DATA PROTECTION PROVISIONS
for the websites the-cloud-one.com, hotel-lancaster-hydepark.com and motel-one.com, as well as the Motel One app
Version 07/2024
Thank you for your interest in our websites www.the-cloud-one.com, hotel-lancaster-hydepark.com and www.motel-one.com (‘websites’) and in our application software for mobile devices, the Motel One app (‘app’). The websites and the app are operated by Motel One GmbH (‘Motel One’) and offer you, the user (‘user’), the option of learning about the room offerings and the various hotel locations, booking a room if you are interested and there is a vacancy, and contacting us if you have any questions.
We take the protection of your personal data seriously and abide by the provisions of data protection laws and other relevant data protection requirements. In the sections below, we will explain to you, as a user of our website or our app, how we handle your data and provide you with an overview of the measures we implement to protect personal data.
You may revoke any consent you may have granted at any time with future effect. If you have any questions regarding our use of your personal data, please contact us.
Since changes to laws or to our internal corporate processes may make it necessary for us to adapt this privacy policy, please read this privacy policy regularly. The privacy policy can be accessed, saved and printed at any time by going to www.motel-one.com/en/data-privacy/, www.hotel-lancaster-hydepark.com/en/data-privacy/ and www.the-cloud-one.com/en/data-privacy. You can also view our data protection information here:
- • Zásady ochrany osobních údajů (CZ)
- • Datenschutzhinweise (DE)
- • Databeskyttelse (DK)
- • Data protection information (EN)
- • Aviso de privacidad (ES)
- • Informations en matière de protection des données (FR)
- • Gegevensbeschermingsinstructies (NL)
- • Politykę prywatności (PL)
1. Controller and scope
The controller pursuant to the EU General Data Protection Regulation (‘GDPR’) and other national data protection laws of member states as well as other data protection provisions is:
Motel One GmbH
Tegernseer Landstrasse 165
81539 Munich
Germany
Tel.: +49 (0) 089 665025-0
Fax: +49 (0) 089 665025-50
Website: www.motel-one.com or www.the-cloud-one.com
E-Mail: privacy@motel-one.de or privacy@the-cloud-one.com
This privacy policy applies to the websites of Motel One GmbH, Tegernseer Landstrasse 165, 81539 Munich, Germany, which can be accessed via the domains www.motel-one.com, www.hotel-lancaster-hydepark.com and www.the-cloud-one.com , as well as various subdomains, and the Motel One app.
2. Data protection officer
The controller’s external data protection officer is:
Dr. Karsten Kinast, LL.M.
KINAST Rechtsanwaltsgesellschaft mbH
Hohenzollernring 54
50672 Cologne
Germany
Tel.: +49 (0) 221 222 183-0
E-Mail: dsb-motelone@kinast.eu
Website: www.kinast.eu
3. Principles of data processing
Personal data refers to all information related to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or user behaviour. Information that we cannot use to identify you personally (or that would involve a disproportionate effort to do so), for example, by anonymising the information, does not constitute personal data. The processing of personal data (e.g. collecting, accessing, using, storing or transmitting such data) always requires a legal basis or your consent. Processed personal data will be deleted as soon as the purpose of the processing has been achieved and there is no longer any statutory obligation to retain the data.
If we process your personal data in order to provide certain services, the sections below will inform you of the specific processes, the scope and the purpose of the data processing activity, the legal basis for the processing activity and the relevant storage period.
4. Individual processing steps
a. Provision and use of the websites and the Motel One app
When you access and use our websites or the Motel One app, we collect personal data that your browser or the app automatically sends to our server. This information is temporarily saved in a log file. When you use our websites, we collect the following information, which we need for technical reasons in order to display our websites to you and ensure stability and security:
Every time a user accesses one of the websites or the app and every time a file is accessed, access data related to this action is stored in a log file on our server. This data includes:
• Browser type/version
• Operating system used
• Referring URL (the site previously visited)
• Host name of the accessing computer (IP address)
• Time and date of the server request
• Volume of data transmitted and access status (file transmitted, file not found, etc.).
This data is used to generate pseudonymised internal statistics that help us to analyse the use of the websites or the Motel One app, correct errors and improve our services. It is not used for any other purpose related to you individually. In particular, this data is not merged with other data sources. This data is automatically deleted after the statistical analysis. You can prevent your pseudonymised data from being used for statistical purposes at any time by adjusting your browser settings to prevent cookies from being stored on your computer (see section 7).
The legal basis for the specified data processing is Article 6(1)(f) GDPR. The processing of the specified personal data is necessary to provide the websites and the Motel One app and therefore serves to safeguard the legitimate interests of our company.
The temporary storage of the IP address by the system is necessary in order to display the website on the user’s computer. The user’s IP address has to be stored for the duration of the session.
As soon as the specified data is no longer necessary to display the websites, it will be deleted. The collection of data to provide the websites and the storage of data in log files is necessary for the operation of the websites and the Motel One app. Consequently, the user does not have the right to object to such use. The data may be stored for longer periods in individual cases if required by law.
b. Reservations, bookings and vouchers
You can make a reservation and/or booking on our websites and in the app. You can also buy vouchers. When you do this, the following personal data will be entered into a form and processed by us:
• Name and surname
• Address
• E-Mail address
• Phone number (if provided)
• Company name (if provided)
• Tax number (if provided)
• Bank details or credit card information (if provided)
In order to process payments, we share your payment details with the financial institution responsible for processing the payment and with any payment service providers commissioned by us or the payment service selected by you when you place the order. These companies may only use your personal data to process the order and not for any other purpose.
To process payments, it is also necessary for our payment service provider Computop Wirtschaftsinformatik GmbH to process personal data for the 3D Secure 2.0 protocol. 3D Secure 2.0 is a protocol for secure and enhanced customer authentication, carried out in accordance with Directive (EU) 2015/2366 (Payment Services Directive 2, PSD 2).
For this purpose, the following personal data, in particular, is also processed:
• Transaction data
• Browser information, e.g. IP address or browser language
• Billing and shipping address
• Customer account details (e.g. how long your account has been open)
Personal data is processed for the completion of a booking/reservation or the purchase of a voucher in order to fulfil a contract between you and Motel One in accordance with Article 6(1)(b) GDPR. This also applies to data processing required for the implementation of pre-contractual measures.
As soon as the processed personal data is no longer necessary for the execution of the contract, it will be deleted. Even after the conclusion of the contract, it may be necessary to store your personal data in order to comply with contractual or statutory obligations. The data may be stored for longer periods in individual cases if required by law.
c. Contact form and email correspondence
Please feel free to contact us electronically via the form provided. The personal data you enter in the form will be transferred to us. If you use the contact form, the following personal data will be processed:
• Email address
• First name and surname
• Any other personal data included in the message
Additionally, the following personal data will be stored when the message is sent:
• IP address
• Date and time of your message
Alternatively, you can contact us at the email address provided. In this case, the personal data transmitted with the email will also be stored. In this case, the personal data will not be shared with third parties. The personal data will only be used to process your enquiry.
The legal basis for the processing of personal data is Article 6(1)(f) GDPR. We have a legitimate interest in responding to enquiries that you send to us by email or via the contact form. Additionally, pursuant to Article 6(1)(f) GDPR, we have a legitimate interest in processing personal data during the sending process in order to prevent misuse of the contact form and protect our IT systems.
After we have processed your enquiry, the personal data will be deleted unless deletion is prevented by contractual or statutory retention periods. You have the right to withdraw your consent to the processing of personal data at any time. If you contact us by email, you can object to the processing of your personal data at any time. In this case, it will not be possible to process your enquiry any further. All personal data collected in the course of this correspondence will be deleted in this case unless deletion is prevented by contractual or statutory retention periods.
d. Minors
Persons under the age of 18 should not provide us with any personal data without the consent of their parents or guardians. We do not request personal data from children and adolescents, nor do we collect such data or forward it to third parties.
5. E-Mail correspondence
a. Evaluation email following a stay
After staying at a Motel One, the Lancaster Gate Hotel or The Cloud One hotel, customers will receive an email asking them to rate their stay and suggest improvements.
The legal basis for the data processing activity carried out with respect to the use of your email address is Art. 6(1)(f) GDPR. The processing of email addresses and the collection of ratings is necessary to ensure the quality of the hotel and to optimise hotel services, and therefore helps to safeguard the legitimate interests of our company. This evaluation email is not used for any other purpose.
As soon as this data (email address and rating) is no longer required for the specified optimisation purposes, it will be deleted immediately.
b. Motel One newsletter
When registering for the Motel One newsletter, the user declared their consent to regularly receive a newsletter email containing news, campaigns and offers from Motel One, Lancaster Gate Hotel and The Cloud One hotels (as well as articles related to the topic of hotels, travel and overnight accommodation). The personal data processed by Motel One in order to send the newsletter is not shared with other companies. You can revoke your consent to the use of your email address at any time with future effect (newsletter@motel-one.com). You can also unsubscribe from the newsletter via a separate link located at the bottom of each newsletter email.
You, the user, expressly accepted the following declaration of consent when you subscribed to the newsletter on our website: www.motel-one.com/en/newsletter/ and we have logged this consent:
‘I would like to subscribe to the free Motel One newsletter and receive regular news and information about campaigns and offers from Motel One and The Cloud One hotels related to the topic of hotels and travel. My email address will not be disclosed to other companies. I can revoke my consent to receive the newsletter with future effect at any time via the websites www.motel-one.com/en/newsletter/
6. Push notification
In the app, you can sign up to receive push notifications. For this purpose, Motel One, Lancaster Gate Hotel and The Cloud One hotels use the Firebase Cloud Messaging service, which is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’). For detailed information about how Google uses personal data, please visit https://policies.google.com/privacy and https://firebase.google.com/support/privacy.
The push notifications can provide you with information about your next booking, or news and offers from Motel One, Lancaster Gate Hotel and The Cloud One hotels.
To sign up for push notifications on iOS, you must opt in when your browser or device asks whether you would like to receive push notifications.
We evaluate anonymised push notifications for statistical purposes and can therefore determine whether and when push notifications have been displayed and clicked on. This enables us to determine which push notifications are of interest to recipients and tailor future notifications to the presumed interests of all recipients in order to increase the level of interest in our service.
You can revoke your consent to the storage and use of your personal data to receive our push notifications at any time with future effect in accordance with Art. 6(1)(a) GDPR. You can revoke your consent by adjusting the settings on your device.
Disabling push notifications on iOS:
• Open the ‘Settings’ app.
• Scroll down the list of apps until you see the name of the app for which you would like to turn off push notifications.
• Tap the name of the app and then ‘Notifications’.
• You can now turn off individual types of notification or disable push notifications completely.
Disabling push notifications on Android:
• Open the notification panel at the top edge of your screen.
• Long press a notification from the app for which you would like to disable push notifications until a menu opens.
• Tap ‘App info’.
• Untick the ‘Receive notifications’ box.
Your data will be erased as soon as it is no longer necessary for the purpose for which it was collected. As such, your data will be stored for as long as push notifications are enabled.
7. Processing and deletion
Motel One, Lancaster Gate Hotel or The Cloud One hotels may, on their own initiative or at the request of the user, complete, correct or delete incomplete, erroneous or outdated personal data that Motel One, Lancaster Gate Hotel or The Cloud One hotels have stored in connection with the operation of this website. If these processes are carried out at the request of the user, Motel One, Lancaster Gate Hotel or The Cloud One hotels may only do so if the user has sufficiently identified themselves. Identity is verified using a copy of a photo ID – which will of course be deleted immediately after the authentication has been completed – or using criteria that can only be known by the user. Motel One, Lancaster Gate Hotel or The Cloud One hotels cannot agree to the user’s request if they are not properly identified.
In line with statutory provisions, Motel One, Lancaster Gate Hotel or The Cloud One hotels will delete personal data immediately on the user’s request, provided there are no mandatory retention obligations to the contrary.
8. Disclosure of personal data to third parties
a. Personal data is handled confidentially and in line with the statutory data protection regulations. Data is not disclosed to third parties without the user’s consent, unless this is required to carry out orders, process payments or process requests or it is permitted in accordance with the statutory provisions. External service providers are obliged to handle data confidentially and securely, and they may only use the data as required to carry out their duties.
b. This is particularly true for any payments processed by external service providers, as well as the exchange of data with SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany for the purpose of credit checks if there is a legitimate interest or in the event of non-contractual conduct. SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany stores and transmits data to its contractual partners for credit checks. The user’s legitimate concerns are taken into account in line with the statutory provisions.
c. Otherwise, personal data is only disclosed if the user has given their express prior consent or if doing so is necessary for the prosecution of criminal offences. Personal data is only transmitted to the authorities or government agencies with the right to information if there is a statutory obligation to provide information or there has been a court ruling to this effect. Your legitimate concerns are taken into account in line with the statutory data protection provisions. Where necessary, we may disclose your data to third parties on the basis of statutory requirements. We only comply with such requests if we are required to do so in line with statutory obligations.
Any consent you may have given for us to disclose your data can be revoked at any time and without the need to provide us with a reason.
9. Protection of data
The protection of personal data is an important corporate principle at Motel One, Lancaster Gate Hotel and The Cloud One hotels. This is achieved through, among other things, training, a company data protection officer and a written agreement with all employees and external service providers to maintain the confidentiality of data and comply with data protection requirements.
All technical and organisational, physical and computer systems and measures in the area of data protection, IT and information security help to protect stored data from damage, destruction and unauthorised access and to achieve the protection objectives of confidentiality, availability and integrity.
For the sake of security, personal data is collected using an encrypted secure socket layer (SSL) connection (recognisable by the use of ‘https://’ at the beginning of the website address in the address bar of the internet browser).
In addition, Motel One, Lancaster Gate Hotel and The Cloud One hotels take all reasonable precautions to prevent unauthorised access to users' personal data as well as the unauthorised use or falsification of this data and to minimise the corresponding risks. However, the provision of personal data, whether this is done in person, on the phone or online, always involves risks, and there is no technical system that is completely impervious to manipulation or sabotage.
10. SurveySparrow
We use SurveySparrow to compile online questionnaires. With SurveySparrow, we collect, analyze, compile, compare and review data from survey respondents to produce insights and make sense out of the responses. SurveySparrow is a survey software tool that strictly adheres to the GDPR. SurveySparrow process the data responses only as part of the provision of services to Motel One and in accordance with our sole written instructions. It acts as an intermediary platform to collect the responses that you submit to us via an online questionnaire.
The SurveySparrow product is designed in such a way that they adhere to the principle, Privacy by design and default in all circumstances respecting the privacy of individuals as guaranteed under the GDPR. Therefore, they do not have access to the survey responses directly or indirectly and all survey responses and results generated within the said platform are securely stored on their servers in the EU. SurveySparrow does not sell, misuse or share your responses to third party advertisers or marketers. Further the data submitted by the survey respondents are not scanned or shared by SurveySparrow for any purpose. The results generated on the SurveySparrow platform can only be exported by Motel One for analysis and review.
Motel One use your answers to improve our services, and your personally identifying information will not be used unless expressly requested in a particular question. Motel One never use your information to build an identifiable profile of you. Your data is never sold, monetised, or shared beyond the reasonable remit of carrying out brand, design, and user experience research.
a. Data Processing Addendum
We have concluded a Data Processing Addendum (DPA) with the above-mentioned service provider, SurveySparrow. This is a contract required by data protection law, which ensures that this provider only processes the personal data of our survey respondents in accordance with our instructions and in compliance with the GDPR. The contract is based on standard contractual clauses of the EU and can be viewed at the following link: https://surveysparrow.com/legal/dpa/
b. Personal Data
With the help of Cookies used by SurveySparrow, we process the following personal data of our users:
• Click-Through-Rates
• IP-address
• location data
• operating system
• Device type
• Survey responses
c. Purpose of Data Processing
The processing of your personal data with the help of SurveySparrow serves the purpose of
Improving our website/improving our offer/making our website more customer-friendly.
d. Legal basis for data processing
We process your personal data on the following legal basis: Your consent according to Art. 6 (1) lit. a GDPR. We require your consent for processing for this purpose. You can revoke your consent at any time via the cookie banner on our website. Please note that the revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. If you set your browser software accordingly, you can generally prevent the storage of cookies. Please note, however, that in this case not all functions on our website will be available to you.
e. Storage period
We only store your personal data for as long as the purpose requires. If you withdraw your declaration of consent, we will delete your personal data. We can view your personal data for maximum 12 months.
f. Disclosure to Third Parties
SurveySparrow is our data processor. For this purpose, we have concluded a data processing agreement with the service provider SurveySparrow Inc. in accordance with Art. 28 GDPR. SurveySparrow processes your personal data only on our instructions.
g. Data transfer to Third Countries
We transfer your personal data to SurveySparrow Inc., USA. For the transfer of your personal data to a third country, we have provided appropriate safeguards in the form of Standard Contractual Clauses pursuant to Art. 46(2)(d) GDPR, which have been adopted by a supervisory authority and approved by the European Commission in a review procedure pursuant to Art. 93(2) GDPR.
11. Chatbot and live chat
Our website offers you the option to use the chat feature to contact us regarding a hotel booking. This is a live chat tool. By using this chat feature, you are automatically using the services of DialogShift GmbH, Rheinsberger Strasse 76/77, 10115 Berlin, Germany. Personal data that you enter in the chat window is transmitted to DialogShift GmbH and stored.
a. Type and scope of data processing
We use this personal data to effectively and directly assist our customers and prospective customers.
In addition to the personal data that you disclose during the chat, the following personal data is collected when you use the chat tool:
• IP address
• If necessary, personal data from the chat record, such as name, contact details and other information.
If you enter personal data in the chat window (e.g. name, address, email address, booking number), your personal data will be processed using artificial intelligence.
DialogShift also uses performance cookies for statistical purposes. These will process your IP address.
b. Particular risks when using artificial intelligence
When using the chat tool, data is processed using artificial intelligence (AI) to a limited extent. The tool is designed to autonomously answer your questions before you are handed over to a member of staff. Information is entered into the system as input, processed using algorithms and then displayed as output.
Often, the data protection principle of transparency in accordance with Art. 5 (1) (a) of the GDPR, which requires the transparent processing of personal data, is not respected due to the machine learning functionality of AI systems. This is because AI-based systems continually modify and optimise their weightings and use the data entered for their ongoing development. In addition, it cannot be entirely ruled out that personal data will be transferred to third countries, e.g. the USA, due to this lack of data processing transparency.
DialogShift GmbH undertakes to use your data solely for the purpose of facilitating the chat. When providing artificial intelligence, DialogShift relies on service providers that use servers within the EU. There are no plans to transfer data to third countries. Nevertheless, a residual risk cannot currently be eliminated with regard to the lack of data processing transparency and transfers to a third country when using AI.
If you are not prepared to accept the risks described, you should refrain from using the chat tool.
c. Legal basis
When using the chat tool, data is processed on the basis of your consent in accordance with Art. 6 (1) (a) of the GDPR. We use the personal data you may have provided to effectively and directly assist our customers and prospective customers. You grant your consent by ticking the box in the chat window. You can withdraw your consent at any time by unticking the box. This shall not affect the legality of the data processing that occurs until your consent is withdrawn.
If DialogShift collects personal data for statistical purposes using performance cookies, the data is processed on the basis of your consent in the cookie banner in accordance with Article 6 (1) (a) of the GDPR as a result of you ticking the box and/or agreeing to the use of cookies in general. You can withdraw your consent at any time by unticking the box. This shall not affect the legality of the data processing that occurs until your consent is withdrawn.
You can also prevent the storage of cookies by configuring your browser settings accordingly. If you do this, you may not be able to fully use the live chat feature or other website features. DialogShift will not share this personal data with third parties. The data will be used by DialogShift exclusively for the purposes of protection and internal statistics.
The purpose and scope of data collection and the further processing and use of the personal data by DialogShift, as well as the relevant rights and setting options to protect privacy, can be found in the DialogShift GmbH privacy policy:
https://www.dialogshift.com/en/gdpr
d. Duration of storage
Personal data is stored for the time required to fulfil the purpose for which it was collected. This purpose is generally fulfilled as soon as the chat session is terminated, but your personal data will be deleted within 90 days at the latest. We also delete your personal data when you withdraw your consent or object to the processing of personal data. A statutory retention period may prevent deletion.
e. Categories of data recipients
When data is processed by service providers, the personal data is passed on to the service provider. DialogShift acts on behalf of Motel One to ensure that consent is collected and documented in accordance with data protection regulations. DialogShift acts as a contractual processor in accordance with Article 28 GDPR. For this purpose, we have concluded a contractual processing contract with our service provider in accordance with GDPR requirements. Your personal data will only be processed in accordance with our instructions.
f. Place of processing and transfer to third countries
There are no plans to transfer your personal data to a third country outside the EU and the European Economic Area. In addition, we will not transfer your personal data to an international organisation. When providing artificial intelligence, DialogShift relies on service providers that use servers within the EU. Nevertheless, it cannot be entirely ruled out that personal data will be transferred to third countries, e.g. the USA, due to the data being processed using AI.
g. Automated data processing
There is no automated data processing within the context of Art. 13 (22) of the GDPR. Automated processing takes place to the extent described using AI.
12. Use of cookies
Motel One, Lancaster Gate Hotel and The Cloud One hotels use cookies (i.e. text files) or web beacons (i.e. graphics files), which are stored on the user’s device. These files are used to collect certain user-specific settings and technical information that can be used to identify users. This information shows us when and how the website is used by users and enables us to continuously improve the website. Thanks to cookies, users do not have to enter their personal details every time they complete forms on the website. The use of cookies is widespread and a feature of many websites. Cookies are stored on the user’s device, not on the website.
When a user first accesses the websites or the app of Motel One, Lancaster Gate Hotel or The Cloud One hotels, they are informed about the use of cookies. Motel One, Lancaster Gate Hotel and The Cloud One hotels only use cookies to read information stored by a cookie from the site on the user’s device. By using the website or app without adjusting the browser settings, the user agrees to the use of cookies as specified in these data protection provisions. Users who do not wish cookies to be stored on their device, who wish to delete a stored cookie or who wish to be informed when cookies are stored on their device can adjust their browser settings accordingly. For specific information about how to do this, please see the instructions provided with your browser or device.
The legal basis for processing personal data using cookies is Article 6 (1) (1) (f) GDPR. If you have granted us consent to use cookies on the basis of a notice on our website (cookie banner), the lawfulness of the use of personal data is also based on Art. 6(1)(a) GDPR.
Most browsers are configured to accept cookies by default. However, you can configure your browser so that it only accepts certain cookies or no cookies at all. Please note, however, that you may not be able to use all of the functions of our websites if you deactivate cookies on our websites through your browser settings. You can also adjust your browser settings to delete cookies already stored in your browser or to display the storage period. In addition, you can configure your browser to notify you before cookies are stored. Since different browsers can vary in terms of their functionality, please see your browser’s help menu for the configuration options.
If you would like a comprehensive overview of all third parties that have access to your internet browser, we recommend installing a plug-in specially developed for this purpose.
13. Tracking and analysis tools
We using tracking and analysis tools to ensure ongoing optimisation and needs-based design of our websites. Tracking also enables us to collect statistics regarding the use of our websites, which helps us to enhance our online presence using the resulting findings. The legal basis for the use of tracking and analysis tools is the consent you provided in the cookie banner or in the cookie and tracking tool settings pursuant to Art. 6(1)(a) GDPR.
The following description of tracking and analysis tools also outlines the respective processing purposes and the data processed.
a. Google Analytics and Google Firebase
Our websites use Google Analytics, a web analysis service of Google Inc. (‘Google’). Google Analytics uses cookies, or text files, which are stored on your device and make it possible to analyse your use of our websites. The information created by the cookie about your use of our websites is generally transmitted to a Google server in the USA and stored there. Google Analytics has been enhanced on our websites to include the code ‘gat._anonymizeIp();’ in order to ensure the anonymous collection of IP addresses. With this code, your IP address is first abbreviated by Google within member states of the European Union and in other contracting states that are party to the Agreement on the European Economic Area. The full IP address is only transmitted to a Google server in the USA and abbreviated there in exceptional cases.
The Motel One app uses Google Analytics via the Google Firebase service. In this case, personal data is collected via Google Firebase and then displayed and processed further in Google Analytics.
On behalf of Motel One, Lancaster Gate Hotels and The Cloud One hotels, Google uses this information to assess your use of our websites, to compile reports about website activity and to provide other services related to use of the website and the internet to the website operator. The abbreviated IP address transmitted from your browser as part of the Google Analytics service will not be merged with other Google data. You can prevent cookies from being stored on your device by adjusting your browser settings accordingly; however, if you do this, you may not be able to fully use all of the website’s functions.
You can also prevent the collection of the information generated by the cookie related to your use of the website or app (including your IP address) and the processing of this data by Google by downloading and installing the browser add-on available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.
Alternatively, you can prevent the collection of data by Google Analytics when you use a mobile device by clicking on the following link. Doing so will save an opt-out cookie that will prevent the future collection of your data when you visit our websites: <a href="javascript:gaOptout()">Click here to opt-out of Google Analytics</a>.
Further information about Google Analytics can be found here: https://policies.google.com/technologies/partner-sites
More information about Google Firebase can be found here: https://firebase.google.com/
b. Google Data Studio
We use Google Data Studio, an analytics service provided by Google LLC / Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA (‘Google’). It is an additional management tool from Google Analytics. This analytics service uses the personal data collected by Google Analytics. Google Data Studio visually represents user-defined reports. If you deactivate Google Analytics with future effect here, your data will not be used by Google Data Studio.
In accordance with Article 6(1)(a) GDPR, this data processing is based on your consent, which you have granted us by ticking a box in the cookie banner. You can withdraw your consent at any time by unticking the box.
You can find more information and Google’s privacy policy at https://policies.google.com/privacy?hl=en-GB and https://privacy.google.com/businesses/processorterms/. More information about Google Data Studio is available at https://marketingplatform.google.com/intl/en_uk/about/data-studio/.
c. Google BigQuery
For data retention, we use Google BigQuery, a service operated by Google Cloud EMEA Ltd., 70 Sir John Rogerson’s Quay, Dublin, D02 R296, Ireland. Through the use of the Google Cloud infrastructure, this enables the data collected to be stored and managed. Data collected through our web analysis is exported in the form of tables that contain user IDs, which are assigned by Google Analytics and Google Firebase. This involves only data retention, meaning no additional data is added to the data already present from GA4 tracking during the export. The data is stored by Google BigQuery for 36 months. The data storage location is Frankfurt am Main, Germany.
The purpose of processing the data is to facilitate the analysis of the data by Google Analytics and Firebase. The following data is processed by Google BigQuery: IP address, user and login ID, date and time of the visit, usage data, click path, app updates, browser information, device information, JavaScript support, sites visited, referrer URL, downloads, Flash version, location information, purchase activities and widget interactions.
In accordance with Article 6(1)(a) GDPR, this data processing is based on your consent, which you have granted us by ticking a box in the cookie banner. You can withdraw your consent at any time by unticking the box. You can find more information and Google’s privacy policy at https://policies.google.com/privacy?hl=en-GB. More information about Google BigQuery is available at https://cloud.google.com/bigquery/docs/ introduction.
d. OWAPro
Our websites use the ‘OWAPro’ web analysis and online marketing controlling system by Hurra Communications GmbH (‘hurra.com’) for web analysis and the optimisation of online marketing.
The provider of OWAPro is Hurra Communications GmbH, Wollgrasweg 27, 70599 Stuttgart, Germany.
Web analysis primarily helps with the analysis of user streams on our websites and the optimisation of online marketing campaigns. The following personal data may be processed by OWAPro: online IDs, including cookie IDs, IP addresses, device information, customer IDs, referring URLs, transaction data. Likewise, this data can be used to measure and optimise the success of advertising campaigns and their cost-effectiveness in order to obtain information about which services users order and which other activities they initiate (known as ‘conversion tracking’). For this purpose, our websites may use cookies, which enable your internet browser to be recognised when you visit the website again. Unique online IDs (cookies IDs) in these cookies may be stored on your device.
OWAPro generally only processes pseudonymised data that hurra.com itself cannot assign to an identifiable natural person. IP addresses are automatically anonymised by OWAPro by default. Further information about the type and scope of personal data processed by hurra.com in OWAPro and the possible use of cookies can be found in the hurra.com privacy policy at: https://privacy.hurra.com/
You can prevent the collection and processing of data by hurra.com services for our websites at any time by opting out (http://ssl.hurra.com/opt-out?cid=600&ln=en).
14. Social plug-ins
We use the following plug-ins from Facebook, Instagram, Pinterest and X (formerly Twitter) on our websites.
a. Facebook social plug-ins
Our websites contain ‘social plug-ins’ (‘plug-ins’) from the social network www.facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (‘Facebook’). The plug-ins are marked with a Facebook logo or the appendix ‘Facebook Social Plugin’ (http://developers.facebook.com/pluginsdevelopers.facebook.com/). The websites contain plug-ins that establish a direct connection between the user’s browser and Facebook’s servers as soon as the user accesses the websites. The content of the plug-ins is transmitted directly from Facebook to the user’s browser and integrated into the respective website by the browser. Motel One, Lancaster Gate Hotel and The Cloud One hotels have no influence over the scope of the data that Facebook collects using these plug-ins.
As a result of this integration of the plug-ins, Facebook is informed that the user has accessed the respective website. If the user is logged into Facebook, Facebook can assign the user to their Facebook account. If the user clicks the ‘Like’ button or writes a comment, the corresponding information is transmitted directly from their browser to Facebook and stored there.
According to its own information (https://www.facebook.com/help/186325668085084), Facebook saves the date and time of the visit to the site, the website visited and other technical details, such as IP address and browser-related data in order to further enhance Facebook services. The purpose and scope of the data collected and the processing and use of data by Facebook as well as the relevant rights and settings options to protect the user’s privacy can be found in Facebook’s privacy policy (https://www.facebook.com/about/privacy//).
If the user is a member of Facebook and does not want Facebook to collect data about them via Motel One, Lancaster Gate Hotel or The Cloud One hotels and link it with their stored membership data, they must log out of Facebook before visiting the website. However, even if the user is not logged into Facebook, it is possible that Facebook may learn about and save certain data.
If the user wants to block Facebook social plug-ins in general, they can install and activate a corresponding extension on their browser.
b. Instagram social plug-ins
Our websites use social plug-ins (‘plug-ins’) from Instagram, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The plug-ins are marked with an Instagram logo, e.g. in the form of an ‘Instagram camera’. When the user accesses our websites containing these plug-ins, the browser establishes a direct connection to Instagram’s servers. The content of the plug-ins is transmitted directly from Instagram to the user’s browser and integrated into the page. As a result of this integration, Instagram is informed when the user has accessed the corresponding page on our website, even if you do not have an Instagram profile or are not logged into Instagram. This information (including your IP address) is transmitted directly from your browser to an Instagram server in the USA and stored there. If the user is logged into Instagram, Instagram can assign the visit to our website to the user’s Instagram account. If the user interacts with the plug-ins, for example by clicking on the Instagram button, this information will also be transmitted directly to an Instagram server and stored there. The information will also be published on your Instagram account and displayed to your contacts there. Motel One, Lancaster Gate Hotel and The Cloud One hotels have no influence over the scope of the data that Instagram collects using these plug-ins.
The purpose and scope of the data collected and the processing and use of data by Instagram as well as the relevant rights and settings options to protect the user’s privacy can be found in Instagram’s privacy policy: https://help.instagram.com/155833707900388. If the user does not want Instagram to assign the data collected on our website to their Instagram account, they must first log out of Instagram before visiting our website. The user can block the Instagram plug-in from loading with the help of browser add-ons, such as the script blocker ‘NoScript’ (http://noscript.net/).
c. Pinterest social plug-ins
Our websites use social plug-ins (‘plug-ins’) from the social network Pinterest, which is operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, USA (‘Pinterest’). The plug-ins can be identified, for example, on buttons with the ‘Pin it’ icon on a white or red background. When the user accesses our website containing these plug-ins, the browser establishes a direct connection to Pinterest’s servers. The content of the plug-ins is transmitted directly from Pinterest to the user’s browser and integrated into the page. As a result of this integration, Pinterest is informed when the user has accessed the corresponding page on our website, even if you do not have a Pinterest profile or are not logged into Pinterest.
This information (including your IP address) is transmitted directly from the user’s browser to a Pinterest server in the USA and stored there. If the user is logged into Pinterest, Pinterest can assign the visit to our websites to the user’s Pinterest profile. If the user interacts with the plug-ins, for example by clicking on the ‘Pin it’ button, the corresponding information will also be transmitted directly to a Pinterest server and stored there. The information will also be published on Pinterest and displayed to the user’s contacts there. The purpose and scope of the data collected and the processing and use of data by Pinterest as well as the relevant rights and settings options to protect the user’s privacy can be found in Pinterest’s privacy policy at about.pinterest.com/en/privacy-policy. If the user does not want Pinterest to assign the data collected on our website to their Pinterest profile, they must first log out of Pinterest before visiting our website. The user can block the Pinterest plug-in from loading with the help of browser add-ons, such as the script blocker ‘NoScript’ (http://noscript.net/).
d. X (formerly Twitter) buttons
Our websites also enable users to post articles and other content on X. This service and a configured plug-in are provided by X, Corp., Market Square, 1355 Market St #900, San Francisco, USA. The ‘tweet’ button allows users to share blog articles on X. This button also shows the number of tweets a blog entry has received.
When the website is accessed, the code for the tweet button is requested directly from a X server by the user’s browser and integrated into the website. Motel One, Lancaster Gate and The Cloud One hotels therefore have no influence over the scope of the data accessed by X. According to its own information (https://twitter.com/privacy), X stores the message transmitted in the tweet as well as the meta data. According to the operator, this includes: the date and time of the tweet, the exact internet address (abbreviated, if necessary) where the tweet button is located and other technical data, such as IP address, browser type and operating system. X does not indicate how long the information is stored. Further information from X can be found here (https://twitter.com/privacy)
15. Retargeting/interest-based advertising
Our websites use the Criteo service offered by Criteo GmbH, Gewürzmühlstrasse 11, 80538, Munich, Germany. With the help of this service, users who have visited our websites and expressed interest in our products and services are offered targeted advertising on our websites and on other websites that also use the Criteo service. The advertising shown is based on information about the visit to the respective websites, which is stored in cookies on the user’s computer, among other ways. These text files are then scanned during subsequent visits to the website to produce targeted product recommendations. To this end, a randomly generated ID number is stored in the cookies. Neither this number nor the information about your visits to the websites can be assigned to you personally. In no case will the data be used to identify you personally as a visitor to our websites.
You can prevent the storage and use of information by the Criteo service by clicking on the following link (https://www.criteo.com/privacy/)and sliding the ruler there next to ‘Opt out’ to ‘ON’. If you select ‘ON’, a new cookie (opt-out cookie) will be saved in your browser. This cookie tells the Criteo service that Criteo may no longer collect and process data about your usage behaviour. You can reactivate this function by sliding the rule to ‘OFF’. Please note that you must change this setting for every browser that you use. If you delete all of the cookies in your browser, the opt-out cookie will be deleted as well.
16. Links to other websites
Our websites occasionally provide links (interactive references) to third-party websites for which Motel One, Lancaster Gate Hotel and The Cloud One hotels are not responsible. Motel One, Lancaster Gate Hotel and The Cloud One hotels have no influence over the content and design of the linked external sites or the websites that the user accesses via these links. The respective providers are solely responsible for the content and design of these websites as well as for compliance with data protection regulations.
17. Rights of data subjects
The GDPR provides you, as the data subject of personal data processing, with the following rights:
• According to Art. 15 GDPR, you can request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the categories of personal data, the categories of recipients to whom the personal data has been or will be disclosed, the planned storage period, the existence of the right to request correction or deletion of personal data or restriction of processing of personal data or to object to such processing, the right to lodge a complaint, any available information as to its source when personal data is not collected by us, transmission to a third country or to an international organisation, and about the existence of automated decision-making, including profiling and, in such cases, meaningful information about the logic involved.
• According to Art. 16 GDPR, you have the right to request the immediate rectification of inaccurate personal data or to have incomplete personal data completed.
• According to Art. 17 GDPR, you can request the erasure of your personal data we have stored if the processing is no longer necessary to exercise the right to freedom of opinion and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend against legal claims.
• According to Art. 18 GDPR, you can request the restriction of the processing of your personal data if the accuracy of the personal data is contested by you, the processing is unlawful, we no longer need the data and you oppose the erasure of the personal data because you need them to assert, exercise or defend against legal claims. You also have the right under Art. 18 GDPR if you have objected to the processing in accordance with Art. 21 GDPR.
• According to Art. 20 GDPR, you can request to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to have your personal data transmitted to another controller.
• According to Art. 7(3) GDPR, you can revoke the consent you have granted us at any time. If you do so, we will no longer be able to continue the data processing based on this consent in future.
• According to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. In general, you can contact the supervisory authority in your usual place of residence, your place of work or our corporate domicile for this purpose.
18. Right to object
In the case of the processing of your personal data on the basis of a legitimate interest pursuant to Art. 6(1)(f) GDPR, you have the right pursuant to Art. 21 GDPR to object to the processing of your personal data if there are grounds for doing so based on your personal situation or if you object to direct advertising. In the case of direct advertising, you have a general right to object that must be adhered to by us without the need to specify a particular situation.
19. Data security and security measures
We undertake to protect your privacy and to treat your personal data as confidential. In order to prevent the manipulation, loss or misuse of your data stored by us, we implement comprehensive technical and organisational security measures, which are reviewed regularly and adapted in line with technical improvements. These include, among other things, the use of recognised encryption methods (SSL or TLS). Please note, however, that due to the structure of the Internet it is possible that the data protection regulations and the above-mentioned security measures may not be observed by persons or institutions that are not within our area of responsibility. In particular, data disclosed in an unencrypted manner – e.g. data disclosed by email – may be read by third parties. We have no technical control over this. It is the user’s responsibility to prevent the misuse of the data they provide through encryption or another method.
20. Changes
Motel One, Lancster Gate Hotel or The Cloud One hotels may change these data protection provisions or the content of the websites at any time without prior notice, or change or block access to their websites.
21. Questions about data protection and contact
Users can contact Motel One, Lancaster Gate Hotel or The Cloud One hotels at any time if they would like their personal data corrected, blocked or deleted. In addition, Motel One, Lancaster Gate Hotel and The Cloud One hotels share information about the user data stored as well as the origin and recipients of such data and the purpose for which it has been stored.
For questions about data protection, please contact
Motel One GmbH
Tegernseer Landstrasse 165
81539 Munich
Germany
Tel.: +49 (0) 089 665025-0
Fax: +49 (0) 089 665025-50
Website: www.motel-one.com or www.the-cloud-one.com
E-Mail: privacy@motel-one.com or privacy@the-cloud.com