We are pleased that you are visiting our website, and thank you for your interest in our hotel. The protection of personal data is important to us. This is why personal data, for example the name, address, email address or telephone number of a data subject, is processed in agreement with applicable European and national legal provisions.
The companies’ data protection policy is based on the terms used by European legislators when adopting the EU General Data Protection Regulation (hereinafter: ‘GDPR’). Our data protection policy is intended to be clear and understandable both for the public and our guests and business partners. We would like to explain the terms in advance to guarantee this.
The data subject has the option of registering on the Controller’s website by providing personal data. The personal data provided to the Controller comes from the relevant input screen used for registration. The personal data entered by the data subject is only collected and stored for internal use by the Controller and for in-house purposes. The Controller is able to arrange disclosure to one or more Processors (for example a package service) who also only uses the personal data for internal purposes, assigned to it by the Controller.
Personal data is also processed by the Companies if communicated by them. This happens, for example, every time you contact us. It goes without saying that we only use personal data communicated in this way for the purpose for which you made it available to us when making contact. This information is only communicated on a voluntarily basis and with your consent. Where information about communication channels (for example email address, telephone number) is involved, you also consent to us contacting you via this communication channel to address your concerns.
The companies take numerous technical and organisational measures to protect your personal data against unintentional or unlawful erasure, modification or loss, and against unjustified disclosure or access.
Nevertheless, by way of example internet-based data transfer may present security vulnerabilities, meaning that absolute protection cannot be guaranteed. For this reason, every data subject remains free to send us personal data via alternative methods, for example by telephone.
Links to other websites
This website contains links to other websites (so-called external links).
As providers of their own content, the Companies are responsible under applicable European and national legal provisions. Links to content provided by other providers are to be distinguished from in-house content. We have no influence over the operators of other websites complying with applicable European and national statutory provisions. Please refer to the data protection policies provided on the respective websites in this respect. The Companies accept no responsibility for third-party content provided via links and marked separately, and do not make the content its own. The website provider, to whom you are referred, has sole liability for illegal, incorrect, or incomplete content, as well as damage arising due to the use or non-use of information.
You can consent to or reject cookies, including for web tracking, via your web browser’s settings. You can configure your browser in such a way that the acceptance of cookies is always rejected, or you are informed in advance if a cookie is to be saved. In this case, the website’s functionality may be affected (for example when ordering). Your browser offers a function for deleting cookies (for example via ‘clear browser information’). This is possible in all common web browsers. You can find further information in the operating instructions, or in your browser settings as well.
Recording general data and information
Every time the website is accessed by a data subject or automated system, the Companies’ websites record a series of general data and information. This general data and information is saved in the server’s log files. The following can be recorded:
· the browser types and versions used
· the operating system used by the accessing system
· the website from which an accessing system reaches our website (so-called referrer)
· subsites that redirect to our website via an accessing system
· the date and time of accessing the website
· a web protocol address (IP address)
· the accessing system’s Internet Service Provider
· other similar data and information serving to avert danger in the event of attacks on our IT systems
· optimising the content of our website and for promoting it
· guaranteeing the functionality of our IT systems and the technology of our website
· providing law enforcement authorities with the information required for prosecution in the event of a cyber attackThis anonymously collected data and information is therefore collected by the Companies, on the one hand, for statistical purposes, and on the other evaluated for the purpose of increasing data protection and data security in our companies, and finally for ensuring an optimum level of protection for the personal data processed by us. The anonymous data in the log files is separated from all personal data stored and provided by a data subject.
Routine erasure and blocking of personal data
The data subject’s personal data is only processed by the Controller (in this sense stored as well) for the period required for achieving the purpose of storage, or where this was envisaged by the European Directive and Regulation legislator or other legislator in laws or requirements to which the Controller is subject.
Where the purpose of storage ceases to apply, or a storage period prescribed by a European or other competent legislator expires, personal data is routinely blocked or deleted in accordance with statutory provisions.
Rights of the data subject
Right to confirmation: Every data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her is being processed. Where a data subject would like to avail him- or herself of this right of confirmation, he/she can contact the Controller at any time.
Right to information: Everyone subject to the processing of personal data has the right to receive at any time free information from the Controller about personal data stored about his or her identity as well as a copy of this information. In addition, European legislators have granted data subjects information about the following information:
· the purpose of processing
· the categories of personal data processed
· the recipients or categories of recipients to whom personal data is disclosed or not disclosed, in particular with recipients in third countries or with international organisations
· if possible, the planned duration for storing the data or, where this is not possible, the criteria for setting this duration
· the existence of a right to rectification or erasure of personal data concerning him or her, or to restriction of processing by the Controller, or a right to object to processing
· the right to lodge a complaint with a supervisory authority
· if the personal data was not collected from the data subject: All information about the data’s origin
· the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject
In addition, the data subject is entitled to a right to be informed as to whether personal data is passed to a third country or an international organisation. Where this is the case, the data subject is also entitled to receive information about suitable guarantees in connection with the transmission.
Where a data subject would like to avail him- or herself of this right to information, he/she can contact the Controller at any time.
Right to rectification: Every data subject has the right to demand the immediate rectification of incorrect personal data about them. In addition and in consideration of the purpose of processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Where a data subject would like to avail him- or herself of this right of rectification, he/she can contact the Controller at any time.
Right to erasure (‘right to be forgotten’): Every data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies and where the processing is still required:
· The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
· The data subject revokes his/her consent on which the processing is based in accordance with Article 6 (1) GDPR, or Article 9(2, a) GDPR, and where there is no other basis for the processing.
· The data subject objects to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (2) GDPR.
· The personal data has been unlawfully processed.
· The personal data has to be erased for compliance with a legal obligation in a Union or Member State law to which the Controller is subject.
· The personal data has been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.
Where one of the stated reasons applies and a data subject would like to arrange the erasure of personal data stored with the Companies, he/she can contact the Controller at any time. The requests by the data subject for erasure are then to be complied with without delay.
Where the personal data was disclosed by the Companies and they are obliged as a Controller in accordance with Article 17 (1) DGPR to erase the personal data, the Companies will take appropriate measures, including of a technical nature, in consideration of the available technology and the implementation costs to make other controllers processing personal data aware that the data subject has requested the other controller to erase all links to this personal data, or copies or reproduction of this personal data where processing is not required. The Controller will then arrange as necessary in the individual case.
Right to restriction of processing: Any data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
· The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data
· The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of its use instead.
· The controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defence of legal claims.
· The data subject has objected to processing pursuant to Article 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
Where one of the stated requirements is in place and a data subject would like to demand the restriction of personal data stored with the Companies, he/she can contact the Controller at any time, they can contact the controller in this respect at any time. This restriction to processing is then arranged without delay.
Right to data portability: Every data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. He/she also has the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided where the processing is based on consent pursuant to point (a) of Article 6 (1) GDPR or point (a) of Article 9 (2) GDPR or on a contract pursuant to point (b) of Article 6 (1) GDPR, and the processing is carried out by automated means, provided the processing is not required for performance of a task carried out in the public interest or in exercise of official authority vested in the Controller.
In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall also have the right under Article 20 (1) to have the personal data transmitted directly from one controller to another, where technically feasible and provided that the rights and freedoms or other people are not adversely affected.
The data subject is entitled to contact the Controller to assert the right of data portability at any time.
Right to object: Every data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR. This includes profiling based on these provisions.
The Companies shall no longer process the personal data in the event of an objection unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where the Companies process personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. This also includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to the Companies to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
In addition, where personal data is processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning you, unless the processing is necessary for such performance of a task carried out for reasons of public interest.
The data subject is entitled to contact the Controller to exercise the right to object at any time. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
Automated individual decision-making, including profiling: Every data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, where the decision:
· is not required for entering into or performing a contract between the data subject and the controller, or is permitted based on the legal provisions of the EU or Member States, to which the controller is subject, and these legal provisions contain appropriate measures for safeguarding rights and freedoms as well as the justified interests of the data subject, or
· is with the express consent of the data subject.
Where the decision to enter into or perform a contract between the data subject and the controller is required or occurs with the express consent of the data subject, the Companies take the appropriate measures to safeguard the rights and freedoms as well as justified interests of the data subject, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
Where the data subject would like to assert rights with regard to automated decisions, he/she can contact the Controller at any time.
Right to withdraw consent under data protection legislation: Every data subject has the right to withdraw his or her consent to processing of personal data at any time.
Where the data subject would like to assert his or her right to withdraw consent, he/she can contact the Controller at any time.
Data protection with applications and in the application procedure
The controller collects and processes the personal data of applicants for the purpose of processing the application. Processing can also be electronically. This is particularly the case if an applicant transmits corresponding application documents electronically, for example by email, to the controller. Where the controller enters into an employment contract with the applicant, the data transmitted is stored for processing the employment relationship in consideration of statutory provisions. Where no employment contract is entered into by the controller with the applicant, the application documents are erased six months after notification of the rejection decision provided that erasure does not contradict other justified interests of the controller. An example of justified interests in this respect is an onus of proof in proceedings in accordance with the General Equality Act (AGG).
Use of Google Analytics (with anonymisation function)
You can prevent collection by Google Analytics by clicking on the link below. This installs an ‘opt-out’ cookie on your browser preventing your data from being collected when you visit the website in the future.
Disable Google Analytics
You will find more detailed information about conditions of use and data protection at http://www.google.com/analytics/terms/de.html or, as may apply, under https://www.google.de/intl/de/policies/
In light of the discussion around using analysis tool with complete IP addresses, the Companies would like to point out that in order to rule out identification or the ability to identify a natural person, IP addresses are only processed on this website in a restricted manner as we use Google Analytics with the extension _anonymizelp().
As an additional service, our website offers you so-called social plugins allowing interaction with the social media Facebook, Google+ and Twitter. Please log out beforehand from these services to prevent the accidental transfer of user data.
Using Facebook social plugins
So-called social plugins (‘plugins’) of the social network Facebook are used on our website, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (‘Facebook’). The plugins are identified with a Facebook logo or by adding ‘Social plugin from Facebook’ or, as may apply. ‘Facebook Social Plugin’. You will find an overview of Facebook plugins here: https://developers.facebook.com/docs/plugins
If you call up a page of our website containing a social plugin, your browser establishes a direct link to the Facebook server. The content of the plugin is sent directly to your browser by Facebook and integrated in the page. This integration provides Facebook with the information that your browser has accessed the corresponding page of our website, even if you have no Facebook profile or are not currently logged into Facebook. This information (including your IP address) is sent directly to a Facebook server in the USA and stored there.
If you are logged in to Facebook, Facebook is able to directly assign our website to your Facebook profile. If you interact with the plugins, for example by pressing ‘Like’ or adding a comment, this information is also sent directly to a Facebook server and stored there. The information is also posted on your Facebook profile and displayed to your Facebook friends.
Please refer to the Facebook data protection policy for the scope and purpose of data collection, the further processing and use of data by Facebook, as well as the setting options for protecting your privacy: http://www.facebook.com/policy.php
If you do not want Facebook to directly assign data collected via our website to your Facebook profile, you need to log out of Facebook before visiting our website. You can also completely prevent the loading of Facebook plugins with add-ons for your browser, e.g. with the ‘Facebook Blocker’ (http://webgraph.com/resources/facebookblocker/).
Use of Google+ plugins (e.g. ‘+1’-Button)
So-called social plugins (‘plugins’) of the social network Google+ are used on our website, which is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’). For example, plugins are identifiable with buttons with the character ‘+1’ on a white or coloured background. An overview of Google plugins and their appearance can be found here: https://developers.google.com/+/plugins
If you call up a page of our website containing such a plugin, your browser establishes a direct connection to the Google servers. The content of the plugin is sent directly to your browser by Google and integrated in the page. This integration provides Google with the information that your browser has accessed the corresponding page of our website, even if you have no profile with Google+ or are not currently logged into Google+. This information (including your IP address) is sent directly to a Google server in the USA and stored there.
If you are logged in to Google+, Google+ is able to directly assign our website to your Google+ profile. If you interact with the plugins, for example by pressing ‘+1’ button, the corresponding information is also sent directly to a Google server and stored there. The information is also published on Google+ and shown to your contacts.
Please refer to the Google+ data protection policy for the scope and purpose of data collection and the further processing and use of data by Google, as well as the setting options for protecting your privacy: http://www.google.com/intl/de/+/policy/+1button.html
If you do not want Google to directly assign data collected via our website to your profile on Google+, you need to log out of Google+ before visiting our website. You can also completely prevent the loading of Google plugins with add-ons for your browser, e.g. with the ‘NoScript’ script blocker (http://noscript.net/).
Use of Twitter plugins (e.g. ‘Twitter’ button)
So-called social plugins (‘plugins’) of the microblogging service Twitter are used on our website, which is operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (‘Twitter’). By way of example, the plugins are identified with a Twitter logo in the form of a blue ‘Twitter bird’. An overview of Twitter plugins and their appearance can be found here: https://twitter.com/about/resources/buttons
If you call up a page of our website containing such a plugin, your browser establishes a direct connection to the Twitter servers. The content of the plugin is sent directly to your browser by Twitter and integrated in the page. This integration provides Twitter with the information that your browser has accessed the corresponding page of our website, even if you have no profile with Twitter or are not currently logged into Twitter. This information (including your IP address) is sent directly to a Twitter server in the USA and stored there.
Name and address of the Controller
Verwaltung Clipper Hotel & Boardinghouse GmbH
Große Elbstraße 47
Tel.: +49 40 3766 0
Manager: Nathalie Büll-Testorp
Name and address of the Data Protection Officer
Please post your enquiry to:
Herr Martin Vogel
Instead of using the post, please email @. The writing style used by us serves to protect against spam.
Changed to the data protection policyWe reserve the right to amend our data protection policy and these guidelines in order to adjust to any changes to any relevant laws or, as may apply, regulations or better meet your requirements. Potential changes to our data protection practices are notified accordingly here. In this respect, please take note of the up-to-date version date of the data protection policy.
Hamburg, February 2018