Privacy policy

Privacy Policy of the Urban Nature Hotels of DSR Hotel Holding GmbH

The requirements of the EU General Data Protection Regulation (hereinafter "GDPR") apply throughout Europe. We would like to inform you about the processing of personal data carried out by our company in accordance with this Regulation (cf. Articles 13 and 14 GDPR). Should you have any questions or comments regarding this Privacy Policy, you may address them at any time to the e-mail address provided under Section 1.2 or 1.3.

Table of Contents:
1. Overview
1.1 Scope
1.2 Controller
1.3 Data Protection Officer
2. Data Processing in Detail
2.1 General Information on Data Processing
2.2 Visiting the Website
2.3 Newsletter
2.4 Reservation
2.5 Reception / Stay at the Resort
2.6 Recording of Calls in the Service Centre
3. Data Subject Rights
3.1 Right to Object
3.2 Right of Access
3.3 Right to Rectification
3.4 Right to Erasure ("Right to be Forgotten")
3.5 Right to Restriction of Processing
3.6 Right to Data Portability
3.7 Right to Withdraw Consent
3.8 Right to Lodge a Complaint

Overview

This section of the Privacy Policy provides information on the scope of application, the controller responsible for data processing, and the controller's Data Protection Officer.

Scope

On this page we inform you about the nature, scope and purpose of the personal data collected by a-ja Resort und Hotel GmbH, which is processed both when visiting this website and in the course of other processing operations under our responsibility that are not connected with this website.

Controller

The controller for data processing – i.e. the entity that determines the purposes and means of the processing of personal data – in connection with the processing operations described herein is:
DSR Hotel Holding GmbH
Lange Straße 1a
D-18055 Rostock
Phone: +49 (0) 40 - 300 322 100
Fax: +49 (0) 40 - 300 322 109
E-Mail: connect@urban-nature.de

Data Protection Officer

You may contact our Data Protection Officer as follows:
Contact form:
https://www.dsextern.de/anfragen
DS EXTERN GmbH
Dipl.-Kfm. Marc Althaus
Frapanweg 22
D-22589 Hamburg

Data Processing in Detail

This section of the Privacy Policy provides detailed information on the processing of personal data. For clarity, this information is organised by specific functionalities.

General Information on Data Processing

The following applies to all processing operations described below, unless otherwise stated:

No Obligation to Provide Data

There is neither a contractual nor a statutory obligation to provide personal data. You are not required to provide any data.

Consequences of Non-Provision

For mandatory data (data marked as required fields during input), failure to provide it will result in the relevant service being unable to be rendered. In other cases, failure to provide data may result in our services not being rendered in the same form and quality.

Consent

In various cases you have the option, in connection with the processing operations described below, to grant us your consent to further processing (or, where applicable, to part of the data). In such cases, we will separately inform you, at the time of obtaining the respective declaration of consent, of all the modalities and scope of the consent as well as the purposes we pursue with such processing.
Photo and Video Recordings
Events held under the Urban Nature brand may be documented by means of photo and video recordings. Photo material, such as team photos or event photos, may be published on the internet on the respective event page. Selected images from the event may be used for social media impressions in web resolution and in various print media. Photo and video recordings will not be passed on to third parties for any other purpose.
Participants may object at any time, with effect for the future, to the storage, use and distribution of recordings made of them. If the objection is raised prior to the commencement of an event held under the A-JA Resorts brand, DSR Hotel Holding will delete all recordings of the participant immediately after the event has ended. The objection may be made in writing (e.g. by letter) or in text form (e.g. by fax or e-mail). Please include your first and last name as well as the date and name of the event when submitting your objection.

Transmission to Public Authorities

We transmit personal data to public authorities (including law enforcement authorities) only where this is necessary to comply with a legal obligation to which we are subject (legal basis: Art. 6(1)(c) GDPR) or where it is necessary for the establishment, exercise or defence of legal claims (legal basis: Art. 6(1)(f) GDPR).

Retention Period

We do not store your data for longer than is necessary for the respective processing purposes. Once the data is no longer required, it will be deleted on a regular basis, unless its temporary retention remains necessary. Reasons for continued retention may include, for example:

• Compliance with statutory retention obligations under commercial and tax law
• Preservation of evidence for legal disputes within the applicable statutory limitation periods

Categories of Recipients

In addition to the categories of recipients explicitly listed below, personal data may also be transmitted to the following categories of recipients: postal and dispatch service providers, telephone and fax providers.

Data Categories

• Master personal data: Title, salutation/gender, first name, last name, date of birth
• Address data: Street, house number, additional address details where applicable, postcode, city, country
• Contact data: Telephone number(s), fax number(s), e-mail address(es)
• Registration data: Information about the service through which you registered; timestamps and technical information regarding registration, confirmation and deregistration; data provided by you at the time of registration
• Booking data: Bookings, prices, payment information
• Payment data: Bank account details, credit card details, data relating to other payment services
• Access data: Date and time of visiting our service; the page from which the accessing system navigated to our page; pages accessed during use; session identification data (session ID); as well as the following information from the accessing computer system: Internet Protocol address used (IP address), browser type and version, device type, operating system and similar technical information.

Visiting the Website

This section describes how we process your personal data when you visit the website.

Information on Processing

• Data category: Access data
• Purpose: Establishing the connection, displaying the content of the service, detecting attacks on our website based on unusual activity, error diagnosis
• Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
• Legitimate interest where applicable: Proper functioning of the services, security of data and business processes, prevention of misuse, prevention of damage caused by interference with information systems
• Retention period: 7 days
• Recipients: IT security service providers, hosting service providers, consent tool providers
• Third-country transfers: –

Tracking for the Analysis and Optimisation of Our Services and Their Use, as well as for Measuring the Success of Advertising Campaigns and Optimising the Display of Advertisements

Information on the services used can be found under "Manage Cookies" in the footer or within the consent tool.

Newsletter

This section describes how we process your personal data in connection with a subscription to our newsletter:

Information on Processing

• Data category:
• E-mail address
• Newsletter usage profile data
• Registration data
• Purpose:
• Verification of registration (double opt-in procedure), newsletter delivery
• Tailoring the newsletter to the interests of the recipient
• Traceability of newsletter registration/confirmation/unsubscription
• Legal basis:
• Consent (Art. 6(1)(a) GDPR)
• Consent (Art. 6(1)(a) GDPR)
• Legitimate interests (Art. 6(1)(f) GDPR)
• Legitimate interest where applicable: Proof of newsletter registration/confirmation/unsubscription
• Retention period: Duration of the newsletter subscription (unsubscription data: indefinitely, for the fulfilment of accountability obligations)
• Recipients: Newsletter dispatch service providers
• Third-country transfers: –

Enquiries / Bookings / Complaints

This section describes how we process your personal data when you contact our booking service:

Information on Processing

• Data category:
• Master personal data
• Address data
• Contact data
• Content of enquiries/bookings/complaints
• Booking data
• Purpose: Processing of customer enquiries, bookings and complaints (all data categories listed above); automated categorisation and response to e-mail enquiries using AI (all data categories listed above); anonymisation of e-mail enquiries for service improvement and training purposes (all data categories listed above)
• Legal basis: Contract (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR)
• Legitimate interest where applicable: Customer retention, sales, improvement of customer satisfaction, service improvement and training, acceleration of enquiry processing
• Retention period: Duration of the processing of the enquiry; booking-relevant data (6 years) and tax-relevant data (10 years) in accordance with the applicable statutory retention periods
• Recipients:
• Payment service providers, reservation system providers, hotel operating systems, customer management software
• Reception: MSSNGR for digital registration forms, processing of visitor's tax (Kurtaxe)
• Microsoft Ireland Operations Limited: provider of Microsoft Azure with ChatGPT models
• Third-country transfers: In connection with this processing, our company does not transfer personal data to recipients in third countries. Microsoft Azure and associated AI applications are hosted in Microsoft data centres located in Europe.

Reception / Stay at the Resort

This section describes how we process your personal data during your stay at our resort:

Information on Processing

• Data category:
• Master personal data
• Address data
• Contact data
• Booking data
• Payment data
• Purpose: Performance of the accommodation contract (all data categories listed above); anonymisation for service improvement and training purposes (all data categories listed above, except payment data)
• Legal basis: Contract (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR)
• Legitimate interest where applicable: Customer retention, improvement of customer satisfaction, service improvement and training
• Retention period: Booking data in accordance with the applicable statutory retention period (10 years)
• Recipients: Payment service providers, reservation system providers, hotel operating systems, customer management software
• Third-country transfers: In connection with this processing, our company does not transfer personal data to recipients in third countries.

Right to Object

You have the right to object at any time, on grounds relating to your particular situation, with effect for the future, to the processing of personal data concerning you which is carried out pursuant to Art. 6(1)(e) or (f) GDPR.
The right to object may be exercised free of charge.

Right of Access

You have the right to obtain confirmation as to whether personal data concerning you is being processed by us, and, where that is the case, to obtain access to that personal data and to receive further information in accordance with Art. 15 GDPR.

Right to Rectification

You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you (Art. 16 GDPR). Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to Erasure ("Right to be Forgotten")

You have the right to obtain from us the erasure of personal data concerning you without undue delay, where one of the grounds referred to in Art. 17(1) GDPR applies and the processing is not necessary for one of the purposes set out in Art. 17(3) GDPR.

Right to Restriction of Processing

You have the right to obtain restriction of the processing of your personal data where one of the conditions set out in Art. 18(1)(a) to (d) GDPR is met.

Right to Data Portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You furthermore have the right to transmit those data to another controller without hindrance from us, or to obtain that the data are transmitted directly by us, where technically feasible. This shall apply where the legal basis of the processing is consent or a contract and the processing is carried out by automated means. This right does not apply to data held exclusively in paper form.

Right to Withdraw Consent

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority.