The protection of your personal data and privacy is of particular importance to us. We are therefore committed to safeguarding your personal data and collecting, processing, and using it only in accordance with applicable data protection laws. The following information on data processing explains which of your personal data is collected on our websites and within our corporate group, and how the data we receive from you is used.
This privacy policy applies to the online services of b’mine hotels GmbH, accessible under the domain bmine.de and its various subdomains (“our website”).
With these data protection notices, we inform you when we store which data and how we use it—of course in compliance with applicable legislation. Data protection at b'mine Hotels is specifically aligned with the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). When using the internet, we follow the Telecommunications-Digital-Services-Data-Protection-Act (TDDDG) of the Federal Republic of Germany to protect your personal data.
The following explains which information we collect within the hotel group and during your visit to our websites, and how it is used.
Responsible Party
for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR):
b’mine hotels GmbH
Holzhauser Straße 148
13509 Berlin
Phone: +49 30 221826770
Email: info@bmine.de
Data Protection Officer
Data Solution LUD GmbH
Andreas Thurmann
Email: a.thurmann@ds-lud.de
This privacy policy fulfils the legal transparency requirements concerning the processing of personal data. Personal data refers to all information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, email address, IP address, or user behaviour when visiting a website. Information for which we cannot establish a connection to your identity, or only with disproportionate effort—e.g., by anonymisation—is not considered personal data. The processing of personal data (e.g., collection, retrieval, usage, storage, or transmission) always requires a legal basis and a defined purpose.
Stored personal data will be deleted once the purpose of processing has been achieved and no legal reasons justify further storage. We inform you about specific storage periods or criteria within each processing activity. Independently, we may store your personal data in individual cases for the establishment, exercise, or defence of legal claims or when statutory retention obligations apply.
Your personal data collected on our website is only transferred to third parties when necessary for fulfilling the specific purpose and permitted by the applicable legal basis (e.g., consent or legitimate interest). Furthermore, personal data may be transferred in individual cases when necessary for asserting, exercising, or defending legal claims. Possible recipients may include law enforcement agencies, lawyers, auditors, courts, etc.
When service providers operate our website on our behalf and process personal data within the framework of a processing agreement according to Art. 28 GDPR, these providers may also be recipients of your personal data. Further details about processors and web services can be found in the individual processing sections.
The hotel group operates several hotels in Germany with joint responsibility. Data collection, processing, and usage occurs to fulfil this purpose.
b’mine hotels GmbH, Holzhauser Straße 148, Haus 75, 13509 Berlin, Germany is responsible for the handling of central reservations. To enhance our services, all received data is managed in our central hotel software across the hotel group. The responsible entity is the hotel where the booking is made. Each hotel's booking data is only visible to the responsible hotel; however, all hotels share access to guest master data to allow future reservations in other hotels, rebookings, or centralised marketing activities. Central departments such as Reservations and Marketing access this data. The legal basis is our legitimate interest in central administration and customer data usage within the hotel group.
Contact details may later be used for advertising purposes, primarily mailings. Use of email addresses requires consent.
Processing for any purpose other than those mentioned only occurs when such processing is permitted under Art. 6(4) GDPR and compatible with the original contractual purpose. We will inform you before any such further processing.
Legal basis for data processing
The legal basis for data processing is the conclusion of an accommodation contract with the guest. The data transmitted is stored in our hotel software and used for contract fulfilment.
Groups of data subjects, data, and data categories:
To fulfil the purposes stated, the following categories of personal data are collected, processed, and used:
Data may be shared with the following recipients:
Purpose of data processing
The primary purpose of collecting, processing, or using personal data is the administration, care, and service of guests as part of the accommodation contract.
Retention Period
There are various legal retention obligations and periods. After these periods expire, the corresponding data is routinely deleted or anonymised unless still required to fulfil the contract. Accounting-related data of a concluded fiscal year is deleted after ten years in accordance with legal requirements unless longer retention is required. Reservation documents may be destroyed after 6 years, and special registration forms after one year at the end of the calendar year.
Right to object
You may object to the processing of your data at any time. For this purpose, we have set up the following email address: datenschutz@bmine.de.
During your stay in our hotel, we collect and process guest information in our hotel software. Data of the following groups of individuals may be stored:
The stored data may include:
If you made your booking via a hotel portal, tour operator, or travel agency, your data will be transmitted to us by the provider for fulfilment of the contract.
Purposes and legal basis of data processing
The personal data you provide is used exclusively to fulfil the agreed contractual services—namely the administration, care, and service of guests within the accommodation contract.
We store your data in our hotel software as well as in reservation, billing, and payment applications. This may include personal data as well as billing information related to food and beverage consumption, telephone calls from the room, or hotel-specific services.
As a hotel, we are legally required under the German Federal Registration Act (§ 29 ff. BMG) to collect registration forms from foreign guests, either on-site or online. These forms include first and last name, address, date of birth, nationality, accompanying family members, and ID number. All other details are optional.
If you use additional services, we generally only collect the data necessary to provide those services. Any additional data provided is voluntary. The processing of personal data is exclusively for service fulfilment and to protect legitimate business interests under Art. 6(1)(f) GDPR.
Data is used for the following purposes:
Guest contact details may later be used for marketing purposes. The use of email addresses requires your consent.
Processing for purposes other than those mentioned only occurs if such processing is permissible under Art. 6(4) GDPR and compatible with the original contractual purpose. You will be informed prior to such further processing.
Recipients who may receive your data:
As part of video surveillance, personal data in the form of images of employees, guests, visitors, suppliers, service providers, and potentially passers-by is recorded. Surveillance takes place exclusively in security‑relevant areas such as entrances, hallways, building exteriors, storage areas, and other non-public areas.
The cameras record image data only, without audio. Public areas not belonging to the hotel complex are masked. Live images are accessible only to authorised staff.
Data access occurs exclusively for specific purposes by authorised persons or authorities—e.g., to clarify incidents or fulfil legal obligations. All access events are logged (time, reason, name of the accessing person).
Purpose and legal basis of processing
Video surveillance serves the legitimate interests of the hotel, such as protecting persons, property, and buildings from theft, damage, and unauthorised access. It also supports the investigation and documentation of security‑related incidents, operational workflows, enforcement of house rules, hazard prevention, and legal dispute handling.
The legal basis is Art. 6(1)(f) GDPR. If recordings are stored or transmitted to fulfil legal obligations (e.g., safety or law enforcement), processing is additionally based on Art. 6(1)(c) GDPR.
According to European Court of Justice (ECJ) case law, wearing glasses can indicate a health condition and thus be considered special category data under Art. 9(1) GDPR. If such sensitive data is captured, processing occurs only when necessary for legal claims under Art. 9(2)(f) GDPR.
Retention Period
Recordings are generally stored for 72 hours and automatically deleted unless a security incident is identified. In exceptional cases (e.g., events with large crowds), the retention period may be extended.
In the event of a security incident or legal obligation, relevant recordings may be stored for up to one month. After expiration, the data is permanently deleted unless further retention is required to assert legal claims.
Our website offers a contact form for electronic inquiries. If you use this form, the data you enter is transmitted to us and stored. This includes:
*Optional fields such as salutation allow personalised communication.
Alternatively, you may contact us via email. In this case, the personal data transmitted via email is stored.
Legal basis for data processing
The legal basis is our legitimate interest in handling the inquiry. If the inquiry aims at the conclusion of a contract, the legal basis is a pre‑contractual or contractual relationship.
The legal basis for optional information (e.g., salutation) is Art. 6(1)(f) GDPR—our legitimate interest in personalised communication.
Purpose of processing
Personal data from the form is used solely to process your inquiry. Data collected during transmission helps prevent misuse and ensure system security.
Retention Period
Data is deleted once no longer required to fulfil its purpose. For email inquiries, this occurs once the conversation is clearly concluded.
If the inquiry is pre‑contractual (e.g., offer or reservation request), the data is additionally stored in our hotel software. If no contract is concluded, data is deleted after one year at year’s end.
Right to object
You may object at any time by emailing: datenschutz@bmine.de. We note that in case of objection, communication cannot be continued and no offers can be created.
Guests can complete online check‑in before their arrival. The following data is collected:
Additional optional data within the check‑in area:
If you complete an online check-in via our websites or through an app, your data will be stored in the system of Gustaffo Digital Service GmbH, Vorgartenstraße 206B, 1020 Vienna, Austria.
Purpose and Legal Basis for Data Processing
The personal data entered in the online check-in form is processed solely to facilitate the check-in procedure for guests. The legal basis for processing is the conclusion and performance of an accommodation contract in conjunction with Section 30 of the German Federal Registration Act (Bundesmeldegesetz – BMG). The data transmitted will be stored in our hotel management software and used for the performance of the contract.
Retention Period
The data will be automatically deleted after 15 months.
Right to Object
You have the right to object to the processing of your data at any time. For this purpose, we have established the following email address: datenschutz@bmine.de.
Our website offers the option to book rooms and arrangements at b’mine hotels. When using this function, the following data is collected and stored:
If you make an online booking via our website, this is processed through the online reservation system of Guestline GmbH, Agnes-Pockels-Bogen 1, 80992 Munich, Germany.
To process the payment transaction, we use payment service providers. You may choose your preferred payment method. Please note that, depending on your selection, your payment data may be transmitted to and processed on servers of the payment service provider in the United States.
All booking and payment data you enter is transmitted in encrypted form. Our contractual partner has committed to handling your transmitted data in compliance with data protection regulations. They implement all necessary organizational and technical measures to protect your data.
The transmitted data is stored in our hotel management software and used for the performance of the contract. In this context, no further transfer of data to third parties takes place initially.
Legal basis for data processing
The legal basis for the processing of data is the conclusion of an accommodation contract with the guest.
Purpose of data processing
The processing of personal data entered in the input form is carried out solely for the purpose of handling the booking request and processing payment transactions.
Retention period
The data will be anonymised or deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of a contractual relationship, we will delete the data once statutory, commercial, corporate, or contractual retention obligations have been fulfilled. If no contractual relationship is established, the data will be deleted at the end of one year.
Right to object
You may object to the processing of your personal data at any time. For this purpose, we have set up the following email address: datenschutz@bmine.de. Please note that in the event of an objection, the booking cannot be completed or the communication cannot be continued.
b'mine Hotels allows guests to book rooms via external hotel reservation portals. When you use such portals, the data collected through their forms is transmitted to us according to their privacy policies. This data may include:
Legal basis for data processing
The legal basis for the processing of data is the conclusion of an accommodation contract with the guest.
Purpose of data processing
The processing of personal data entered in the input form is carried out solely for the purpose of handling the booking request and processing payment transactions.
Retention period
The data will be anonymised or deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of a contractual relationship, we will delete the data once statutory, commercial, corporate, or contractual retention obligations have been fulfilled. If no contractual relationship is established, the data will be deleted at the end of one year.
Right to object
You may object to the processing of your personal data at any time. For this purpose, we have set up the following email address: datenschutz@bmine.de. Please note that in the event of an objection, the booking cannot be completed or the communication cannot be continued.
Our hotel is connected, as part of a cooperation, to the booking and distribution platforms of Best Western® Hotels & Resorts and WorldHotels™. Interested guests have the possibility to book rooms and packages via these platforms.
The hotel cooperation is coordinated by BWH Hotels Central Europe GmbH (BWHCE), Frankfurter Straße 10–14, 65760 Eschborn, Germany. As part of this cooperation, our hotel is connected to a central reservation system (CRS) operated by BWH Hotels International, Inc. (BWI), 6201 N. 24th Parkway, Phoenix, Arizona 85016, USA.
When making a booking at our hotel – regardless of whether you book directly with us (by telephone, email, via our website, or as a walk-in guest), via an online travel agency (e.g. Booking.com, Expedia), or through a global distribution system (e.g. Amadeus, Sabre) – your booking data is transmitted to the central reservation system. This transmission serves the purpose of booking processing, ensuring system consistency within the hotel cooperation, and providing central services by BWHCE.
If you use this option, the data entered in the respective booking form will be transmitted to us and stored to the extent provided for by the platform’s own privacy policy.
This may include:
The transfer is done through a technical interface between the booking platform and our hotel software.
Legal basis for data processing
The legal basis for the processing of the transmitted data is the initiation of a contractual relationship and the conclusion of an accommodation contract.
Purpose of data processing
BWHCE processes your data within the CRS for the following purposes: provision and operation of the central reservation infrastructure, receipt and forwarding of bookings from external distribution channels, verification and reconciliation of guest data to ensure data consistency, operation of the Best Western Rewards loyalty programme (if you participate), central revenue management and rate control, and – exclusively with your explicit consent – central marketing activities.
Best Western Rewards Loyalty Programme
In our hotels, you have the opportunity to learn about the Best Western Rewards loyalty programme. Registration for the Rewards programme is not carried out via our hotels, but through the registration platform of BWHCE or BWI. If you are interested in participating, we refer you to the Best Western platform, where you can enter your data independently and accept the terms and conditions as well as the privacy policy of BWHCE/BWI.
For data processing within the Rewards programme – including points accumulation, status management, and reward redemption – BWHCE or BWI is responsible, not our hotel. The Best Western privacy policy can be found at: https://www.bestwestern.de/agb-datenschutz.html.
If you are a member of the Rewards programme and stay at our hotel, your stay data (hotel, stay period, room category, revenue) will be automatically assigned to your Rewards account via the CRS to enable points crediting. The legal basis for this processing is the performance of the participation contract between you and BWHCE/BWI (Art. 6(1)(b) GDPR).
Retention period
Your data stored in the central reservation system (CRS) is retained for up to three years after your departure date, according to BWHCE/BWI. The retention period in the CRS is determined by BWHCE/BWI and may differ from the retention period in our hotel system. If you are a member of the Best Western Rewards programme, stay data linked to your Rewards account is stored for the duration of your membership.
You have the right to request deletion of your data in the CRS (Art. 17 GDPR). Please contact our hotel for this purpose. We will forward your deletion request to BWHCE and ensure that the deletion is carried out in the CRS and confirmed to us. Please note that statutory retention obligations may prevent deletion.
Transfer to third countries (USA)
The central reservation system is operated by BWH Hotels International, Inc. (BWI), based in Phoenix, Arizona, USA. As part of booking processing, your personal data is transferred to BWI in the United States.
The transfer is based on Standard Contractual Clauses (SCC) pursuant to Art. 46(2)(c) GDPR, agreed between BWHCE and BWI.
In addition, technical and organisational measures have been implemented to protect your data during transmission and processing in the United States. You have the right to request a copy of the Standard Contractual Clauses or information about the appropriate safeguards. Please contact BWH Hotels Central Europe GmbH, Frankfurter Straße 10–14, 65760 Eschborn, Germany, email: datenschutzbeauftragter@bwhhotels.de.
Right to object and data subject rights
You may object to the processing of your personal data at any time. For this purpose, we have set up the following email address: datenschutz@bmine.de. Please note that in the event of an objection, the booking cannot be completed or the communication cannot be continued.
We further note that in the event of an objection to data processing required for contract fulfilment, a booking cannot be completed or an existing contractual relationship cannot be properly performed.
If you submit an online review via our website, the data will be stored in the review tool of TrustYou GmbH, Agnes-Pockels-Bogen 1, 80992 Munich, Germany.
If you use this online review option as a former guest, your data will be stored within the review form. This data includes: your email address, as well as optional information such as first name, last name, language, and the content of your review.
Legal basis for data processing
The legal basis for the processing of this data is the legitimate interest of b’mine Hotels.
Purpose of data processing
The purpose of the hotel review system is to publish and summarise guest feedback via our website so that potential guests can form their own impression of our services and offerings. In addition, the results are used for internal quality management. The data is used exclusively for the publication of reviews and for handling complaints related to negative reviews.
Retention period
The data is not deleted.
Right to object
You may request the deletion of the publication of your review at any time (right to be forgotten). For this purpose, we have set up the following email address: datenschutz@bmine.de. Please indicate which review your request refers to.
We use the AI solution DialogShift for automated guest communication. The processing of personal data is carried out for the following purposes:
In this context, we process the following categories of personal data:
DialogShift ensures data security and GDPR-compliant processing in accordance with European law. Data processing is carried out using the current state of the art, with appropriate technical and organisational measures to protect personal data.
The AI solution is specifically tailored to hotel operations and provides a secure, reliable, and customised solution that does not function like general-purpose AI tools (e.g. ChatGPT).
Purpose and legal basis of data processing
DialogShift may be used to provide the following services:
The processing of personal data is based on your explicit consent.
By using our AI services (chat, email, telephone), you agree that we process your personal data for the purpose of automated guest communication. You may withdraw this consent at any time without providing any reason.
Retention period
The data will be deleted as soon as it is no longer necessary for the purposes for which it was collected.
Right to object
You may object to the processing of your personal data at any time. For this purpose, we have set up the following email address: datenschutz@bmine.de.
On our website, users have the option to reserve a table at our restaurants in selected hotels. If a user makes use of this option, the data entered in the input form will be transmitted to us. This data includes:
If you make a table reservation via our website, this is processed through the online reservation system of OpenTable GmbH, Warschauer Platz 12, 10245 Berlin, Germany. For more information on data processing, please visit: https://www.opentable.de/c/legal/privacy-policy/
As an additional reservation system, we use Gastronaut provided by Gastronaut GmbH, Bahnhofstr. 55, 69115 Heidelberg, Germany. For more information on data processing, please visit: https://get.gastronaut.ai/datenschutzerklaerung
Legal basis for data processing
The legal basis for the processing of data is initially our legitimate interest in data processing as well as your consent through acceptance of our data processing terms.
Purpose of data processing
The processing of personal data is carried out solely for the purpose of table reservations in our restaurant.
Retention period
The data will be deleted as soon as it is no longer necessary for the purposes for which it was collected.
Right to object
You may object to the processing of your personal data at any time. For this purpose, we have set up the following email address: datenschutz@bmine.de.
Our website offers the possibility to purchase vouchers. If you make use of this option, the data entered in the input form will be transmitted to us and stored.
This data includes:
If you purchase a voucher via our website, this is processed through the online ordering platform GuestVoucher EU of Access Workspace Germany GmbH, Lindwurmstraße 25, 80337 Munich, Germany. All order data you enter is transmitted in encrypted form.
Initially, no further transfer of this data to third parties takes place.
Legal basis for data processing
The legal basis for the processing of the data is the conclusion of a purchase contract with the user in accordance with Art. 6(1)(b) GDPR.
Purpose of data processing
The processing of personal data entered in the input form is carried out solely for the purpose of processing the voucher purchase and handling payment transactions.
Retention period
The data will be deleted as soon as it is no longer necessary for the purposes for which it was collected. In the case of a contractual relationship, the data will be deleted once statutory, commercial, corporate, or contractual retention obligations have been fulfilled.
Right to object
You may object to the processing of your personal data at any time. For this purpose, we have set up the following email address: datenschutz@bmine.de.
Our websites offer users the possibility to subscribe to our newsletter service in various ways. If you use this option and register via the website, the data entered in the input form will be transmitted to us and stored. This data includes:
In addition, interested users may subscribe to the newsletter via our contact forms. If we receive an email address by other means, and the recipient clearly indicates that they wish to receive our newsletter, we will also record their data via the input form on our website.
If you subscribe to our newsletter via our website, the data will be processed using our newsletter tool Smart Host, provided by Smart Host GmbH, Am Kupfergraben 6 A, 10117 Berlin, Germany. The provider is committed to handling your transmitted data in compliance with data protection regulations and implements all necessary technical and organisational measures to protect your data.
If we receive an email address by other means where the recipient clearly expresses their wish to receive our newsletter, we will also record their data via the input form on our website.
In this context, no further transfer of data to third parties takes place.
Legal basis for data processing
The legal basis for the processing of data is your consent as the recipient. This consent is ensured through a double opt-in procedure.
Purpose of data processing
The processing of personal data is carried out solely for the purpose of sending individual newsletters.
Retention period
The data will be deleted as soon as you unsubscribe from the newsletter service.
Right to object
As a newsletter recipient, you may object to the processing of your data at any time. You can unsubscribe from the newsletter with each issue. In addition, we have set up the following email address: datenschutz@bmine.de. Please provide the relevant email address when contacting us.
For the support and consultation of corporate clients, we collect and use, in addition to data relating to the business partner or potential business partner, the contact person’s name, telephone number, and postal address. We obtain this information from various sources, such as enquiries (email or telephone), events, trade fairs, business cards received by our sales staff, and similar channels.
Legal basis for data processing
The legal basis for the processing of this data is our legitimate interest in data processing. If the contact is aimed at the conclusion of a contract, the additional legal basis is the initiation of a business relationship or the contractual relationship. To improve our services, we manage all collected data in the CRM module of our central hotel software within b’mine hotels.
Purpose of data processing
We use this contact data exclusively for our own purposes and for the purpose of tailoring our sales activities to demand.
Retention period
As a general rule, no fixed deletion period is defined. However, if no contact has taken place with the business contact within a period of three years, the sales department will decide whether the contact person’s data should be deleted.
Right to object
As a contact person of a corporate client, you may object to the processing of your personal data at any time. For this purpose, we have set up the following email address: datenschutz@bmine.de. In such cases, all personal data relating to the contact person stored in connection with the business partner will be deleted.
Our company regularly checks your creditworthiness when concluding contracts and, in certain cases where a legitimate interest exists, also for existing customers. For this purpose, we cooperate with Creditreform Boniversum GmbH, Hammfelddamm 13, 41460 Neuss, Germany, from which we obtain the necessary data. Creditreform Boniversum GmbH is a consumer credit agency that operates a database containing creditworthiness information on private individuals.
Legal basis for data processing
The legal basis for the processing of this data is our legitimate interest in assessing creditworthiness when concluding contracts.
Purpose of data processing
For the purpose of credit assessment, we transmit your name and contact details to Creditreform Boniversum GmbH. Information pursuant to Art. 14 of the EU General Data Protection Regulation (GDPR) regarding the data processing carried out by Creditreform Boniversum GmbH can be found here:
https://www.boniversum.de/eu-dsgvo/informationen-nach-eu-dsgvo-fuer-verbraucher/
Retention period
The data is stored for as long as its knowledge is necessary for the fulfilment of the purpose for which it was collected. As a rule, this is initially a period of three years. After this period, it is reviewed whether continued storage is necessary; otherwise, the data is deleted on a daily basis. In the event that a matter is resolved, the data is deleted three years after resolution on a daily basis. Entries in the debtor register are deleted in accordance with Section 882e of the German Code of Civil Procedure (ZPO) after three years from the date of the order of entry. Further information can be found at www.boniversum.de/bonipedia under the section on data deletion.
Right to object
In accordance with Art. 21(1) GDPR, you may object to the processing of your data for reasons arising from your particular situation (e.g. witness protection). You may submit your informal objection in writing to Creditreform Boniversum GmbH, Hammfelddamm 13, 41460 Neuss, Germany, or by email to selbstauskunft@boniversum.de.
The controller within the meaning of Art. 4(7) GDPR is Creditreform Boniversum GmbH, Hammfelddamm 13, 41460 Neuss, Germany. Your contact at Boniversum is the Consumer Service:
Tel.: +49 2131 36845560, Fax: +49 2131 36845570, Email: selbstauskunft@boniversum.de
You can contact the Data Protection Officer of Boniversum at:
Creditreform Boniversum GmbH, Data Protection Officer, Hammfelddamm 13, 41460 Neuss, Germany
Email: datenschutz@boniversum.de
Our website and external job portals (in particular hotelcareer.de) offer the possibility to apply for advertised job positions. If an applicant makes use of this option, the data transmitted to us may be stored and processed. This data includes:
If you submit an online application via our website, this is processed through the online application system Teamtailor HQ of Teamtailor AB, Östgötagatan 16, 11621 Stockholm, Sweden. All application data you enter is transmitted in encrypted form. Teamtailor is committed to handling your data in compliance with data protection regulations and implements all necessary technical and organisational measures to protect your data.
The personal data you provide will be used exclusively for processing your application for the advertised position. Only persons involved in the recruitment process will have access to your personal data. All employees involved in data processing are obliged to maintain the confidentiality of your data. We do not disclose your personal data to third parties unless you have consented to such disclosure or we are legally or officially obliged to do so.
If an applicant is suitable for another position advertised by an affiliated company, we may forward the application documents accordingly. In such cases, we will first obtain the applicant’s consent. Otherwise, the data will be used solely for processing the application by the relevant department and for communication purposes.
Legal basis for data processing
The legal basis for the processing of data is the pre-contractual relationship (application process) or the conclusion of an employment contract.
Purpose of data processing
The processing of personal data is carried out solely for the purpose of processing the job application.
Retention period
The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected, at the latest six months after rejection. In the case of an employment relationship, the data will be deleted once statutory, commercial, corporate, or contractual retention obligations have been fulfilled.
Right to object
As an applicant, you may object to the processing of your personal data at any time. For this purpose, we have set up the following email address: datenschutz@bmine.de.
If personal data relating to you is processed, you are considered a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
You also have the right to withdraw your consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing carried out based on consent before its withdrawal.
For questions regarding your rights and to exercise your rights, please contact the management or the Data Protection Officer.
As a data subject, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement, if you believe that the processing of your personal data infringes applicable data protection laws. This right applies without prejudice to any other administrative or judicial remedy.
The supervisory authority with which the complaint has been lodged will inform you of the progress and outcome of the complaint, including the possibility of a judicial remedy.
For further information, please visit the website of the German Federal Commissioner for Data Protection and Freedom of Information (BfDI):
Below, we provide information about the individual processing activities, the scope and purpose of data processing, the legal basis, whether you are required to provide your data, and the applicable retention periods. No automated decision-making, including profiling, takes place.
Provision of the Website
Nature and scope of processing
When you access and use our website, we collect personal data that your browser automatically transmits to our server. The following information is temporarily stored in so-called log files:
Our website is not hosted by us directly but by Hetzner Online GmbH, which processes the above-mentioned data on our behalf in accordance with Art. 28 GDPR.
Purpose and legal basis
The processing is carried out to safeguard our overriding legitimate interest in providing our website and ensuring its security and stability pursuant to Art. 6(1)(f) GDPR.
The collection of data and its storage in log files are technically necessary for the operation of the website. Therefore, there is no right to object to this processing pursuant to the exception set out in Art. 21(1) GDPR.
Where further storage of log files is required by law, processing is carried out on the basis of Art. 6(1)(c) GDPR.
There is no statutory or contractual obligation to provide this data. However, it is technically impossible to access our website without providing it.
Retention period
The above-mentioned data is stored for the duration of your visit to the website and, for technical reasons, for a maximum period of seven days thereafter.
Cookies are small text files that are sent by us to your device's browser and stored there during your visit to our website.
As an alternative to cookies, information may also be stored in your browser’s local storage.
Some functions of our website cannot be provided without the use of cookies or local storage (technically necessary cookies). Other cookies enable us to perform various analyses, for example allowing us to recognise the browser you use when you revisit our website and transmit different types of information to us (non-essential cookies).
Cookies help us make our website more user-friendly and effective. For example, they enable us to understand how you use our website and to identify your preferred settings, such as country and language preferences.
Where third parties process information through cookies, they collect such information directly through your browser.
Cookies do not cause any damage to your device. They cannot execute programs or contain viruses.
Information about the specific services for which we use cookies is provided in the respective processing activities described below.
Detailed information about the cookies used can be found in this website’s Consent Manager.
We maintain so-called fan pages, accounts, or channels on the social networks listed below in order to provide you with information and offers within social media platforms and to offer you additional ways to contact us and learn more about our services. Below, we explain which data we and the respective social network process in connection with your visit to and use of our fan pages/accounts.
Data we process from you
If you contact us via Messenger or direct message through a social network, we generally process your username through which you contact us and, where necessary to handle and respond to your request, any additional information you provide.
The legal basis for this processing is Art. 6(1)(f) GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller).
(Aggregated) usage data we receive from social networks
Through insight and analytics functions provided by social networks, we receive automatically generated statistics regarding our accounts. These statistics may include, among other things:
These statistics contain only aggregated data and cannot be attributed to individual persons. We are not able to identify individual users based on this information.
Data processed by social networks
You do not need to be a member of the respective social network to view the content of our fan pages or accounts. Accordingly, no user account is required merely to access our content.
Please note, however, that social networks may collect and store data from website visitors even if they do not have a user account (e.g. technical data required to display the website) and may use cookies and similar technologies. We have no influence over these processing activities. Further details can be found in the privacy policies of the respective social networks.
If you wish to interact with content on our fan pages or accounts, for example by commenting on, sharing, or liking our posts, and/or by contacting us via messenger services, prior registration with the respective social network and the provision of personal data are required.
We have no influence over the data processing carried out by social networks in connection with your use of their services. To the best of our knowledge, your data is processed in particular for the provision of the social network’s services and for analysing user behaviour (using cookies, pixels, web beacons, and similar technologies). Based on this analysis, interest-based advertising may be displayed to you both within and outside the respective social network.
It cannot be ruled out that your data may also be stored outside the EU/EEA and disclosed to third parties by the social network providers.
Detailed information regarding the scope and purposes of processing, retention periods, deletion practices, and the use of cookies and similar technologies can be found in the privacy policies and cookie policies of the respective social networks. These policies also contain information about your rights and available objection options.
Facebook Page
When you visit our Facebook page, Facebook (Meta) collects, among other things, your IP address and additional information stored in cookies on your device. This information is used to provide us, as the operator of the Facebook page, with statistical information about the use of our page. Further information is available from Facebook at:
https://facebook.com/help/pages/insights
The statistical information provided to us does not allow us to draw conclusions about individual users. We use it solely to better understand the interests of our users, continuously improve our online presence, and ensure the quality of our services.
We collect data via our Facebook page only to enable communication and interaction with us. This typically includes your name, message content, comment content, and any profile information you have made publicly available.
The processing of your personal data for the purposes described above is based on our legitimate business and communication interests in providing an information and communication channel pursuant to Art. 6(1)(f) GDPR. If you have provided consent to the social network provider for the processing of your data, the legal basis for processing also extends to Art. 6(1)(a) and Art. 7 GDPR.
As the actual data processing is carried out by the social network provider, our access to your data is limited. Only the social network provider has full access to your personal data. Consequently, only the provider can directly implement and fulfil your rights as a data subject, such as requests for access, deletion, correction, or objection. Therefore, exercising such rights directly with the respective provider is generally the most effective approach.
We are jointly responsible with Meta for the personal data processed through our Facebook fan page. Data subject rights may be exercised both with Meta Platforms Ireland Ltd. and with us.
Under the GDPR, Facebook bears primary responsibility for the processing of Insights data and fulfils all obligations relating to the processing of Insights data. Meta Platforms Ireland Ltd. provides data subjects with the essential information regarding the Page Insights Addendum.
We do not make decisions regarding the processing of Insights data or the retention period of cookies stored on users’ devices.
Further information can be found directly from Facebook in the Page Controller Addendum:
https://www.facebook.com/legal/terms/page_controller_addendum
Additional information regarding the scope and purposes of processing, retention periods, deletion practices, and the use of cookies and similar technologies can be found in Facebook’s Privacy Policy and Cookie Policy:
https://www.facebook.com/privacy/policy/
https://www.facebook.com/policies/cookies/
Facebook Fan Page
On our Facebook fan page at https://www.facebook.com/bminehotels, we use plugins provided by Facebook.com, a service operated by Meta Platforms, Inc., 1 Meta Way, Menlo Park, CA 94025, USA.
By using our fan page, data is transmitted to Facebook servers, which may include information about your visits to our fan page. For logged-in Facebook users, this means that usage data may be associated with their personal Facebook account. As soon as you actively use Facebook functions while logged in, such as clicking the Facebook logo or using the comment function, this information may be transferred to and published on your Facebook account. You can avoid this only by logging out of your Facebook account before visiting our fan page.
We do not have detailed knowledge of which specific data Facebook stores and processes. As a user of the fan page, you should therefore assume that Facebook may comprehensively record your activities on the page.
In all other respects, the Terms of Service of Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland apply: https://www.facebook.com/terms.php
The legal basis for this processing is Art. 6(1)(a) and (f) GDPR.
It is possible that we may unintentionally publish images of individuals without having obtained the necessary consent. If publication is not desired, we will take immediate steps to comply with your request. In the case of group photographs, we reserve the right to obscure faces where appropriate. Any depicted individual, as well as third parties, may object at any time to the publication of their personal data (photos). For this purpose, we have established the following email address: datenschutz@bmine.de. The right to object applies in particular to future publications.
Instagram Page
When you visit our Instagram page, Instagram collects, among other things, your IP address and additional information stored in the form of cookies on your device. This information is used to provide us, as the operator of the Instagram page, with statistical information regarding the use of our page. Further information is available at: https://facebook.com/help/pages/insights
The statistical information provided does not enable us to identify individual users. We use it solely to better understand our users’ interests, continuously improve our online presence, and maintain the quality of our services.
We collect data through our Instagram page only to facilitate communication and interaction with us. This typically includes your name, message content, comments, and any profile information you have made publicly available.
The processing of your personal data for the purposes described above is based on our legitimate business and communication interests in providing an information and communication channel pursuant to Art. 6(1)(f) GDPR. If you have granted consent to the social network provider for the processing of your data, the legal basis also includes Art. 6(1)(a) and Art. 7 GDPR.
As the actual processing of personal data is carried out by the social network provider, our ability to access your data is limited. Only the provider has full access to your personal data and can therefore directly implement and fulfil your rights as a data subject, such as requests for access, deletion, correction, or objection. Exercising these rights directly with the respective provider is generally the most effective approach.
We are jointly responsible with Instagram for the personal data processed through our fan page. Data subject rights may be exercised both with Meta Platforms Ireland Limited and with us.
Instagram bears primary responsibility under the GDPR for the processing of Insights data and fulfils all obligations relating to the processing of such data. Meta Platforms Ireland Limited provides data subjects with the essential information contained in the Page Insights Addendum.
We do not make decisions regarding the processing of Insights data or any other information required under Art. 13 GDPR, including the legal basis for processing, the identity of the controller, or the retention period of cookies stored on users’ devices.
Further information can be found in Instagram's agreement with Meta:
https://www.facebook.com/legal/terms/page_controller_addendum
Instagram Fan Page
On our Instagram page at https://www.instagram.com/bminehotels/, we use services and plugins provided by Instagram, a service operated by Meta Platforms, Inc., 1 Meta Way, Menlo Park, California 94025, USA.
By using our Instagram page, data is transmitted to Instagram servers, which may include information about your visits to our page. For logged-in users, usage data may be linked to their personal Instagram account. Whenever you actively use a link provided on our website or interact through Instagram's commenting functions while logged in, this information may be associated with and published through your Instagram account. You can avoid this only by logging out of your Instagram account before visiting our page.
We do not have detailed knowledge of which specific data Instagram stores and processes. As a user of the fan page, you should therefore assume that Instagram may comprehensively record your activities on the page.
The legal basis for this processing is Art. 6(1)(a) and (f) GDPR.
It is possible that we may unintentionally publish images of individuals without the necessary consent. If publication is not desired, we will take immediate action to comply with your request. In the case of group photographs, we reserve the right to obscure faces where appropriate. Any depicted individual, as well as third parties, may object at any time to the publication of their personal data (photos). For this purpose, we have established the following email address: datenschutz@bmine.de. The right to object applies in particular to future publications.
LinkedIn Page
LinkedIn is a social networking platform operated by LinkedIn Inc., headquartered in Sunnyvale, California, USA. The platform enables users to create personal and professional profiles, as well as company profiles. Users can maintain existing professional relationships and establish new connections. Companies and other organisations may create profiles, upload images and business information, present themselves as employers, and recruit employees. Other LinkedIn users can access this information, publish their own content, and share it with others. The network focuses on professional exchange and discussion among individuals with shared business interests.
When using or visiting LinkedIn, the platform automatically collects certain information from users and visitors, such as usernames, job titles, and IP addresses. This is done through various tracking technologies. Based on the collected information, LinkedIn provides users with information, offers, and recommendations.
We collect data through our company profile solely to facilitate communication and interaction with us. This typically includes your name, message content, comments, and any profile information you have made publicly available.
The processing of your personal data for the purposes described above is based on our legitimate business and communication interests in providing an information and communication channel pursuant to Art. 6(1)(f) GDPR. If you have granted consent to the social network provider for the processing of your data, the legal basis also includes Art. 6(1)(a) and Art. 7 GDPR.
As the actual processing of personal data is carried out by LinkedIn, our access to your data is limited. Only LinkedIn has full access to your personal data and can therefore directly fulfil requests concerning your data subject rights. Exercising such rights directly with LinkedIn is generally the most effective approach.
We are jointly responsible with LinkedIn for the personal data processed through our company profile. Data subject rights may be exercised both with LinkedIn and with us.
We do not make decisions regarding the data collected by LinkedIn through tracking technologies.
Further information about LinkedIn is available at:
https://www.linkedin.com/legal/privacy-policy
https://www.linkedin.com/legal/cookie-policy
LinkedIn Fan Page
On our LinkedIn page at https://www.linkedin.com/company/bminehotels/, we use services provided by LinkedIn Corporation.
By using our LinkedIn page, data is transmitted to LinkedIn servers, which may include information about your visits to our page. For logged-in users, usage data may be linked to their personal LinkedIn account. Whenever you actively interact with content, links, or comment functions while logged in, this information may be associated with and published through your LinkedIn account. You can avoid this only by logging out of your LinkedIn account before visiting our page.
We do not have detailed knowledge of which specific data LinkedIn stores and processes. As a user of the fan page, you should therefore assume that LinkedIn may comprehensively record your activities on the page.
The legal basis for this processing is Art. 6(1)(a) and (f) GDPR.
It is possible that we may unintentionally publish images of individuals without the necessary consent. If publication is not desired, we will take immediate action to comply with your request. In the case of group photographs, we reserve the right to obscure faces where appropriate. Any depicted individual, as well as third parties, may object at any time to the publication of their personal data (photos). For this purpose, we have established the following email address: datenschutz@bmine.de. The right to object applies in particular to future publications.
We use Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags through a user interface and enables us to control the precise integration of services on our website.
This allows us to flexibly integrate additional services in order to analyse user access to our website.
The use of Google Tag Manager is based on your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG.
Personal data may be transferred to insecure third countries (in particular the United States), where the level of data protection may be lower than within the European Union. We have concluded a Data Processing Agreement (DPA) with Google, ensuring that personal data is processed only in accordance with our instructions and in compliance with the GDPR. Google is certified under the EU-U.S. Data Privacy Framework, which governs the secure processing of personal data of EU citizens in the United States.
The specific retention period of the processed data is determined by Google Ireland Limited and cannot be influenced by us.
Further information can be found in Google Tag Manager's privacy documentation:
https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/
Our website uses Google Analytics 4, a web analytics service provided by Google LLC. For users in the EU, EEA, and Switzerland, the responsible entity is Google Ireland Limited, Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland ("Google").
Google Analytics uses cookies that enable an analysis of your use of our website. Information generated by the cookies regarding your use of this website is generally transmitted to and stored on Google servers in the United States.
We use the User ID feature. The User ID allows us to assign a unique and persistent identifier to one or more sessions (and the activities within those sessions) and to analyse user behaviour across multiple devices.
We also use Google Signals. This feature collects additional information about users who have enabled personalised advertising, including interests and demographic information. It also enables advertisements to be delivered to these users as part of cross-device remarketing campaigns.
In Google Analytics 4, IP anonymisation is enabled by default. As a result, your IP address is shortened by Google within member states of the European Union or other states party to the Agreement on the European Economic Area before being processed. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.
According to Google, the IP address transmitted by your browser within the scope of Google Analytics will not be merged with other Google data.
During your visit to our website, your user behaviour is recorded in the form of events. Such events may include:
In addition, the following information may be collected:
Google processes this information on our behalf in order to evaluate website usage, compile reports on website activities, and provide us with reports used to analyse and improve the performance of our website.
The recipients of the data may include:
Personal data may be transferred to insecure third countries (particularly the United States), where the level of data protection may be lower than within the European Union. We have concluded a Data Processing Agreement (DPA) with Google to ensure that personal data is processed only in accordance with our instructions and in compliance with the GDPR. Google is certified under the EU-U.S. Data Privacy Framework.
The data transmitted by us and linked to cookies is automatically deleted after 14 months.
Data whose retention period has expired is automatically deleted once per month.
We process your data using Google Analytics 4 on the basis of your consent pursuant to Art. 6(1)(a) GDPR in conjunction with Section 25 TTDSG/TDDDG.
You provide your consent through the cookie settings in our cookie banner or consent manager. You may withdraw your consent at any time with future effect in accordance with Art. 7(3) GDPR.
You can also prevent the storage of cookies by configuring your browser software accordingly. Please note, however, that rejecting all cookies may limit the functionality of this and other websites.
Furthermore, you may prevent the collection of data generated by cookies and relating to your use of the website (including your IP address) and the processing of such data by Google by:
Refusing consent to the use of cookies; or Downloading and installing the Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout
Further information can be found in Google's Terms of Service:
https://marketingplatform.google.com/about/analytics/terms/ and Google's Privacy Policy: https://policies.google.com/privacy.
We have integrated components of Google DoubleClick on our website. DoubleClick is a Google brand under which specialized online marketing solutions are primarily marketed to advertising agencies and publishers. DoubleClick by Google transmits data to DoubleClick servers with every impression, click, or other activity.
Each of these data transmissions triggers a cookie request to the browser of the data subject. If the browser accepts this request, DoubleClick places a cookie in your browser.
DoubleClick uses a cookie ID that is required for the technical processing of online advertising. The cookie ID is used, for example, to display advertisements in a browser. DoubleClick can also use the cookie ID to determine which advertisements have already been displayed in a browser in order to avoid duplicate displays. Furthermore, the cookie ID enables DoubleClick to track conversions. Conversions are recorded, for example, when a user has previously been shown a DoubleClick advertisement and subsequently completes a purchase on the advertiser’s website using the same internet browser.
A DoubleClick cookie does not contain any personal data but may contain additional campaign identifiers. A campaign identifier is used to identify campaigns with which you have previously interacted on other websites. As part of this service, Google obtains information that is also used for commission billing purposes. Among other things, Google can determine that you have clicked on certain links on our website. In this context, your data is transferred to the operator of DoubleClick, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Further information and the applicable privacy policy of DoubleClick by Google can be found at https://policies.google.com/privacy.
We process your data using the DoubleClick cookie for the purpose of optimizing and displaying advertising on the basis of your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG. Among other things, the cookie is used to deliver and display user-relevant advertisements and to create or improve reports on advertising campaigns. It also serves to prevent the same advertisement from being displayed multiple times. Whenever you access an individual page of our website on which a DoubleClick component has been integrated, your browser is automatically prompted by the respective DoubleClick component to transmit data to Google for the purposes of online advertising and commission billing. There is no legal or contractual obligation to provide your data. If you do not grant your consent, you may still visit our website without restriction; however, certain features may not be fully available.
It cannot be ruled out that personal data may be transferred to insecure third countries (in particular the United States), where the level of data protection may be lower than that within the European Union. We have concluded a Data Processing Agreement (DPA) with Google to ensure that personal data is processed only in accordance with our instructions and in compliance with the GDPR. Google is certified under the EU-U.S. Data Privacy Framework, which governs the secure processing of personal data of EU citizens in the United States.
The specific retention period of the processed data cannot be influenced by us and is determined by Google Ireland Limited. Further information can be found in the Google DoubleClick Privacy Policy at https://policies.google.com/privacy.
We use Google Ads on our website. Google Ads is a service provided by Google Ireland Limited that enables the display of targeted advertising to users. Google Ads uses cookies and other browser technologies to analyze user behavior and recognize users across websites.
Google Ads collects information about visitor behavior on various websites. This information is used to optimize the relevance of advertisements. In addition, Google Ads delivers targeted advertising based on behavioral profiles and geographic location. Your IP address and other identifying information, such as your user agent, are transmitted to the provider.
If you are registered with a Google Ireland Limited service, Google Ads may associate your visit with your account. Even if you are not registered with Google Ireland Limited or are not logged in, it is possible that the provider may collect and store your IP address and other identifying information.
In this context, your data is transferred to the operator of Google Ads, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The use of Google Ads is based on your consent pursuant to Article 6(1)(a) GDPR and Section 25(1) TDDDG.
It cannot be ruled out that personal data may be transferred to insecure third countries (e.g., the United States), where the level of data protection may be lower than within the European Union. We have concluded a Data Processing Agreement (DPA) with Google to ensure that personal data is processed only in accordance with our instructions and in compliance with the GDPR. Google is certified under the EU-U.S. Data Privacy Framework, which regulates the secure processing of personal data of EU citizens in the United States.
The specific retention period for the processed data is determined by Google Ireland Limited and cannot be influenced by us. For further information, please refer to the Google Privacy Policy: https://policies.google.com/privacy.
We use Google Interactive Media Ads on our website. Google Interactive Media Ads is a service provided by Google Ireland Limited that enables the display of targeted advertising to users. Google Interactive Media Ads uses cookies and other browser technologies to analyze user behavior and recognize users across websites.
Google Interactive Media Ads collects information about visitor behavior on various websites. This information is used to optimize the relevance of advertisements. In addition, Google Interactive Media Ads delivers targeted advertising based on behavioral profiles and geographic location. Your IP address and other identifying information, such as your user agent, are transmitted to the provider.
In this context, your data is transferred to the operator of Google Interactive Media Ads, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Web tracking technologies are used to create pseudonymized user profiles. These profiles cannot be directly linked to you as a natural person but are used, for example, for audience segmentation and the delivery of targeted advertisements.
The use of Google Interactive Media Ads is based on your consent pursuant to Article 6(1)(a) GDPR and Section 25(1) TDDDG.
The specific retention period for the processed data is determined by Google Ireland Limited and cannot be influenced by us. Further information can be found in the Google Interactive Media Ads privacy information: https://policies.google.com/technologies/ads.
We use the Google Maps service to provide directions and map functionality on our website. Google Maps is a service provided by Google Ireland Limited that displays maps on our website.
When you access content that includes Google Maps, a connection is established to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. In this process, your IP address and, where applicable, browser information such as your user agent are transmitted. This data is processed solely for the purposes described above and to maintain the security and functionality of Google Maps.
The use of Google Maps is based on your consent pursuant to Article 6(1)(a) GDPR and Section 25(1) TDDDG.
It cannot be ruled out that personal data may be transferred to insecure third countries (e.g., the United States), where the level of data protection may be lower than within the European Union. Google is certified under the EU-U.S. Data Privacy Framework, which governs the secure processing of personal data of EU citizens in the United States.
The specific retention period for the processed data is determined by Google Ireland Limited and cannot be influenced by us. Further information can be found in the Google Privacy Policy: https://policies.google.com/privacy.
We have integrated components of Google reCAPTCHA on our website. Google reCAPTCHA is a service provided by Google Ireland Limited that enables us to determine whether a contact request is submitted by a natural person or generated automatically by a software program.
When you access content that includes Google reCAPTCHA, a connection is established to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. In this process, your IP address and, where applicable, browser information such as your user agent are transmitted. In addition, Google reCAPTCHA records the duration of your visit and mouse movements in order to distinguish automated requests from human interactions. This data is processed solely for the purposes described above and to maintain the security and functionality of Google reCAPTCHA.
The use of Google reCAPTCHA is based on your consent pursuant to Article 6(1)(a) GDPR and Section 25(1) TDDDG.
We intend to transfer personal data to third countries outside the European Economic Area (EEA), in particular to the United States. Data transfers to the United States are carried out pursuant to Article 45(1) GDPR on the basis of the adequacy decision of the European Commission. The participating U.S. companies and/or their U.S. subcontractors are certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
In cases where no adequacy decision of the European Commission exists (including U.S. companies that are not certified under the EU-U.S. DPF), we have agreed on other appropriate safeguards with the recipients of the data within the meaning of Articles 44 et seq. GDPR. Unless otherwise stated, these safeguards consist of the European Commission’s Standard Contractual Clauses pursuant to Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these Standard Contractual Clauses can be viewed at: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32021D0914.
In addition, prior to such transfers to third countries, we obtain your consent in accordance with Article 49(1)(a) GDPR via our Consent Manager (or other forms, registrations, etc.). Please note that transfers to third countries may involve risks that are not fully known in detail (for example, data processing by security authorities in the third country, the exact scope and consequences of which are unknown to us, beyond our control, and of which you may not become aware).
The specific retention period for the processed data is determined by Google Ireland Limited and cannot be influenced by us. Further information can be found in the Google Privacy Policy: https://policies.google.com/privacy?hl=en-US.
We have integrated YouTube Video on our website. YouTube Video is a component of the video platform operated by YouTube, LLC, which allows users to upload content, share it over the Internet, and obtain detailed statistics.
YouTube Video enables us to embed content from the platform directly into our website.
YouTube Video uses cookies and other browser technologies to analyze user behavior, recognize users, and create user profiles. This information is used, among other things, to analyze activity related to viewed content and to generate reports. If a user is registered with YouTube, LLC, YouTube Video may associate played videos with the user’s profile.
When you access content that includes YouTube Video, a connection is established to servers of YouTube, LLC and Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. In this process, your IP address and, where applicable, browser information such as your user agent are transmitted.
The use of this service is based on your consent pursuant to Article 6(1)(a) GDPR and Section 25(1) TDDDG.
It cannot be ruled out that personal data may be transferred to insecure third countries (e.g., the United States), where the level of data protection may be lower than within the European Union. Google is certified under the EU-U.S. Data Privacy Framework, which governs the secure processing of personal data of EU citizens in the United States.
The specific retention period for the processed data is determined by YouTube, LLC and cannot be influenced by us. Further information can be found in the Google Privacy Policy: https://policies.google.com/privacy.
We use Cloudflare CDN to ensure the proper delivery of content on our website. Cloudflare CDN is a service provided by Cloudflare, Inc. that functions as a Content Delivery Network (CDN) on our website.
A CDN helps deliver content from our online services—especially files such as images or scripts—more quickly by using regionally or internationally distributed servers. When you access this content, a connection is established to servers of Cloudflare, Inc., and your IP address and, where applicable, browser information such as your user agent are transmitted. This data is processed solely for the purposes described above and to maintain the security and functionality of Cloudflare CDN.
The use of the Content Delivery Network is based on our legitimate interests, namely the interest in secure and efficient delivery as well as the optimization of our online services pursuant to Article 6(1)(f) GDPR.
It cannot be ruled out that personal data may be transferred to third countries outside the European Economic Area (EEA), in particular to the United States, where the level of data protection may be lower than within the European Union. Cloudflare is certified under the EU-U.S. Data Privacy Framework, which governs the secure processing of personal data of EU citizens in the United States.
The specific retention period for the processed data is determined by Cloudflare, Inc. and cannot be influenced by us. Further information can be found in Cloudflare’s privacy policy: https://www.cloudflare.com/privacypolicy/.
We use DialogShift to ensure the proper delivery of content on our website. DialogShift is a service provided by DialogShift GmbH that functions as a Content Delivery Network (CDN) on our website.
A CDN helps deliver content from our online services—especially files such as images or scripts—more quickly by using regionally or internationally distributed servers. When you access this content, a connection is established to servers of DialogShift GmbH, Rheinsberger Straße 76/77, 10115 Berlin, Germany, and your IP address and, where applicable, browser information such as your user agent are transmitted. This data is processed solely for the purposes described above and to maintain the security and functionality of DialogShift.
The use of the Content Delivery Network is based on our legitimate interests, namely the interest in secure and efficient delivery as well as the optimization of our online services pursuant to Article 6(1)(f) GDPR.
The specific retention period for the processed data is determined by DialogShift GmbH and cannot be influenced by us. Further information can be found in DialogShift’s privacy policy: https://www.dialogshift.com/datenschutz.
We have integrated THE HOTELS NETWORK on our website. THE HOTELS NETWORK is a service provided by THE HOTELS NETWORK, S.L., Av. Diagonal, 439, 3º-1ª, 08036 Barcelona, Spain. We use THE HOTELS NETWORK to receive reservations and to measure the performance of these bookings.
THE HOTELS NETWORK uses cookies and other browser technologies to analyze user behavior, recognize users, and increase direct bookings. This information is also used to generate reports on website activity.
In addition, THE HOTELS NETWORK enables us to process direct bookings through our website.
Your IP address and other identifying information, such as your user agent, are transmitted to the provider.
The use of THE HOTELS NETWORK is based on your consent pursuant to Article 6(1)(a) GDPR and Section 25(1) TDDDG.
The specific retention period for the processed data is determined by THE HOTELS NETWORK, S.L. and cannot be influenced by us. Further information can be found in THE HOTELS NETWORK privacy policy: https://www.thehotelsnetwork.com/de/privacy-policy.
We use the tracking tool myhotelshop provided by RateGain Germany GmbH, Flossplatz 6, 04107 Leipzig, Germany, on our website. The script mhs-client-tracking-v1.min.js is used to collect usage and conversion data in connection with online marketing campaigns and booking processes via our Internet Booking Engine (IBE). This allows us to determine which online sources or marketing measures lead to a booking and to evaluate the effectiveness of our advertising campaigns.
When visiting our website, the following information may be collected and processed by the myhotelshop tracking tool:
The data is processed in pseudonymized form. myhotelshop does not use this data to personally identify individual users, but solely for statistical analysis and performance measurement of marketing activities.
The use of myhotelshop is based on your consent pursuant to Article 6(1)(a) GDPR and Section 25(1) TDDDG. Without your consent, tracking will not be activated.
The collected data is transmitted to servers of RateGain Germany GmbH and processed there. A data processing agreement pursuant to Article 28 GDPR has been concluded between us and myhotelshop, ensuring that your data is processed only in accordance with our instructions and in compliance with European data protection standards.
No data is transferred to third countries.
You may withdraw your consent at any time with effect for the future, for example via the cookie banner or by adjusting your browser settings accordingly. Further information on data protection at myhotelshop can be found at: https://uno.rategain.com/privacy-policy/
We use the “Microsoft Advertising” service (formerly “Bing Ads”) on our website to display targeted advertising. The provider is Microsoft Ireland Operations Limited (“Microsoft”), One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.
The legal basis for the use of Microsoft Advertising is your consent pursuant to Article 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future.
The data processed by Microsoft Advertising includes your IP address, location data, device and browser information, search queries, interactions with advertisements, and cookies.
Microsoft Advertising may collect data to create user profiles for personalized advertising purposes.
The purpose of data processing is the display of personalized advertising and the measurement of advertising effectiveness.
Microsoft Advertising stores data for a standard period of 390 days. Further information can be found in Microsoft Advertising’s privacy policy under the section “Data Retention”: https://about.ads.microsoft.com/en/policies/privacy.
It cannot be ruled out that personal data may be transferred to third countries outside the European Economic Area (EEA), in particular to the United States, where the level of data protection may be lower than within the European Union. Microsoft is certified under the EU-U.S. Data Privacy Framework, which governs the secure processing of personal data of EU citizens in the United States. We have concluded a data processing agreement (DPA) with Microsoft, ensuring that personal data is processed only in accordance with our instructions and in compliance with the GDPR.
Further information on Microsoft Advertising’s privacy practices can be found at: https://privacy.microsoft.com/en-us/privacystatement#mainadvertisingmodule.
We use the Meta Pixel on our website, a service provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (“Meta”). The Meta Pixel allows us to track the behavior of visitors after they have been redirected to our website by clicking on a Facebook or Instagram advertisement. This enables us to measure the effectiveness of our advertising for statistical and market research purposes and to optimize future advertising measures.
The data collected in this process is anonymous to us; we cannot draw any conclusions about the identity of users. However, the data is stored and processed by Meta, which may link it to the respective user profile and use it for its own advertising purposes. The data processed includes in particular IP address, browser information, visited pages, and device data.
Meta may link this data to your Facebook or Instagram account if you are logged in there. If you use Meta services on different devices, cross-device tracking may occur. Data may be transferred to servers in the United States. The United States is covered by an adequacy decision of the European Commission under the EU-U.S. Data Privacy Framework. Meta Platforms, Inc. is certified under the EU-U.S. Data Privacy Framework.
We are jointly responsible with Meta Platforms Ireland Ltd. for the collection and transmission of data to Meta (joint controllership pursuant to Article 26 GDPR). The subsequent processing of the data is carried out exclusively by Meta. We have concluded a joint controller agreement with Meta; the essential terms of this agreement can be found at: https://www.facebook.com/legal/controller_addendum.
The use of the Meta Pixel is based solely on your consent pursuant to Article 6(1)(a) GDPR and Section 25(1) TDDDG. You may withdraw your consent at any time with effect for the future by adjusting your cookie settings via the cookie banner on our website.
Further information on data processing by Meta can be found in Meta’s privacy policy: https://www.facebook.com/privacy/policy/
We use the service “Spaces CDN” on our website to deliver and accelerate media content. The provider is DigitalOcean, LLC (“DigitalOcean”), 101 Avenue of the Americas, 10th Floor, New York, NY 10013, USA.
The legal basis for the use of Spaces CDN is your consent pursuant to Article 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future.
The data processed by Spaces CDN includes your IP address, request headers, and information about accessed files; cookies may also be set by this service.
The purpose of data processing is the efficient delivery and caching of website content to users via a Content Delivery Network.
It cannot be ruled out that personal data may be transferred to third countries outside the European Economic Area (EEA), in particular to the United States, where the level of data protection may be lower than within the European Union. DigitalOcean is certified under the EU-U.S. Data Privacy Framework, which governs the secure processing of personal data of EU citizens in the United States. We have concluded a data processing agreement (DPA) with DigitalOcean, ensuring that personal data is processed only in accordance with our instructions and in compliance with the GDPR.
Further information on DigitalOcean’s privacy practices can be found at: https://www.digitalocean.com/legal/privacy-policy.
We use Mynewsdesk CDN to ensure the proper delivery of content on our website. Mynewsdesk CDN is a service provided by Mynewsdesk GmbH that functions as a Content Delivery Network (CDN) on our website.
A CDN helps deliver content from our online services—especially files such as images or scripts—more quickly by using regionally or internationally distributed servers. When you access this content, a connection is established to servers of Mynewsdesk GmbH, Hainstraße 20–24, 04109 Leipzig, Germany, and your IP address and, where applicable, browser information such as your user agent are transmitted. This data is processed solely for the purposes described above and to maintain the security and functionality of Mynewsdesk CDN.
The use of the Content Delivery Network is based on our legitimate interests, namely the interest in secure and efficient delivery as well as the optimization of our online services pursuant to Article 6(1)(f) GDPR.
The specific retention period for the processed data is determined by Mynewsdesk GmbH and cannot be influenced by us. Further information can be found in Mynewsdesk’s privacy policy: https://www.mynewsdesk.com/de/about/terms-and-conditions/privacy_policy.
We have integrated components of the TrustYou API on our website. The TrustYou API is a review service that allows users to evaluate our services. If you submit a review of our services, data related to the service used may be transmitted to TrustYou GmbH for the purpose of verifying authenticity. The TrustYou API also allows us to retrieve content such as reviews directly from TrustYou GmbH and display it on our website. In doing so, your current IP address is typically transmitted to the service.
In addition, the TrustYou API stores information using cookies to determine which online services have been accessed. In this context, your data is transferred to the operator of the TrustYou API, TrustYou GmbH, Steinerstraße 15, 81369 Munich, Germany.
The use of the TrustYou API is based on Article 6(1)(f) GDPR, namely the legitimate interest in informing users about the quality of our services. If the user consents to the processing of their data, the legal basis for processing is Article 6(1)(a) GDPR and Section 25(1) TDDDG.
The specific retention period for the processed data is determined by TrustYou GmbH and cannot be influenced by us. Further information can be found in TrustYou’s privacy policy: https://www.trustyou.com/downloads/privacy-policy.pdf.
We use the accessibility widget “accessWidget” on our website, a service provided by AccessiWay Germany GmbH, Friedrichstraße 114A, 10117 Berlin, Germany (“AccessiWay”). The widget is used to make our website more accessible for people with disabilities and allows users to customize the appearance of the website, for example by adjusting font size, contrast, or keyboard navigation.
When the widget is activated, the user’s IP address is technically transmitted. This transmission takes place via a proxy server within the European Union, which immediately anonymizes the IP address. The IP address is not stored, not tracked, and not assigned to any identifiable person. It is not used for profiling or advertising purposes. No cookies are set; user settings are stored exclusively in the browser’s local storage. Image URLs, link URLs, HTML structure, CSS attributes, and click interactions are stored on AccessiWay’s servers to enable the technical provision of the accessible website display.
The legal basis for processing is Article 6(1)(f) GDPR (legitimate interest). Our legitimate interest lies in complying with legal requirements for digital accessibility under the Accessibility Enhancement Act (Barrierefreiheitsstärkungsgesetz – BFSG) as well as the underlying EU directive (European Accessibility Act – EAA), and in improving the accessibility of our website for all users.
No transfer of personal data to third countries outside the EU takes place, as data processing is carried out via an EU-based proxy server.
Further information on data processing by AccessiWay can be found at: https://www.accessiway.de/datenverarbeitung and in the privacy policy at: https://www.accessiway.com/de/privacy-policy.
We use the service “Stripe” on our website to process payments. The provider is Stripe Payments Europe, Limited (“Stripe”), 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland.
The legal basis for the use of Stripe is our legitimate interest pursuant to Article 6(1)(f) GDPR in the secure and efficient processing of payments and transactions on our website.
The data processed by Stripe includes your IP address, payment data, transaction information, device information, browser type, operating system, and cookies used for authentication and fraud prevention purposes.
The purpose of data processing is to facilitate secure payment transactions and manage payment-related activities.
Stripe stores your personal data for as long as necessary to provide its services. Even after the completion of a transaction or the closure of an account, certain data may continue to be stored, for example to comply with legal obligations, prevent fraud, or meet tax and accounting requirements. In doing so, Stripe complies with applicable statutory retention periods.
Further information on Stripe’s privacy practices can be found at: https://stripe.com/en-de/privacy
Information on cookies used by Stripe can be found at: https://stripe.com/en-de/legal/cookies-policy.
Type and scope of processing
We use consentmanager.net on our website. consentmanager.net is a consent management solution provided by consentmanager AB, Håltegelvägen 1, B723 48 Västerås, Sweden, which is used to obtain and document consent for the storage of cookies. consentmanager.net uses cookies or other web technologies to recognize users and to store consent given or withdrawn.
The use of this service is based on the legal obligation to obtain consent for the use of cookies pursuant to Article 6(1)(c) GDPR and Section 25(2) No. 2 TDDDG.
The specific retention period for the processed data is determined by consentmanager AB and cannot be influenced by us. Further information can be found in the privacy policy of consentmanager.net: https://www.consentmanager.net/datenschutz/.
Where personal data is processed outside the European Union, this is indicated in the sections above.
This service is primarily intended for adults. We do not currently market any specific areas for children. Accordingly, we neither knowingly collect information for age verification nor knowingly collect personal data from children under the age of 16. However, we advise all visitors under the age of 16 not to disclose or provide any personal data through our service. If we become aware that a child under the age of 16 has provided us with personal data, we will delete such data from our records to the extent technically possible.
We implement technical and organizational security measures in accordance with Article 32 GDPR to protect the data we manage against accidental or intentional manipulation, loss, destruction, or unauthorized access. Our security measures are continuously improved in line with technological developments. Access to personal data is granted only to a limited number of authorized persons who are bound by data protection obligations and who are involved in the technical, administrative, or editorial processing of data.
For security reasons and to protect the transmission of confidential content sent to us as the website operator, our website uses SSL/TLS encryption. This ensures that data transmitted via this website cannot be read by third parties. You can recognize an encrypted connection by the “https://” in your browser’s address bar and the lock symbol in the browser line.
We update this privacy policy when changes to this website or other circumstances make this necessary. The current version is always available on this website.
Last updated: April 2026
