Principles of Data Processing
1. Who is responsible for data processing?Â
Responsible in terms of data protection law is theÂ
Cosmopolitan Hotelbetriebs GmbH
Schützenstraße 11
80335 MünchenÂ
Hotel Excelsior München GmbH & Co. KG
Schützenstraße 11
80335 MünchenÂ
All About Wine Handels GmbH
Geisels Weingalerie
Herzog-Wilhelm-Straße 4
80331 MünchenÂ
You will find more information about our company, information on the persons authorized to represent and also further contact options in our imprint of our website:Â
https://www.excelsior-hotel.de/impressum
https://www.schwabinger-wahrheit.de/impressum
https://www.geiselsweingalerie.de/Â
If we have received data from you, we will only process it for the purposes for which we received or collected it.Â
Data processing for other purposes can only be considered if the legal requirements to that extent required under Article 6 (4) GDPR are met. In the case, of course, we will observe any information requirements under Art. 13 para. 3 DSGVO and Art. 14 para. 4 DSGVO.Â
3. On what legal basis is this based?Â
The legal basis for the processing of personal data is in principle – as far as there are no specific legal provisions – Art. 6 GDPR. Here are the following options in particular:Â
- Consent (Article 6 (1) (a) GDPR)Â
- Data processing for the fulfillment of contracts (Article 6 (1) (b) DSGVO)Â
- Data processing based on a balance of interests (Article 6 (1) (f) GDPR)Â
- Data processing to fulfill a legal obligation (Article 6 (1) (c) GDPR)Â
If personal information is processed by you on the basis of your consent, you have the right to revoke your consent to us at any time with future effect.Â
If we process data on the basis of a balance of interests, you, as the person concerned, have the right to object to the processing of your personal data, taking into account the requirements of Art. 21 DSGVO.Â
4. How long is the data stored?Â
We process the data as long as this is necessary for the purpose.Â
As far as statutory storage obligations exist – e.g. in commercial or tax law – the personal data concerned are stored for the duration of the retention obligation. After expiry of the retention obligation, it is checked whether there is a further need for processing. If a requirement no longer exists, the data is deleted.Â
Basically, towards the end of a calendar year, we are reviewing data for further processing. Due to the amount of data, this check is done for specific types of data or purposes of processing.Â
Of course, you can at any time (see above) request information about the stored personal information about us and require in case of non-existent necessity, a deletion of the data or restriction of processing.Â
5. To which recipients will the data be passed on?Â
A disclosure of your personal data to third parties will only take place, if this is necessary for the execution of the contract with you, the disclosure on the basis of a balance of interestsÂ
i.S.d. Art. 6 para. 1 lit. f) DSGVO is permitted, we are legally obliged to passing on or you have given consent to this extent. However, we use service providers for billing purposes or for other products or services. Here it may happen that a service provider receives knowledge of personal data. We carefully select our service providers – in particular with regard to data protection and data security – and take all data protection measures necessary for permissible data processing.Â
6. Where is the data processed?Â
Your personal data will be processed by us exclusively in data centers of the Federal Republic of Germany.Â
7. Your rights as “concerned”Â
You have the right to information about the personal data we process about you.Â
In the case of a request for information that is not made in writing, we ask for your understanding that we may then request proof from you that you prove that you are the person for whom you are claiming to be.Â
Furthermore, you have the right to rectification or deletion or restriction of processing, as far as you are legally entitled.Â
Furthermore, you have the right to object to the processing within the scope of the legal requirements. The same applies to a right to data portability.Â
In particular, you have the right to object to the processing of your data in connection with direct advertising, if this is done on the basis of a balance of interests, in accordance with Art. 21 (1) and (2) DSGVOÂ
8. Our data protection officerÂ
We have appointed a data protection officer in our company. You can reach them under the following contact options:Â
Franziska RosinÂ
Blombergstraße 4Â
86938 SchondorfÂ
E-Mail: datenschutz@geisel-privathotels.deÂ
9. Right of appealÂ
You have the right to complain to us about the processing of personal data by us at a data protection supervisory authority.Â
10. Data processing in the specific caseÂ
Data of the hotel guestsÂ
In the following paragraph you will gain insight into the use of your data (the listing does not claim to be exhaustive)Â
Storage of your data acc. Art. 6 para. 1 lit. b) GDPR and legitimate interest (Article 6 (1) (f) DSGVO): In order to fulfill our contractual obligations we store your data in our PMS Property Management System. There we keep your data until you object to the further use of data. This is necessary to maintain our usual high standard, as we can create such a guest history for you. So, we can meet your wishes and preferences even with a new visit. In addition, we use your email address to ask you about your satisfaction with the stay. You can also contradict this usage, as already mentioned above.Â
Joint processing of guest data: Geisel Privathotels act as joint controllers (Art. 26 DSGVO) when processing their data and process them in the legitimate interest. This serves to improve our services. Your data will be used exclusively for hotel booking or re-booking. This ensures that, for example, we can offer you a different room at one of our partner hotels without having to re-enter your details.Â
We only collect and process some of your data if you have given us your consent to do so. As described above, you can object to this consent at any time. This in, for example, the case if you have agreed that we may save their allergies and / or food intolerances or in the consent to our newsletter shipping.Â
Data of the restaurant guestsÂ
In the following paragraph you will gain insight into the use of your data (the listing does not claim to be exhaustive)Â
Storage of your data acc. Art. 6 para. 1 lit. b) GDPR and legitimate interest (Article 6 (1) (f) DSGVO): In order to fulfill our contractual obligations we store your data in our booking tool. There we keep your data until you object to the further use of data. This is necessary to maintain our usual high standard, as we can create such a guest history for you. So we can meet your wishes and preferences even with a new visit.Â
We only collect and process some of your data if you have given us your consent to do so. As described above, you can object to this consent at any time. This in, for example, the case if you have agreed that we may save their allergies and / or food intolerances or in the consent to our newsletter shipping.
Â
Privacy Policy for ApplicantsÂ
We are pleased that you are interested in us and have applied or applied for a position in our company. We would like to provide you below with information on the processing of your personal data in connection with the application.Â
Who is responsible for data processing?Â
Responsible in terms of data protection law is theÂ
Hotel Excelsior München GmbH & Co.KGÂ
Schützenstraße 11Â
80335 MünchenÂ
You will find more information about our company, information on the persons authorized to represent and also further contact options in our imprint of our website:Â
https://www.geisel-privathotels.de.Â
Which data from you are processed by us? And for what purposes?Â
We process the information you have provided to us in connection with your application in order to assess your suitability for the position (or, if applicable, other open positions in our companies) and to carry out the application process.Â
On what legal basis is that based?
The legal basis for the processing of your personal data in this application process is primarily § 26 BDSG in the version valid from 25.05.2018. Thereafter, the processing of the data required in connection with the decision to establish an employment relationship is permitted.Â
If the data may be required for legal prosecution after completing the application process, data processing based on the requirements of Art. 6 GDPR, in particular for the exercise of legitimate interests pursuant to Art. 6 para. 1 lit. f) GDPR. Our interest then lies in the assertion or defense against claims.Â
How long is the data stored?Â
Data of applicants will be deleted in case of cancellation after 6 months.Â
If you have consented to the further storage of your personal data, we will transfer your data to our applicant pool. There, the data will be deleted after two years.Â
If you have been awarded the contract as part of the application process, the data from the applicant data system will be transferred to our personnel information system.Â
To which recipients will the data be passed on?Â
We use a specialized software provider for the application process. This person acts as a service provider for us and may also be aware of your personal data in connection with the maintenance and care of the systems. We have concluded a so-called order processing contract with this provider, which ensures that the data processing takes place in a permissible manner.Â
Your application data will be viewed by the Human Resources department upon receipt of your application. Suitable applications are then forwarded internally to the department heads for the respective open position. Then the further procedure is tuned. In principle, only those persons in the company have access to your data, who need this for the proper execution of our application process.Â
Where is the data processed?Â
The data are processed exclusively in data centers of the Federal Republic of Germany.Â
Your rights as “concerned”Â
You have the right to information about the personal data we process about you. In the case of a request for information that is not made in writing, we ask for your understanding that we may then request proof from you that you prove that you are the person for whom you are claiming to be.Â
Furthermore, you have the right to rectification or deletion or restriction of processing, as far as you are legally entitled. Furthermore, you have the right to object to the processing within the scope of the legal requirements. The same applies to a right to data portability.Â
Our data protection officerÂ
We have appointed a data protection officer in our company. You can reach them under the following contact options:Â
Data Protection OfficerÂ
Franziska Rosin
Blombergstraße 4Â
86938 SchondorfÂ
E-Mail: datenschutz@geisel-privathotels.deÂ
Right of appealÂ
You have the right to complain to us about the processing of personal data by us at a data protection supervisory authority.Â