Thank you for your interest in our websites www.the-cloud-one.com, www.lancaster-gate-hotel.com and www.motel-one.com (‘websites’) and in our application software for mobile devices, the Motel One app (‘app’). The websites and the app are operated by Motel One GmbH (‘Motel One’) and offer you, the user (‘user’), the option of learning about the room offerings and the various hotel locations, booking a room if you are interested and there is a vacancy, and contacting us if you have any questions.
We take the protection of your personal data seriously and abide by the provisions of data protection laws and other relevant data protection requirements. In the sections below, we will explain to you, as a user of our website or our app, how we handle your data and provide you with an overview of the measures we implement to protect personal data.
You may revoke any consent you may have granted at any time with future effect. If you have any questions regarding our use of your personal data, please contact us.
1. Controller and scope
The controller pursuant to the EU General Data Protection Regulation (‘GDPR’) and other national data protection laws of member states as well as other data protection provisions is:
Motel One GmbH
Tegernseer Landstrasse 165
Tel.: +49 (0) 089 665025-0
Fax: +49 (0) 089 665025-50
2. Data protection officer
The controller’s external data protection officer is:
Dr Karsten Kinast, LL.M.
KINAST Rechtsanwaltsgesellschaft mbH
Tel.: +49 (0) 221 222 183-0
3. Principles of data processing
Personal data refers to all information related to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, email address, IP address or user behaviour. Information that we cannot use to identify you personally (or that would involve a disproportionate effort to do so), for example, by anonymising the information, does not constitute personal data. The processing of personal data (e.g. collecting, accessing, using, storing or transmitting such data) always requires a legal basis or your consent. Processed personal data will be deleted as soon as the purpose of the processing has been achieved and there is no longer any statutory obligation to retain the data.
If we process your personal data in order to provide certain services, the sections below will inform you of the specific processes, the scope and the purpose of the data processing activity, the legal basis for the processing activity and the relevant storage period.
4. Individual processing steps
a. Provision and use of the websites and the Motel One app
When you access and use our websites or the Motel One app, we collect personal data that your browser or the app automatically sends to our server. This information is temporarily saved in a log file. When you use our websites, we collect the following information, which we need for technical reasons in order to display our websites to you and ensure stability and security:
Every time a user accesses one of the websites or the app and every time a file is accessed, access data related to this action is stored in a log file on our server. This data includes:
Operating system used
Referring URL (the site previously visited)
Host name of the accessing computer (IP address)
Time and date of the server request
Volume of data transmitted and access status (file transmitted, file not found, etc.).
This data is used to generate pseudonymised internal statistics that help us to analyse the use of the websites or the Motel One app, correct errors and improve our services. It is not used for any other purpose related to you individually. In particular, this data is not merged with other data sources. This data is automatically deleted after the statistical analysis. You can prevent your pseudonymised data from being used for statistical purposes at any time by adjusting your browser settings to prevent cookies from being stored on your computer (see section 7).
The legal basis for the specified data processing is Article 6(1)(f) GDPR. The processing of the specified personal data is necessary to provide the websites and the Motel One app and therefore serves to safeguard the legitimate interests of our company.
The temporary storage of the IP address by the system is necessary in order to display the website on the user’s computer. The user’s IP address has to be stored for the duration of the session.
As soon as the specified data is no longer necessary to display the websites, it will be deleted. The collection of data to provide the websites and the storage of data in log files is necessary for the operation of the websites and the Motel One app. Consequently, the user does not have the right to object to such use. The data may be stored for longer periods in individual cases if required by law.
b. Reservations, bookings and vouchers
You can make a reservation and/or booking on our websites and in the app. You can also buy vouchers. When you do this, the following personal data will be entered into a form and processed by us:
Name and surname
Phone number (if provided)
Company name (if provided)
Tax number (if provided)
Bank details or credit card information (if provided)
In order to process payments, we share your payment details with the financial institution responsible for processing the payment and with any payment service providers commissioned by us or the payment service selected by you when you place the order. These companies may only use your personal data to process the order and not for any other purpose.
To process payments, it is also necessary for our payment service provider Computop Wirtschaftsinformatik GmbH to process personal data for the 3D Secure 2.0 protocol. 3D Secure 2.0 is a protocol for secure and enhanced customer authentication, carried out in accordance with Directive (EU) 2015/2366 (Payment Services Directive 2, PSD 23).
For this purpose, the following personal data, in particular, is also processed:
Browser information, e.g. IP address or browser language
Billing and shipping address
Customer account details (e.g. how long your account has been open)
Personal data is processed for the completion of a booking/reservation or the purchase of a voucher in order to fulfil a contract between you and Motel One in accordance with Article 6(1)(b) GDPR. This also applies to data processing required for the implementation of pre-contractual measures.
As soon as the processed personal data is no longer necessary for the execution of the contract, it will be deleted. Even after the conclusion of the contract, it may be necessary to store your personal data in order to comply with contractual or statutory obligations. The data may be stored for longer periods in individual cases if required by law.
c. Contact form and email correspondence
Please feel free to contact us electronically via the form provided. The personal data you enter in the form will be transferred to us. If you use the contact form, the following personal data will be processed:
Additionally, the following personal data will be stored when the message is sent:
Alternatively, you can contact us at the email address provided. In this case, the personal data transmitted with the email will also be stored. In this case, the personal data will not be shared with third parties. The personal data will only be used to process your enquiry.
The legal basis for the processing of personal data is Article 6(1)(f) GDPR. We have a legitimate interest in responding to enquiries that you send to us by email or via the contact form. Additionally, pursuant to Article 6(1)(f) GDPR, we have a legitimate interest in processing personal data during the sending process in order to prevent misuse of the contact form and protect our IT systems.
After we have processed your enquiry, the personal data will be deleted unless deletion is prevented by contractual or statutory retention periods. You have the right to withdraw your consent to the processing of personal data at any time. If you contact us by email, you can object to the processing of your personal data at any time. In this case, it will not be possible to process your enquiry any further. All personal data collected in the course of this correspondence will be deleted in this case unless deletion is prevented by contractual or statutory retention periods.
Persons under the age of 18 should not provide us with any personal data without the consent of their parents or guardians. We do not request personal data from children and adolescents, nor do we collect such data or forward it to third parties.
5. Email correspondence
a. Evaluation email following a stay
After staying at a Motel One, Lancaster Gate hotel or The Cloud One hotel, customers will receive an email asking them to rate their stay and suggest improvements.
The legal basis for the data processing activity carried out with respect to the use of your email address is Art. 6(1)(f) GDPR. The processing of email addresses and the collection of ratings is necessary to ensure the quality of the hotel and to optimise hotel services, and therefore helps to safeguard the legitimate interests of our company. This evaluation email is not used for any other purpose.
As soon as this data (email address and rating) is no longer required for the specified optimisation purposes, it will be deleted immediately.
b. Motel One newsletter
When registering for the Motel One newsletter, the user declared their consent to regularly receive a newsletter email containing news, campaigns and offers from Motel One, Lancaster-gate-hotel.com and The Cloud One hotels (as well as articles related to the topic of hotels, travel and overnight accommodation). The personal data processed by Motel One in order to send the newsletter is not shared with other companies. You can revoke your consent to the use of your email address at any time with future effect (email@example.com). You can also unsubscribe from the newsletter via a separate link located at the bottom of each newsletter email.
You, the user, expressly accepted the following declaration of consent when you subscribed to the newsletter on our website: https://www.motel-one.com/en/newsletter/ and www.the-cloud-one.com/en/newsletter/ and we have logged this consent:
‘I would like to subscribe to the free Motel One newsletter and receive regular news and information about campaigns and offers from Motel One and The Cloud One hotels related to the topic of hotels and travel. My email address will not be disclosed to other companies. I can revoke my consent to receive the newsletter with future effect at any time via the websites https://www.motel-one.com/en/newsletter/ and www.the-cloud-one.com/en/newsletter/.’
6. Push notification
In the app, you can sign up to receive push notifications. For this purpose, Motel One, Lancaster Gate hotel and The Cloud One hotels use the Firebase Cloud Messaging service, which is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’). For detailed information about how Google uses personal data, please visit https://policies.google.com/privacy and https://firebase.google.com/support/privacy.
The push notifications can provide you with information about your next booking, or news and offers from Motel One, Lancaster Gate Hotel and The Cloud One hotels.
To sign up for push notifications on iOS, you must opt in when your browser or device asks whether you would like to receive push notifications.
We evaluate anonymised push notifications for statistical purposes and can therefore determine whether and when push notifications have been displayed and clicked on. This enables us to determine which push notifications are of interest to recipients and tailor future notifications to the presumed interests of all recipients in order to increase the level of interest in our service.
You can revoke your consent to the storage and use of your personal data to receive our push notifications at any time with future effect in accordance with Art. 6(1)(a) GDPR. You can revoke your consent by adjusting the settings on your device.
Disabling push notifications on iOS:
Disabling push notifications on Android:
Open the notification panel at the top edge of your screen.
Long press a notification from the app for which you would like to disable push notifications until a menu opens.
Tap ‘App info’.
Untick the ‘Receive notifications’ box.
Your data will be erased as soon as it is no longer necessary for the purpose for which it was collected. As such, your data will be stored for as long as push notifications are enabled.
7. Processing and deletion
Motel One, Lancaster Gate hotel or The Cloud One hotels may, on their own initiative or at the request of the user, complete, correct or delete incomplete, erroneous or outdated personal data that Motel One, Lancaster Gate hotel or The Cloud One hotels have stored in connection with the operation of this website. If these processes are carried out at the request of the user, Motel One, Lancaster Gate hotel or The Cloud One hotels may only do so if the user has sufficiently identified themselves. Identity is verified using a copy of a photo ID – which will of course be deleted immediately after the authentication has been completed – or using criteria that can only be known by the user. Motel One, Lancaster Gate hotel or The Cloud One hotels cannot agree to the user’s request if they are not properly identified.
In line with statutory provisions, Motel One, Lancaster Gate hotel or The Cloud One hotels will delete personal data immediately on the user’s request, provided there are no mandatory retention obligations to the contrary.
8. Categories of data recipients
a. Personal data is handled confidentially and in line with the statutory data protection regulations. Data is not disclosed to third parties without the user’s consent, unless this is required to carry out orders, process payments or process requests or it is permitted in accordance with the statutory provisions. External service providers are obliged to handle data confidentially and securely, and they may only use the data as required to carry out their duties. Furthermore, to the extent necessary, contractual processing contracts have been concluded with the service providers in accordance with Article 28 GDPR so that they may only process your personal data in accordance with our instructions.
b. This is particularly true for any payments processed by external service providers, as well as the exchange of data with SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany for the purpose of credit checks if there is a legitimate interest or in the event of non-contractual conduct. SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany stores and transmits data to its contractual partners for credit checks. The user’s legitimate concerns are taken into account in line with the statutory provisions.
c. Otherwise, personal data is only disclosed if the user has given their express prior consent or if doing so is necessary for the prosecution of criminal offences. Personal data is only transmitted to the authorities or government agencies with the right to information if there is a statutory obligation to provide information or there has been a court ruling to this effect. Your legitimate concerns are taken into account in line with the statutory data protection provisions. Where necessary, we may disclose your data to third parties on the basis of statutory requirements. We only comply with such requests if we are required to do so in line with statutory obligations.
d. Any consent you may have given for us to disclose your data can be revoked at any time and without the need to provide us with a reason.
9. Protection of data
The protection of personal data is an important corporate principle at Motel One, Lancaster Gate hotel and The Cloud One hotels. This is achieved through, among other things, training, a company data protection officer and a written agreement with all employees and external service providers to maintain the confidentiality of data and comply with data protection requirements.
All technical and organisational, physical and computer systems and measures in the area of data protection, IT and information security help to protect stored data from damage, destruction and unauthorised access and to achieve the protection objectives of confidentiality, availability and integrity.
For the sake of security, personal data is collected using an encrypted secure socket layer (SSL) connection (recognisable by the use of ‘https://’ at the beginning of the website address in the address bar of the internet browser).
In addition, Motel One, Lancaster Gate hotel and The Cloud One hotels take all reasonable precautions to prevent unauthorised access to users' personal data as well as the unauthorised use or falsification of this data and to minimise the corresponding risks. However, the provision of personal data, whether this is done in person, on the phone or online, always involves risks, and there is no technical system that is completely impervious to manipulation or sabotage.
10. SurveySparrow survey tool
We use SurveySparrow to create online questionnaires. We use SurveySparrow to collect, analyse, compile, compare and review data from survey participants to gain insights for the optimisation of our website. SurveySparrow is survey software that strictly adheres to the General Data Protection Regulation (GDPR). SurveySparrow will only process data within the scope of the agreement entered into with Motel One and in accordance with our solely written instructions. SurveySparrow acts as a mediation platform for collecting the responses you provide to us via an online questionnaire.
SurveySparrow is designed to respect individual privacy in all circumstances, as guaranteed by the General Data Protection Regulation. SurveySparrow has no access, directly or indirectly, to the survey responses and results generated on the said platform. All data is stored securely on servers in the EU. SurveySparrow does not sell, misuse or share your information with third-party advertisers or marketers. SurveySparrow does not scan or share the data submitted by survey participants. Results generated on the SurveySparrow platform can only be exported by Motel One for analysis and review.
Motel One uses your responses to improve the service we offer. Your personal data will not be used unless specifically requested in a specific question. Motel One never uses your data to create an identifiable profile of you. Your data will never be sold, monetised or shared beyond the reasonable scope of conducting brand, design and user experience research.
a. Contractual processing
We have concluded an agreement on contractual processing with the above-mentioned provider. This is a contract required by data protection law that ensures that the contractual processor only processes the personal data of visitors to our website in accordance with our instructions and in compliance with the GDPR. The contract is based on EU standard contractual clauses and can be viewed at the following link: https://surveysparrow.com/legal/dpa/
b. Categories of personal data
We use SurveySparrow cookies to process the following personal data of our users:
c. Purpose of data processing
The processing of your personal data via SurveySparrow serves the purpose of improving our content and the user experience on our website. We analyse the data in order to make the website more customer friendly.
d. Legal basis for data processing
We process your personal data on the legal basis of your consent in accordance with Article 6 (1) (a) GDPR.
We need your consent to process this data for this purpose. You can revoke your consent at any time via the cookie banner on our website. Please note that revoking consent does not affect the lawfulness of the processing carried out based on consent until its revocation.
If you set your browser software accordingly, you can generally prevent the storage of cookies. Please note, however, that in this case not all functions of our website will be available to you.
e. Duration of the storage
We only store your personal data for as long as the purpose requires it. If you revoke your consent, we will delete your personal data. We can view your personal data for a maximum of 12 months.
f. Disclosure to third parties
SurveySparrow is our contractual data processor. For this purpose, we have concluded a contractual processing contract with the service provider SurveySparrow Inc. in accordance with Article 28 GDPR. SurveySparrow only processes your personal data in accordance with our instructions.
g.Data transfer to third countries
We transfer your personal data to SurveySparrow Inc., USA. We have appropriate guarantees for the transfer of your personal data to a third country in the form of standard contractual clauses pursuant to Article 46 (2) (d) GDPR, which have been accepted by a supervisory authority and approved by the European Commission in a review procedure in accordance with Article 93 (2) GDPR.
11. Chatbot and live chat
Our website offers you the option to use the chat feature to contact us regarding a hotel booking. This is a live chat tool. By using this chat feature, you are automatically using the services of DialogShift GmbH, Rheinsberger Strasse 76/77, 10115 Berlin, Germany. Personal data that you enter in the chat window is transmitted to DialogShift GmbH and stored.
a. Type and scope of data processing
We use this personal data to effectively and directly assist our customers and prospective customers.
In addition to the personal data that you disclose during the chat, the following personal data is collected when you use the chat tool:
If necessary, personal data from the chat record, such as name, contact details and other information.
If you enter personal data in the chat window (e.g. name, address, email address, booking number), your personal data will be processed using artificial intelligence.
DialogShift also uses performance cookies for statistical purposes. These will process your IP address.
b. Particular risks when using artificial intelligence
When using the chat tool, data is processed using artificial intelligence (AI) to a limited extent. The tool is designed to autonomously answer your questions before you are handed over to a member of staff. Information is entered into the system as input, processed using algorithms and then displayed as output.
Often, the data protection principle of transparency in accordance with Art. 5 (1) (a) of the GDPR, which requires the transparent processing of personal data, is not respected due to the machine learning functionality of AI systems. This is because AI-based systems continually modify and optimise their weightings and use the data entered for their ongoing development. In addition, it cannot be entirely ruled out that personal data will be transferred to third countries, e.g. the USA, due to this lack of data processing transparency.
DialogShift GmbH undertakes to use your data solely for the purpose of facilitating the chat. When providing artificial intelligence, DialogShift relies on service providers that use servers within the EU. There are no plans to transfer data to third countries. Nevertheless, a residual risk cannot currently be eliminated with regard to the lack of data processing transparency and transfers to a third country when using AI.
If you are not prepared to accept the risks described, you should refrain from using the chat tool.
c. Legal basis
When using the chat tool, data is processed on the basis of your consent in accordance with Art. 6 (1) (a) of the GDPR. We use the personal data you may have provided to effectively and directly assist our customers and prospective customers. You grant your consent by ticking the box in the chat window. You can withdraw your consent at any time by unticking the box. This shall not affect the legality of the data processing that occurs until your consent is withdrawn.
You can also prevent the storage of cookies by configuring your browser settings accordingly. If you do this, you may not be able to fully use the live chat feature or other website features. DialogShift will not share this personal data with third parties. The data will be used by DialogShift exclusively for the purposes of protection and internal statistics.
d. Duration of storage
Personal data is stored for the time required to fulfil the purpose for which it was collected. This purpose is generally fulfilled as soon as the chat session is terminated, but your personal data will be deleted within 90 days at the latest. We also delete your personal data when you withdraw your consent or object to the processing of personal data. A statutory retention period may prevent deletion.
e. Categories of data recipients
When data is processed by service providers, the personal data is passed on to the service provider. DialogShift acts on behalf of Motel One to ensure that consent is collected and documented in accordance with data protection regulations. DialogShift acts as a contractual processor in accordance with Article 28 GDPR. For this purpose, we have concluded a contractual processing contract with our service provider in accordance with GDPR requirements. Your personal data will only be processed in accordance with our instructions.
f. Place of processing and transfer to third countries
There are no plans to transfer your personal data to a third country outside the EU and the European Economic Area. In addition, we will not transfer your personal data to an international organisation. When providing artificial intelligence, DialogShift relies on service providers that use servers within the EU. Nevertheless, it cannot be entirely ruled out that personal data will be transferred to third countries, e.g. the USA, due to the data being processed using AI.
g. Automated data processing
There is no automated data processing within the context of Art. 13 (22) of the GDPR. Automated processing takes place to the extent described using AI.
Most browsers are configured to accept cookies by default. However, you can configure your browser so that it only accepts certain cookies or no cookies at all. Please note, however, that you may not be able to use all of the functions of our websites if you deactivate cookies on our websites through your browser settings. You can also adjust your browser settings to delete cookies already stored in your browser or to display the storage period. In addition, you can configure your browser to notify you before cookies are stored. Since different browsers can vary in terms of their functionality, please see your browser’s help menu for the configuration options.
If you would like a comprehensive overview of all third parties that have access to your internet browser, we recommend installing a plug-in specially developed for this purpose