Data protection

With the following information we would like to give you an overview of the collection and processing of your personal data in connection with your stay in our hotel and the use of our website.

Name and address of the person responsible

The person responsible within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is the company:

 

Millennium Hospitality Solutions  GmbH
Rossertstrasse 4
61449
  Steinbach Ts.

Email: info@corona-frankfurt.com

Address of the data protection officer

The data protection officer can be reached by post at the address of the person responsible:
 

Millennium Hospitality Solutions  GmbH

Data protection officer

Rossertstrasse 4

61449  Steinbach Ts.

 

Email: info @ corona-frankfurt.com

Handling of personal data  Scope of the processing of personal data

In principle, we only process personal data of our users insofar as this is necessary to provide a functional website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies in those cases in which prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art.  6 para.  1 lit.  a EU General Data Protection Regulation (GDPR) as the legal basis for the processing of personal data.


When processing personal data that is required to fulfill a contract to which the data subject is a party, Art.  6 para.  1 lit.  b GDPR as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art.  6 para.  1 lit.  c GDPR as the legal basis.


In the event that vital interests of the data subject or another natural person require the processing of personal data, Art.  6 para.  1 lit.  d GDPR as the legal basis.

If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the person concerned do not outweigh the first-mentioned interest, Art.  6 para.  1 lit.  f GDPR as the legal basis for processing.

Cooperation with contract processors and third parties

If we disclose data to other persons and companies as part of our processing, transmit them to them or otherwise grant them access to the data, this is only done on the basis of a legal permission, you have consented, a legal obligation provides for this or on the basis of our legitimate Interests.

Use of the website  Description and scope of data processing

Every time our website is called up, our system automatically collects data and information from the computer system of the calling computer. The data collected in this way is temporarily stored in log files. Until the automatic deletion, the following data will be stored without further input by the visitor:

  • IP address and MAC address of the visitor's terminal device and / or any upstream router with NAT (Network Address Translation)

  • Date, time and duration of the access by the visitor

  • Name and URL of the page called up by the visitor

  • Website from which the visitor arrives at the company website (so-called referrer URL) (URL: Uniform Resource Locator)

  • Information about the type of Internet browser and version used

  • Operating system of the visitor's device

  • the name of the internet provider used by the visitor

This data will not be merged with other data sources.

Legal basis for data processing

The processing of this personal data is justified in accordance with Article 6, Paragraph 1, Sentence 1, Letter f of the GDPR.

Purpose of data processing

Our company has a legitimate interest in data processing for the purpose

  • to establish the connection to the website

  • to enable a user-friendly application of the website

  • to recognize and guarantee the security, data protection and the stability of the systems as well as

  • to facilitate and improve the administration of the website

The processing is expressly not carried out for the purpose of gaining knowledge about the person visiting the website. An evaluation of the data for marketing purposes does not take place in this context.

 

Data processing takes place in the test center:

  • in connection with the submission of test results

  • Reports to the health department required by the Infection Protection Act

  • Communication with the patient  

Duration of storage

The data in the log files are automatically deleted after seven days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or alienated, so that it is no longer possible to assign them to the calling computer.

Opposition and removal option

The collection and processing of the data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no possibility of objection on the part of the user.

Contact function

Description and scope of data processing

Visitors can send us messages via a contact function on the website. This is done by providing a contact e-mail address, which can also be used to call up your own e-mail program by calling up a corresponding link. For this and in order to be able to receive a reply, at least the use of a valid e-mail address is required. The person making the request can provide all further information voluntarily. By sending the message via the contact function or to the email address provided, the visitor consents to the processing of the personal data transmitted.


We expressly point out that the transmission of unencrypted e-mails through the plain text transmission over the Internet cannot technically guarantee confidentiality or authenticity. We can send and receive encrypted emails. Please contact us by phone in advance.

Legal basis for data processing

If it is given, this is done on the basis of voluntarily given consent in accordance with Art. 6 Paragraph 1 Clause 1 lit. a GDPR, otherwise it takes place on the basis of Art. 6 Paragraph 1 lit.


If the aim of the email is to conclude a contract, the additional legal basis for processing is Article 6 (1) (b) GDPR.

Opposition and removal option

The user has the option to revoke his consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued. The revocation of the consent and the objection to the storage can be made informally by e-mail to info@corona-frankfurt.com, by post, by telephone, by fax or in person in our office. In this case, all personal data stored in the course of contacting us will be deleted.

Use of cookies Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. When a user calls up a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be clearly identified when the website is called up again.
We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can also be identified after changing pages.
The following data is stored and transmitted in the cookies:

  • language settings

  • Log-in information

  • Date and time of access

  • Entered search terms

  • Frequency of page views

  • Visited internal URLs

  • Website functions used

The user data collected in this way is pseudonymised by technical precautions. It is therefore no longer possible to assign the data to the calling user. The data is not stored together with other personal data of the user.

Targeting

Data is collected on our website to optimize our advertising and the entire online offer. This data is not used to identify you personally, but is used solely for a pseudonymous evaluation of the use of the homepage. At no time will your data be merged with the personal data stored by us. Our aim is to make our online offer as attractive as possible for you and to present you with advertising that corresponds to your areas of interest.

Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art.  6 para.  1 lit.  f GDPR.

Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For this it is necessary that the browser is recognized even after changing pages.
We need cookies for the following applications:

  • shopping cart

  • Acceptance of language settings

  • Remembering search terms

  • Remembering visited pages

The user data collected by technically necessary cookies are not used to create user profiles. The analysis cookies are used for the purpose of improving the quality of our website and its content. The analysis cookies tell us how the website is used and so we can continuously optimize our offer. Our legitimate interest in the processing of personal data in accordance with Art.  6 para.  1 lit.  f GDPR.

Duration of storage, possibility of objection and removal

Cookies are stored on the user's computer and transmitted to our website from there. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically.
If cookies are deactivated for our website, it is possible that not all functions of the website can be used to their full extent.

Registration and registration for the Corona rapid test

Description and scope of data processing

We carry out corona rapid tests after providing personal data. The data is thereby in registration forms  entered and stored in both analogue and digital form.  

The following data is collected during the registration process:

  • last name

  • First name

  • birth date

  • place of birth

  • e-mail

  • phone

  • address

  • Clinical questions about symptoms

  • Indications

In certain circumstances, we may also collect the following information:

  • Date and test time + test number

  • Billing address

  • Data on family members and companions, such as names and ages of children

  • Further information from the free text field

At the time of registration, the following data is also stored:

  • The IP address of the user

  • Date and time of registration

Legal basis for data processing

The legal basis for the processing of the data is Art.  6 para.  1 lit.  a GDPR. If the registration serves to fulfill a contract to which the user is a party or to carry out pre-contractual measures, the additional legal basis for the processing of the data is Art.  6 para.  1 lit.  b GDPR.

Purpose of data processing

Registration of the user is required to fulfill a contract with the user or to carry out pre-contractual measures.
They enable the implementation of corona tests.
  An identification of the user is therefore necessary for the provision of this content and services.

Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is the case during the registration process to fulfill a contract or to carry out pre-contractual measures when the data is no longer required for the execution of the contract. Even after the contract has been concluded, it may be necessary to save personal data of the contractual partner in order to meet contractual or legal obligations.

Opposition and removal option

As a user, you have the option of canceling the reservation at any time. You can have the data stored about you changed at any time. If the data is required to fulfill a contract or to carry out pre-contractual measures, premature deletion of the data is only possible if there are no contractual or legal obligations to prevent deletion.

Passing on your data to third parties

In order to be able to operate our Corona test center, it may be absolutely necessary to pass it on to third parties. In order to make our website as user-friendly as possible for you as a user, we use products from external service providers. In the following you have the opportunity to find out about the data protection regulations for the deployment and use of the services and functions used, in order to be able to exercise your rights with the service providers if necessary.

Health department

In the event of a positive test, according to the Infection Protection Act, we are obliged to report your data to the Health Office, which in turn will contact you about how to proceed.

Use of social media and plug-ins

We maintain an online presence within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services.
We would like to point out that user data can be processed outside of the European Union. This can result in risks for the user because it could make it more difficult to enforce the users' rights, for example. With regard to US providers who are certified under the Privacy Shield, we would like to point out that they undertake to comply with the data protection standards of the EU.

Facebook plugins

Plugins of the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated on our pages. You can recognize the Facebook plugins by the Facebook logo or the “Like” button on our website. You can find an overview of the Facebook plugins here: https://developers.facebook.com/docs/plugins/.


When you visit our website, the plug-in establishes a direct connection between your browser and the Facebook server. As a result, Facebook receives the information that you have visited our site with your IP address. If you click the Facebook “Like” button while you are logged into your Facebook account, you can link the content of our pages to your Facebook profile. This enables Facebook to assign your visit to our website to your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or its use by Facebook. You can find more information on this in Facebook's data protection declaration at: https://de-de.facebook.com/policy.php.


If you do not want Facebook to be able to assign your visit to our website to your Facebook user account, please log out of your Facebook user account.

Google+ plugin

Our pages use Google+ functions. Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Collection and dissemination of information: You can use the Google+ button to publish information worldwide. You and other users receive personalized content from Google and our partners via the Google+ button. Google saves both the information that you have given +1 for content and information about the page that you viewed when you clicked +1. Your +1 can be shown as a hint together with your profile name and your photo in Google services, such as in search results or in your Google profile, or in other places on websites and advertisements on the Internet.
Google records information about your activities in order to improve Google services for you and others. In order to be able to use the Google+ button, you need a globally visible, public Google profile that must contain at least the name chosen for the profile. This name is used in all Google services. In some cases, this name can also replace another name that you have used when sharing content via your Google account. The identity of your Google profile can be shown to users who know your email address or who have other identifying information about you.
Use of the information collected: In addition to the purposes outlined above, the information you provide will be used in accordance with the applicable Google data protection provisions. Google may publish summarized statistics on user activities or pass them on to users and partners, such as publishers, advertisers or affiliated websites.

Instagram plugin

Functions of the Instagram service are integrated on our website. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA.
If you are logged into your Instagram account, you can link the contents of our pages to your Instagram profile by clicking the Instagram button. This enables Instagram to assign your visit to our website to your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or its use by Instagram.
You can find more information on this in Instagram's privacy policy: https://instagram.com/about/legal/privacy/.

Google Web Fonts

This page uses so-called web fonts, which are provided by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your web browser in order to display texts and fonts correctly.
For this purpose, the browser you are using must connect to the Google servers. This gives Google knowledge that our website has been accessed via your IP address. The use of Google Web Fonts takes place in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 lit.f GDPR.
If your browser does not support web fonts, a standard font will be used by your computer.
Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's data protection declaration: https://www.google.com/policies/privacy/.

Google Tag Manager

Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) Tag Manager is a solution with which we can manage so-called website tags via an interface (and for example Google Analytics and other Google marketing services in integrate our online offer). The Tag Manager itself does not process any personal data from users. With regard to the processing of users' personal data, reference is made to the following information on Google services. Usage guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html.

Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google uses cookies that are stored on your computer and enable Google to analyze the use of our offer. The information collected in this way about the use of our website (including your IP address) is transmitted to a Google server in the USA and stored there. Google Analytics uses so-called "cookies", text files that are stored on your computer and thus enable your use of the website to be analyzed. The basis for this is our legitimate interest in accordance with Art. 6 Para. 1 lit. f. GDPR.
Google is certified under the Privacy Shield Agreement and thus offers a guarantee that it will comply with European data protection law. (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active)
Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with other services related to the use of this online offer and the internet. In doing so, pseudonymous user profiles can be created from the processed data.
We only use Google Analytics with activated IP anonymization. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address will only be sent to a Google server in the USA and shortened there in exceptional cases.
The IP address transmitted by the user's internet browser will not be merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; Users can also prevent Google from collecting the data generated by the cookie and relating to their use of the online offer and from processing this data by downloading and installing the browser plug-in available under the following link:
  http://tools.google.com/dlpage/gaoptout?hl=de.
You can find more information on the use of data by Google, setting and objection options in Google's data protection declaration (https://policies.google.com/technologies/ads) and in the settings for the display of advertisements by Google (https: // adssettings.google.com/authenticated).
The personal data of the users will be deleted or anonymized after 14 months.

Google Maps

Our websites use Google Maps to display maps and to create directions. Google Maps is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. By using this website, you consent to the collection, processing and use of the automatically collected data and the data you have entered by Google, one of its representatives or third-party providers. The terms of use for Google Maps can be found under Terms of Use for Google Maps. You can find detailed details in the data protection center of google.de: Transparency and options as well as data protection regulations.

Wix

This website uses Wix.com  to create the website content. Wix.com  uses cookies, which are stored on your computer and which allow an analysis of the use of the website. The information generated by the cookies about the use of our website is stored on servers in the USA. Your IP address will be anonymized after processing and before storage.
These cookies remain on your device until you delete them.
The storage of WordPress cookies is based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in the anonymous analysis of user behavior in order to optimize both its website and its advertising.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when you close the browser. Deactivating cookies may restrict the functionality of our website.
You can object to the collection and use of your data for the future. If you delete the cookies on your computer, you will have to set the opt-out cookie again.

General

Data deletion and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

Your rights as a data subject

Insofar as your personal data is processed when you visit our website, you as the "data subject" have the following rights within the meaning of the GDPR:

information desk

You can request information from us as to whether we process your personal data. There is no right to information if the data must be kept secret due to an overriding legitimate interest of a third party. Deviating from this, there may be an obligation to provide information if your interests outweigh the interests of confidentiality, in particular taking into account the threat of damage. The right to information is also excluded if the data is only stored because it may not be deleted due to statutory or statutory retention periods or is used exclusively for data backup or data protection purposes, provided that the provision of information would require a disproportionate amount of effort and processing for other purposes is excluded by suitable technical and organizational measures. If the right to information is not excluded in your case and your personal data is processed by us, you can request information from us about the following information:

  • Purposes of processing

  • Categories of the personal data processed by you

  • Recipients or categories of recipients to whom your personal data will be disclosed, especially in the case of recipients in third countries

  • if possible, the planned duration for which your personal data will be stored or, if this is not possible, the criteria for determining the storage duration

  • the existence of a right to correction or deletion or restriction of the processing of your personal data or a right to object to this processing

  • the existence of a right of appeal to a supervisory authority for data protection,  if the personal data have not been collected from you as the data subject, the available information about the origin of the data

  • if necessary, the existence of automated decision-making including profiling and meaningful information about the logic involved as well as the scope and intended effects of automated decision-making

  • possibly in the case of transmission to recipients in third countries, unless the EU Commission has decided on the adequacy of the level of protection according to Art. 45 Para. 3 GDPR

  • Information about which suitable guarantees according to Art. 46 Para. 2  GDPR are intended to protect personal data

Correction and completion

If you discover that we have incorrect personal data about you, you can request us to correct this incorrect data immediately. If your personal data is incomplete, you can request completion.

Deletion ("right to be forgotten")

You have a right to erasure ("right to be forgotten"), provided that processing is not necessary to exercise the right to freedom of expression, the right to information or to fulfill a legal obligation or to perform a task that is in the public interest and one of the following reasons applies:

  • The personal data are no longer necessary for the purposes for which they were processed.

  • The justification for the processing was solely your consent, which you have revoked.

  • You have filed an objection to the processing of your personal data, which I have made public.

  • You have objected to the processing of personal data not made public by us and there are no overriding legitimate reasons for the processing.

  • Your personal data has been processed unlawfully.

  • The deletion of personal data is necessary to fulfill a legal obligation to which I am subject.

  • The personal data relating to you was collected in relation to information society services offered in accordance with Art. 8 Para. 1 GDPR.

There is no entitlement to deletion if, in the case of lawful, non-automated data processing, due to the special type of storage, deletion is not possible or only possible with disproportionately high effort and your interest in deletion is low. In this case, instead of deletion, processing is restricted.

Restriction of processing

You can request that we restrict processing if one of the following reasons applies:

  • You dispute the accuracy of the personal data. In this case, the restriction can be requested for the duration that enables us to check the accuracy of the data.

  • The processing is unlawful and you request the restriction of the use of your personal data instead of deletion.

  • We no longer need your personal data for processing purposes, but you need them to assert, exercise or defend legal claims.

  • You have lodged an objection in accordance with Art. 21 Paragraph 1 GDPR. The restriction of processing can be requested as long as it is not yet certain whether our legitimate reasons outweigh your reasons.

Restriction of processing means that the personal data are only processed with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest. Before we lift the restriction, we have a duty to inform you about it.

Data portability

You have the right to data portability, provided that the processing is based on your consent (Art. 6 Paragraph 1 Clause 1 lit. a) or Art. 9 Paragraph 2 lit. a) GDPR) or on a contract to which you are a party and the processing is carried out using automated procedures. In this case, the right to data portability includes the following rights, provided that this does not affect the rights and freedoms of other people: You can request that we receive the personal data that you have provided to us in a structured, common and machine-readable format. You have the right to transfer this data to another person responsible without hindrance on our part. As far as technically feasible, you can request that we transfer your personal data directly to another person responsible.

Contradiction

If the processing is based on Art. 6 Para. 1 Clause 1 lit.e) GDPR (performance of a task in the public interest or in the exercise of official authority) or Art. 6 Para. 1 Clause 1 lit. or a third party), you have the right to object at any time to the processing of your personal data for reasons that arise from your particular situation. This also applies to profiling based on Art. 6 Paragraph 1 Clause 1 lit. e) or lit. f) GDPR. After exercising the right to object, we will no longer process your personal data unless we can demonstrate compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
You can object to the processing of your personal data for direct marketing purposes at any time. This also applies to profiling that is associated with such direct mail. After exercising this right of objection, we will no longer use the relevant personal data for direct marketing purposes.
You have the option of informing us of your objection by telephone, email, fax or to our postal address listed at the beginning of this data protection declaration.

Revocation of Consent

You have the right to revoke your consent at any time with effect for the future. The revocation of the consent can be communicated informally by telephone, email, fax or to our postal address. The revocation does not affect the legality of the data processing, which took place on the basis of the consent up to the receipt of the revocation. After receipt of the revocation, the data processing, which was based solely on your consent, will be discontinued.

complaint

If you are of the opinion that the processing of your personal data is unlawful, you can lodge a complaint with a data protection supervisory authority that is responsible for the place of your residence or place of work or for the place of the alleged violation.

We reserve the right to change this data protection declaration at any time with effect for the future; the current version is available on our website.


The last revision was on December 1st, 2020