Privacy Policy We   are   very   delighted   that   you   have   shown   interest   in   our   enterprise.   Data   protection   is   of   a particularly   high   priority   for   the   management   of   the   Holiday   Inn   Stuttgart.   The   use   of   the   Internet pages   of   the   Holiday   Inn   Stuttgart   is   possible   without   any   indication   of   personal   data;   however,   if   a data   subject   wants   to   use   special   enterprise   services   via   our   website,   processing   of   personal   data could   become   necessary.   If   the   processing   of   personal   data   is   necessary   and   there   is   no   statutory basis for such processing, we generally obtain consent from the data subject. The   processing   of   personal   data,   such   as   the   name,   address,   e-mail   address,   or   telephone   number of   a   data   subject   shall   always   be   in   line   with   the   General   Data   Protection   Regulation   (GDPR),   and   in accordance    with    the    country-specific    data    protection    regulations    applicable    to    the    Holiday    Inn Stuttgart.   By   means   of   this   data   protection   declaration,   our   enterprise   would   like   to   inform   the general   public   of   the   nature,   scope,   and   purpose   of   the   personal   data   we   collect,   use   and   process. Furthermore,   data   subjects   are   informed,   by   means   of   this   data   protection   declaration,   of   the   rights to which they are entitled. As   the   controller,   the   Holiday   Inn   Stuttgart   has   implemented   numerous   technical   and   organizational measures   to   ensure   the   most   complete   protection   of   personal   data   processed   through   this   website. However,    Internet-based    data    transmissions    may    in    principle    have    security    gaps,    so    absolute protection   may   not   be   guaranteed.   For   this   reason,   every   data   subject   is   free   to   transfer   personal data to us via alternative means, e.g. by telephone. 1. Definitions The   data   protection   declaration   of   the   Holiday   Inn   Stuttgart   is   based   on   the   terms   used   by   the European   legislator   for   the   adoption   of   the   General   Data   Protection   Regulation   (GDPR).   Our   data protection   declaration   should   be   legible   and   understandable   for   the   general   public,   as   well   as   our customers and business partners. To ensure this, we would like to first explain the terminology used. In this data protection declaration, we use, inter alia, the following terms: a)    Personal data Personal   data   means   any   information   relating   to   an   identified   or   identifiable   natural   person   (“data subject”).   An    identifiable    natural    person    is    one    who    can    be    identified,    directly    or    indirectly,    in particular   by   reference   to   an   identifier   such   as   a   name,   an   identification   number,   location   data,   an online   identifier   or   to   one   or   more   factors   specific   to   the   physical,   physiological,   genetic,   mental, economic, cultural or social identity of that natural person. b) Data subject Data   subject   is   any   identified   or   identifiable   natural   person,   whose   personal   data   is   processed   by   the controller responsible for the processing. c)    Processing Processing   is   any   operation   or   set   of   operations   which   is   performed   on   personal   data   or   on   sets   of personal   data,   whether   or   not   by   automated   means,   such   as   collection,   recording,   organisation, structuring,   storage,   adaptation   or   alteration,   retrieval,   consultation,   use,   disclosure   by   transmission, dissemination    or    otherwise    making    available,    alignment    or    combination,    restriction,    erasure    or destruction. d)    Restriction of processing Restriction    of    processing    is    the    marking    of    stored    personal    data    with    the    aim    of    limiting    their processing in the future. e)    Profiling Profiling   means   any   form   of   automated   processing   of   personal   data   consisting   of   the   use   of   personal data   to   evaluate   certain   personal   aspects   relating   to   a   natural   person,   in   particular   to   analyse   or predict   aspects   concerning   that   natural   person's   performance   at   work,   economic   situation,   health, personal preferences, interests, reliability, behaviour, location or movements. f)     Pseudonymisation Pseudonymisation   is   the   processing   of   personal   data   in   such   a   manner   that   the   personal   data   can no   longer   be   attributed   to   a   specific   data   subject   without   the   use   of   additional   information,   provided that   such   additional   information   is   kept   separately   and   is   subject   to   technical   and   organisational measures   to   ensure   that   the   personal   data   are   not   attributed   to   an   identified   or   identifiable   natural person. g)    Controller or controller responsible for the processing Controller   or   controller   responsible   for   the   processing   is   the   natural   or   legal   person,   public   authority, agency   or   other   body   which,   alone   or   jointly   with   others,   determines   the   purposes   and   means   of   the processing   of   personal   data;   where   the   purposes   and   means   of   such   processing   are   determined   by Union   or   Member   State   law,   the   controller   or   the   specific   criteria   for   its   nomination   may   be   provided for by Union or Member State law. h)    Processor Processor   is   a   natural   or   legal   person,   public   authority,   agency   or   other   body   which   processes personal data on behalf of the controller. i)      Recipient Recipient   is   a   natural   or   legal   person,   public   authority,   agency   or   another   body,   to   which   the   personal data   are   disclosed,   whether   a   third   party   or   not.   However,   public   authorities   which   may   receive personal   data   in   the   framework   of   a   particular   inquiry   in   accordance   with   Union   or   Member   State   law shall   not   be   regarded   as   recipients;   the   processing   of   those   data   by   those   public   authorities   shall   be in compliance with the applicable data protection rules according to the purposes of the processing. j)      Third party Third   party   is   a   natural   or   legal   person,   public   authority,   agency   or   body   other   than   the   data   subject, controller,   processor   and   persons   who,   under   the   direct   authority   of   the   controller   or   processor,   are authorised to process personal data. k)    Consent Consent   of   the   data   subject   is   any   freely   given,   specific,   informed   and   unambiguous   indication   of   the data   subject's   wishes   by   which   he   or   she,   by   a   statement   or   by   a   clear   affirmative   action,   signifies agreement to the processing of personal data relating to him or her. 2. Name and Address of the controller Controller   for   the   purposes   of   the   General   Data   Protection   Regulation   (GDPR),   other   data   protection laws   applicable   in   Member   states   of   the   European   Union   and   other   provisions   related   to   data protection is: Holiday Inn Stuttgart Mittlerer Pfad 25-27 70499 Stuttgart Deutschland Phone: 0711 98888 0 Email: Info@histuttgart.de Website: www.histuttgart.de 3. Name and Address of the Data Protection Officer The Data Protection Officer of the controller is: Herr Wolfgang Dieterich DIE Datenverarbeitung Wiesbadener Platz 21 71672 Marbach am Neckar Deutschland Phone: 07144335094 Email: Datenschutzbeauftragter@histuttgart.de Website: www.DIE-Datenverarbeitung.de Any   data   subject   may,   at   any   time,   contact   our   Data   Protection   Officer   directly   with   all   questions   and suggestions concerning data protection. 4. Cookies The   Internet   pages   of   the   Holiday   Inn   Stuttgart   use   cookies.   Cookies   are   text   files   that   are   stored   in a computer system via an Internet browser. Many   Internet   sites   and   servers   use   cookies.   Many   cookies   contain   a   so-called   cookie   ID.   A   cookie ID   is   a   unique   identifier   of   the   cookie.   It   consists   of   a   character   string   through   which   Internet   pages and   servers   can   be   assigned   to   the   specific   Internet   browser   in   which   the   cookie   was   stored.   This allows   visited   Internet   sites   and   servers   to   differentiate   the   individual   browser   of   the   dats   subject from    other    Internet    browsers    that    contain    other    cookies.    A    specific    Internet    browser    can    be recognized and identified using the unique cookie ID. Through   the   use   of   cookies,   the   Holiday   Inn   Stuttgart   can   provide   the   users   of   this   website   with   more user-friendly services that would not be possible without the cookie setting. By   means   of   a   cookie,   the   information   and   offers   on   our   website   can   be   optimized   with   the   user   in mind.   Cookies   allow   us,   as   previously   mentioned,   to   recognize   our   website   users.   The   purpose   of this   recognition   is   to   make   it   easier   for   users   to   utilize   our   website.   The   website   user   that   uses cookies,   e.g.   does   not   have   to   enter   access   data   each   time   the   website   is   accessed,   because   this   is taken   over   by   the   website,   and   the   cookie   is   thus   stored   on   the   user's   computer   system.   Another example   is   the   cookie   of   a   shopping   cart   in   an   online   shop.   The   online   store   remembers   the   articles that a customer has placed in the virtual shopping cart via a cookie. The   data   subject   may,   at   any   time,   prevent   the   setting   of   cookies   through   our   website   by   means   of   a corresponding   setting   of   the   Internet   browser   used,   and   may   thus   permanently   deny   the   setting   of cookies.   Furthermore,   already   set   cookies   may   be   deleted   at   any   time   via   an   Internet   browser   or other   software   programs.   This   is   possible   in   all   popular   Internet   browsers.   If   the   data   subject deactivates   the   setting   of   cookies   in   the   Internet   browser   used,   not   all   functions   of   our   website   may be entirely usable. 5. Collection of general data and information The   website   of   the   Holiday   Inn   Stuttgart   collects   a   series   of   general   data   and   information   when   a data   subject   or   automated   system   calls   up   the   website. This   general   data   and   information   are   stored in   the   server   log   files.   Collected   may   be   (1)   the   browser   types   and   versions   used,   (2)   the   operating system   used   by   the   accessing   system,   (3)   the   website   from   which   an   accessing   system   reaches   our website   (so-called   referrers),   (4)   the   sub-websites,   (5)   the   date   and   time   of   access   to   the   Internet site,   (6)   an   Internet   protocol   address   (IP   address),   (7)   the   Internet   service   provider   of   the   accessing system,   and   (8)   any   other   similar   data   and   information   that   may   be   used   in   the   event   of   attacks   on our information technology systems. When   using   these   general   data   and   information,   the   Holiday   Inn   Stuttgart   does   not   draw   any conclusions   about   the   data   subject.   Rather,   this   information   is   needed   to   (1)   deliver   the   content   of our   website   correctly,   (2)   optimize   the   content   of   our   website   as   well   as   its   advertisement,   (3)   ensure the    long-term    viability    of    our    information    technology    systems    and    website    technology,    and    (4) provide   law   enforcement   authorities   with   the   information   necessary   for   criminal   prosecution   in   case of   a   cyber-attack.   Therefore,   the   Holiday   Inn   Stuttgart   analyzes   anonymously   collected   data   and information   statistically,   with   the   aim   of   increasing   the   data   protection   and   data   security   of   our enterprise,   and   to   ensure   an   optimal   level   of   protection   for   the   personal   data   we   process.   The anonymous   data   of   the   server   log   files   are   stored   separately   from   all   personal   data   provided   by   a data subject. 6. Registration on our website The   data   subject   has   the   possibility   to   register   on   the   website   of   the   controller   with   the   indication   of personal   data.   Which   personal   data   are   transmitted   to   the   controller   is   determined   by   the   respective input   mask   used   for   the   registration. The   personal   data   entered   by   the   data   subject   are   collected   and stored   exclusively   for   internal   use   by   the   controller,   and   for   his   own   purposes.   The   controller   may request   transfer   to   one   or   more   processors   (e.g.   a   parcel   service)   that   also   uses   personal   data   for   an internal purpose which is attributable to the controller. By   registering   on   the   website   of   the   controller,   the   IP   address—assigned   by   the   Internet   service provider   (ISP)   and   used   by   the   data   subject—date,   and   time   of   the   registration   are   also   stored.   The storage   of   this   data   takes   place   against   the   background   that   this   is   the   only   way   to   prevent   the misuse   of   our   services,   and,   if   necessary,   to   make   it   possible   to   investigate   committed   offenses. Insofar,   the   storage   of   this   data   is   necessary   to   secure   the   controller.   This   data   is   not   passed   on   to third   parties   unless   there   is   a   statutory   obligation   to   pass   on   the   data,   or   if   the   transfer   serves   the aim of criminal prosecution. The   registration   of   the   data   subject,   with   the   voluntary   indication   of   personal   data,   is   intended   to enable   the   controller   to   offer   the   data   subject   contents   or   services   that   may   only   be   offered   to registered   users   due   to   the   nature   of   the   matter   in   question.   Registered   persons   are   free   to   change the   personal   data   specified   during   the   registration   at   any   time,   or   to   have   them   completely   deleted from the data stock of the controller. The   data   controller   shall,   at   any   time,   provide   information   upon   request   to   each   data   subject   as   to what   personal   data   are   stored   about   the   data   subject.   In   addition,   the   data   controller   shall   correct   or erase   personal   data   at   the   request   or   indication   of   the   data   subject,   insofar   as   there   are   no   statutory storage   obligations.   The   entirety   of   the   controller’s   employees   are   available   to   the   data   subject   in this respect as contact persons. 7. Subscription to our newsletters On   the   website   of   the   Holiday   Inn   Stuttgart,   users   are   given   the   opportunity   to   subscribe   to   our enterprise's   newsletter.   The   input   mask   used   for   this   purpose   determines   what   personal   data   are transmitted, as well as when the newsletter is ordered from the controller. The   Holiday   Inn   Stuttgart   informs   its   customers   and   business   partners   regularly   by   means   of   a newsletter   about   enterprise   offers.   The   enterprise's   newsletter   may   only   be   received   by   the   data subject   if   (1)   the   data   subject   has   a   valid   e-mail   address   and   (2)   the   data   subject   registers   for   the newsletter   shipping.   A   confirmation   e-mail   will   be   sent   to   the   e-mail   address   registered   by   a   data subject   for   the   first   time   for   newsletter   shipping,   for   legal   reasons,   in   the   double   opt-in   procedure. This   confirmation   e-mail   is   used   to   prove   whether   the   owner   of   the   e-mail   address   as   the   data subject is authorized to receive the newsletter. During   the   registration   for   the   newsletter,   we   also   store   the   IP   address   of   the   computer   system assigned   by   the   Internet   service   provider   (ISP)   and   used   by   the   data   subject   at   the   time   of   the registration,   as   well   as   the   date   and   time   of   the   registration.   The   collection   of   this   data   is   necessary in   order   to   understand   the   (possible)   misuse   of   the   e-mail   address   of   a   data   subject   at   a   later   date, and it therefore serves the aim of the legal protection of the controller. The   personal   data   collected   as   part   of   a   registration   for   the   newsletter   will   only   be   used   to   send   our newsletter.   In   addition,   subscribers   to   the   newsletter   may   be   informed   by   e-mail,   as   long   as   this   is necessary   for   the   operation   of   the   newsletter   service   or   a   registration   in   question,   as   this   could   be the   case   in   the   event   of   modifications   to   the   newsletter   offer,   or   in   the   event   of   a   change   in   technical circumstances.   There   will   be   no   transfer   of   personal   data   collected   by   the   newsletter   service   to   third parties.   The   subscription   to   our   newsletter   may   be   terminated   by   the   data   subject   at   any   time.   The consent    to    the    storage    of    personal    data,    which    the    data    subject    has    given    for    shipping    the newsletter,   may   be   revoked   at   any   time.   For   the   purpose   of   revocation   of   consent,   a   corresponding link   is   found   in   each   newsletter.   It   is   also   possible   to   unsubscribe   from   the   newsletter   at   any   time directly on the website of the controller, or to communicate this to the controller in a different way. 8. Newsletter-Tracking The   newsletter   of   the   Holiday   Inn   Stuttgart   contains   so-called   tracking   pixels.   A   tracking   pixel   is   a miniature   graphic   embedded   in   such   e-mails,   which   are   sent   in   HTML   format   to   enable   log   file recording   and   analysis.   This   allows   a   statistical   analysis   of   the   success   or   failure   of   online   marketing campaigns.   Based   on   the   embedded   tracking   pixel,   the   Holiday   Inn   Stuttgart   may   see   if   and   when an   e-mail   was   opened   by   a   data   subject,   and   which   links   in   the   e-mail   were   called   up   by   data subjects. Such   personal   data   collected   in   the   tracking   pixels   contained   in   the   newsletters   are   stored   and analyzed   by   the   controller   in   order   to   optimize   the   shipping   of   the   newsletter,   as   well   as   to   adapt   the content   of   future   newsletters   even   better   to   the   interests   of   the   data   subject. These   personal   data   will not   be   passed   on   to   third   parties.   Data   subjects   are   at   any   time   entitled   to   revoke   the   respective separate   declaration   of   consent   issued   by   means   of   the   double-opt-in   procedure. After   a   revocation, these   personal   data   will   be   deleted   by   the   controller.   The   Holiday   Inn   Stuttgart   automatically   regards a withdrawal from the receipt of the newsletter as a revocation. 9. Contact possibility via the website The   website   of   the   Holiday   Inn   Stuttgart   contains   information   that   enables   a   quick   electronic   contact to   our   enterprise,   as   well   as   direct   communication   with   us,   which   also   includes   a   general   address   of the   so-called   electronic   mail   (e-mail   address).   If   a   data   subject   contacts   the   controller   by   e-mail   or via   a   contact   form,   the   personal   data   transmitted   by   the   data   subject   are   automatically   stored.   Such personal   data   transmitted   on   a   voluntary   basis   by   a   data   subject   to   the   data   controller   are   stored   for the   purpose   of   processing   or   contacting   the   data   subject. There   is   no   transfer   of   this   personal   data   to third parties. 10. Routine erasure and blocking of personal data The   data   controller   shall   process   and   store   the   personal   data   of   the   data   subject   only   for   the   period necessary   to   achieve   the   purpose   of   storage,   or   as   far   as   this   is   granted   by   the   European   legislator or other legislators in laws or regulations to which the controller is subject to. If   the   storage   purpose   is   not   applicable,   or   if   a   storage   period   prescribed   by   the   European   legislator or    another    competent    legislator    expires,    the    personal    data    are    routinely    blocked    or    erased    in accordance with legal requirements. 11. Rights of the data subject a) Right of confirmation Each    data    subject    shall    have    the    right    granted    by    the    European    legislator    to    obtain    from    the controller   the   confirmation   as   to   whether   or   not   personal   data   concerning   him   or   her   are   being processed.   If   a   data   subject   wishes   to   avail   himself   of   this   right   of   confirmation,   he   or   she   may,   at any time, contact any employee of the controller. b) Right of access Each    data    subject    shall    have    the    right    granted    by    the    European    legislator    to    obtain    from    the controller   free   information   about   his   or   her   personal   data   stored   at   any   time   and   a   copy   of   this information.   Furthermore,   the   European   directives   and   regulations   grant   the   data   subject   access   to the following information: o the purposes of the processing; o the categories of personal data concerned; o the   recipients   or   categories   of   recipients   to   whom   the   personal   data   have   been   or   will   be disclosed, in particular recipients in third countries or international organisations; o where   possible,   the   envisaged   period   for   which   the   personal   data   will   be   stored,   or,   if   not possible, the criteria used to determine that period; o the   existence   of   the   right   to   request   from   the   controller   rectification   or   erasure   of   personal data,   or   restriction   of   processing   of   personal   data   concerning   the   data   subject,   or   to   object   to   such processing; o the existence of the right to lodge a complaint with a supervisory authority; o where   the   personal   data   are   not   collected   from   the   data   subject,   any   available   information   as to their source; o the   existence   of   automated   decision-making,   including   profiling,   referred   to   in Article   22(1)   and (4)   of   the   GDPR   and,   at   least   in   those   cases,   meaningful   information   about   the   logic   involved,   as well as the significance and envisaged consequences of such processing for the data subject. Furthermore,   the   data   subject   shall   have   a   right   to   obtain   information   as   to   whether   personal   data are   transferred   to   a   third   country   or   to   an   international   organisation.   Where   this   is   the   case,   the   data subject shall have the right to be informed of the appropriate safeguards relating to the transfer. If   a   data   subject   wishes   to   avail   himself   of   this   right   of   access,   he   or   she   may,   at   any   time,   contact any employee of the controller. c) Right to rectification Each    data    subject    shall    have    the    right    granted    by    the    European    legislator    to    obtain    from    the controller   without   undue   delay   the   rectification   of   inaccurate   personal   data   concerning   him   or   her. Taking   into   account   the   purposes   of   the   processing,   the   data   subject   shall   have   the   right   to   have incomplete personal data completed, including by means of providing a supplementary statement. If   a   data   subject   wishes   to   exercise   this   right   to   rectification,   he   or   she   may,   at   any   time,   contact   any employee of the controller. d) Right to erasure (Right to be forgotten) Each    data    subject    shall    have    the    right    granted    by    the    European    legislator    to    obtain    from    the controller   the   erasure   of   personal   data   concerning   him   or   her   without   undue   delay,   and   the   controller shall   have   the   obligation   to   erase   personal   data   without   undue   delay   where   one   of   the   following grounds applies, as long as the processing is not necessary: o The   personal   data   are   no   longer   necessary   in   relation   to   the   purposes   for   which   they   were collected or otherwise processed. o The   data   subject   withdraws   consent   to   which   the   processing   is   based   according   to   point   (a)   of Article   6(1)   of   the   GDPR,   or   point   (a)   of Article   9(2)   of   the   GDPR,   and   where   there   is   no   other   legal ground for the processing. o The   data   subject   objects   to   the   processing   pursuant   to   Article   21(1)   of   the   GDPR   and   there are   no   overriding   legitimate   grounds   for   the   processing,   or   the   data   subject   objects   to   the   processing pursuant to Article 21(2) of the GDPR. o The personal data have been unlawfully processed. o The   personal   data   must   be   erased   for   compliance   with   a   legal   obligation   in   Union   or   Member State law to which the controller is subject. o The   personal   data   have   been   collected   in   relation   to   the   offer   of   information   society   services referred to in Article 8(1) of the GDPR. If   one   of   the   aforementioned   reasons   applies,   and   a   data   subject   wishes   to   request   the   erasure   of personal   data   stored   by   the   Holiday   Inn   Stuttgart,   he   or   she   may,   at   any   time,   contact   any   employee of   the   controller. An   employee   of   Holiday   Inn   Stuttgart   shall   promptly   ensure   that   the   erasure   request is complied with immediately. Where   the   controller   has   made   personal   data   public   and   is   obliged   pursuant   to Article   17(1)   to   erase the    personal    data,    the    controller,    taking    account    of    available    technology    and    the    cost    of implementation,    shall    take    reasonable    steps,    including    technical    measures,    to    inform    other controllers   processing   the   personal   data   that   the   data   subject   has   requested   erasure   by   such controllers   of   any   links   to,   or   copy   or   replication   of,   those   personal   data,   as   far   as   processing   is   not required.   An    employees    of    the    Holiday    Inn    Stuttgart    will    arrange    the    necessary    measures    in individual cases. e) Right of restriction of processing Each    data    subject    shall    have    the    right    granted    by    the    European    legislator    to    obtain    from    the controller restriction of processing where one of the following applies: o The   accuracy   of   the   personal   data   is   contested   by   the   data   subject,   for   a   period   enabling   the controller to verify the accuracy of the personal data. o The   processing   is   unlawful   and   the   data   subject   opposes   the   erasure   of   the   personal   data   and requests instead the restriction of their use instead. o The   controller   no   longer   needs   the   personal   data   for   the   purposes   of   the   processing,   but   they are required by the data subject for the establishment, exercise or defence of legal claims. o The   data   subject   has   objected   to   processing   pursuant   to   Article   21(1)   of   the   GDPR   pending the verification whether the legitimate grounds of the controller override those of the data subject. If   one   of   the   aforementioned   conditions   is   met,   and   a   data   subject   wishes   to   request   the   restriction   of the   processing   of   personal   data   stored   by   the   Holiday   Inn   Stuttgart,   he   or   she   may   at   any   time contact   any   employee   of   the   controller.   The   employee   of   the   Holiday   Inn   Stuttgart   will   arrange   the restriction of the processing. f) Right to data portability Each   data   subject   shall   have   the   right   granted   by   the   European   legislator,   to   receive   the   personal data   concerning   him   or   her,   which   was   provided   to   a   controller,   in   a   structured,   commonly   used   and machine-readable   format.   He   or   she   shall   have   the   right   to   transmit   those   data   to   another   controller without   hindrance   from   the   controller   to   which   the   personal   data   have   been   provided,   as   long   as   the processing   is   based   on   consent   pursuant   to   point   (a)   of   Article   6(1)   of   the   GDPR   or   point   (a)   of Article   9(2)   of   the   GDPR,   or   on   a   contract   pursuant   to   point   (b)   of Article   6(1)   of   the   GDPR,   and   the processing   is   carried   out   by   automated   means,   as   long   as   the   processing   is   not   necessary   for   the performance   of   a   task   carried   out   in   the   public   interest   or   in   the   exercise   of   official   authority   vested   in the controller. Furthermore,   in   exercising   his   or   her   right   to   data   portability   pursuant   to   Article   20(1)   of   the   GDPR, the   data   subject   shall   have   the   right   to   have   personal   data   transmitted   directly   from   one   controller   to another,   where   technically   feasible   and   when   doing   so   does   not   adversely   affect   the   rights   and freedoms of others. In   order   to   assert   the   right   to   data   portability,   the   data   subject   may   at   any   time   contact   any   employee of the Holiday Inn Stuttgart. g) Right to object Each   data   subject   shall   have   the   right   granted   by   the   European   legislator   to   object,   on   grounds relating   to   his   or   her   particular   situation,   at   any   time,   to   processing   of   personal   data   concerning   him or   her,   which   is   based   on   point   (e)   or   (f)   of   Article   6(1)   of   the   GDPR.   This   also   applies   to   profiling based on these provisions. The   Holiday   Inn   Stuttgart   shall   no   longer   process   the   personal   data   in   the   event   of   the   objection, unless   we   can   demonstrate   compelling   legitimate   grounds   for   the   processing   which   override   the interests,   rights   and   freedoms   of   the   data   subject,   or   for   the   establishment,   exercise   or   defence   of legal claims. If   the   Holiday   Inn   Stuttgart   processes   personal   data   for   direct   marketing   purposes,   the   data   subject shall   have   the   right   to   object   at   any   time   to   processing   of   personal   data   concerning   him   or   her   for such   marketing.   This   applies   to   profiling   to   the   extent   that   it   is   related   to   such   direct   marketing.   If   the data   subject   objects   to   the   Holiday   Inn   Stuttgart   to   the   processing   for   direct   marketing   purposes,   the Holiday Inn Stuttgart will no longer process the personal data for these purposes. In   addition,   the   data   subject   has   the   right,   on   grounds   relating   to   his   or   her   particular   situation,   to object   to   processing   of   personal   data   concerning   him   or   her   by   the   Holiday   Inn   Stuttgart   for   scientific or   historical   research   purposes,   or   for   statistical   purposes   pursuant   to   Article   89(1)   of   the   GDPR, unless   the   processing   is   necessary   for   the   performance   of   a   task   carried   out   for   reasons   of   public interest. In   order   to   exercise   the   right   to   object,   the   data   subject   may   contact   any   employee   of   the   Holiday   Inn Stuttgart.   In   addition,   the   data   subject   is   free   in   the   context   of   the   use   of   information   society   services, and   notwithstanding   Directive   2002/58/EC,   to   use   his   or   her   right   to   object   by   automated   means using technical specifications. h) Automated individual decision-making, including profiling Each   data   subject   shall   have   the   right   granted   by   the   European   legislator   not   to   be   subject   to   a decision   based   solely   on   automated   processing,   including   profiling,   which   produces   legal   effects concerning   him   or   her,   or   similarly   significantly   affects   him   or   her,   as   long   as   the   decision   (1)   is   not   is necessary   for   entering   into,   or   the   performance   of,   a   contract   between   the   data   subject   and   a   data controller,   or   (2)   is   not   authorised   by   Union   or   Member   State   law   to   which   the   controller   is   subject and   which   also   lays   down   suitable   measures   to   safeguard   the   data   subject's   rights   and   freedoms and legitimate interests, or (3) is not based on the data subject's explicit consent. If   the   decision   (1)   is   necessary   for   entering   into,   or   the   performance   of,   a   contract   between   the   data subject   and   a   data   controller,   or   (2)   it   is   based   on   the   data   subject's   explicit   consent,   the   Holiday   Inn Stuttgart   shall   implement   suitable   measures   to   safeguard   the   data   subject's   rights   and   freedoms   and legitimate   interests,   at   least   the   right   to   obtain   human   intervention   on   the   part   of   the   controller,   to express his or her point of view and contest the decision. If   the   data   subject   wishes   to   exercise   the   rights   concerning   automated   individual   decision-making, he or she may, at any time, contact any employee of the Holiday Inn Stuttgart. i) Right to withdraw data protection consent Each   data   subject   shall   have   the   right   granted   by   the   European   legislator   to   withdraw   his   or   her consent to processing of his or her personal data at any time. If   the   data   subject   wishes   to   exercise   the   right   to   withdraw   the   consent,   he   or   she   may,   at   any   time, contact any employee of the Holiday Inn Stuttgart. 12. Data protection for applications and the application procedures The   data   controller   shall   collect   and   process   the   personal   data   of   applicants   for   the   purpose   of   the processing   of   the   application   procedure.   The   processing   may   also   be   carried   out   electronically.   This is   the   case,   in   particular,   if   an   applicant   submits   corresponding   application   documents   by   e-mail   or by   means   of   a   web   form   on   the   website   to   the   controller.   If   the   data   controller   concludes   an employment    contract    with    an    applicant,    the    submitted    data    will    be    stored    for    the    purpose    of processing   the   employment   relationship   in   compliance   with   legal   requirements.   If   no   employment contract    is    concluded    with    the    applicant    by    the    controller,    the    application    documents    shall    be automatically   erased   two   months   after   notification   of   the   refusal   decision,   provided   that   no   other legitimate   interests   of   the   controller   are   opposed   to   the   erasure.   Other   legitimate   interest   in   this relation is, e.g. a burden of proof in a procedure under the General Equal Treatment Act (AGG). 13. Data protection provisions about the application and use of Facebook On   this   website,   the   controller   has   integrated   components   of   the   enterprise   Facebook.   Facebook   is   a social network. A   social   network   is   a   place   for   social   meetings   on   the   Internet,   an   online   community,   which   usually allows   users   to   communicate   with   each   other   and   interact   in   a   virtual   space.   A   social   network   may serve   as   a   platform   for   the   exchange   of   opinions   and   experiences,   or   enable   the   Internet   community to   provide   personal   or   business-related   information.   Facebook   allows   social   network   users   to   include the creation of private profiles, upload photos, and network through friend requests. The   operating   company   of   Facebook   is   Facebook,   Inc.,   1   Hacker   Way,   Menlo   Park,   CA   94025, United   States.   If   a   person   lives   outside   of   the   United   States   or   Canada,   the   controller   is   the Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. With   each   call-up   to   one   of   the   individual   pages   of   this   Internet   website,   which   is   operated   by   the controller   and   into   which   a   Facebook   component   (Facebook   plug-ins)   was   integrated,   the   web browser   on   the   information   technology   system   of   the   data   subject   is   automatically   prompted   to download   display   of   the   corresponding   Facebook   component   from   Facebook   through   the   Facebook component.      An      overview      of      all      the      Facebook      Plug-ins      may      be      accessed      under https://developers.facebook.com/docs/plugins/.    During    the    course    of    this    technical    procedure, Facebook is made aware of what specific sub-site of our website was visited by the data subject. If   the   data   subject   is   logged   in   at   the   same   time   on   Facebook,   Facebook   detects   with   every   call-up to    our    website    by    the    data    subject—and    for    the    entire    duration    of    their    stay    on    our    Internet site—which   specific   sub-site   of   our   Internet   page   was   visited   by   the   data   subject.   This   information   is collected   through   the   Facebook   component   and   associated   with   the   respective   Facebook   account   of the   data   subject.   If   the   data   subject   clicks   on   one   of   the   Facebook   buttons   integrated   into   our website,   e.g.   the   "Like"   button,   or   if   the   data   subject   submits   a   comment,   then   Facebook   matches this   information   with   the   personal   Facebook   user   account   of   the   data   subject   and   stores   the   personal data. Facebook   always   receives,   through   the   Facebook   component,   information   about   a   visit   to   our website   by   the   data   subject,   whenever   the   data   subject   is   logged   in   at   the   same   time   on   Facebook during   the   time   of   the   call-up   to   our   website.   This   occurs   regardless   of   whether   the   data   subject clicks   on   the   Facebook   component   or   not.   If   such   a   transmission   of   information   to   Facebook   is   not desirable   for   the   data   subject,   then   he   or   she   may   prevent   this   by   logging   off   from   their   Facebook account before a call-up to our website is made. The       data       protection       guideline       published       by       Facebook,       which       is       available       at https://facebook.com/about/privacy/,   provides   information   about   the   collection,   processing   and   use of   personal   data   by   Facebook.   In   addition,   it   is   explained   there   what   setting   options   Facebook   offers to   protect   the   privacy   of   the   data   subject.   In   addition,   different   configuration   options   are   made available   to   allow   the   elimination   of   data   transmission   to   Facebook. These   applications   may   be   used by the data subject to eliminate a data transmission to Facebook. 14.     Data     protection     provisions     about     the     application     and     use     of     Google    Analytics     (with anonymization function) On    this    website,    the    controller    has    integrated    the    component    of    Google    Analytics    (with    the anonymizer   function).   Google   Analytics   is   a   web   analytics   service.   Web   analytics   is   the   collection, gathering,   and   analysis   of   data   about   the   behavior   of   visitors   to   websites.   A   web   analysis   service collects,   inter   alia,   data   about   the   website   from   which   a   person   has   come   (the   so-called   referrer), which   sub-pages   were   visited,   or   how   often   and   for   what   duration   a   sub-page   was   viewed.   Web analytics   are   mainly   used   for   the   optimization   of   a   website   and   in   order   to   carry   out   a   cost-benefit analysis of Internet advertising. The   operator   of   the   Google Analytics   component   is   Google   Inc.,   1600 Amphitheatre   Pkwy,   Mountain View, CA 94043-1351, United States. For    the    web    analytics    through    Google    Analytics    the    controller    uses    the    application    "_gat. _anonymizeIp".   By   means   of   this   application   the   IP   address   of   the   Internet   connection   of   the   data subject   is   abridged   by   Google   and   anonymised   when   accessing   our   websites   from   a   Member   State of   the   European   Union   or   another   Contracting   State   to   the   Agreement   on   the   European   Economic Area. The   purpose   of   the   Google   Analytics   component   is   to   analyze   the   traffic   on   our   website.   Google uses   the   collected   data   and   information,   inter   alia,   to   evaluate   the   use   of   our   website   and   to   provide online   reports,   which   show   the   activities   on   our   websites,   and   to   provide   other   services   concerning the use of our Internet site for us. Google   Analytics   places   a   cookie   on   the   information   technology   system   of   the   data   subject.   The definition   of   cookies   is   explained   above.   With   the   setting   of   the   cookie,   Google   is   enabled   to   analyze the   use   of   our   website.   With   each   call-up   to   one   of   the   individual   pages   of   this   Internet   site,   which   is operated   by   the   controller   and   into   which   a   Google Analytics   component   was   integrated,   the   Internet browser   on   the   information   technology   system   of   the   data   subject   will   automatically   submit   data through   the   Google Analytics   component   for   the   purpose   of   online   advertising   and   the   settlement   of commissions   to   Google.   During   the   course   of   this   technical   procedure,   the   enterprise   Google   gains knowledge   of   personal   information,   such   as   the   IP   address   of   the   data   subject,   which   serves Google,    inter    alia,    to    understand    the    origin    of    visitors    and    clicks,    and    subsequently    create commission settlements. The   cookie   is   used   to   store   personal   information,   such   as   the   access   time,   the   location   from   which the   access   was   made,   and   the   frequency   of   visits   of   our   website   by   the   data   subject.   With   each   visit to   our   Internet   site,   such   personal   data,   including   the   IP   address   of   the   Internet   access   used   by   the data   subject,   will   be   transmitted   to   Google   in   the   United   States   of America.   These   personal   data   are stored   by   Google   in   the   United   States   of   America.   Google   may   pass   these   personal   data   collected through the technical procedure to third parties. The   data   subject   may,   as   stated   above,   prevent   the   setting   of   cookies   through   our   website   at   any time   by   means   of   a   corresponding   adjustment   of   the   web   browser   used   and   thus   permanently   deny the   setting   of   cookies.   Such   an   adjustment   to   the   Internet   browser   used   would   also   prevent   Google Analytics   from   setting   a   cookie   on   the   information   technology   system   of   the   data   subject.   In   addition, cookies   already   in   use   by   Google   Analytics   may   be   deleted   at   any   time   via   a   web   browser   or   other software programs. In   addition,   the   data   subject   has   the   possibility   of   objecting   to   a   collection   of   data   that   are   generated by   Google Analytics,   which   is   related   to   the   use   of   this   website,   as   well   as   the   processing   of   this   data by   Google   and   the   chance   to   preclude   any   such.   For   this   purpose,   the   data   subject   must   download   a browser   add-on   under   the   link   https://tools.google.com/dlpage/gaoptout   and   install   it.   This   browser add-on   tells   Google Analytics   through   a   JavaScript,   that   any   data   and   information   about   the   visits   of Internet   pages   may   not   be   transmitted   to   Google Analytics. The   installation   of   the   browser   add-ons   is considered   an   objection   by   Google.   If   the   information   technology   system   of   the   data   subject   is   later deleted,   formatted,   or   newly   installed,   then   the   data   subject   must   reinstall   the   browser   add-ons   to disable   Google   Analytics.   If   the   browser   add-on   was   uninstalled   by   the   data   subject   or   any   other person   who   is   attributable   to   their   sphere   of   competence,   or   is   disabled,   it   is   possible   to   execute   the reinstallation or reactivation of the browser add-ons. Further   information   and   the   applicable   data   protection   provisions   of   Google   may   be   retrieved   under https://www.google.com/intl/en/policies/privacy/                                    and                                    under http://www.google.com/analytics/terms/us.html.    Google    Analytics    is    further    explained    under    the following Link https://www.google.com/analytics/ . 15. Legal basis for the processing Art.   6(1)   lit.   a   GDPR   serves   as   the   legal   basis   for   processing   operations   for   which   we   obtain   consent for    a    specific    processing    purpose.    If    the    processing    of    personal    data    is    necessary    for    the performance   of   a   contract   to   which   the   data   subject   is   party,   as   is   the   case,   for   example,   when processing   operations   are   necessary   for   the   supply   of   goods   or   to   provide   any   other   service,   the processing   is   based   on   Article   6(1)   lit.   b   GDPR.   The   same   applies   to   such   processing   operations which   are   necessary   for   carrying   out   pre-contractual   measures,   for   example   in   the   case   of   inquiries concerning    our    products    or    services.    Is    our    company    subject    to    a    legal    obligation    by    which processing   of   personal   data   is   required,   such   as   for   the   fulfillment   of   tax   obligations,   the   processing is   based   on   Art.   6(1)   lit.   c   GDPR.   In   rare   cases,   the   processing   of   personal   data   may   be   necessary to   protect   the   vital   interests   of   the   data   subject   or   of   another   natural   person.   This   would   be   the   case, for   example,   if   a   visitor   were   injured   in   our   company   and   his   name,   age,   health   insurance   data   or other   vital   information   would   have   to   be   passed   on   to   a   doctor,   hospital   or   other   third   party.   Then   the processing   would   be   based   on   Art.   6(1)   lit.   d   GDPR.   Finally,   processing   operations   could   be   based on Article   6(1)   lit.   f   GDPR.   This   legal   basis   is   used   for   processing   operations   which   are   not   covered by   any   of   the   abovementioned   legal   grounds,   if   processing   is   necessary   for   the   purposes   of   the legitimate   interests   pursued   by   our   company   or   by   a   third   party,   except   where   such   interests   are overridden   by   the   interests   or   fundamental   rights   and   freedoms   of   the   data   subject   which   require protection   of   personal   data.   Such   processing   operations   are   particularly   permissible   because   they have   been   specifically   mentioned   by   the   European   legislator.   He   considered   that   a   legitimate   interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR). 16. The legitimate interests pursued by the controller or by a third party Where   the   processing   of   personal   data   is   based   on   Article   6(1)   lit.   f   GDPR   our   legitimate   interest   is to carry out our business in favor of the well-being of all our employees and the shareholders. 17. Period for which the personal data will be stored The   criteria   used   to   determine   the   period   of   storage   of   personal   data   is   the   respective   statutory retention   period.   After   expiration   of   that   period,   the   corresponding   data   is   routinely   deleted,   as   long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract. 18.   Provision   of   personal   data   as   statutory   or   contractual   requirement;   Requirement   necessary   to enter    into    a    contract;    Obligation    of    the    data    subject    to    provide    the    personal    data;    possible consequences of failure to provide such data We   clarify   that   the   provision   of   personal   data   is   partly   required   by   law   (e.g.   tax   regulations)   or   can also   result   from   contractual   provisions   (e.g.   information   on   the   contractual   partner).   Sometimes   it may   be   necessary   to   conclude   a   contract   that   the   data   subject   provides   us   with   personal   data,   which must   subsequently   be   processed   by   us.   The   data   subject   is,   for   example,   obliged   to   provide   us   with personal   data   when   our   company   signs   a   contract   with   him   or   her. The   non-provision   of   the   personal data   would   have   the   consequence   that   the   contract   with   the   data   subject   could   not   be   concluded. Before   personal   data   is   provided   by   the   data   subject,   the   data   subject   must   contact   any   employee. The   employee   clarifies   to   the   data   subject   whether   the   provision   of   the   personal   data   is   required   by law   or   contract   or   is   necessary   for   the   conclusion   of   the   contract,   whether   there   is   an   obligation   to provide the personal data and the consequences of non-provision of the personal data. 19. Existence of automated decision-making As a responsible company, we do not use automatic decision-making or profiling. This   Privacy   Policy   has   been   generated   by   the   Privacy   Policy   Generator   of   the   German Association for   Data   Protection   that   was   developed   in   cooperation   with   Privacy   Lawyers   from   WILDE   BEUGER SOLMECKE, Cologne.
Mittlerer Pfad 25-27 70499 Stuttgart Germany +49 711 / 98888 0 info@histuttgart.de

Central Reservation

00800 80 800 800

Privacy Statement
This Hotel is owned and operated by POSS Hotelverwaltungs GmbH under the license from IHG hotels limited.  © 2019,  POSS Hotelverwaltungs GmbH
This Hotel is operated by POSS Hotelverwaltungs GmbH under the license from IHG hotels limited. © 2019, POSS Hotelverwaltungs GmbH
Privacy Policy We    are    very    delighted    that    you    have    shown    interest    in    our    enterprise.    Data protection   is   of   a   particularly   high   priority   for   the   management   of   the   Holiday   Inn Stuttgart.   The   use   of   the   Internet   pages   of   the   Holiday   Inn   Stuttgart   is   possible without   any   indication   of   personal   data;   however,   if   a   data   subject   wants   to   use special    enterprise    services    via    our    website,    processing    of    personal    data    could become   necessary.   If   the   processing   of   personal   data   is   necessary   and   there   is   no statutory   basis   for   such   processing,   we   generally   obtain   consent   from   the   data subject. The   processing   of   personal   data,   such   as   the   name,   address,   e-mail   address,   or telephone   number   of   a   data   subject   shall   always   be   in   line   with   the   General   Data Protection   Regulation   (GDPR),   and   in   accordance   with   the   country-specific   data protection   regulations   applicable   to   the   Holiday   Inn   Stuttgart.   By   means   of   this   data protection   declaration,   our   enterprise   would   like   to   inform   the   general   public   of   the nature,   scope,   and   purpose   of   the   personal   data   we   collect,   use   and   process. Furthermore,    data    subjects    are    informed,    by    means    of    this    data    protection declaration, of the rights to which they are entitled. As   the   controller,   the   Holiday   Inn   Stuttgart   has   implemented   numerous   technical and   organizational   measures   to   ensure   the   most   complete   protection   of   personal data   processed   through   this   website.   However,   Internet-based   data   transmissions may   in   principle   have   security   gaps,   so   absolute   protection   may   not   be   guaranteed. For   this   reason,   every   data   subject   is   free   to   transfer   personal   data   to   us   via alternative means, e.g. by telephone. 1. Definitions The   data   protection   declaration   of   the   Holiday   Inn   Stuttgart   is   based   on   the   terms used   by   the   European   legislator   for   the   adoption   of   the   General   Data   Protection Regulation    (GDPR).    Our    data    protection    declaration    should    be    legible    and understandable   for   the   general   public,   as   well   as   our   customers   and   business partners. To ensure this, we would like to first explain the terminology used. In this data protection declaration, we use, inter alia, the following terms: a)    Personal data Personal   data   means   any   information   relating   to   an   identified   or   identifiable   natural person   (“data   subject”).   An   identifiable   natural   person   is   one   who   can   be   identified, directly   or   indirectly,   in   particular   by   reference   to   an   identifier   such   as   a   name,   an identification   number,   location   data,   an   online   identifier   or   to   one   or   more   factors specific   to   the   physical,   physiological,   genetic,   mental,   economic,   cultural   or   social identity of that natural person. b) Data subject Data   subject   is   any   identified   or   identifiable   natural   person,   whose   personal   data   is processed by the controller responsible for the processing. c)    Processing Processing   is   any   operation   or   set   of   operations   which   is   performed   on   personal data   or   on   sets   of   personal   data,   whether   or   not   by   automated   means,   such   as collection,    recording,    organisation,    structuring,    storage,    adaptation    or    alteration, retrieval,   consultation,   use,   disclosure   by   transmission,   dissemination   or   otherwise making available, alignment or combination, restriction, erasure or destruction. d)    Restriction of processing Restriction   of   processing   is   the   marking   of   stored   personal   data   with   the   aim   of limiting their processing in the future. e)    Profiling Profiling   means   any   form   of   automated   processing   of   personal   data   consisting   of the   use   of   personal   data   to   evaluate   certain   personal   aspects   relating   to   a   natural person,   in   particular   to   analyse   or   predict   aspects   concerning   that   natural   person's performance   at   work,   economic   situation,   health,   personal   preferences,   interests, reliability, behaviour, location or movements. f)     Pseudonymisation Pseudonymisation   is   the   processing   of   personal   data   in   such   a   manner   that   the personal   data   can   no   longer   be   attributed   to   a   specific   data   subject   without   the   use of   additional   information,   provided   that   such   additional   information   is   kept   separately and   is   subject   to   technical   and   organisational   measures   to   ensure   that   the   personal data are not attributed to an identified or identifiable natural person. g)    Controller or controller responsible for the processing Controller   or   controller   responsible   for   the   processing   is   the   natural   or   legal   person, public   authority,   agency   or   other   body   which,   alone   or   jointly   with   others,   determines the   purposes   and   means   of   the   processing   of   personal   data;   where   the   purposes and   means   of   such   processing   are   determined   by   Union   or   Member   State   law,   the controller   or   the   specific   criteria   for   its   nomination   may   be   provided   for   by   Union   or Member State law. h)    Processor Processor   is   a   natural   or   legal   person,   public   authority,   agency   or   other   body   which processes personal data on behalf of the controller. i)      Recipient Recipient   is   a   natural   or   legal   person,   public   authority,   agency   or   another   body,   to which   the   personal   data   are   disclosed,   whether   a   third   party   or   not.   However,   public authorities   which   may   receive   personal   data   in   the   framework   of   a   particular   inquiry in   accordance   with   Union   or   Member   State   law   shall   not   be   regarded   as   recipients; the   processing   of   those   data   by   those   public   authorities   shall   be   in   compliance   with the applicable data protection rules according to the purposes of the processing. j)      Third party Third   party   is   a   natural   or   legal   person,   public   authority,   agency   or   body   other   than the   data   subject,   controller,   processor   and   persons   who,   under   the   direct   authority of the controller or processor, are authorised to process personal data. k)    Consent Consent   of   the   data   subject   is   any   freely   given,   specific,   informed   and   unambiguous indication   of   the   data   subject's   wishes   by   which   he   or   she,   by   a   statement   or   by   a clear   affirmative   action,   signifies   agreement   to   the   processing   of   personal   data relating to him or her. 2. Name and Address of the controller Controller   for   the   purposes   of   the   General   Data   Protection   Regulation   (GDPR), other   data   protection   laws   applicable   in   Member   states   of   the   European   Union   and other provisions related to data protection is: Holiday Inn Stuttgart Mittlerer Pfad 25-27 70499 Stuttgart Deutschland Phone: 0711 98888 0 Email: Info@histuttgart.de Website: www.histuttgart.de 3. Name and Address of the Data Protection Officer The Data Protection Officer of the controller is: Herr Wolfgang Dieterich DIE Datenverarbeitung Wiesbadener Platz 21 71672 Marbach am Neckar Deutschland Phone: 07144335094 Email: Datenschutzbeauftragter@histuttgart.de Website: www.DIE-Datenverarbeitung.de Any   data   subject   may,   at   any   time,   contact   our   Data   Protection   Officer   directly   with all questions and suggestions concerning data protection. 4. Cookies The   Internet   pages   of   the   Holiday   Inn   Stuttgart   use   cookies.   Cookies   are   text   files that are stored in a computer system via an Internet browser. Many   Internet   sites   and   servers   use   cookies.   Many   cookies   contain   a   so-called cookie   ID.   A   cookie   ID   is   a   unique   identifier   of   the   cookie.   It   consists   of   a   character string   through   which   Internet   pages   and   servers   can   be   assigned   to   the   specific Internet   browser   in   which   the   cookie   was   stored.   This   allows   visited   Internet   sites and   servers   to   differentiate   the   individual   browser   of   the   dats   subject   from   other Internet   browsers   that   contain   other   cookies.   A   specific   Internet   browser   can   be recognized and identified using the unique cookie ID. Through   the   use   of   cookies,   the   Holiday   Inn   Stuttgart   can   provide   the   users   of   this website   with   more   user-friendly   services   that   would   not   be   possible   without   the cookie setting. By   means   of   a   cookie,   the   information   and   offers   on   our   website   can   be   optimized with   the   user   in   mind.   Cookies   allow   us,   as   previously   mentioned,   to   recognize   our website   users. The   purpose   of   this   recognition   is   to   make   it   easier   for   users   to   utilize our   website. The   website   user   that   uses   cookies,   e.g.   does   not   have   to   enter   access data   each   time   the   website   is   accessed,   because   this   is   taken   over   by   the   website, and   the   cookie   is   thus   stored   on   the   user's   computer   system.   Another   example   is the   cookie   of   a   shopping   cart   in   an   online   shop.   The   online   store   remembers   the articles that a customer has placed in the virtual shopping cart via a cookie. The   data   subject   may,   at   any   time,   prevent   the   setting   of   cookies   through   our website   by   means   of   a   corresponding   setting   of   the   Internet   browser   used,   and   may thus   permanently   deny   the   setting   of   cookies.   Furthermore,   already   set   cookies   may be   deleted   at   any   time   via   an   Internet   browser   or   other   software   programs.   This   is possible   in   all   popular   Internet   browsers.   If   the   data   subject   deactivates   the   setting of   cookies   in   the   Internet   browser   used,   not   all   functions   of   our   website   may   be entirely usable. 5. Collection of general data and information The   website   of   the   Holiday   Inn   Stuttgart   collects   a   series   of   general   data   and information   when   a   data   subject   or   automated   system   calls   up   the   website.   This general   data   and   information   are   stored   in   the   server   log   files.   Collected   may   be   (1) the    browser    types    and    versions    used,    (2)    the    operating    system    used    by    the accessing   system,   (3)   the   website   from   which   an   accessing   system   reaches   our website   (so-called   referrers),   (4)   the   sub-websites,   (5)   the   date   and   time   of   access to   the   Internet   site,   (6)   an   Internet   protocol   address   (IP   address),   (7)   the   Internet service    provider    of    the    accessing    system,    and    (8)    any    other    similar    data    and information   that   may   be   used   in   the   event   of   attacks   on   our   information   technology systems. When   using   these   general   data   and   information,   the   Holiday   Inn   Stuttgart   does   not draw   any   conclusions   about   the   data   subject.   Rather,   this   information   is   needed   to (1)   deliver   the   content   of   our   website   correctly,   (2)   optimize   the   content   of   our website    as    well    as    its    advertisement,    (3)    ensure    the    long-term    viability    of    our information    technology    systems    and    website    technology,    and    (4)    provide    law enforcement   authorities   with   the   information   necessary   for   criminal   prosecution   in case   of   a   cyber-attack.   Therefore,   the   Holiday   Inn   Stuttgart   analyzes   anonymously collected    data    and    information    statistically,    with    the    aim    of    increasing    the    data protection   and   data   security   of   our   enterprise,   and   to   ensure   an   optimal   level   of protection   for   the   personal   data   we   process.   The   anonymous   data   of   the   server   log files are stored separately from all personal data provided by a data subject. 6. Registration on our website The   data   subject   has   the   possibility   to   register   on   the   website   of   the   controller   with the   indication   of   personal   data.   Which   personal   data   are   transmitted   to   the   controller is   determined   by   the   respective   input   mask   used   for   the   registration.   The   personal data   entered   by   the   data   subject   are   collected   and   stored   exclusively   for   internal use   by   the   controller,   and   for   his   own   purposes.   The   controller   may   request   transfer to   one   or   more   processors   (e.g.   a   parcel   service)   that   also   uses   personal   data   for   an internal purpose which is attributable to the controller. By   registering   on   the   website   of   the   controller,   the   IP   address—assigned   by   the Internet   service   provider   (ISP)   and   used   by   the   data   subject—date,   and   time   of   the registration    are    also    stored.    The    storage    of    this    data    takes    place    against    the background   that   this   is   the   only   way   to   prevent   the   misuse   of   our   services,   and,   if necessary,    to    make    it    possible    to    investigate    committed    offenses.    Insofar,    the storage   of   this   data   is   necessary   to   secure   the   controller. This   data   is   not   passed   on to   third   parties   unless   there   is   a   statutory   obligation   to   pass   on   the   data,   or   if   the transfer serves the aim of criminal prosecution. The   registration   of   the   data   subject,   with   the   voluntary   indication   of   personal   data,   is intended   to   enable   the   controller   to   offer   the   data   subject   contents   or   services   that may   only   be   offered   to   registered   users   due   to   the   nature   of   the   matter   in   question. Registered    persons    are    free    to    change    the    personal    data    specified    during    the registration   at   any   time,   or   to   have   them   completely   deleted   from   the   data   stock   of the controller. The   data   controller   shall,   at   any   time,   provide   information   upon   request   to   each   data subject   as   to   what   personal   data   are   stored   about   the   data   subject.   In   addition,   the data   controller   shall   correct   or   erase   personal   data   at   the   request   or   indication   of   the data   subject,   insofar   as   there   are   no   statutory   storage   obligations.   The   entirety   of the    controller’s    employees    are    available    to    the    data    subject    in    this    respect    as contact persons. 7. Subscription to our newsletters On   the   website   of   the   Holiday   Inn   Stuttgart,   users   are   given   the   opportunity   to subscribe   to   our   enterprise's   newsletter.   The   input   mask   used   for   this   purpose determines   what   personal   data   are   transmitted,   as   well   as   when   the   newsletter   is ordered from the controller. The   Holiday   Inn   Stuttgart   informs   its   customers   and   business   partners   regularly   by means   of   a   newsletter   about   enterprise   offers.   The   enterprise's   newsletter   may   only be   received   by   the   data   subject   if   (1)   the   data   subject   has   a   valid   e-mail   address and   (2)   the   data   subject   registers   for   the   newsletter   shipping.   A   confirmation   e-mail will   be   sent   to   the   e-mail   address   registered   by   a   data   subject   for   the   first   time   for newsletter    shipping,    for    legal    reasons,    in    the    double    opt-in    procedure.    This confirmation   e-mail   is   used   to   prove   whether   the   owner   of   the   e-mail   address   as   the data subject is authorized to receive the newsletter. During   the   registration   for   the   newsletter,   we   also   store   the   IP   address   of   the computer   system   assigned   by   the   Internet   service   provider   (ISP)   and   used   by   the data   subject   at   the   time   of   the   registration,   as   well   as   the   date   and   time   of   the registration.   The   collection   of   this   data   is   necessary   in   order   to   understand   the (possible)   misuse   of   the   e-mail   address   of   a   data   subject   at   a   later   date,   and   it therefore serves the aim of the legal protection of the controller. The   personal   data   collected   as   part   of   a   registration   for   the   newsletter   will   only   be used   to   send   our   newsletter.   In   addition,   subscribers   to   the   newsletter   may   be informed   by   e-mail,   as   long   as   this   is   necessary   for   the   operation   of   the   newsletter service   or   a   registration   in   question,   as   this   could   be   the   case   in   the   event   of modifications    to    the    newsletter    offer,    or    in    the    event    of    a    change    in    technical circumstances. There   will   be   no   transfer   of   personal   data   collected   by   the   newsletter service   to   third   parties.   The   subscription   to   our   newsletter   may   be   terminated   by   the data   subject   at   any   time.   The   consent   to   the   storage   of   personal   data,   which   the data   subject   has   given   for   shipping   the   newsletter,   may   be   revoked   at   any   time.   For the    purpose    of    revocation    of    consent,    a    corresponding    link    is    found    in    each newsletter.   It   is   also   possible   to   unsubscribe   from   the   newsletter   at   any   time   directly on   the   website   of   the   controller,   or   to   communicate   this   to   the   controller   in   a   different way. 8. Newsletter-Tracking The   newsletter   of   the   Holiday   Inn   Stuttgart   contains   so-called   tracking   pixels.   A tracking   pixel   is   a   miniature   graphic   embedded   in   such   e-mails,   which   are   sent   in HTML   format   to   enable   log   file   recording   and   analysis.   This   allows   a   statistical analysis   of   the   success   or   failure   of   online   marketing   campaigns.   Based   on   the embedded   tracking   pixel,   the   Holiday   Inn   Stuttgart   may   see   if   and   when   an   e-mail was   opened   by   a   data   subject,   and   which   links   in   the   e-mail   were   called   up   by   data subjects. Such   personal   data   collected   in   the   tracking   pixels   contained   in   the   newsletters   are stored   and   analyzed   by   the   controller   in   order   to   optimize   the   shipping   of   the newsletter,   as   well   as   to   adapt   the   content   of   future   newsletters   even   better   to   the interests   of   the   data   subject.   These   personal   data   will   not   be   passed   on   to   third parties.   Data   subjects   are   at   any   time   entitled   to   revoke   the   respective   separate declaration   of   consent   issued   by   means   of   the   double-opt-in   procedure.   After   a revocation,   these   personal   data   will   be   deleted   by   the   controller.   The   Holiday   Inn Stuttgart   automatically   regards   a   withdrawal   from   the   receipt   of   the   newsletter   as   a revocation. 9. Contact possibility via the website The   website   of   the   Holiday   Inn   Stuttgart   contains   information   that   enables   a   quick electronic   contact   to   our   enterprise,   as   well   as   direct   communication   with   us,   which also   includes   a   general   address   of   the   so-called   electronic   mail   (e-mail   address).   If a   data   subject   contacts   the   controller   by   e-mail   or   via   a   contact   form,   the   personal data   transmitted   by   the   data   subject   are   automatically   stored.   Such   personal   data transmitted   on   a   voluntary   basis   by   a   data   subject   to   the   data   controller   are   stored for   the   purpose   of   processing   or   contacting   the   data   subject.   There   is   no   transfer   of this personal data to third parties. 10. Routine erasure and blocking of personal data The   data   controller   shall   process   and   store   the   personal   data   of   the   data   subject only   for   the   period   necessary   to   achieve   the   purpose   of   storage,   or   as   far   as   this   is granted   by   the   European   legislator   or   other   legislators   in   laws   or   regulations   to which the controller is subject to. If   the   storage   purpose   is   not   applicable,   or   if   a   storage   period   prescribed   by   the European   legislator   or   another   competent   legislator   expires,   the   personal   data   are routinely blocked or erased in accordance with legal requirements. 11. Rights of the data subject a) Right of confirmation Each   data   subject   shall   have   the   right   granted   by   the   European   legislator   to   obtain from   the   controller   the   confirmation   as   to   whether   or   not   personal   data   concerning him   or   her   are   being   processed.   If   a   data   subject   wishes   to   avail   himself   of   this   right of confirmation, he or she may, at any time, contact any employee of the controller. b) Right of access Each   data   subject   shall   have   the   right   granted   by   the   European   legislator   to   obtain from   the   controller   free   information   about   his   or   her   personal   data   stored   at   any   time and    a    copy    of    this    information.    Furthermore,    the    European    directives    and regulations grant the data subject access to the following information: o the purposes of the processing; o the categories of personal data concerned; o the   recipients   or   categories   of   recipients   to   whom   the   personal   data   have been   or   will   be   disclosed,   in   particular   recipients   in   third   countries   or   international organisations; o where   possible,   the   envisaged   period   for   which   the   personal   data   will   be stored, or, if not possible, the criteria used to determine that period; o the    existence    of    the    right    to    request    from    the    controller    rectification    or erasure   of   personal   data,   or   restriction   of   processing   of   personal   data   concerning the data subject, or to object to such processing; o the existence of the right to lodge a complaint with a supervisory authority; o where    the    personal    data    are    not    collected    from    the    data    subject,    any available information as to their source; o the   existence   of   automated   decision-making,   including   profiling,   referred   to   in Article    22(1)    and    (4)    of    the    GDPR    and,    at    least    in    those    cases,    meaningful information   about   the   logic   involved,   as   well   as   the   significance   and   envisaged consequences of such processing for the data subject. Furthermore,   the   data   subject   shall   have   a   right   to   obtain   information   as   to   whether personal   data   are   transferred   to   a   third   country   or   to   an   international   organisation. Where   this   is   the   case,   the   data   subject   shall   have   the   right   to   be   informed   of   the appropriate safeguards relating to the transfer. If   a   data   subject   wishes   to   avail   himself   of   this   right   of   access,   he   or   she   may,   at   any time, contact any employee of the controller. c) Right to rectification Each   data   subject   shall   have   the   right   granted   by   the   European   legislator   to   obtain from   the   controller   without   undue   delay   the   rectification   of   inaccurate   personal   data concerning   him   or   her.   Taking   into   account   the   purposes   of   the   processing,   the   data subject   shall   have   the   right   to   have   incomplete   personal   data   completed,   including by means of providing a supplementary statement. If   a   data   subject   wishes   to   exercise   this   right   to   rectification,   he   or   she   may,   at   any time, contact any employee of the controller. d) Right to erasure (Right to be forgotten) Each   data   subject   shall   have   the   right   granted   by   the   European   legislator   to   obtain from   the   controller   the   erasure   of   personal   data   concerning   him   or   her   without undue   delay,   and   the   controller   shall   have   the   obligation   to   erase   personal   data without   undue   delay   where   one   of   the   following   grounds   applies,   as   long   as   the processing is not necessary: o The   personal   data   are   no   longer   necessary   in   relation   to   the   purposes   for which they were collected or otherwise processed. o The    data    subject    withdraws    consent    to    which    the    processing    is    based according   to   point   (a)   of   Article   6(1)   of   the   GDPR,   or   point   (a)   of   Article   9(2)   of   the GDPR, and where there is no other legal ground for the processing. o The   data   subject   objects   to   the   processing   pursuant   to   Article   21(1)   of   the GDPR   and   there   are   no   overriding   legitimate   grounds   for   the   processing,   or   the   data subject objects to the processing pursuant to Article 21(2) of the GDPR. o The personal data have been unlawfully processed. o The   personal   data   must   be   erased   for   compliance   with   a   legal   obligation   in Union or Member State law to which the controller is subject. o The   personal   data   have   been   collected   in   relation   to   the   offer   of   information society services referred to in Article 8(1) of the GDPR. If   one   of   the   aforementioned   reasons   applies,   and   a   data   subject   wishes   to   request the   erasure   of   personal   data   stored   by   the   Holiday   Inn   Stuttgart,   he   or   she   may,   at any   time,   contact   any   employee   of   the   controller.   An   employee   of   Holiday   Inn Stuttgart    shall    promptly    ensure    that    the    erasure    request    is    complied    with immediately. Where   the   controller   has   made   personal   data   public   and   is   obliged   pursuant   to Article   17(1)   to   erase   the   personal   data,   the   controller,   taking   account   of   available technology   and   the   cost   of   implementation,   shall   take   reasonable   steps,   including technical   measures,   to   inform   other   controllers   processing   the   personal   data   that the   data   subject   has   requested   erasure   by   such   controllers   of   any   links   to,   or   copy or   replication   of,   those   personal   data,   as   far   as   processing   is   not   required.   An employees   of   the   Holiday   Inn   Stuttgart   will   arrange   the   necessary   measures   in individual cases. e) Right of restriction of processing Each   data   subject   shall   have   the   right   granted   by   the   European   legislator   to   obtain from the controller restriction of processing where one of the following applies: o The   accuracy   of   the   personal   data   is   contested   by   the   data   subject,   for   a period enabling the controller to verify the accuracy of the personal data. o The   processing   is   unlawful   and   the   data   subject   opposes   the   erasure   of   the personal data and requests instead the restriction of their use instead. o The   controller   no   longer   needs   the   personal   data   for   the   purposes   of   the processing,   but   they   are   required   by   the   data   subject   for   the   establishment,   exercise or defence of legal claims. o The   data   subject   has   objected   to   processing   pursuant   to   Article   21(1)   of   the GDPR   pending   the   verification   whether   the   legitimate   grounds   of   the   controller override those of the data subject. If   one   of   the   aforementioned   conditions   is   met,   and   a   data   subject   wishes   to   request the   restriction   of   the   processing   of   personal   data   stored   by   the   Holiday   Inn   Stuttgart, he   or   she   may   at   any   time   contact   any   employee   of   the   controller.   The   employee   of the Holiday Inn Stuttgart will arrange the restriction of the processing. f) Right to data portability Each   data   subject   shall   have   the   right   granted   by   the   European   legislator,   to   receive the   personal   data   concerning   him   or   her,   which   was   provided   to   a   controller,   in   a structured,   commonly   used   and   machine-readable   format.   He   or   she   shall   have   the right    to    transmit    those    data    to    another    controller    without    hindrance    from    the controller   to   which   the   personal   data   have   been   provided,   as   long   as   the   processing is   based   on   consent   pursuant   to   point   (a)   of Article   6(1)   of   the   GDPR   or   point   (a)   of Article   9(2)   of   the   GDPR,   or   on   a   contract   pursuant   to   point   (b)   of Article   6(1)   of   the GDPR,   and   the   processing   is   carried   out   by   automated   means,   as   long   as   the processing   is   not   necessary   for   the   performance   of   a   task   carried   out   in   the   public interest or in the exercise of official authority vested in the controller. Furthermore,   in   exercising   his   or   her   right   to   data   portability   pursuant   to Article   20(1) of   the   GDPR,   the   data   subject   shall   have   the   right   to   have   personal   data   transmitted directly   from   one   controller   to   another,   where   technically   feasible   and   when   doing   so does not adversely affect the rights and freedoms of others. In   order   to   assert   the   right   to   data   portability,   the   data   subject   may   at   any   time contact any employee of the Holiday Inn Stuttgart. g) Right to object Each   data   subject   shall   have   the   right   granted   by   the   European   legislator   to   object, on   grounds   relating   to   his   or   her   particular   situation,   at   any   time,   to   processing   of personal   data   concerning   him   or   her,   which   is   based   on   point   (e)   or   (f)   of Article   6(1) of the GDPR. This also applies to profiling based on these provisions. The   Holiday   Inn   Stuttgart   shall   no   longer   process   the   personal   data   in   the   event   of the   objection,   unless   we   can   demonstrate   compelling   legitimate   grounds   for   the processing   which   override   the   interests,   rights   and   freedoms   of   the   data   subject,   or for the establishment, exercise or defence of legal claims. If   the   Holiday   Inn   Stuttgart   processes   personal   data   for   direct   marketing   purposes, the   data   subject   shall   have   the   right   to   object   at   any   time   to   processing   of   personal data   concerning   him   or   her   for   such   marketing.   This   applies   to   profiling   to   the   extent that   it   is   related   to   such   direct   marketing.   If   the   data   subject   objects   to   the   Holiday Inn    Stuttgart    to    the    processing    for    direct    marketing    purposes,    the    Holiday    Inn Stuttgart will no longer process the personal data for these purposes. In   addition,   the   data   subject   has   the   right,   on   grounds   relating   to   his   or   her   particular situation,   to   object   to   processing   of   personal   data   concerning   him   or   her   by   the Holiday   Inn   Stuttgart   for   scientific   or   historical   research   purposes,   or   for   statistical purposes   pursuant   to Article   89(1)   of   the   GDPR,   unless   the   processing   is   necessary for the performance of a task carried out for reasons of public interest. In   order   to   exercise   the   right   to   object,   the   data   subject   may   contact   any   employee of   the   Holiday   Inn   Stuttgart.   In   addition,   the   data   subject   is   free   in   the   context   of   the use   of   information   society   services,   and   notwithstanding   Directive   2002/58/EC,   to use his or her right to object by automated means using technical specifications. h) Automated individual decision-making, including profiling Each   data   subject   shall   have   the   right   granted   by   the   European   legislator   not   to   be subject   to   a   decision   based   solely   on   automated   processing,   including   profiling, which   produces   legal   effects   concerning   him   or   her,   or   similarly   significantly   affects him   or   her,   as   long   as   the   decision   (1)   is   not   is   necessary   for   entering   into,   or   the performance   of,   a   contract   between   the   data   subject   and   a   data   controller,   or   (2)   is not   authorised   by   Union   or   Member   State   law   to   which   the   controller   is   subject   and which   also   lays   down   suitable   measures   to   safeguard   the   data   subject's   rights   and freedoms   and   legitimate   interests,   or   (3)   is   not   based   on   the   data   subject's   explicit consent. If   the   decision   (1)   is   necessary   for   entering   into,   or   the   performance   of,   a   contract between   the   data   subject   and   a   data   controller,   or   (2)   it   is   based   on   the   data subject's    explicit    consent,    the    Holiday    Inn    Stuttgart    shall    implement    suitable measures    to    safeguard    the    data    subject's    rights    and    freedoms    and    legitimate interests,   at   least   the   right   to   obtain   human   intervention   on   the   part   of   the   controller, to express his or her point of view and contest the decision. If   the   data   subject   wishes   to   exercise   the   rights   concerning   automated   individual decision-making,   he   or   she   may,   at   any   time,   contact   any   employee   of   the   Holiday Inn Stuttgart. i) Right to withdraw data protection consent Each    data    subject    shall    have    the    right    granted    by    the    European    legislator    to withdraw his or her consent to processing of his or her personal data at any time. If   the   data   subject   wishes   to   exercise   the   right   to   withdraw   the   consent,   he   or   she may, at any time, contact any employee of the Holiday Inn Stuttgart. 12. Data protection for applications and the application procedures The   data   controller   shall   collect   and   process   the   personal   data   of   applicants   for   the purpose   of   the   processing   of   the   application   procedure. The   processing   may   also   be carried   out   electronically.   This   is   the   case,   in   particular,   if   an   applicant   submits corresponding   application   documents   by   e-mail   or   by   means   of   a   web   form   on   the website   to   the   controller.   If   the   data   controller   concludes   an   employment   contract with   an   applicant,   the   submitted   data   will   be   stored   for   the   purpose   of   processing the     employment     relationship     in     compliance     with     legal     requirements.     If     no employment    contract    is    concluded    with    the    applicant    by    the    controller,    the application   documents   shall   be   automatically   erased   two   months   after   notification   of the   refusal   decision,   provided   that   no   other   legitimate   interests   of   the   controller   are opposed   to   the   erasure.   Other   legitimate   interest   in   this   relation   is,   e.g.   a   burden   of proof in a procedure under the General Equal Treatment Act (AGG). 13. Data protection provisions about the application and use of Facebook On    this    website,    the    controller    has    integrated    components    of    the    enterprise Facebook. Facebook is a social network. A   social   network   is   a   place   for   social   meetings   on   the   Internet,   an   online   community, which   usually   allows   users   to   communicate   with   each   other   and   interact   in   a   virtual space.   A   social   network   may   serve   as   a   platform   for   the   exchange   of   opinions   and experiences,   or   enable   the   Internet   community   to   provide   personal   or   business- related   information.   Facebook   allows   social   network   users   to   include   the   creation   of private profiles, upload photos, and network through friend requests. The   operating   company   of   Facebook   is   Facebook,   Inc.,   1   Hacker   Way,   Menlo   Park, CA   94025,   United   States.   If   a   person   lives   outside   of   the   United   States   or   Canada, the   controller   is   the   Facebook   Ireland   Ltd.,   4   Grand   Canal   Square,   Grand   Canal Harbour, Dublin 2, Ireland. With   each   call-up   to   one   of   the   individual   pages   of   this   Internet   website,   which   is operated   by   the   controller   and   into   which   a   Facebook   component   (Facebook   plug- ins)   was   integrated,   the   web   browser   on   the   information   technology   system   of   the data   subject   is   automatically   prompted   to   download   display   of   the   corresponding Facebook    component    from    Facebook    through    the    Facebook    component.    An overview      of      all      the      Facebook      Plug-ins      may      be      accessed      under https://developers.facebook.com/docs/plugins/.   During   the   course   of   this   technical procedure,   Facebook   is   made   aware   of   what   specific   sub-site   of   our   website   was visited by the data subject. If   the   data   subject   is   logged   in   at   the   same   time   on   Facebook,   Facebook   detects with   every   call-up   to   our   website   by   the   data   subject—and   for   the   entire   duration   of their   stay   on   our   Internet   site—which   specific   sub-site   of   our   Internet   page   was visited   by   the   data   subject.   This   information   is   collected   through   the   Facebook component    and    associated    with    the    respective    Facebook    account    of    the    data subject.   If   the   data   subject   clicks   on   one   of   the   Facebook   buttons   integrated   into   our website,   e.g.   the   "Like"   button,   or   if   the   data   subject   submits   a   comment,   then Facebook   matches   this   information   with   the   personal   Facebook   user   account   of   the data subject and stores the personal data. Facebook   always   receives,   through   the   Facebook   component,   information   about   a visit   to   our   website   by   the   data   subject,   whenever   the   data   subject   is   logged   in   at the   same   time   on   Facebook   during   the   time   of   the   call-up   to   our   website.   This occurs   regardless   of   whether   the   data   subject   clicks   on   the   Facebook   component   or not.   If   such   a   transmission   of   information   to   Facebook   is   not   desirable   for   the   data subject,   then   he   or   she   may   prevent   this   by   logging   off   from   their   Facebook   account before a call-up to our website is made. The    data    protection    guideline    published    by    Facebook,    which    is    available    at https://facebook.com/about/privacy/,    provides    information    about    the    collection, processing   and   use   of   personal   data   by   Facebook.   In   addition,   it   is   explained   there what   setting   options   Facebook   offers   to   protect   the   privacy   of   the   data   subject.   In addition,   different   configuration   options   are   made   available   to   allow   the   elimination of   data   transmission   to   Facebook.   These   applications   may   be   used   by   the   data subject to eliminate a data transmission to Facebook. 14.   Data   protection   provisions   about   the   application   and   use   of   Google   Analytics (with anonymization function) On   this   website,   the   controller   has   integrated   the   component   of   Google   Analytics (with   the   anonymizer   function).   Google   Analytics   is   a   web   analytics   service.   Web analytics   is   the   collection,   gathering,   and   analysis   of   data   about   the   behavior   of visitors    to    websites.   A    web    analysis    service    collects,    inter    alia,    data    about    the website   from   which   a   person   has   come   (the   so-called   referrer),   which   sub-pages were   visited,   or   how   often   and   for   what   duration   a   sub-page   was   viewed.   Web analytics   are   mainly   used   for   the   optimization   of   a   website   and   in   order   to   carry   out a cost-benefit analysis of Internet advertising. The   operator   of   the   Google Analytics   component   is   Google   Inc.,   1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States. For   the   web   analytics   through   Google   Analytics   the   controller   uses   the   application "_gat.   _anonymizeIp".   By   means   of   this   application   the   IP   address   of   the   Internet connection    of    the    data    subject    is    abridged    by    Google    and    anonymised    when accessing   our   websites   from   a   Member   State   of   the   European   Union   or   another Contracting State to the Agreement on the European Economic Area. The   purpose   of   the   Google   Analytics   component   is   to   analyze   the   traffic   on   our website.   Google   uses   the   collected   data   and   information,   inter   alia,   to   evaluate   the use   of   our   website   and   to   provide   online   reports,   which   show   the   activities   on   our websites,   and   to   provide   other   services   concerning   the   use   of   our   Internet   site   for us. Google   Analytics   places   a   cookie   on   the   information   technology   system   of   the   data subject.   The   definition   of   cookies   is   explained   above.   With   the   setting   of   the   cookie, Google   is   enabled   to   analyze   the   use   of   our   website.   With   each   call-up   to   one   of   the individual   pages   of   this   Internet   site,   which   is   operated   by   the   controller   and   into which   a   Google   Analytics   component   was   integrated,   the   Internet   browser   on   the information   technology   system   of   the   data   subject   will   automatically   submit   data through   the   Google   Analytics   component   for   the   purpose   of   online   advertising   and the    settlement    of    commissions    to    Google.    During    the    course    of    this    technical procedure,   the   enterprise   Google   gains   knowledge   of   personal   information,   such   as the   IP   address   of   the   data   subject,   which   serves   Google,   inter   alia,   to   understand the origin of visitors and clicks, and subsequently create commission settlements. The   cookie   is   used   to   store   personal   information,   such   as   the   access   time,   the location   from   which   the   access   was   made,   and   the   frequency   of   visits   of   our   website by    the    data    subject.    With    each    visit    to    our    Internet    site,    such    personal    data, including   the   IP   address   of   the   Internet   access   used   by   the   data   subject,   will   be transmitted   to   Google   in   the   United   States   of   America.   These   personal   data   are stored   by   Google   in   the   United   States   of America.   Google   may   pass   these   personal data collected through the technical procedure to third parties. The   data   subject   may,   as   stated   above,   prevent   the   setting   of   cookies   through   our website   at   any   time   by   means   of   a   corresponding   adjustment   of   the   web   browser used   and   thus   permanently   deny   the   setting   of   cookies.   Such   an   adjustment   to   the Internet   browser   used   would   also   prevent   Google Analytics   from   setting   a   cookie   on the   information   technology   system   of   the   data   subject.   In   addition,   cookies   already in   use   by   Google   Analytics   may   be   deleted   at   any   time   via   a   web   browser   or   other software programs. In   addition,   the   data   subject   has   the   possibility   of   objecting   to   a   collection   of   data that   are   generated   by   Google   Analytics,   which   is   related   to   the   use   of   this   website, as   well   as   the   processing   of   this   data   by   Google   and   the   chance   to   preclude   any such.   For   this   purpose,   the   data   subject   must   download   a   browser   add-on   under   the link   https://tools.google.com/dlpage/gaoptout   and   install   it.   This   browser   add-on   tells Google   Analytics   through   a   JavaScript,   that   any   data   and   information   about   the visits   of   Internet   pages   may   not   be   transmitted   to   Google Analytics.   The   installation of   the   browser   add-ons   is   considered   an   objection   by   Google.   If   the   information technology   system   of   the   data   subject   is   later   deleted,   formatted,   or   newly   installed, then    the    data    subject    must    reinstall    the    browser    add-ons    to    disable    Google Analytics.   If   the   browser   add-on   was   uninstalled   by   the   data   subject   or   any   other person    who    is    attributable    to    their    sphere    of    competence,    or    is    disabled,    it    is possible to execute the reinstallation or reactivation of the browser add-ons. Further   information   and   the   applicable   data   protection   provisions   of   Google   may   be retrieved       under       https://www.google.com/intl/en/policies/privacy/       and       under http://www.google.com/analytics/terms/us.html.       Google      Analytics       is       further explained under the following Link https://www.google.com/analytics/ . 15. Legal basis for the processing Art.   6(1)   lit.   a   GDPR   serves   as   the   legal   basis   for   processing   operations   for   which we   obtain   consent   for   a   specific   processing   purpose.   If   the   processing   of   personal data   is   necessary   for   the   performance   of   a   contract   to   which   the   data   subject   is party,   as   is   the   case,   for   example,   when   processing   operations   are   necessary   for the   supply   of   goods   or   to   provide   any   other   service,   the   processing   is   based   on Article   6(1)   lit.   b   GDPR.   The   same   applies   to   such   processing   operations   which   are necessary   for   carrying   out   pre-contractual   measures,   for   example   in   the   case   of inquiries   concerning   our   products   or   services.   Is   our   company   subject   to   a   legal obligation    by    which    processing    of    personal    data    is    required,    such    as    for    the fulfillment   of   tax   obligations,   the   processing   is   based   on Art.   6(1)   lit.   c   GDPR.   In   rare cases,    the    processing    of    personal    data    may    be    necessary    to    protect    the    vital interests   of   the   data   subject   or   of   another   natural   person.   This   would   be   the   case, for   example,   if   a   visitor   were   injured   in   our   company   and   his   name,   age,   health insurance   data   or   other   vital   information   would   have   to   be   passed   on   to   a   doctor, hospital   or   other   third   party.   Then   the   processing   would   be   based   on   Art.   6(1)   lit.   d GDPR.   Finally,   processing   operations   could   be   based   on   Article   6(1)   lit.   f   GDPR. This   legal   basis   is   used   for   processing   operations   which   are   not   covered   by   any   of the   abovementioned   legal   grounds,   if   processing   is   necessary   for   the   purposes   of the   legitimate   interests   pursued   by   our   company   or   by   a   third   party,   except   where such   interests   are   overridden   by   the   interests   or   fundamental   rights   and   freedoms   of the    data    subject    which    require    protection    of    personal    data.    Such    processing operations    are    particularly    permissible    because    they    have    been    specifically mentioned   by   the   European   legislator.   He   considered   that   a   legitimate   interest   could be   assumed   if   the   data   subject   is   a   client   of   the   controller   (Recital   47   Sentence   2 GDPR). 16. The legitimate interests pursued by the controller or by a third party Where   the   processing   of   personal   data   is   based   on   Article   6(1)   lit.   f   GDPR   our legitimate   interest   is   to   carry   out   our   business   in   favor   of   the   well-being   of   all   our employees and the shareholders. 17. Period for which the personal data will be stored The    criteria    used    to    determine    the    period    of    storage    of    personal    data    is    the respective     statutory     retention     period.     After     expiration     of     that     period,     the corresponding   data   is   routinely   deleted,   as   long   as   it   is   no   longer   necessary   for   the fulfillment of the contract or the initiation of a contract. 18.   Provision   of   personal   data   as   statutory   or   contractual   requirement;   Requirement necessary   to   enter   into   a   contract;   Obligation   of   the   data   subject   to   provide   the personal data; possible consequences of failure to provide such data We   clarify   that   the   provision   of   personal   data   is   partly   required   by   law   (e.g.   tax regulations)   or   can   also   result   from   contractual   provisions   (e.g.   information   on   the contractual   partner).   Sometimes   it   may   be   necessary   to   conclude   a   contract   that   the data   subject   provides   us   with   personal   data,   which   must   subsequently   be   processed by   us.   The   data   subject   is,   for   example,   obliged   to   provide   us   with   personal   data when   our   company   signs   a   contract   with   him   or   her.   The   non-provision   of   the personal   data   would   have   the   consequence   that   the   contract   with   the   data   subject could   not   be   concluded.   Before   personal   data   is   provided   by   the   data   subject,   the data   subject   must   contact   any   employee.   The   employee   clarifies   to   the   data   subject whether   the   provision   of   the   personal   data   is   required   by   law   or   contract   or   is necessary   for   the   conclusion   of   the   contract,   whether   there   is   an   obligation   to provide   the   personal   data   and   the   consequences   of   non-provision   of   the   personal data. 19. Existence of automated decision-making As a responsible company, we do not use automatic decision-making or profiling. This   Privacy   Policy   has   been   generated   by   the   Privacy   Policy   Generator   of   the German   Association   for   Data   Protection   that   was   developed   in   cooperation   with Privacy Lawyers from WILDE BEUGER SOLMECKE, Cologne.
Mittlerer Pfad 25-27 70499 Stuttgart Germany +49 711 / 98888 0 info@histuttgart.de

Central Reservation

00800 80 800 800

Privacy Statement
Privacy Statement | Imprint