We process your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR), national data protection legislation and ƒall other applicable laws. This website contains the following data protection information pursuant to Article 13 et seq. GDPR:
I. Contact information of our data protection officer
For any questions relating to data protection issues, please contact our data protection officer at:
KINAST Rechtsanwaltsgesellschaft mbH
50672 Cologne, Germany
II. Information pursuant to Article 13 et seq. GDPR for guests and business partners
The following data protection information applies to the data processing of Motel One, Lancaster Gate Hotel and The Cloud One hotels when providing contractually agreed services to guests and business partners.
1. Controller responsible for data processing
Your contractual partner is responsible for data processing. (hier bitte das Organigramm mit den Gesellschaften einschließlich der jeweiligen Kontaktdaten verlinken).
2. Legal basis for data processing
2.1. Performance of contractual obligations
Motel One, Lancaster Gate Hotel and The Cloud One hotels collect, process and use personal data for the purpose of executing an existing business relationship with you, including the communication required for this purpose, in particular for the provision of contractually agreed services, the processing of payment transactions and invoicing. The controller processes personal data on the basis of Art. 6(1)(b) GDPR. Data may be processed provided that this is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract.
2.2. Legitimate interests
The controller also processes personal data on the basis of Art. 6(1)(f) GDPR insofar as this is necessary to protect their own legitimate interests or those of a third party and insofar as the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, do not take precedence. This applies in particular to the prevention and investigation of criminal offences as well as for the purposes of corporate management, internal communication and other administration.
In addition to the above, the controller processes personal data on the basis of Article 6(1)(a) GDPR if contractual partners have given their consent to the processing of their personal data for one or more specific purposes. Consent is given voluntarily and may be revoked at any time.
2.4. Statutory obligations
An obligation to provide personal data pursuant to Article 6(1)(c) GDPR may arise from statutory obligations to which we are subject, such as tax laws, the Federal Act on Registration and other obligations under public law.
3. Origin of the data
In general, we receive your personal data from you or from contractual partners, service providers and clients with whom we have concluded corresponding data protection agreements. In certain situations, your personal data may also be collected by other offices on the basis of legal provisions. These include, in particular, event-related queries about tax-relevant information at the responsible tax office.
4. Categories of personal data processed
The categories of personal data processed include, in particular, the following data or categories of data:
Personal details (First name, surname, additional names, date of birth, nationality, passport and/or personal ID number);
Number of persons travelling in your group, your nationality, passport number;
Reason for stay (business/personal);
Name and address of employer;
Contact information (private address, telephone number, email address) that results from the use of the IT systems;
Bank account information;
Identifying financial data;
Overnight stays with associated turnover.
For quality management, marketing, security and other similar purposes:
Recording of telephone calls for quality and training purposes:
Video recordings captured by surveillance cameras in public areas such as hallways and lobbies of our buildings.
5. Categories of recipients of personal data
Within the company of the controller, only people and offices (e.g. specialist departments) receive your personal data who need it to fulfil our services and legal obligations. Under certain circumstances, certain data is transferred to all associated companies if the data processing function is performed centrally for all associated companies. In addition, in order to fulfil their contractual and legal obligations, the controller sometimes makes use of various service providers with whom – depending on the particular situation – an agreement on contractual processing has also been concluded in accordance with the requirements of Articles 28 and 29 GDPR. The controller may also transfer your personal data to other recipients outside the company, insofar as this is necessary to fulfil their legal obligations as the controller (Federal Act on Registration, tax and duty laws, etc.). These may be, for example:
Local authorities, municipalities, cities;
Tax authorities, courts, banks (SEPA payment medium);
Offices, in order to be able to pay out capital-forming payments;
Insolvency managers in the case of individual bankruptcy.
6. Duration of data retention
After termination of a contractual relationship, personal data is stored for as long as the controller is legally obliged to do so pursuant to Article 17 GDPR. Such obligations often include legal requirements to provide evidence and to keep records under commercial and tax law. The retention periods under these are up to ten years. Furthermore, personal data may also be stored for the time period when claims against the controller could be made. After the obligation has ceased to exist or these periods have expired, the data is routinely blocked or deleted in accordance with the legal requirements.
7. Rights of data subjects
Data subjects can request information on the personal data stored about them from the above-mentioned address. In particular circumstances, data subjects can also request the correction or deletion of their data. Data subjects are also entitled to the restriction of the processing of their data and to the release of their data in a structured, current and machine-readable format. Furthermore, data subjects have the right to withdraw any consent they have given. Data subjects may file a complaint with the data protection officer or a supervisory authority if they believe that the processing of their personal data violates the GDPR.
Pursuant to Article 21(1) GDPR, the processing of data may be objected to on grounds relating to the particular situation of the data subject at the above address. The data subject has the right to object to the processing of their personal data for the purposes of direct advertising, without giving reasons. If the controller processes the data in order to protect legitimate interests, the data subject may object to such processing on the basis of their individual situation. The controller will then no longer process the data subject’s personal data unless they can prove compelling legitimate reasons for the processing that outweigh the data subject’s interests, rights and freedoms or the processing serves to enforce, exercise or defend legal claims.
Data subjects can assert their rights at email@example.com or firstname.lastname@example.org .
III Information pursuant to Article 13 et seq. GDPR during digital check-in
The following data protection information applies in particular to the processing of personal data during digital check-in.
1. Controller responsible for data processing
The controller responsible for data processing is:
Motel One GmbH
Tegernseer Landstrasse 165
81539 Munich, Germany
Tel.: + 49 (0)89 / 665025-0
Fax: +49 (0)89 / 665025-50
Website: www.motel-one.com and www.the-cloud-one.com
Email: email@example.com and firstname.lastname@example.org
2. Purpose and legal basis of data processing
Motel One GmbH processes your personal data in order to facilitate digital check-in.
This processing is based on your consent to data processing during digital check-in procedures in accordance with Article 6(1)(a) GDPR. Processing of personal data is also necessary in order to execute our contract with you pursuant to Article 6(1)(b) GDPR.
3. Categories of personal data
We specifically process the following personal data for digital check-in:
Name and surname
Street and house number
Place of residence
Data regarding your visit (e.g. duration, costs)
Other personal data (nationality, passport number, etc.) recorded via the registration form in accordance with Section 30(2) of the Federal Registration Act
If you use our digital check-in service, the personal data already stored in our reservation system will also be used for digital check-in. During digital check-in, you have the option of supplementing the data in the profile created for this purpose with personal data regarding your visit to a Motel One or The Cloud One hotel.
4. Recipients of personal data
5. Transfer of personal data to third countries
Your personal data will not be transmitted to third countries during digital check-in.
6. Duration of storage
Your personal data will be deleted as soon as it is no longer necessary for the purposes for which it was collected or otherwise processed. Your personal data will not be deleted if we are subject to statutory retention requirements with regard to its storage. The usual deletion and retention periods for hotel bookings apply (see I.6. above).
7. Rights of data subjects
You are also entitled to the data subject rights pursuant to II.7 with regard to data processing during digital check-in.
Data subjects can assert their rights at email@example.com or firstname.lastname@example.org.