (2) GDPR). To do so, click on the unsubscribe link in the respective e-mail or send your objection to the contact details listed in the "Controller" section.

5.2 Advertising to existing customers

In accordance with the statutory provisions, we reserve the right to use the e-mail address provided by you within the framework of the booking to send you the following content by e-mail during or after the booking, unless you have already objected to such processing of your e-mail address:

  • information about your stay and other travel related offers,
  • information regarding current special offers,
  • information regarding our hotel and services,
  • individual customer service and birth greetings,
  • the sending of catalogues and flyers,
  • Inquiries regarding special and individual requests,
  • overview of possible leisure activities and events at our hotels,
  • information on how to travel to a location, e.g. how to arrive by public transport,
  • customer satisfaction inquiries after your stay. 

If the sending of electronic information is necessary for the execution of the contract (e.g., e-mail in informational form), the processing is based on the legal basis of Art. 6 (1)(1)(b) GDPR. You are contractually obligated to provide your data. If you do not provide us with your data, it will not be possible to send you electronic information within the framework of the execution of the contract by e-mail. If the sending of electronic information is not necessary for the execution of the contract (e.g., e-mail in informational form), the processing is based on the legal basis according to Art. 6 (1)(1)(f) GDPR. Our legitimate interests in the aforementioned processing are to increase and optimise our services, to send direct advertising and to ensure customer satisfaction. We process your data until three years after termination of the contract at the latest.

We would like to point out that you can object to the receipt of direct advertising along with the processing for the purpose of direct advertising at any time without incurring any costs, other than the transmission costs according to basic rates. You have a general right to object without stating any grounds (Art. 21 (2) GDPR). To do so, click on the unsubscribe link in the respective e-mail or send your objection to the contact details listed in the "Controller" section.

5.3 E-mail marketing service: Salesforce

We use the e-mail marketing service of Salesforce.com, Inc,, Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, United States (hereinafter: "Salesforce"). If you have registered for our newsletter, the data provided during registration will also be stored and processed on the servers of Salesforce in the USA, or other countries outside the EU. Salesforce has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. You can view the certification of Salesforce at https://www.privacyshield.gov/participant?id=a2zt0000000KzLyAAK&status=Active. For more information on the scope of certification, please visit:Salesforce processes the necessary data for sending and evaluating our newsletters on our behalf. Our newsletters contain so-called "web beacons", which are pixel-sized files that are retrieved from the Salesforce server when our newsletter is opened. Technical information, such as the browser used, the time of the page request and the IP address, is processed during the retrieval process. This information is processed for evaluation and the technical improvement of our service. Furthermore, there is an evaluation of whether and when newsletters are opened and which links are clicked by the reader. Such information is theoretically assignable to individual newsletter recipients. However, neither we nor Salesforce intend to monitor individual recipients; rather, the analysis of the aforementioned information serves to identify the reading habits, opening and click-through rates of all recipients. The legal basis of the processing is Art. 6 (1)(1)(f) GDPR. Our legitimate interests lie in the measurement of reach, the creation of statistical analyses and the adaptation, optimisation and the more targeted control of our newsletter content. For more information, including information on the retention period, please see the Salesforce privacy policy at https://www.salesforce.com/de/company/privacy/.

We would like to point out that you can object to the receipt of direct advertising along with the processing for the purpose of direct advertising at any time without incurring any costs, other than the transmission costs according to basic rates. You have a general right to object without stating any grounds (Art. 21 (2) GDPR). To do so, click on the unsubscribe link in the respective e-mail or send your objection to the contact details listed in the "Controller" section.

6. Use of our website, access data, creation of log files and use of cookies

6.1 Use of our website, access data, creation of log files

Every time you visit our website, we collect data and information through an automated system. These are stored in the log files of the server. The following data is processed: 

  • information regarding the browser type and version used
  • the operating system of the user
  • the Internet service provider of the user
  • the IP address of the user
  • date and time of access
  • websites from which the user's system accesses our website (referrer)
  • websites that are retrieved by the user's system via our website
  • message as to whether the retrieval was successful and
  • the amount of data transferred.

The processing of the data serves the purpose of delivering the content of our website, ensuring the functionality of our information technology systems and optimising our website. The legal basis is Art. 6 (1)(1)(f) GDPR. Our legitimate interests lie in ensuring the functionality of the website and the integrity and security of the website. The data of the log files are always stored separately from other personal data of the users. The access data is erased as soon as it is no longer required to achieve the purpose of its processing. In the case of the collection of data to provide the website, this is the case when you end the visit. After that, it is only indirectly available via the reconstruction of backup tapes (backups) and is finally erased after a maximum of four weeks.

You can object to the processing. Your right to object exists for grounds arising from your particular situation. You can send us your objection via the contact details listed in the "Controller" section.

6.2 Use of cookies

In addition to the aforementioned access data, so-called "cookies" are stored in the Internet browser of the device you are using when you use the website. These are small text files with a sequence of numbers that are stored locally in the cache of the browser used. Cookies do not become part of the PC system and cannot execute programmes. They serve to make our website user-friendly. The use of cookies may be technically necessary or for other purposes (e.g., analysis/evaluation of website usage).

6.2.1 Technically necessary cookies

Some elements of our website require that the retrieving browser can be identified even after a page change. The following data is processed in the cookies: 

  • language settings,
  • items in the shopping cart and
  • log-in information.

The user data collected through technically necessary cookies are not processed to create user profiles. We also use so-called "session cookies", which store a session ID that can be used to assign various requests from your browser to the joint session. Session cookies are necessary for the use of the website. In particular, this allows us to recognise the device used when you return to the website. We use this cookie to recognise you on subsequent visits to the website, e.g. to complete a booking you have already started. The legal basis for such processing is Art. 6 (1)(1)(f) GDPR. Our legitimate interests in processing consist in providing the aforementioned special functionalities and thereby making the use of the website more attractive and effective. The session cookies are erased depending on which browser you use and which browser settings you have made when you close the browser.

You can object to the processing. Your right to object exists for grounds arising from your particular situation. In addition, you can also prevent data processing based on cookies as follows: by disabling or restricting or deleting cookies in the settings of your browser software or by opening the browser you are using in "private mode".

6.2.2 OneTrust consent management tool 

We have integrated the consent management tool of OneTrust LLC. (Dixon House,1 Lloyd's Avenue, London, EC3N 3DQ, [email protected]) on our website in order to request consent for data processing in accordance with the GDPR or the use of cookies or comparable functions. With the help of OneTrust you have the option of giving or refusing your consent for certain functionalities of our website, e.g. for the purpose of the integration of external elements, the integration of streaming content, statistical analysis, coverage measurement and personalised advertising. You can use OneTrust to give or refuse consent for all features, or to give consent for individual purposes or individual features. You can also change the settings you have made afterwards. The purpose of the integration of OneTrust is to allow the users of our website to decide on the aforementioned matters and, in the course of the further use of our website, to offer the option of changing settings that have already been made. In the course of using OneTrust, personal data along with information of the devices used, such as the IP address, are processed. The legal basis for the processing is Art. 6 (1)(1)(c) or (f) GDPR. With the processing of the data, we assist our customers (according to GDPR, the controller) in fulfilling their legal obligations (e.g., duty to provide evidence). Our legitimate interests in the processing lie in the storage of user settings and preferences in relation to the use of cookies and other functionalities. OneTrust stores your data as long as your user settings are active. After two years after the user settings have been made, you will once again be asked for your consent. The user settings made are then saved once against for such period of time.

You may object to the processing insofar as the processing is based on Art. 6 (1)(1)(f)) GDPR. Your right to object exists for grounds arising from your particular situation. You can send us your objection via the contact details listed in the "Controller" section.

6.2.3 Technically unnecessary cookies

We also use cookies on the website to enable an analysis of the user's surfing behaviour. The following data, for example, is stored and processed in the cookies:

  • search terms entered,
  • frequency of page views,
  • use of website functions.

The legal basis for this processing is Art. 6 (1)(1)(f) GDPR. Our legitimate interests lie in the more efficient and attractive design of the website. The technically unnecessary cookies are automatically erased after a specified duration, which may differ depending on the cookie. Insofar as we integrate third-party cookies into our website, we will point this out to you separately below.

You can object to the processing. Your right to object exists for grounds arising from your particular situation. In addition, you can also prevent data processing based on cookies as follows: by disabling or restricting or deleting cookies in the settings of your browser software or by opening the browser you are using in "private mode".

7. Integration of third-party providers for presentation, analysis and marketing purposes

7.1 Trusted Shops

We have integrated the Trusted Shops "Trustbadge" of the provider Trusted Shops GmbH (Subbelrather Straße 15c, 50823 Cologne) on our website in order to use and display the seal of approval and, if applicable, ratings along with the range of Trusted Shops products for customers during the booking process. When you access our website, Trusted Shops processes access data via your web server, in particular your IP address, the date and time of access and the amount of data transferred. The legal basis for this is Art. 6 (1)(1)(f) GDPR. Our legitimate interests lie in particular in the safeguarding of our online presence by an independent body and the guarantee of a secure and qualitative offer.

You can object to the processing. Your right to object exists for grounds arising from your particular situation. You can exercise the right of objection using the contact details provided in the "Controller" section.

7.2 Google Fonts

We use so-called "web fonts" for the uniform display of fonts, which are provided by Google (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001). When you retrieve a website, your browser loads the required web fonts from Google into its browser cache in order to display texts and fonts correctly and more quickly. For this purpose, the browser transmits your IP address to Google to establish the connection to the servers of Google. In doing so, Google receives the information that you have accessed our website. The legal basis for the processing is Art. 6 (1)(1)(f) GDPR. With the use of Google Fonts, we pursue the legitimate interest in a uniform and appealing presentation of our online offers. Google also processes your data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. You can view Google’s certification at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. Further information on the purpose and scope of processing by Google and the storage period for Google Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy:  https://policies.google.com/privacy.

You can object to the processing. Your right to object exists for grounds arising from your particular situation. You can send us your objection via the contact details listed in the "Controller" section.

7.3 Google Tag Manager

We use the Google Tag Manager from Google (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001). Google Tag Manager is a solution that allows website tags to be managed through one interface. The Tag Manager tool itself (which implements the tags) is a cookie-free domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data; we explain this separately in this Privacy Policy. Google Tag Manager does not access such data. If a deactivation has been made at the domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.

7.4 Google Analytics

In order to be able to optimally adapt our website to user interests, we use Google Analytics, a web analysis service from Google (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001). Google Analytics uses so-called "cookies" (see the "Cookies" section above), which are stored on your device. With the help of the cookies, Google processes the information generated about the use of our website by your device - e.g., that you have retrieved a particular website - and processes, among other things, the data mentioned in the "Use of our website" section, in particular your IP address, browser information, the website previously visited and the date and time of the server request, for the purpose of the statistical analysis of website use. This website uses Google Analytics with the extension "anonymizeIp()". This means that IP addresses are processed in abbreviated form to make it much more difficult to identify individuals. According to Google, your IP address will be shortened beforehand within member states of the European Union. Only in exceptional cases will your full IP address be transmitted to a Google server in the USA and shortened there. On our behalf, Google will process such information for the purpose of evaluating your use of the website, compiling reports on website activity for us and - where separately indicated - providing us with other services relating to website activity. The IP address transmitted by your browser for such purposes is not merged with other data of Google. The legal basis for the processing is Art. 6 (1) (1)(a) GDPR. Your data in connection with Google Analytics will be erased after twenty-four months at the latest. For the exceptional cases where your data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. You can view Google's certification at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. You can find more information regarding data protection at Google at:  http://www.google.de/intl/de/policies/privacy.

Revocation of your consent to processing is possible at any time by pushing back the slider in the "Advanced settings" of the Consent tool. In doing so, the lawfulness of the processing carried out on the basis of the consent up to the revocation is not affected by the revocation.

7.5 Google Ads (Conversion)

We use the service of Google Ads from Google (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001), in order to draw attention to our attractive offers on external websites with the aid of advertising media (formerly known as Google AdWords). We can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. Such advertising media are delivered by Google via so-called "ad servers". For this purpose, we use "ad server" cookies, through which certain parameters for measuring reach, such as display of ads or clicks by users, can be measured. If you access our website via a Google ad, a cookie is stored by Google Ads on your device. With the help of the cookies, Google processes the information generated by your device regarding interactions with our advertising media (retrieval of a specific Internet page or click on an advertising medium), the data mentioned in the "Use of our website" section, in particular your IP address, browser information, the website previously visited and the date and time of the server request, for the purpose of analysing and visualising the measurement of reach of our advertisements. Based on the marketing tools used, your browser automatically establishes a direct connection with Google's server. If you are registered with one of Google’s services, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will be able to determine your IP address and process it. From Google, we receive only statistical evaluations to measure the success of our advertising media. Google processes data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. You can view Google's certification at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. The legal basis for the processing of your data is Art. 6 (1) (1) (a) GDPR. The storage period at Google is twenty-four months. For more information on data protection and the storage period at Google, see: https://policies.google.com/privacy.

Revocation of your consent to processing is possible at any time by pushing back the slider in the "Advanced settings" of the consent tool. In doing so, the lawfulness of the processing carried out on the basis of the consent up to the revocation is not affected by the revocation.

7.6 Google Ads (Dynamic Remarketing)

We use the Google Ads tool with the Dynamic Remarketing function from Google (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001). This is a process regarding which we would like to address you again. With the Dynamic Remarketing function, we are able to recognise users of our website on other websites within the Google advertising network (in the Google search or on YouTube, so-called "Google Ads" or on other websites) and present advertisements tailored to their interests. The advertisements may also refer to such products and services that you have already viewed on our website. For this purpose, the interaction of users on our website is analysed, e.g. which offers the user was interested in, in order to be able to display targeted advertising to users on other sites, after they have visited our website as well. If you visit our website, Google Ads stores a cookie on your device. With the help of the cookies, Google processes the information generated by your device regarding the use of our website and interactions with our website along with the data mentioned in the "Use of our website" section, in particular your IP address, browser information, the website previously visited and the date and time of the server request, for the purpose of presenting personalised advertisements. There is no consolidation of the data collected within the framework of Google Ads with data from other Google products. The legal basis of the processing is Art. 6 (1)(1)(a) GDPR. Google processes the data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. You can view Google's certification at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. The storage period at Google is a maximum of twenty-four months. For more information on data protection and the storage period at Google, see: https://policies.google.com/privacy.

Revocation of your consent to processing is possible at any time by pushing back the slider in the "Advanced settings" of the Consent tool. In doing so, the lawfulness of the processing carried out on the basis of the consent up to the revocation is not affected by the revocation.

7.7 Google DoubleClick

We continue to use the DoubleClick online marketing tool from Google (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, fax: +353 (1) 436 1001). DoubleClick uses cookies to serve ads that are relevant to users, to improve campaign performance reports or to prevent a user from seeing the same ads more than once. With the help of cookies (see the "Cookies" section above), Google records which ads are displayed in which browser, and is thus able to prevent them from being displayed more than once. With the help of the cookies, Google processes the information generated by your device regarding the use of our website and interactions with our website along with the data mentioned in the "Use of our website" section, in particular your IP address, browser information, the website previously visited and the date and time of the server request, for the purpose of presenting personalised advertisements. This allows Google and its partner sites to serve ads based on prior visits to websites. In addition, DoubleClick can use the cookies to record so-called "conversions", which are related to ad requests. For example, when a user sees a DoubleClick ad and later uses the same browser to visit the advertiser's website and make a purchase. Through the integration of DoubleClick, Google receives the information that you have retrieved the corresponding part of our website or clicked on an advertisement from us. If you are registered with one of Google’s services, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is a possibility that the provider will be able to determine your IP address and store it. The legal basis of the processing is Art. 6 (1)(1)(a) GDPR. Google processes data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. You can view Google's certification at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. The storage period at Google is a maximum of twenty-four months. For more information on data protection and the storage period at Google, see: https://policies.google.com/privacy.

Revocation of your consent to processing is possible at any time by pushing back the slider in the "Advanced settings" of the Consent tool. In doing so, the lawfulness of the processing carried out on the basis of the consent up to the revocation is not affected by the revocation.

7.8 AWIN (formerly Digital Window)

This website uses the tracking functions of the affiliate network AWIN AG (Eichhornstraße 3, 10785 Berlin; formerly "Digital Window", hereinafter "AWIN"). A so-called "tracking pixel" is used to measure the reach of our advertisements and to assign the success of an advertising medium. In relation to the data of the advertising campaigns, we are able to determine how successful the individual advertising measures are within the framework of the respective partner programme. So-called "web beacons" (tracking pixels) are used to set a cookie on the user's device for recognition purposes. With the help of the cookies, AWIN processes the information generated by your device regarding interactions with our advertising media (e.g., retrieving a specific web page or clicking on an advertising medium) and the data mentioned in the "Use of our website" section, for the purpose of analysing the reach and success measurement of our advertisements. The legal basis for the processing of your data is Art. 6 (1) (1) (a) GDPR. The storage period of the processing within the framework of AWIN is two months. For more information on data protection and the storage period, see: https://www.awin.com/de/rechtliches/privacy-policy-DACH.

Revocation of your consent to processing is possible at any time by pushing back the slider in the "Advanced settings" of the Consent tool. In doing so, the lawfulness of the processing carried out on the basis of the consent up to the revocation is not affected by the revocation.

7.9 Criteo (Dynamic Retargeting)

The website uses the Dynamic Retargeting function provided by the Criteo online advertising service (Criteo SA at 32 Rue Blanche, 75009 Paris). With the Dynamic Remarketing function, we are able to recognise users of our website on other websites within the Criteo advertising network and present advertisements tailored to their interests. The advertisements may also refer to such products and services that you have already viewed on our website. For this purpose, the interaction of users on our website is analysed, e.g. which offers the user was interested in, in order to be able to display targeted advertising to users on other websites, after they have visited our website as well. If you visit our website, Criteo stores a cookie on your device. With the help of the cookies, Criteo processes the information generated by your device regarding the use of our website and interactions with our website along with the data mentioned in the "Use of our website" section, in particular your IP address, browser information, the website previously visited and the date and time of the server request, for the purpose of presenting personalised advertisements. The legal basis of the processing is Art. 6 (1)(1)(a) GDPR. The storage period at Criteo is thirteen months. For more information on data protection and the storage period at Criteo, please see: https://www.criteo.com/de/privacy/.

Revocation of your consent to processing is possible at any time by pushing back the slider in the "Advanced settings" of the Consent tool. In doing so, the lawfulness of the processing carried out on the basis of the consent up to the revocation is not affected by the revocation.

7.10 Facebook Custom Audiences

Furthermore, the website uses the Website Custom Audiences function provided by Facebook. The provider is Facebook Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland, e-mail: [email protected]; hereinafter: Facebook). Via so-called "web beacons" such as the Facebook Pixel, Facebook collects and processes information regarding your usage behaviour on our website. This allows users of the website and users of Facebook who belong to a comparable target group to be shown interest-based advertisements (Facebook Ads) when visiting the Facebook social network. With the help of the Facebook Pixel (small graphics that are embedded on our website at the same time and that are automatically loaded when our website is retrieved, and allow user behaviour to be tracked), your browser automatically establishes a direct connection with the Facebook server. By integrating the Facebook Pixel, Facebook processes information generated with the help of cookies regarding the use of our website by your device - e.g., that you have retrieved a certain web page - and processes, among other things, the data mentioned in the "Use of our website" section, in particular your IP address, browser information, the website previously visited, the Facebook ID and the date and time of the server request, for the purpose of presenting personalised advertisements. If you are registered with a Facebook service, Facebook can assign the collected information to your account. Even if you are not registered with Facebook or have not logged in, there is a possibility that the provider will learn and process your IP address and other identifiers. The legal basis for the processing of your data is Art. 6 (1) (1) (a) GDPR. If Facebook processes the data in the USA, Facebook has subjected itself to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework) and thereby offers a guarantee of compliance with European data protection law. The certification of Facebook can be viewed at https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active . The storage period of the information in the Facebook cookies is three months. For more information on data protection and the storage period at Facebook, please visit: https://www.facebook.com/privacy/explanation and https://www.facebook.com/policies/cookies/.

Revocation of your consent to processing is possible at any time by pushing back the slider in the "Advanced settings" of the Consent tool. In doing so, the lawfulness of the processing carried out on the basis of the consent up to the revocation is not affected by the revocation.

7.11 Facebook Analytics

We use the online Facebook Analytics tool provided by Facebook. The provider is Facebook Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland, e-mail: [email protected]; hereafter: Facebook). For the use of Facebook Analytics, we use the so-called Facebook Pixel to analyse the use of our website and Internet appearances (e.g., in social networks Facebook and Instagram), the interactions made by users on our website and Internet appearances along with the measurement of the reach of our advertisements. With the help of the Facebook Pixel - small graphics that are embedded on our website at the same time and that are automatically loaded when our website is retrieved, and allow user behaviour to be tracked - your browser automatically establishes a direct connection with the Facebook server. By integrating the Facebook Pixel, Facebook processes information generated with the help of cookies regarding the use of our website by your device - e.g., that you have retrieved a certain web page - and processes, among other things, the data mentioned in the "Use of our website" section, in particular your IP address, browser information, the website previously visited, the Facebook ID and the date and time of the server request, for the purpose of analysing our website and Internet presence, analysing user interactions and measuring the reach of our advertisements. The information obtained with the help of the Facebook Pixel is used solely for statistical purposes, is transmitted to us anonymously by Facebook as statistics and does not provide any information regarding the identity of the user. If you are registered with a Facebook service, Facebook can assign the collected information to your account. Even if a user is not registered with Facebook or is not logged in, it is possible that Facebook will obtain and process the user’s IP address and other identifying features. The processing of your data takes place on the basis of Art. 6 (1)(1)(f) GDPR. Our legitimate interests in the processing lie in the statistical analysis of website usage, the measurement of the reach of advertisements and the optimisation and improvement of our web offering. If Facebook processes the data in the USA, Facebook has subjected itself to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework) and thereby offers a guarantee of compliance with European data protection law. The certification of Facebook can be viewed at https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active. The storage period of the information in the Facebook cookies is three months. You can retrieve more information regarding data protection and the storage period at Facebook at: https://www.facebook.com/privacy/explanation and https://www.facebook.com/policies/cookies/.

Revocation of your consent to processing is possible at any time by pushing back the slider in the "Advanced settings" of the Consent tool. In doing so, the lawfulness of the processing carried out on the basis of the consent up to the revocation is not affected by the revocation.

7.12 Adform

On the website, we use the functions of the Adform advertising platform (headquarters: Wildersgade 10B, 1408 Copenhagen, Denmark). The Adform advertising platform uses technologies such as cookies, tracking pixels and device fingerprinting and is used to recognise users of our website on other websites and to present advertisements based on user interests. The advertisements may also refer to such products and services that you have already viewed on our website. For this purpose, the interaction of users on our website is analysed, e.g. which offers the user was interested in, in order to be able to display targeted advertising to users on other websites and social networks, after they have visited our website as well. If a user visits our website, a cookie is stored by Adform on the user's device. With the help of the cookies and tracking pixels, Adform processes the information generated by the user's device regarding the use of our website and interactions with our website along with access data, in particular IP address, browser information, the website previously visited, and the date and time of the server request, for the purpose of presenting personalised advertisements and the associated measurement of reach. The legal basis for the processing is Art. 6 (1)(1)(a) GDPR. The storage period at Adform is 2 months. For more information regarding data protection at Adform, please visit https://site.adform.com/privacy-center/platform-privacy/product-and-services-privacy-policy/.

Revocation of your consent to processing is possible at any time by pushing back the slider in the "Advanced settings" of the Consent tool. In doing so, the lawfulness of the processing carried out on the basis of the consent up to the revocation is not affected by the revocation.

7.13 Ad4mat

On our website, we use the ad4mat online marketing tool provided by Advanced Store GmbH (Alte Jakobstraße 79/80, 10179 Berlin, Germany). The ad4mat marketing tool provided by the online advertising service advanced store (advanced store GmbH, Alte Jakobstraße 79/80, 10179 Berlin, Germany) uses technologies such as cookies, tracking pixels and device fingerprinting, and is used to recognise users of our website on other websites and to present advertisements based on user interests. For this purpose, the interaction of users on our website is analysed, e.g. which offers the user was interested in, in order to be able to display targeted advertising to users on other websites, after they have visited our website as well. If you visit our website, advanced store stores cookies on your device. With the help of cookies and tracking pixels, advanced store processes the information generated by the user's device regarding the use of our website and interactions with our website along with access data, in particular IP address, browser information, the website previously visited, and the date and time of the server request, for the purpose of displaying personalised advertisements and the associated measurement of reach. The legal basis for the data processing is Art. 6 (1)(1)(a) GDPR. The storage period at ad4mat is 2 months. For more information on data protection, please visit https://www.advanced-store.com/de/datenschutz/.

Revocation of your consent to processing is possible at any time by pushing back the slider in the "Advanced settings" of the Consent tool. In doing so, the lawfulness of the processing carried out on the basis of the consent up to the revocation is not affected by the revocation.

7.14 AppNexus

For the presentation and measurement of usage-based advertising, we also use AppNexus, an advertising service provider and operator of an intermediary platform. AppNexus Inc. is a company located in the USA, 28 W 23rd Street, 4th floor, New York, NY - 10010 (hereinafter "AppNexus"). Tools of the AppNexus advertising platform include technologies such as tracking pixels and device fingerprinting, and are used to recognise users of our website on other websites and measure the reach of interest and location-based advertising on our websites. For this purpose, the interactions of users on our website and with our advertisements are analysed, for example clicks on advertisements and so-called conversions (i.e., a user becomes a customer or buyer). For this purpose, AppNexus uses beacons, tags, mobile SDKs and some technologies that are not related to cookies, but access storage capacities of user devices. With the help of these technologies, AppNexus processes the information generated by the user's device regarding the use of our website and interactions with our website along with access data, in particular IP address, browser information, the website previously visited, and the date and time of the server request, for the purpose of measuring reach when presenting personalised advertisements. The information generated by the AppNexus cookies is transmitted by AppNexus to a server in the USA and stored there. AppNexus complies with the data protection provisions of the US-EU Privacy Shield Agreement and is certified for the Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. You can view AppNexus' certification at https://www.privacyshield.gov/participant?id=a2zt0000000GnlTAAS&status=Active. The legal basis for the processing is Art. 6 (1)(1)(a) GDPR. AppNexus erases the cookies after 18 months at the latest. For more information on the AppNexus platform, visit https://www.appnexus.com/en/company/platform-privacy-policy-de.

Revocation of your consent to processing is possible at any time by pushing back the slider in the "Advanced settings" of the Consent tool [insert link]. In doing so, the lawfulness of the processing carried out on the basis of the consent up to the revocation is not affected by the revocation.

7.15 MediaMath

We also use the services of the MediaMath advertising platform (MediaMath UK Ltd, 230 Blackfriars Road, London, SE1 8NW). The use of MediaMath serves the purpose of analysing, organising and personalising marketing campaigns. For this purpose, the tool collects, analyses and categorises incoming information generated by the user's device regarding the use of our website/app and interactions with our website/app along with user access data, in particular IP addresses, mobile device advertising codes, browser information, the website previously visited and the date and time of the server request. Mediamath also evaluates usage behaviour and access data from other sources such as apps, social media channels (published posts and generally accessible information) or newsletters (e.g., whether and when newsletters are opened and which links are clicked by the reader to measure reading habits, opening rates and click-through rates), in order to support the personalised targeting of advertisements on websites, social media platforms, in apps as well as on our newsletters. Mediamath uses cookies, pixel tags (tracking pixels), browser fingerprints and comparable technologies for this purpose, which store or read information in users’ devices when they access our websites, apps, social media channels or newsletters. Based on these technologies, data from users can be transferred to Mediamath and used as the basis of statistical analyses and measurement of reach. This allows us to test usage-based advertising campaigns and present usage-based advertising media. The legal basis for the data processing is Art. 6 (1)(1)(a) GDPR. Mediamath will not process your data for longer than 13 months. For more information on data protection, please visit https://www.mediamath.com/privacy-policy/.

Revocation of your consent to processing is possible at any time by pushing back the slider in the "Advanced settings" of the Consent tool. In doing so, the lawfulness of the processing carried out on the basis of the consent up to the revocation is not affected by the revocation.

7.16 Bing Ads

On our website, we use the Bing Ads marketing functions of Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, hereinafter "Microsoft"). The online Microsoft Ads advertising service uses technologies such as cookies, tracking pixels and device fingerprinting to serve ads that are relevant to users and to improve reports on the effectiveness of campaigns. In doing so, information stored on user devices is also processed. With the help of Microsoft Ads, users can be served interest-based advertisements relating to search results in search engines from Bing and Yahoo. The advertisements may also refer to such products and services that users have already viewed on our website. For this purpose, the interaction of users on our website is analysed beforehand, e.g. which offers users are interested in, in order to be able to display targeted advertising to users on other sites, after they have visited our website as well. If users visit our website, Microsoft stores a cookie on their devices. With the help of cookies and tracking pixels, Microsoft processes the information generated by the devices of the users regarding the use of our website and interactions with our website along with access data, in particular IP address, browser information, the website previously visited and the date and time of the server request, for the purpose of presenting and analysing personalised advertisements. In addition, the Microsoft Ads online advertising service allows us to measure the reach of our advertisements and to enable the attribution of the success of an advertising medium. For this purpose, ad server cookies are used; through these, certain parameters for measuring reach, such as display of the ads, duration of viewing or clicks by users, can be measured. Microsoft processes the data in the USA and has submitted to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework, thereby offering a guarantee of compliance with European data protection law. You can view the certification from Microsoft at https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK. The legal basis for the processing of your data is Art. 6 (1) (1)(a) GDPR. The storage period of the processing under Bing Ads is thirteen months. You can find more information regarding data protection at Microsoft at: https://privacy.microsoft.com/de-de/privacystatement and https://about.ads.microsoft.com/de-de/ressourcen/richtlinien/privacy-policy.

Revocation of your consent to processing is possible at any time by pushing back the slider in the "Advanced settings" of the Consent tool. In doing so, the lawfulness of the processing carried out on the basis of the consent up to the revocation is not affected by the revocation.

7.17 Navegg

In addition, we use the services of the Navegg marketing platform (Curitiba, R. Visconde do Rio Branco, 1310, Centro - CEP 80420-210 Brazil). The tools we use from the Navegg advertising platform (Curitiba, R. Visconde do Rio Branco, 1310, Centro - CEP 80420-210, Brazil) are used to recognise users of our website on other websites and to present interest-based advertising. For this purpose, the interaction of users on our website is analysed, e.g. which offers the user was interested in, in order to be able to display targeted advertising to users on other websites even after they have visited our website. If you visit our website, Navegg stores cookies your device. With the help of cookies, Navegg processes the information generated by the user's device regarding the use of our website and interactions with our website along with access data, in particular IP address, browser information, the website previously visited and the date and time of the server request, for the purpose of presenting personalised advertisements. Navegg also processes your data in Brazil. So-called "standard contractual clauses" have been concluded with Navegg to ensure compliance with an appropriate level of data protection. We will provide you with a copy of the standard contractual clauses upon request. The legal basis for the data processing is Art. 6 (1)(1)(a) GDPR. The storage period of the processing is one month. Information on data protection can be found at https://www.navegg.com/en/privacy-policy/.

Revocation of your consent to processing is possible at any time by pushing back the slider in the "Advanced settings" of the Consent tool. In doing so, the lawfulness of the processing carried out on the basis of the consent up to the revocation is not affected by the revocation.

7.18 Neustar, Inc.

We use the services of the Neustar Inc. data managing platform (HQ, 21575 Ridgetop Circle, Sterling, VA 20166). The use of the Neustar data managing platform serves the purpose of analysing, organising and personalising marketing campaigns. For this purpose, Neustar collects, analyses and categorises incoming information generated by the user's device regarding the use of our website and interactions with our website, along with access data, in particular IP address, browser information, the website previously visited, and the date and time of the server request, from various sources (e.g., websites, apps and social media channels), in order to support the personalised targeting of advertisements on websites. Neustar uses cookies, pixel tags (tracking pixels), browser fingerprints and similar technologies for this purpose; these store or read information in user devices when they access our website. Based on this, data can be transferred to Neustar and used as a basis for statistical analysis and measurement of reach. This allows us to test and run user-based advertising campaigns. The legal basis for the processing of your data is Art. 6 (1)(1)(a) GDPR. Neustar also processes your data in the USA. In order to commit to compliance with European data protection standards, Neustar has submitted to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework) (https://www.privacyshield.gov/participant?id=a2zt0000000TNKOAA4&status=Active). The storage period of your data is one month. For more information regarding data protection at Neustar, please visit https://www.home.neustar/privacy/privacy-policy.

Revocation of your consent to processing is possible at any time by pushing back the slider in the "Advanced settings" of the Consent tool. In doing so, the lawfulness of the processing carried out on the basis of the consent up to the revocation is not affected by the revocation. 

7.19 Oracle Bluekai

On our website, we have also integrated the services of the Bluekai data managing platform provided by Oracle (Oracle Corporation, 500 Oracle Parkway, Redwood Shores CA, 94065 United States). The use of the Bluekai data managing platform serves the purpose of analysing, organising and personalising marketing campaigns. For this purpose, the tool collects, analyses, and categorises incoming information generated by the user's device regarding the use of our website and interactions with our website, along with access data, in particular IP address, browser information, the website previously visited, and the date and time of the server request, from various sources (e.g., websites, apps, and social media channels), in order to support the personalised targeting of ads on websites. For this purpose, Oracle uses cookies, pixel tags (tracking pixels), browser fingerprints and similar technologies that store or read information in user devices when they access our website. Based on these, data can be transferred to Oracle and used as a basis for statistical analysis and measurement of reach. This allows us to test and run user-based advertising campaigns. The legal basis for the processing of the data is Art. 6 (1)(1)(a) GDPR. Oracle also processes your data in the United States. In order to commit to compliance with European data protection standards, Oracle has submitted to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework) (https://www.privacyshield.gov/participant?id=a2zt00000000181AAA&status=Active). The storage period of your data is one month. For more information on data protection, please visit https://www.oracle.com/de/legal/privacy/

Revocation of your consent to processing is possible at any time by pushing back the slider in the "Advanced settings" of the Consent tool. In doing so, the lawfulness of the processing carried out on the basis of the consent up to the revocation is not affected by the revocation.

7.20 Salesforce Salescloud

We use the Sales Cloud tool from the provider Salesforce (Salesforce.com, inc., Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, United States). The use of the Sales Cloud from Salesforce serves the purpose of analysing, organising and personalising marketing campaigns. For this purpose, the tool collects, analyses and categorizes incoming information generated by the user's device regarding the use of our website/app and interactions with our website/app along with user access data, in particular IP addresses, mobile device advertising codes, browser information, the website previously visited and the date and time of the server request. Salesforce also analyses usage behaviour and access data from other sources such as apps, social media channels (published posts and generally available information) or newsletters (e.g., whether and when newsletters are opened and which links are clicked by the reader to measure reading habits, opening and click-through rates), in order to support the personalised targeting of ads on websites, social media platforms, in apps as well as on our newsletters. For this purpose, Salesforce uses cookies, pixel tags (tracking pixels), browser fingerprints, and similar technologies that store or read information in user devices when they access our websites, apps, social media channels or newsletters. Based on these technologies, data from users may be transferred to Salesforce and used as the basis of statistical analysis and measurement of reach. This allows us to test usage-based advertising campaigns and present usage-based advertising media. The legal basis for the processing is Art. 6 (1)(1)(a) GDPR. Salesforce also processes your data in the USA. Salesforce has submitted to the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework) and has thus committed to compliance with European data protection standards (https://www.privacyshield.gov/participant?id=a2zt0000000KzLyAAK&status=Active). The storage period of your data is six months. For information regarding Salesforce privacy, please visit https://www.salesforce.com/de/company/privacy/full_privacy/.

Revocation of your consent to processing is possible at any time by pushing back the slider in the "Advanced settings" of the Consent tool. In doing so, the lawfulness of the processing carried out on the basis of the consent up to the revocation is not affected by the revocation.

7.21 Redvertisment

We also use the Redvertisment marketing tool of Reach Group GmbH (Am Karlsbad 16, 10785 Berlin). The Redvertisment online marketing tool serves the purpose of tailoring our marketing campaigns to user needs and continuously improving our marketing strategy through statistical analysis and measurement of reach. For this purpose, the tool collects, analyses, and categorises incoming information generated by the user's device regarding the use of our website and interactions with our website, along with access data, in particular IP address, browser information, the website previously visited, and the date and time of the server request, from various sources (e.g., websites, apps, and social media channels), in order to support the personalised targeting of ads on websites. For this purpose, the online marketing tool uses cookies, pixel tags (tracking pixels), browser fingerprints and comparable technologies that store or read information in user devices when they visit our website. Based on this, data can be transferred to The Reach Group and used as a basis for statistical analysis and measurement of reach. This allows us to test and run user-based advertising campaigns. The legal basis for the processing is Art. 6 (1)(1)(a) GDPR. The storage period of your data is three months. Information For more information regarding data protection at The Reach Group, please visit https://trg.de/datenschutzerklarung/.

Revocation of your consent to processing is possible at any time by pushing back the slider in the "Advanced settings" of the Consent tool. In doing so, the lawfulness of the processing carried out on the basis of the consent up to the revocation is not affected by the revocation.

7.22 Yahoo Web Analytics 

We also use the web analysis tool provided by Yahoo (part of Verizon Media EMEA Limited, 5-7 Point Square, North Wall Quay, Dublin 1, Ireland). The Yahoo Web Analytics web analytics service uses technologies such as cookies, tracking pixels and device fingerprinting to track specific user behaviour on websites. In doing so, information stored on user devices is also processed. With the help of tracking pixels embedded in websites and cookies stored on user devices, Yahoo Web Analytics processes the information generated regarding the use of our website by user devices - e.g., that a certain web page was retrieved - and access data for the purpose of the statistical analysis of website use. Access data includes, in particular, the IP address, browser information, the website previously visited, along with  the date and time of the server request. The legal basis for the data processing is Art. 6 (1)(1)(a) GDPR. The storage period of your data is twelve months. Further information on data protection within the framework of Yahoo Web Analytics can be found at https://www.verizonmedia.com/policies/us/en/verizonmedia/privacy/index.html.

Revocation of your consent to processing is possible at any time by pushing back the slider in the "Advanced settings" of the Consent tool. In doing so, the lawfulness of the processing carried out on the basis of the consent up to the revocation is not affected by the revocation.

7.23 Yahoo Advertising Insights

We also use the online marketing tool of Yahoo (part of Verizon Media EMEA Limited, 5-7 Point Square, North Wall Quay, Dublin 1, Ireland). Yahoo Advertising Insights is used to draw attention to our attractive offers with the help of advertising media on external websites. We can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns. These advertising media are delivered by Yahoo via so-called "ad servers". For this purpose, we use cookies and similar tracking technologies such as tracking pixels and browser fingerprints, through which certain parameters for measuring reach - e.g., display of ads, duration of viewing or clicks by users - can be measured. In doing so, information stored on user devices is also processed. If users access our website via a Yahoo advertisement, Yahoo stores a cookie on the user's device. With the help of cookies and tracking pixels, Yahoo processes the information generated by the user's device regarding interactions with our advertising media (retrieval of a specific website or click on an advertising medium) and user access data, in particular IP address, browser information, the website previously visited and the date and time of the server request, for the purpose of analysing and visualising the measurement of reach of our advertisements. Based on the marketing tools used, the user's browser automatically establishes a direct connection with the Yahoo server. The legal basis for the data processing is Art. 6 (1)(1)(a) GDPR. The storage period of your data is twelve months. For more information on data protection within the framework of Yahoo Advertising Insights, please visit https://www.verizonmedia.com/policies/us/en/verizonmedia/privacy/index.html.

Revocation of your consent to processing is possible at any time by pushing back the slider in the "Advanced settings" of the Consent tool. In doing so, the lawfulness of the processing carried out on the basis of the consent up to the revocation is not affected by the revocation.

7.24 Yandex Metrica

We also use the Yandex Metrica analysis tool of the provider Yandex LLC (Schipol Boulevard 165, 1118 BG Schipol, The Netherlands). The Yandex web analytics service uses technologies such as cookies, tracking pixels and device fingerprinting to track specific user behaviour on websites. In doing so, information stored on users' devices is also processed. With the help of tracking pixels embedded in websites and cookies stored on user devices, Yandex processes the information generated regarding the use of our website by user devices - e.g., that a certain web page was retrieved - and access data for the purpose of the statistical analysis of website use. Access data includes, in particular, the IP address, browser information, the website previously visited, along with the date and time of the server request. It is also possible to track how the mouse was moved, where it was clicked and how far it was scrolled. Randomly selected individual visits to our website are recorded. Logs of user activity, page content, mouse movements, clicks, scrolling and keystroke activity of visitors are also created. By means of such logs, individual visits to our website can be randomly replayed to identify sources of technical error and derive possible improvements to the user experience of our website. The legal basis for the data processing is Art. 6 (1)(1)(a) GDPR. Yandex also processes your data in Russia. We have concluded so-called "standard contractual clauses" with Yandex in order to commit Yandex to maintaining an appropriate level of data protection. We will provide you with a copy of the agreement upon request. Further information on data protection, in particular on the storage period, can be found at https://metrica.yandex.com/about/info/gdpr

Revocation of your consent to processing is possible at any time by pushing back the slider in the "Advanced settings" of the Consent tool. In doing so, the lawfulness of the processing carried out on the basis of the consent up to the revocation is not affected by the revocation.

8. Rights of the data subject

You have the following rights with respect to personal data concerning you, which you may exercise against us:

  • Right to access: In accordance with Art. 15 GDPR, you can request information regarding your personal data that we process. .
  • Right of rectification: If the information concerning you is not (or no longer) accurate, you may request a rectification in accordance with Art. 16 GDPR. If your data is incomplete, you can request that it be completed.
  • Right of erasure: You may request the erasure of your personal data in accordance with Art. 17 GDPR.
  • Right to restriction of processing: In accordance with Art. 18 GDPR, you have the right to request restriction of your personal data. 
  • Right to object to processing: You have the right to object at any time on grounds relating to your particular situation to the processing of your personal data which is carried out on the basis of Art. 6 (1)(1)(e) or (f) GDPR in accordance with Art. 21 (1) GDPR. In such a case, we will not further process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the purpose of establishing, exercising or defending legal claims (Art. 21 (1) GDPR). In addition, pursuant to Art. 21 (2) GDPR, you have the right to object at any time to the processing of personal data concerning you for the purposes of direct marketing; this also applies to any profiling, insofar as it is related to such direct marketing. We refer you to the right to object in this Privacy Policy in connection with the respective processing.
  • Right to revoke your consent: Insofar as you have given your consent for processing, you have a right of revocation pursuant to Art. 7 (3) GDPR. 
  • Right to data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format ("data portability"), along with the right to have this data transmitted to another controller if the prerequisites of Art. 20 (1)(a),(b) GDPR are fulfilled (Art. 20 GDPR).

You can exercise your rights by sending a message to the contact details mentioned in the "Controller" section or the data protection officer we have appointed. If you believe that the processing of your personal data violates data protection law, you also have the right to lodge a complaint with a data protection supervisory authority of your choice pursuant to Art. 77 GDPR

IYou also have the right to complain to the supervisory authority responsible for us:

The Hesse Data Protection Commissioner 
Gustav-Stresemann-Ring 1 
65189 Wiesbaden 
Tel. 0611/1408-0 
Fax 0611/1408-900 or -901

The supervisory authority to which the complaint has been lodged shall inform the complainant on the progress and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

Book now