Privacy Policy

I. General Information

(1) The following information explains how we collect personal data when you use our website. (2) The term “personal data” refers, pursuant to Article 4(1) of Regulation (EU) 2016/679 (hereinafter referred to as the “General Data Protection Regulation” or “GDPR”), to any information relating to an identified or identifiable natural person. This includes, for example, name, address, email address, and user behavior. For further terminology, in particular the terms “processing,” “controller,” “processor,” and “consent,” we refer to the legal definitions set out in Article 4 of the GDPR. (3) For matters that have an effect in Switzerland, even if initiated outside Switzerland, the Swiss Federal Act on Data Protection, hereinafter referred to as the “FADP,” also applies. However, we consistently use the terminology of the GDPR. Where the FADP applies, the GDPR terms “personal data,” “processing,” “processor,” “special categories of personal data,” and “data portability” shall also be understood to mean the corresponding terms used in the FADP, namely “personal data,” “processing,” “processor,” “data transfer,” and “particularly sensitive personal data.” In such cases, the legal meaning of the terms is determined by the FADP. (4) As a matter of principle, we process personal data only to the extent necessary to provide a functional website and the content and services we offer. Personal data is processed regularly only if you have given your consent within the meaning of Article 6(1)(a) GDPR or if processing is permitted by statutory provisions, in particular on the basis of one of the legal grounds listed in Article 6(1)(b) to (f) GDPR. (5) Your personal data will be deleted or blocked as soon as the purpose for which it was stored no longer applies. Storage may also take place if this is provided for by national or European regulations to which we are subject. In such cases, the data will be blocked or deleted once the respective statutory retention period has expired. This shall not apply if further storage of the data is necessary for the conclusion or performance of a contract. (6) Where we use contracted service providers for individual functions of our website or intend to use your data for promotional purposes, we will inform you in detail below about the respective processes.

II. Controller

(1) The controller within the meaning of Article 4(7) GDPR, as well as the other data protection laws applicable in the member states of the European Union and other data protection-related provisions, is: STADTHOTEL MÜNSTER GmbH Managing Director: Reinhold Garthe Aegidiistraße 21 48143 Münster Tel.: +49 0251 4812-0 Fax: +49 0251 4812-123 Email: SERVICE@STADTHOTEL-MUENSTER.DE Register court: District Court of Münster Commercial register no.: HRB3140 (2) Further details regarding the controller can be found in our legal notice.

III. Your Rights

(1) With regard to your personal data, you have the following rights vis-à-vis us:

• the right of access,
• the right to rectification and erasure,
• the right to restriction of processing,
• the right to object to processing,
• the right to data portability.

(2) You also have the right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data. (3) Within the scope of the FADP, you also have the right to:

• data disclosure,
• data destruction.

IV. Processing of Personal Data When Using Our Website for Informational Purposes

(1) If you access our website without registering or otherwise providing us with information (“informational use”), we collect only the personal data that your web browser transmits to our server. When you view our website, we collect the following data, which are technically necessary for us to display our website to you and ensure its stability and security: IP address, date and time of the request, time zone difference to GMT, content of the website, access status (HTTP status), amount of data transferred, referring website, web browser, operating system, language, and browser version. (2) The aforementioned data is also stored in so-called log files on our servers. This data is not stored together with other personal data relating to you. (3) The collection and temporary storage of the IP address is necessary to enable delivery of our website to your device. For this purpose, your IP address must be stored for the duration of your visit to our website. (4) The storage of the aforementioned data in log files serves to ensure the functionality and optimize our website, as well as to ensure the security of our information technology systems. (5) This data is not evaluated for marketing purposes. Our legitimate interest lies in the purposes stated above. The legal basis for the collection and temporary storage of the aforementioned data and log files is Article 6(1)(f) GDPR. The above data used to provide our website is deleted when the respective session ends. The collection of the above data for the provision of our website and the storage of this data in log files is absolutely necessary for the operation of our website. There is no possibility to object.

V. Processing of Personal Data Through Cookies

(1) We use so-called cookies on our website. Cookies are small text files that are stored on your device’s storage medium, such as a hard drive, and through which certain information is transmitted to us as the party setting the cookie. Cookies cannot execute programs or transfer viruses to your device. This website uses the following types of cookies, the scope and functionality of which are explained below. (2) Cookies stored in your web browser:

• Transient cookies: These cookies are automatically deleted when you close your web browser. This includes, in particular, session cookies. They store a so-called session ID, which allows various requests from your web browser to be assigned to the shared session. This enables your device to be recognized when you return to our website. Session cookies are deleted as soon as you log out or close your web browser.

• Persistent cookies: These cookies are automatically deleted after a predetermined period, which may vary depending on the cookie. You can delete these cookies at any time in your browser settings.

(3) The processing of personal data by means of the aforementioned cookies is intended to make our website more user-friendly and effective overall. Some functions of our website cannot be offered without the use of these cookies. In particular, certain functions of our website require your web browser to be identified even after a page change. If you have an account, we use cookies to identify you on subsequent visits. This avoids the need to log in again each time you visit our website. The data processed by cookies necessary for providing the functions of our website is not used to create user profiles. Where cookies are used for analysis purposes, they help us improve the quality and usability of our website, its content, and functions. They enable us to understand how the website, which functions are used, and how often they are used. This allows us to continuously optimize our offering. (4) Where cookies are not strictly necessary for technical reasons, we use them only with your prior consent, which you may withdraw at any time. The legal basis is Article 6(1)(a) GDPR. (5) The aforementioned cookies are stored on your device and transmitted from there to our server. You can therefore configure the processing of data and information through cookies yourself. You can make the relevant settings in your web browser, for example by rejecting third-party cookies or cookies altogether. In this context, we would like to point out that you may then not be able to use all functions of our website properly. We also recommend regularly deleting cookies manually and clearing your browser history.

VI. Additional Functions and Services of Our Website

(1) In addition to the informational use described above, we offer various services that you may use if interested. This usually requires the provision of additional personal data. We need this data in order to provide the respective service. The above principles of data processing apply in this respect. (2) In part, we use external service providers to process this data; these providers are carefully selected and commissioned by us. They are bound by our instructions and are regularly monitored by us. Where personal data is disclosed to third parties in the context of services offered jointly with partners, you can find further information in the following descriptions of the individual services. Where these third parties are located in a country outside the European Economic Area, you can find further information about the consequences of this in the following descriptions of the individual services.

VII. Contact

(1) If you contact us by email, the personal data you provide in your email will be stored. (2) We also provide a contact form on our website through which you may contact us. The data you enter in the form will be transmitted to and stored by us: first name, last name, email address, address, telephone number. (3) The data is used exclusively to respond to your inquiries. Unless explicitly stated otherwise in this privacy policy, the data will not be disclosed to third parties. In addition, we collect your IP address and the time the message was sent. (4) The processing of the above personal data serves solely to handle your inquiries. (5) Any additional personal data processed through the use of the contact form on our website serves to prevent misuse and to ensure the security of our information technology systems. (6) This also constitutes our legitimate interest in processing your personal data. If you have given us your consent, the legal basis for processing this data is Article 6(1)(a) GDPR. Otherwise, the legal basis is Article 6(1)(f) GDPR, in particular where the data is transmitted to us by email. If your email is intended to initiate a contractual relationship, Article 6(1)(b) GDPR also serves as a legal basis. (7) Subject to statutory retention periods, the data will be deleted once we have fully processed your request. If you contact us by email, you may object to the storage of your personal data at any time. Please note that in this case your request can no longer be processed. You may declare your withdrawal of consent or your objection by sending an email to the address stated in our legal notice.

VIII. Online Application

(1) We offer you the opportunity to apply online on our website. Participation in the application process requires the provision of personal data. This may include, among other things, personal master data such as first name, last name, address, and date of birth; contact details such as telephone number or email address; as well as data relating to your educational and/or professional background, such as school and employment references, information about training, internships, or previous employers. This data may come from an application form you complete online on the application platform or from documents you provide, such as a cover letter, résumé, application photo, references, or other professional qualifications. Data that is mandatory for participation in the application process is marked accordingly as required information. Unless this privacy policy names a third-party provider whose service we use to provide the online application function, no data will be disclosed to third parties. (2) We process the above data for the purpose of conducting the application procedure. If you have given your consent, the legal basis for processing the data is Article 6(1)(a) GDPR. If processing of the above data serves to establish contractual relationships, the legal basis is Article 6(1)(b) GDPR. (3) The data will be deleted as soon as it is no longer required for the purpose for which it was collected. If an employment relationship, training relationship, internship, or other service relationship is established following the application process, the data will initially continue to be stored and transferred to the personnel file. Otherwise, the application process ends upon receipt of a rejection. In this case, the data will be deleted after four weeks. Data will not be deleted if further processing and storage of your personal data is required in a particular case for the assertion, exercise, or defense of legal claims. In this case, we have a legitimate interest in the continued processing and storage of your personal data. The legal basis is Article 6(1)(f) GDPR. Data will also not be deleted if we are legally required to retain your personal data further. (4) You may withdraw any consent granted to us at any time. You may object to the processing of your personal data at any time. In particular, you may withdraw your application at any time. In the context of the application process, you should provide only those personal data that are necessary for participation in and execution of the application process. There is no legal or contractual obligation to provide data. However, please note that without this data we cannot conduct the application process and cannot consider your application. The same applies if you object to the processing of your data. The data stored about you can be amended at any time. (5) We also offer you the possibility of having your application stored in an applicant pool. This allows us to consider your application beyond the specific application process in further future application procedures. Storage of your application in the applicant pool requires your consent. We store your application in the applicant pool for six months. The legal basis for processing is Article 6(1)(a) GDPR. You may withdraw the consent given to us at any time. (6) We process and/or store your personal data on a server of an external provider within the European Union. This ensures that the standards and regulations of European data protection law are complied with.

IX. Inquiries via MEETOVO

We use the software solution provided by MEETOVO Software GmbH, Robert-Koch-Straße 8, 21423 Winsen (Luhe), Germany, to process inquiries. The provider acts in accordance with the legal requirements of Article 28 GDPR. Your data therefore remains subject to the strictest confidentiality at all times. When you submit an inquiry to us, a direct connection is established between your browser and the provider’s server when the inquiry page is accessed. As a result, the provider receives the information that you visited our page with your IP address. The IP address is anonymized and deleted again after 7 days. If you submit an inquiry via the embedded form, the personal data required for the inquiry that you enter (email address, first and last name, mobile number or telephone number) will be transmitted to the provider and stored on its servers, as well as sent to us by email. Any other form entries are transmitted during input for analysis purposes if you consent to this. The collection of this data is necessary for handling the inquiry. Without this processing, you cannot submit inquiries. This processing is carried out pursuant to Article 6(1)(b) GDPR for the performance of our contractual obligations and services, as well as on the basis of our legitimate interests in handling inquiries quickly and effectively within the meaning of Article 6(1)(f) GDPR. The provider deletes your data once it is no longer required. The provider reviews the necessity every two years. Otherwise, deletion occurs no later than 5 years after the last inquiry. Further information can be found in the provider’s privacy policy at: [https://meetovo.de/datenschutz](https://meetovo.de/datenschutz)