MM:NT

Guest Privacy Policy

This Privacy Policy applies when you visit our website available at [add URL], book a room to stay at one of our MM:NT Hotels and use our MM:NT Digital Concierge App (collectively the “Services”) during your stay. This Policy explains what Personal Data we collect, the purposes and how we may use and manage it and the rights you have in relation to your Personal Data. Before using our Services, you should read through this Policy in full and make sure that you are comfortable with our privacy practices.

Who is responsible for the processing of my personal data, how can I get in touch and address privacy requests?

The data controller is:

Adina Germany Holding GmbH & Co. KG

Phone: +49 30 863 298-500

Email: info@adina.eu or dataprotection@mmnt-intime.com

You can contact our company Data Protection Officer at:

HYAZINTH Consulting for Tech UG (haftungsbeschränkt) Leipziger Straße 124 Lennéstraße 1 D-10117 Berlin, Germany D-10785 Berlin

or via

Email: info@hdrcontrol.de

Joint-Controllers

In our group of companies, the respective company operating the hotel or other accommodation which you are a guest of will act as a further data controller (a so-called joint controller). You can assert your claims as a data subject against both of these parties at your discretion.

Depending on the Hotel you stay with and the Services you are using, the data may be processed by other Adina Group companies in Joint Controllership.

While Adina Germany Holding GmbH & Co. KG is mainly responsible for processing your personal data, you may contact your Hotel directly with any privacy inquiries you may have.

What categories of personal data will be processed, for what purposes and on which legal basis?

From booking to check-in and access to our facilities and even check-out, we predominantly use digital processes in our hotel so that we can offer our guests a unique hotel service and stay which can be organized and designed by our guests according to their needs via their mobile device (hereinafter “Guest Journey”).

Data we automatically process when you visit our website or App:

At a glance:

Relevant Data: Date and time of website or app usage, IP address of the device, Information about the device (type, operating system, settings, plugins)

Purpose: Enable the use and functionality of the services, analyze performance, improve services, ensure IT security, and prevent misuse or fraud.

Legal Basis: Article 6(1)(f) of the GDPR (legitimate interests).

More Info:

When you use our Services, personal data are processed for technical reasons each time you access them.

When you use our Services, your mobile device sends technical information to our server, which is stored in server log files. The following usage data is processed in the process:

the date and time you use the Services;
the IP address of your device;
further information about your device (device type, operating system, settings, installed plug-ins).

This data is generally not used to identify you as a person. We process this data to enable you to use the Services and to ensure the functionality of the Services. We may process data to analyze the performance of our services, to continuously improve and to correct errors or to personalize the content of our Services for you. However mainly, we process this data to ensure IT security and the operation of our systems and to prevent or detect misuse, in particular fraud. The legal basis for the processing of this data is Article 6 (1) lit. f) GDPR, the protection and functionality of our Services are legitimate interests in this sense.

Data processed when booking a room:

The personal data that we collect from you directly or from your co-traveler or people booking on your behalf (e.g. your friends, family- members or staff) via our Services, and other channels in connection with the Guest Journey concern the following categories of personal data:

Booking Information:

At a glance:

Relevant Data: Booking information (name, address, email, date of birth, telephone number, reservation details, payment information, etc.)

Purpose: Facilitate reservations, pre-arrival communications, process payments and security deposits.

Legal Basis: Article 6(1)(b) of the GDPR (contractual necessity) and Article 6(1)(f) of the GDPR (legitimate interests).

More Info:

When you or a third party on your behalf wants to book a room at one of our Group Hotels, we request the relevant information, such as title, first and last name, address, e-mail address, date of birth, telephone number, language, reservation details, date of stay, number of rooms, room category, number of people on the booking, selected additional packages, etc., credit card information (encrypted as per PCI/DSS), date and time of booking; where applicable, the third-party platform you have used to book, the expected arrival time, desired bed type and/or other preferences or comments.

When we are provided with your personal data from a third party (e.g. your family members, friends, or staff), we contractually oblige them to ensure sufficient authorization and to ensure that the personal data provided is correct.

We process this data to facilitate reservations and bookings of hotel accommodations and related services; to engage in pre-arrival communications (logistics, changes, preferences, additional services etc.); and to process payments and security deposits.

The data is processed to enter and to fulfill the contractual arrangement with you and/or with the respective guest of our Hotel, Article 6 (1) lit. b) of the GDPR as well as based on our legitimate interests, to be able to honor our Guests preferences, as well as for any individuals accompanying the primary guest (e.g., spouse, children, friends).

Payment Details:

At a glance:

Relevant Data: Processed by the external payment service provider.

Purpose: Process electronic payments and prevent fraud.

Legal Basis: Article 6(1)(b) of the GDPR (contractual necessity) and Article 6(1)(f) of the GDPR (legitimate interests).

More Info:

To process electronic payments, we use the external payment service Provider Adyen N.V., a company registered with the Dutch Chamber of Commerce under number 34259528 and having its seat at Simon Carmiggeltstraat 6-50, 1011 DJ in Amsterdam, the Netherlands (hereinafter referred to as “Adyen”). Adyen processes personal data, including contact details, payment information such as bank details, card number, expiry date and CVC code, data on goods and services, prices.

For the processing of payments, Adyen as the Service Provider as well as the Payment Service Provider that you choose to place your payment with (e.g. Visa, PayPal, etc,.) act themselves as independent data controllers within the meaning of Art. 4 No. 7 GDPR.

You can find Adyen’s Privacy Policy here: Privacy Statement - Adyen

Insofar as we exchange personal data related to your payment and entered during the booking process, we process the data based on Article 6 (1) lit. b) of the GDPR to proceed the booking request. Based on our legitimate interests, Article 6 (1) lit. f) of the GDPR, we may use this data for other purposes, such identity verification, payment administration and fraud prevention, or to pursue or defend against legal claims.

MM:NT digital concierge app account information:

At a glance:

Relevant Data: Registration details (name, email address, password), Date and Time of Registration, Logins

Purpose: Manage bookings, provide services, analyze for statistical purposes, personalize the guest experience, improve services.

Legal Basis: Article 6(1)(b) of the GDPR (contractual necessity) and Article 6(1)(f) of the GDPR (legitimate interests).

More Info:

If you are staying with us the first time, upon confirmation of your booking, you will be provided with a link to get MM:NT Digital Concierge App including your Digital Access Key. If you haven't made the booking yourself, but are named as travelling with another guest, we request information regarding your age and a valid email address or phone-number to which a registration link will be sent.

To register your account, we will request process your first and last name, e-mail address, password [encrypted as a hash with salt]; additionally, we will automatically process date and time of registration [time stamp] and the status of your e-mail verification. Depending on the type of login that you have chosen, we process e-mail login authentication data [e-mail address, password] and/or social login authentication data [e-mail address, ID token], date and time of login [time stamp]).

We will obtain certain data of you via interfaces that connect the Platform with application programs licensed from third parties in connection with the Guest Journey and infrastructure for operating and managing our hotel (such as facility management, etc.). If a booking or check-in is made using a customer account, the required booking and/or check-in data that is already saved in the customer account such as title, first and last name, address, e-mail address, date of birth, telephone number, language and registration form data are used by us for that purpose.

The App allows you to access our Hotel and your room, and to manage your stay within the framework of the Guest Journey at our MM:NT Hotel, including booking and billing confirmations, self-check-in and check-out, to communicate with us, to use self-service, locking and unlocking additional services, etc. We process Account information for management and support purposes in the areas of reservation, front office, and property management. The processing is necessary for the performance of a contract to manage your booking and providing the contractual services requested, Article 6 (1) lit. b) of the GDPR.

In addition, we analyze and evaluate this information for statistical purposes and to detect and correct errors, to improve our Services or, in individual cases, to prevent use in breach of contract or the law. The legal basis for the processing in the context of the use of our ervices is, regarding the provision of the Services, with regard to the other purposes Art. 6 (1) lit. f) of the GDPR. To be able to offer, improve, market, and protect our services are legitimate interests in this respect.

MM:NT digital concierge app usage data:

At a glance:

Relevant Data: Personal preferences, interests, etc.

Purpose: Tailor the guest experience, improve services, offer personalized offers.

Legal Basis: Article 6(1)(b) of the GDPR (contractual necessity) and Article 6(1)(f) of the GDPR (legitimate interests).

More Info:

We store and link the personal data of our guests by creating a standalone guest ID for each guest. This helps us to identify Guests in our database each time a booking is made. If you have previously stayed with us and we are authorized to do so, we furthermore will compare your personal data with personal information we may have saved in order to keep our customer data in particular up to date, to make check-in efficient for you and to ensure that your stay is tailored to your needs. We analyze certain personal aspects such as personal preferences, interests, etc. We may use the knowledge gained from this to tailor your stay to your needs or to present you with offers that are tailored to your personal interests and preferences. Furthermore, such data generally assists us to increase the efficiency of our operational processes and to consistently improve our offer for our guests.

The legal basis for the processing of this data is Art. 6 (1) lit. f) GDPR, providing a digital, tailored experience to your Guests, ensuring the functionality and improvement of our Services are legitimate interests in this sense.

Check-in and identification data:

At a glance:

Relevant Data: Arrival and departure dates, Name, date of birth, nationality, address, passport information

Purpose: Compliance with legal requirements, guest identification, emergency situations, legal claims.

Legal Basis: Article 6(1)(c) of the GDPR (legal requirements) and Article 6(1)(f) of the GDPR (legitimate interests).

More Info:

When you want to check in at one of our Hotels, we collect – to the extent we are legally obliged to - the date of your arrival and expected departure, surname, first name, date of birth, nationality, your address, how many people you are travelling with as well as their nationality serial number of the valid and recognised passport or passport replacement document. We are currently testing different ways to collect this information, in particular through pre-payments with two factor authentication, as well as more convenient ways for our guest such as giving you the option to provide a valid ID when using our MM:NT Digital Concierge App.

We process this data to comply with statutory legal requirements, Article 6 (1) lit. c) of the GDPR as well as based on our and our guests’ legitimate interests in knowing who our customers are and to be able to identify them, e.g. in case of an emergency or to pursue or defend ourselves or guests against legal claims, Article 6 (1) lit. f) of the GDPR. Upon request we may be obliged to provide this information to the regional authorities. For this, the law requires us to store this information for a certain period of time, e.g. in Germany: for 12 months. The data will automatically be deleted after 15 months.

On-site generated data:

At a glance:

Relevant Data: Date and Time of Access; CCTV recordings

Purpose: Security, safety, property rights, managing complaints, preventing and prosecuting offenses, civil claims.

Legal Basis: Article 6(1)(f) of the GDPR (legitimate interests).

More Info:

When you use our digital access key to enter our facilities and rooms, date and time of entry will automatically be processed.

Parts of the Hotel facilities with cameras. Areas subject to camera surveillance are indicated by signs. CCTV recordings are deleted after 72 hours, unless required for or needed to serve these purposes in specific cases.

To be able to handle customer requests, inquiries and complaints; and determining eligibility for age-restricted goods and services (such as alcohol or in-room adult entertainment), we may process data related to you provided to us from a third-party, such as another guest.

We use CCTV and Access Logs for security purposes, to ensure your and other guests’ safety and, for the purpose of fulfilling our and our guests’ legitimate interests in the observation of our house rules, to exercise our property rights, to manage complaints, for the protection and prosecution of criminal offences and for the assertion of civil claims.

The legal basis is Article 6 (1) lit. f) of the GDPR.

On-site stay services information

At a glance:

Relevant Data: Guest information (including age), details related to additional services; payment information

Purpose: Provide requested services, determine eligibility for age-restricted goods/services.

Legal Basis: Article 6(1)(b) of the GDPR (contractual necessity).

More Info:

When you use additional (fee-based) on-site Services, e.g. when you purchase something from the bar or request arrangements with third-party providers, we will process your personal guest information provided to us during booking to the extent it is necessary for the provision of the requested service, such as your name and payment details as described above and details related to the Services, such as object of performance, time of service procurement/rendering, and other necessary contractual information. To determine eligibility for age-restricted goods and services (such as alcohol or in-room adult entertainment), we may store additional information such as your age.

At a glance:

Relevant Data: Contact details and information provided in inquiries

Purpose: Complaint Maganement, respond to customer inquiries, ensure functioning customer service.

Legal Basis: Article 6(1)(b) of the GDPR (contractual necessity) and Article 6(1)(f) of the GDPR (legitimate interests).

More Info:

If you contact us with a general enquiry via the App, email or by phone, we process your contact details and information you have provided in order to be able to answer your enquiry. The data processing for the purpose of contacting us takes place upon your request and on the basis of Art. 6 (1) lit. b) of the GDPR and to protect our legitimate interests pursuant to Art. 6 (1) lit. f) of the GDPR. Our legitimate interest is to be able to respond to requests from our Customers and Guests and thus ensure a functioning customer service.

Newsletters, service information and post-stay surveys

At a glance:

Relevant Data: email address

Purpose: Sending newsletters, relevant stay information, post-stay surveys.

Legal Basis: As applicable: Article 6(1)(a) (consent) Article 6(1)(b) of the GDPR (contractual necessity) and Article 6(1)(f) of the GDPR (legitimate interests).

More Info:

If you register for our newsletter, we process your e-mail address for the purpose of sending it. You will then receive a registration notification by email, which you must confirm in order to receive the newsletter (so-called double opt-in). This serves as proof for us that the registration was initiated by you. The legal basis is your consent, Art. 6 (1) lit. a) of the GDPR. You can withdraw your consent at any time, e.g. via the unsubscribe link at the end of each newsletter.

Based on our legitimate interests to offer our Guests the best experience when they stay with us and to improve our services, we may provide to you certain information relevant to your stay and the Services used through the App or via email. The legal basis is Article 6 (1) lit. f) of the GDPR. You may opt-out of these messages at any time (see your control- and data subject rights below).

Online Market Research Community Programme

At a glance:

Relevant Data: email address, name, date of birth, location, demographic information and device ID, information you volunteer about yourself in response to research questionnaires, prompts or other research stimuli

Purpose: online market-research, corresponding with members to implement and evaluate experience reports, fraud prevention, evaluations of experience reports and analyses of results, improvement of services

Legal Basis: As applicable: Article 6(1)(a) (consent) Article 6(1)(b) of the GDPR (contractual necessity) and Article 6(1)(f) of the GDPR (legitimate interests).

More Info:

If you participate in our trial period and are invited join our online market research community test-phase and invited to stay in our MM.NT hotels prior to their opening to the public, we process your personal data for the purposes of corresponding with our members in connection with the implementation and evaluation of the experience reports; fraud prevention and evaluation of experience reports and analyses of the results; further development of our products and services as well as to improvement of our service quality, elimination of errors or malfunctions, e.g. by analysing your feedback; handling of warranty and goodwill cases; ensuring the availability, operation and security of technical systems and technical data management.

We will share your personal information with those of our researchers, analysts and agents who need to access your personal information to facilitate our research project and draw conclusions about our research topics.

The processing of your data to send you invitations and further information about our MM:NT hotels is based on your consent, Article 6(1)(a) of the GDPR. The subsequent processing is based on our mutual agreement related to your participation in our market research community programme (Article 6(1)(b) of the GDPR), as well as our legitimate interests related to the purposes mentioned above, 6(1)(f) of the GDPR.

We will retain your personal information only for as long as necessary for us to complete our research project, and will anonymise your personal data, unless we are required by law to retain copies of your personal information.

Other Purposes

We have already informed you above for which purposes we process your data. Furthermore, we may also process your data for other purposes in certain situations. These include, for example, the transfer of your personal data to third parties if we are legally obliged to do so, but also the assertion of legal claims on our part or the defence against legal action brought by yourself or third parties. In these cases, the legal basis is either a legal obligation (Article 6 (1) lit. c) of the GDPR) or legitimate interests of you, us, or legitimate third parties (Article 6 (1) lit. f) of the GDPR).

To whom may my date be disclosed?

We treat personal data carefully and confidentially and only in rare cases, pass it on to third parties.

When our partners or service providers process personal data, they do so only on the basis of binding agreements in which they agree to comply with strict contractual obligations to protect your personal data (including, but not limited to, compliance with this Privacy Policy).

At a glance:

Recipients within the Group:

Adina Group companies may process your data as joint controllers.

Shared IT resources and services with TFE Hotels streamline operations.

Service Providers subject to Data Processing Agreements:

SV (Schweiz) AG provides a software-supported hotel management solution called likeMagic.

The platform manages and processes hotel services, with data stored on Google's servers in Switzerland.

RECOLLECTIVE INC. based in Canada provides us with the platform for our online market research community and experience reports.

Third Parties:

Data may be disclosed to third parties like public authorities, financial institutions, and legal entities.

Disclosure may occur to fulfill legal obligations, assert/defend legal claims, or protect vital interests.

Data Transfers to Third Countries:

Personal data is not transferred to countries outside the European Economic Area (EEA) without appropriate safeguards.

Adequacy decisions by the European Commission or recipient-provided safeguards under Article 46 of the GDPR are required.

Exceptions include explicit consent, necessity for booking or pre-contractual measures, or other exceptions under Article 49 of the GDPR.

More Info:

Recipients within the group

Depending on the Hotel you stay with and the Services you are using, the data may be processed by other Adina Group companies in Joint Controllership.

Adina is part of TFE Hotels, headquartered in Sydney Australia. To streamline operations, we use shared IT resources with TFE, in particular technical service providers and cloud service providers.

We have entered into Inter-Company Data Transfer Agreements within the Group. The main content of these joint control agreements is to protect your data by defining the acceptable scope and attribute responsibility when processing your personal data as well as when you exercise your data subject rights towards any of the Group members involved in the processing of your personal data.

While Adina Germany Holding GmbH & Co. KG is mainly responsible for processing your personal data, you may contact your Hotel or TFE directly with any privacy inquiries you may have.

Service providers who process data on our behalf

We use the software-supported hotel management solution and central data management platform likeMagic from SV (Schweiz) AG, Memphispark, Wallisellenstrasse 57, 8600 Dübendorf, Switzerland (hereinafter “Platform”) for the Guest Journey, to manage, support, process and evaluate our Hotel Services and in which all functions in the areas of reservation, front office, and property management are combined in one user interface. Interfaces connect the Platform with other applications and infrastructure for operating and managing our hotel. Furthermore, the Platform bundles access for us via corresponding interfaces to application programs that we license from third parties and thereby supports defined services in essential operational processes typical for hotels. Platform is in our responsibility and data is stored on Google’s servers in Switzerland.

We use the services of RECOLLECTIVE INC. with their registered offices at 100 Queen Street, Suite 300, Ottawa, Ontario K1P 1J9, Canada as a platform for our online market research community and experience reports You can find more information here: Privacy Policy | Recollective.

Our website is hosted on Netlify. Our digital guest journey Services (Digital Concierge app) runs on Google Cloud Zurich resources.

We have entered into data processing agreements with these Service Providers to ensure that your personal data is protected.

Third Parties

We disclose data to third parties (such as public authorities, financial institutions, courts, auditors, tax advisors, lawyers, etc.) in particular if this is necessary to fulfil legal obligations or to assert or defend legal claims, for supervisory reasons, in the context of company mergers or to protect vital interests. In these cases, the legal basis is either a legal obligation (Art. 6 (1) lit. c) of the GDPR) or a legitimate interest (Art. 6 (1) lit. f) of the GDPR).

Data transfers to third countries

We do not transfer your personal data to countries outside the EEA without implementing appropriate safeguards. However, there is a remaining risk that authorities may gain access to personal data. As an EU citizen you may not have effective legal protection against this in the third country or the EU.

When data is transferred to third countries, we ensure that either

The European Commission has adopted a so-called adequacy decision for the third country or the recipient in this third country, as is the case e.g. for Switzerland: EUR-Lex - 32000D0518 - EN - EUR-Lex (europa.eu), further information on countries with adequacy are available here: Adequacy decisions (europa.eu)

Sufficient safeguards are provided by the recipient in accordance with Article 46 of the GDPR for the protection of the personal data (including additional measures as required)* 

You have expressly consented to the transfer, after we have informed you of the risks, in accordance with,

The transfer is necessary for the for the performance of your booking, or the implementation of pre-contractual measures taken at your request in accordance with Article 49 (1) lit. b) of the GDPR, or

Another exception from Article 49 of the GDPR applies.

*Guarantees according to Article 46 of the GDPR may be so-called Standard Contractual Clauses, as implemented by the European Commission on 4 June 2021, available here: Standard contractual clauses for international transfers (europa.eu). In these standard contractual clauses, the recipient assures to sufficiently protect the data and thus to guarantee a level of protection comparable to the GDPR.

For how long will you keep my data and when will it be deleted?

Unless otherwise stated in this policy or an exceptional case applies, your data is subject to the following retention periods:

To the extent necessary, we process and store your personal data for the duration of our contractual or pre-contractual relationship and upon termination and beyond that within statutory limitation periods for any claims that may arise out of it.

After this, we store data subject to various storage and documentation obligations, which result, among other things, from Commercial or Tax-Obligations. This relates to your invoice, accounting vouchers or bookings. We will keep your registration and ID-information for as long as we are legally obliged to and delete them automatically.

If you have explicitly consented to a processing, we will keep your data until you withdraw your consent.

How is my data stored?

We take all reasonable technical and organizational security measures to protect Personal Data from accidental or unlawful destruction, accidental loss and unauthorized access, destruction, misuse, modification or disclosure.

How can I control my data, and what are my rights as a data subject?

You have various options to control your data and numerous rights as a data subject under the GDPR, namely:

Your right to withdraw a consent that you have given at any time. However, this withdrawal is only valid for the future. Any processing that took place before the withdrawal remains unaffected.

Your right of access and obtaining a copy of your data pursuant to Article 15 of the GDPR, in particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the retention period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details.   

Your right to rectification in accordance with Article 16 of the GDPR, e.g. if your data is incomplete or incorrect, you can request us to correct it.   

Your right to erasure pursuant to Article 17 of the GDPR, if this is not (any longer) necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims.   

Your right to restriction of processing pursuant to Article 18 of the GDPR. You may request that your data be blocked, e.g. because you believe the data is inaccurate or the processing is unlawful, but you object to its erasure because you need it to assert, exercise or defend legal claims or you have objected to the processing pursuant to Article 21 of the GDPR.   
Your right to data portability pursuant to Article 20 of the GDPR. You may request that we hand over data you have provided to us in a structured, common and machine-readable format or transfer it to another controller.   
Finally, you also have the right to lodge a complaint with the competent data protection supervisory authority (Article 77 of the GDPR). As a rule you can contact for this purpose the supervisory authority for your habitual residence, place of work or our headquarters.

If you wish to exercise your rights as a data subject, you can do so by contacting dataprotection@mmnt-intime.com

Information about your right of objection under ART.21 GDPR

In addition to the rights already mentioned, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation, provided that such processing is carried out on the basis of Art. 6 (1) lit. f) GDPR (data processing based on a balancing of interests). If you object, we will no longer process your personal data unless we can demonstrate that our interests, rights and freedoms outweigh your legitimate interests and therefore justify the processing.

You also have the right to object, at any time, to the processing of your personal data for the purpose of direct marketing (including the subscription to our newsletter), at no additional cost; this also applies to the creation of a user profile (so-called "profiling"), insofar as this is related to direct marketing. If you object, we will not process your personal data for the purpose of direct marketing in the future.

Please note that if you do not provide us with certain data or if you object to the use of such data, you may not be able to use the Website or Services, or may only be able to use them to a limited extent.

The objection may be lodged informally and must be addressed to: dataprotection@mmnt-intime.com

Cookie Information

In order to design, improve and personalise our services and to optimise the display of advertising, we evaluate the behaviour of certain users on a pseudonymous basis during use. We do this through the use of “Cookies” and other similar technologies.

What are Cookies? Cookies are small text files containing information that are stored on your access device. They are usually used to associate a user with a particular action or preference on a website, but do not identify the user as a person or reveal their identity. Cookies are not automatically good or bad, but it is worth understanding what you can do about them and making your own choices about your information.

In addition to cookies, we use other technologies to track users. These include pixel tags (also known as "web beacons", "GIFs" or "bugs").

What are pixel tags? Pixel tags are transparent, single-pixel images placed on a web page. They track, for example, whether a particular area of the website has been clicked on. When triggered, the pixel tag logs a user interaction and may read or set cookies. Because pixels often rely on cookies to work, turning off cookies may interfere with their operation. However, even if you turn off cookies, pixels can still recognize a website visit. Pixels send your IP address, the referrer URL of the website you visited, the time you viewed the pixel, the browser you are using, and any cookie information that was previously set to a web server. This enables us to measure reach and other statistical analyses that help us to optimize our services.

Purposes and legal basis

One of the purposes of using these technologies is to make your use of our site more convenient. For example, we use session cookies to recognize that you have already visited individual pages of our site, that you have already logged into your user account or to display your shopping basket. These are automatically deleted when you leave our site.

We also use temporary cookies to improve the user experience, which are stored on your device for a fixed period. If you visit our site again to use our services, it will automatically recognize that you have been to our site before and what entries and settings you have made, so that you do not have to enter them again. The data processed by these cookies are necessary for the above-mentioned purposes to protect our legitimate interests and those of third parties in accordance with Article 6 (1) lit. f) of the GDPR.

On the other hand, we use these technologies - subject to your consent - to statistically record the use of our website and to evaluate it for the purpose of optimizing our services as well as to provide you with advertising on third party websites. This requires that you have previously given us your consent according to § 25 TTDSG and Article 6 (1) lit. a) of the GDPR via the cookie management tool. You can withdraw your consent at any time with effect for the future via the cookie management tool. You can access the tool at any time via the "Cookie Settings" button at the bottom of the website to review and adjust your consent settings.

Tracking tools we use subject to your prior consent

Google Analytics

The website uses Google Analytics, a service provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (“Google Ireland“), a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 (“Google“). Google Analytics uses cookies and helps us to analyse the number of users and the general behaviour of visitors to the website.

The information generated by the cookie about your use of the website (identifier, browser type/version, operating system used, referrer URL, shortened IP address, time of server request) is generally transmitted to a Google server in the U.S. and stored there. However, in the Member States of the European Union or in other signatory states to the Agreement on the European Economic Area, your IP address will initially be truncated by Google on the website. For this purpose, we have implemented the code “gat._anonymizeIp() ;“ in order to ensure anonymous collection of IP addresses (so-called IP masking).

Only in exceptional cases is the complete IP address transmitted to a Google server in the USA and abbreviated there. If, exceptionally, personal data is transferred to the USA, Google ensures a level of data protection corresponding to the data protection level in the EU by way of accepting strict data protection terms under the EU standard contractual clauses.

Google will use the information about your use of the Website on our behalf in the context of Google Analytics to evaluate your use of the Website, to compile reports on Website activity

and to provide other services relating to Website activity and internet usage. The IP address transmitted by your browser in the context of Google Analytics and Google Tag Manager is not combined with other data from Google by us. In addition to generally deactivating cookies, you can prevent Google from collecting and processing data about your use of the website (including your abbreviated IP address) by downloading and installing the browser plug-in at the following link: http://tools.google.com/dlpage/gaoptout. Further information on the terms of use and data protection can be found at http://www.google.com/analytics/terms/de.html and https://www.google.de/intl/de/policies/privacy/.

Google Analytics Advertising Functions and Google Ads

We also use Google Ads to advertise on the websites of third parties. In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. This serves to pursue our interest in delivering to you advertisements which are of interest to you and to make the offering on the website more interesting for you. Google uses so-called “ad servers“ for this purpose, through which our ads are delivered. For this purpose, we use ad server cookies, which can be used to measure certain parameters such as the display of ads or clicks by users.

If you access the website via a Google advertisement, Google Ads stores a cookie on your device. These cookies lose their validity after 30 days and cannot be used by us to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie. These cookies will enable Google to recognize your Internet browser for advertising purposes. If a user visits certain pages of an AdWords customer‘s Website and the cookie stored on his or her computer has not yet expired, Google can track whether the user clicked on the ad and was directed to that page. Each Adwords customer is assigned a different cookie.

Cookies cannot therefore be traced via the Websites of Adwords customers. We can never personally identify you with the information we collect and only receive aggregated reports about user behavior. On the basis of these evaluations, we can identify which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media, in particular we cannot identify the users on the basis of this information. You can also opt out of participating in this tracking process via Google‘s preferences at https://www.google.de/settings/ads, or as part of the About Ads self-regulatory campaign via the link http://www.aboutads. info/ choices, where this setting will be deleted if you delete your cookies. You can also disable it in your browser by installing a plug-in if you click on the following link http://www.google.com/settings/ads/plug-in. Further information on data processing within the framework of Google Ads can be found at https://policies.google.com/technologies/ads?hl=en and https://www.google.de/intl/de/policies/privacy/.

Google Maps & Google reCAPTCHA

Via an API, the website uses the mapping service Google Maps. To enable the use of the Google Maps features, your IP address must be processed by Google. We and Google are jointly responsible for this processing. As a rule, this information is transferred to one of Google’s servers in the United States, where it is archived. The operator of this website has no control over this data transfer. However, you can deactivate the use of your location data at any point in time by changing the settings of your devices. You will be prompted to activate the use of location data on the website before any data are transmitted to Google. We use Google Maps to present our online content in an appealing manner and to make the locations disclosed on the website easy to find.

The purpose of reCAPTCHA is to determine whether data entered on the website (e.g. information entered into a contact form) is being provided by a human user or by an automated program. To determine this, reCAPTCHA analyses the behaviour of the website visitors based on a variety of parameters. This analysis is triggered automatically as soon as the website visitor enters the site. For this analysis, reCAPTCHA evaluates a variety of data (e.g. IP address, time the website visitor spent on the site or cursor movements initiated by the user). The data tracked during such analyses are forwarded to Google. reCAPTCHA analyses run entirely in the background. Website visitors are not alerted that an analysis is underway. It is in our legitimate interest to protect the website against misuse by automated industrial espionage systems and against SPAM. For more information about Google reCAPTCHA please review the information at https://www.google.com/recaptcha/intro/android.html.

Use of LinkedIn Plug-in

The website uses functions of the network LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Gardner House 4,5,6, 2 Dublin, Irland („LinkedIn“). Each time you visit one of the websites, a connection is established to LinkedIn servers. LinkedIn will be informed that you have visited the website with your IP address. If you click the LinkedIn “Recommend“ button and are logged into your LinkedIn account, LinkedIn will be able to associate your visit to the website with you and your user account. Thus, LinkedIn can place targeted advertising and content on the LinkedIn platform for you. For more information, please see LinkedIn‘s Privacy Statement at: https://www.linkedin.com/legal/privacy-policy. If you wish to object to the processing of your data by LinkedIn, you can do so here: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Our Social media pages

Joint Controller

We maintain publicly available profiles in social networks. This includes pages on Instagram and TikTok. We and

Instagram: Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland (“Instagram”)

TikTok: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Irland (“TikTok”)

are jointly responsible as controllers for the data processing of your personal data on our social media pages in accordance with Article 4(7) GDPR.

For this purpose, we have entered into joint controllership agreements available here:

Instagram: Information about Page Insights of Meta
TikTok: Page Insights Joint Controller Jurisdiction Specific Terms von TikTok.

Data subject rights can be asserted both against us and Instagram / TikTok.

Page Insights Evaluations

In accordance with the operation of the above-mentioned social media profiles, we receive evaluations and analyses regarding the interactions with our content, collected by the social networks by using cookies and similar technologies such as pixel tags as well as unique user IDs.

The information linked to the unique user ID is processed by the platform’s operators, in particular when users visit their services.

The created visitor statistics are transferred to us anonymously. We do not have any access to any raw data.

We may receive further information, i.e. on the basis of user comments, private messages or because you follow us or share our content.

Purpose and Legal Basis

We use our social media profiles to communicate with our customers, prospects and users, to understand our audience better, to improve our business targets and to provide insights regarding our services to you.

The data on our social media pages are processed on the basis of Article 6 (1) f) GDPR to pursue our legitimate interests by staying in touch with potential clients and other parties interested in our services.

Recipients and Third Country Processing

Instagram: Instagram is a US company. The processing of personal data takes place in a third country. The European Commission has issued an adequacy decision for the EU-U.S.

Meta Platforms Ireland Ltd transfers personal data to Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, US headquartert in the US based on Standard Contractual Clauses approved by the Commission.

Tiktok: Within the European Economic Area, TikTok Technology Limited is responsible for the processing of user data. We expressly point out that we do not have any information about the further processing of personal data by TikTok. It may happen, that TikTok transfers personal data to an unsafe third country. We, ourselves, do not pass on any personal data, which we receive via TikTok.

Objection rights

You are entitled to the following objection options:

Instagram: Instagram users can influence the extent to which their user behavior may be recorded when visiting our Instagram profile under the settings for advertising preferences. The Facebook settings or the form provided via Facebook for the right to object offer further options for objection. Settings for Instagram can be made via the form.

TikTok: TikTok users have the right to object to the processing of your data. This right exists if TikTok is performing a task in the public interest, pursuing their legitimate interests or those of a third party, or if your data is processed in certain circumstances for the purpose of facilitating scientific or historical research. The objection can be filed via a web form. You can find more information about the objection options here.

Find out more

Instagram: For information about Instagram Insights, see Instagram's privacy policy and here.

TikTok: For more information, see TikTok’s privacy policy.