Privacy policy

1. Name and Contact Details of the Controller and Data Protection Officer

HHM Hotels GmbH & Co. KG
Pagenstecherstraße 121, 49090 Osnabrück
Phone: +49 541 60960
Email: info@hotel-remarque.de
Website: https://www.hotel-remarque.de/

Data Protection Officer can be contacted at: datenschutz@hotel-remarque.de

2. Purposes and Legal Bases of Data Processing

Your personal data will be processed exclusively in accordance with legal provisions for the following purposes:

• Booking and management of reservations (including online booking): for the implementation of pre-contractual measures and the fulfilment of the contract pursuant to Article 6 (1) (b) GDPR.
• Compliance with legal obligations: in particular, registration obligations pursuant to the German Federal Registration Act (Article 6 (1) (c) GDPR).
• Use of our website (including contact form): processing based on legitimate interests (Article 6 (1) (f) GDPR) and/or for the initiation of a contract (Article 6 (1) (b) GDPR).
• Billing and payment processing: (Article 6 (1) (b), (c) GDPR).
• Safeguarding legitimate interests: e.g., house and IT security, real-time video surveillance of selected public areas (Article 6 (1) (f) GDPR). No image data is stored.
• Use of WLAN: (Article 6 (1) (b), (f) GDPR).
• Newsletter/direct marketing: Only with your consent (Article 6 (1) (a) GDPR).
• Use of cookies and tracking: In the case of analytics, tracking or functional cookies and the integration of external services, processing occurs only with active consent (Article 6 (1) (a) GDPR, § 25 TTDSG); essential cookies required for technical functionality are set on the basis of legitimate interests (Article 6 (1) (f) GDPR).
• Server log files when visiting the website: For technical provision, administration, security, and misuse monitoring (Article 6 (1) (f) GDPR).

3. Categories of Processed Personal Data

• Name, date of birth, address, nationality
• Contact details (telephone number, email address)
• Booking data (e.g., arrival and departure dates, accompanying persons)
• Payment data (bank account information, credit card details)
• Registration data in accordance with the German Federal Registration Act (e.g., identification data)
• Preferences and voluntary information (e.g., intolerances)
• Usage data when visiting the website, in particular:
  • IP address of the user
  • Date and time of access
  • Pages and files accessed
  • Amount of data transferred
  • Browser type/version, operating system (“User Agent”)
  • URL of the website from which the user accessed our site (“referrer”), if provided by the browser
• Usage data when using WLAN (IP/MAC address, access times)
• Video surveillance images (only in designated public areas; no storage)
• Data received via contact forms (first name, last name, email address, reason for inquiry – mandatory fields; company name and telephone number – optional)
• Server and usage data when visiting the website (e.g., IP address, date and time)

4. Contact via the Website

When you use our contact form, the following data are required: first name, last name, email address, and reason for your inquiry. You may voluntarily provide your company and telephone number. We process your information solely to handle and respond to your inquiry. Your data will be treated confidentially and will not be used for any other purpose. You may also contact us by email (info@hotel-remarque.de) or by phone.

5. Online Booking via the Website and Integration of Hotelfinder

You have the opportunity to book rooms directly via our website. For online bookings, you will be redirected to the external booking portal “Hotelfinder.” Hotelfinder processes your data solely for the purpose of handling your booking and takes all necessary technical and organizational measures to ensure data protection. For further information on the processing of your data by Hotelfinder, please refer to Hotelfinder’s privacy policy: https://www.hotelfinder.de/datenschutz

6. Server Log Files and Website Data

When you visit our website, the following data are automatically collected and temporarily stored by our servers and IT systems in so-called server log files:

• IP address of your device
• Date and time of access
• Address of the accessed page or file
• Amount of data transferred
• Browser type and version, operating system (where available, “user agent”)
• Referrer URL (the previously visited website, where provided by the browser)

The processing of these log files is necessary to ensure the stable and secure operation of the website, to detect attempted security breaches, to investigate misuse, and to resolve technical problems. Evaluation of the log files is carried out solely to ensure IT security, administration, and the optimization of our web services. These data will not be merged with other data sources or used to create user profiles.

The legal basis for processing these log files is our legitimate interest in secure website operation (Art. 6 (1) (f) GDPR).

Log files are stored for a period of 30 days and are then automatically deleted, unless there are legal or security-related reasons that require a longer retention (e.g., for the investigation of misuse). In rare exceptional cases, retention may be extended until a specific incident is conclusively resolved. Disclosure to third parties only occurs in the case of legal obligations or security incidents.

7. Video Surveillance in Public Areas

In selected, clearly marked public areas of the hotel, video surveillance is carried out solely for the purpose of exercising our domiciliary rights and ensuring the safety of guests and property, in accordance with Section 4 of the German Federal Data Protection Act (BDSG) and Article 6 (1) (f) GDPR. No video recordings are stored; only real-time monitoring takes place. There is therefore no personal reference through subsequent evaluation. An exception to this principle is made only if storage is absolutely necessary and legally permissible in individual cases for evidentiary purposes.

8. Use of Trackers and Cookies

a) General Information

Our hotel website uses various cookies and tracking technologies to provide functionality and optimize your user experience. The use of these technologies is based on your consent (for analytics, tracking, and functional purposes) or—in the case of essential cookies—on our legitimate interest in ensuring the technical operation of the website.

Upon your first visit to the website, you can make your choices in the cookie banner and adjust or revoke your preferences at any time.

b) Services & Cookies Used in Detail

Essential (technically necessary):

Contao HTTPS CSRF Token:
Protects against CSRF attacks; stored only for the session.

PHP SESSION ID:
Manages the current session; limited to the duration of the browser session.

Both are processed without consent, as they are required for the technical functionality of the website.

Analytics/Tracking:

Google Tag Manager:
Enables the management and triggering of tracking tags and services; does not itself collect personal data, but may integrate third-party services (such as Google Analytics). Transfer of personal data to Google (possibly to the USA) is possible, but only takes place with your consent.

Functional:

Google Maps:
Used to display interactive maps and assist with navigation. Transmits IP addresses and other usage data to Google, only with your consent. Use may involve the transfer of data to third countries (e.g., the USA).

Further details about the individual services can be found in the cookie banner and in the website’s separate cookie policy.

c) Transfer to Third Countries

In connection with the use of Google services, personal data may be transferred to the United States. Such transfers only occur on the basis of your express consent in accordance with Article 49(1)(a) GDPR. Data transfers to other third countries only take place if an adequate level of data protection is ensured.

9. Recipients of Data

• Internal departments for contract execution
• External service providers acting as processors (such as Hotelfinder, IT/web hosting service providers, payment service providers)
• Authorities, where legally required (e.g., registration offices). Data will only be disclosed to third parties or to third countries within the scope described in this privacy policy and as permitted by law.

10. Retention Period

Your data will only be stored for as long as necessary to fulfill the purposes for which it was collected and to comply with statutory retention periods (e.g., 10 years in accordance with commercial and tax regulations). Server log files from website access are retained for 30 days and then automatically deleted. Video surveillance images are not stored. WLAN and server data are retained only for the technically necessary period. Data submitted via contact forms will be deleted upon completion of processing, unless statutory provisions require otherwise.

11. Your Rights

Under the GDPR, you have the following rights:

• Access (Article 15 GDPR)
• Rectification (Article 16 GDPR)
• Erasure (Article 17 GDPR)
• Restriction of processing (Article 18 GDPR)
• Data portability (Article 20 GDPR)
• Objection to processing (Article 21 GDPR)
• Withdrawal of any consent given, with effect for the future (Article 7(3) GDPR)

To exercise your rights, simply send an informal notice by email to datenschutz@hotel-remarque.de or by post to the address stated above. You also have the right to lodge a complaint with a data protection supervisory authority, for example, the State Commissioner for Data Protection of Lower Saxony.

12. Obligation to Provide Data, Profiling

Certain personal data are required for bookings and for compliance with statutory registration obligations. Without this data, it is not possible to conclude the contract. The provision of additional data (e.g., special requests) is voluntary. Automated decision-making or profiling does not take place.

13. Security Measures

We implement appropriate technical and organizational measures to protect your data against accidental or intentional manipulation, loss, destruction, or unauthorized access. The website, as well as booking and contact forms, are operated exclusively using SSL encryption.

14. Amendments to this Privacy Policy

We reserve the right to update this statement in the event of legal or technical changes. The current version is always available on our website.