PRIVACY POLICY

 

Thank you for visiting our website www.rilano.com and for your interest in our company.

The use of our Rilano Hotels website does not generally require the disclosure of personal data. However, if you wish to use special services of our company via functions of our website, personal data may be processed.

The processing of personal data, such as the name, address, e-mail address, gender, date of birth, account number or telephone number of a data subject always takes place in accordance with the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and country-specific data protection regulations.

 

As the controller, our company has implemented numerous organisational and technical measures to ensure the most complete and uninterrupted protection of personal data processed through this website; nevertheless, notwithstanding the precautions taken, absolute protection cannot be guaranteed for electronic data transmissions.

I.Name and contact details of the responsible person

Your contact person as the responsible person within the meaning of the European Data Protection Regulation (“EU GDPR“) and other national data protection laws of the member states as well as other data protection regulations is:

 

Gorgeous Smiling Hotels Ltd.

Wilhelm-Wagenfeld-Strasse 4

80807 Munich

Tel.: +49 89 588 0 588 0

Fax: +49 89 588 0 588 99

E-mail: info@gsh-hotels.com

(hereinafter referred to as “we”, “us” or “our”).


II. Contact details of the data protection officer

The protection of your personal data has a high priority for us. To express this importance, we have commissioned a consulting firm specializing in data protection and data security to take on these central issues. Our data protection officer also comes from this highly experienced group of experts.

We are advised by:

Magellan Compliance GmbH, Nördliche Münchner Straße 27A, 82031 Grünwald / www.magellan-datenschutz.de

 

Please contact our data protection officer directly with any questions you may have on the subject of data protection and data security. E-mail: datenschutz_gsh@magellan-legal.de / Tel.: +49 89 588 0 588 0


III. General information on data processing

1scope

As a matter of principle, we only process your personal data to the extent that this is necessary for the functional provision of our website and our content and services.

 

Legal basis

Insofar as we obtain your consent for the processing of your personal data, the legal basis for the processing is Art. 6 para. 1 p. 1 lit. a) EU-DSGVO.

 

If the processing of your personal data takes place for the fulfillment of a contract with you or in the context of the initiation of a contractual relationship, the legal basis for the processing is Art. 6 para. 1 p. 1 lit. b) EU-DSGVO.

 

Insofar as the processing of personal data is necessary for the fulfillment of a legal obligation incumbent upon us, the legal basis for the processing is Art. 6 para. 1 p. 1 lit. c) EU-DSGVO.

 

If the processing of your personal data is carried out to protect the legitimate interests of us or a third party, whereby your interests, fundamental rights and freedoms do not outweigh the first-mentioned interest, the legal basis for the processing is Art. 6 (1) p. 1 lit. f) EU-DSGVO.

 

Storage duration

Your personal data will be deleted as soon as the purpose for storing it no longer applies or, should you be entitled to a right of revocation, you declare the revocation of your consent. Storage may also take place if this has been stipulated by the European or national legislator in Union regulations, laws or other provisions to which we are subject. In this case, however, your personal data will be blocked.

 

External links

If we provide links to external websites, this privacy policy does not apply to the processing of your personal data by the controller of the linked website. We therefore recommend that you read the privacy policy on the external website you visit. If this linking requires a legal basis for the processing of your personal data resulting from this, this is your consent pursuant to Art. 6 (1) p. 1 lit. a) EU-DSGVO, which you give by clicking on the link.

 

Usually, by clicking the link (hyperlink), the following of your personal data will be processed:

 

  • IP address;
  • Screen resolution;
  • Browser used;
  • Bandwidth

IV. Data processing on our website

Website functionsa: Provision of the website and creation of log files

(1) Description and scope

In the context of providing our website, we process your personal data to enable error-free delivery of our website to your PC or mobile device. In some cases, your personal data must be stored for the duration of a session.

 

We also temporarily store your personal data in log files to ensure the functionality of our website and the security of our IT systems. No other processing of your personal data in log files takes place.

 

The following of your personal data is processed for the provision of the website and for the creation of log files:

 

  • IP address;
  • Access date;
  • Access time;
  • previously visited website;
  • Browser used;
  • Operating system used.

(2) Legal basis

Legitimateinterest, Art. 6 para. 1 p. 1 lit. f) EU-DSGVO.

 (3) Purpose

The purpose of the data processing is to provide the website, to ensure the functionality of the website and the security of the IT systems used for this purpose.

 

In the purpose lies at the same time our legitimate interest.

 (4) Storage period

 

Your personal data is stored in log files for a period of 7 days. In addition, your personal data is only stored for the duration of the session as part of the provision of the website.

 

(5) Possibility of objection and removal

 

The processing of your personal data and the storage of your personal data in log files is absolutely necessary for the provision of the website, the guarantee of the functionality of the website and the guarantee of the IT systems used. Consequently, there is no possibility for you to object.

 

b. Technically necessary cookies

(1) Description and scope

 

In the context of technically necessary cookies, we process your personal data because many functions and services of our website, which facilitate your use of our website or enable you to use it at all, do not function properly without cookies (so-called “technically necessary cookies”).

 

By means of these technically necessary cookies, we partially store personal data of you, which, however, are only used for the use of these functions and services. Your personal data is not processed in any other way.

 

A list of the technically necessary cookies used by us, their purpose, storage period and further information can be found in the footer of this website under the heading Cookies.

 

The following personal data are processed in the context of the use of technically necessary cookies:

 

  • IP address;
  • Language settings of your browser;
  • Browser used;
  • Shopping Cart Information.

(2) Legal basis

Legitimate interest, Section 25 (2) TTDSG in conjunction with. Art. 6 para. 1 p. 1 lit. f) EU-DSGVO.

(3) Purpose

 

The purpose of data processing is to provide the functions and services of our website.

 

In the purpose lies at the same time our legitimate interest.

(4) Storage period

 

As a rule, for the duration of the respective session, unless otherwise stated in the detailed information of the list of technically necessary cookies used by us.

 

(5) Possibility of objection and removal

 

Technically necessary cookies are stored on your PC or mobile device and transmitted from it to our website. Therefore, you have full control over the use of technical cookies.

 

By changing the settings in your browser, you can disable or restrict the transfer of cookies. You can delete already stored cookies at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.

 

c. Technically non-essential cookies

 

If the functions and services of our website involve the use of technically non-essential cookies, you will find a list of these cookies, their purpose, storage period and further information in the footer of this website in the Cookies section.

 

d. Room booking

(1) Description and scope

 

On our website, we process your personal data in the context of the conclusion of accommodation contracts and their initiation between you and us.

(2) Legal basis

 

Contract performance, Art. 6 para. 1 p. 1 lit. b) EU-DSGVO.

 

(3) Purpose

The processing of your personal data in the context of the room booking serves the fulfillment of accommodation contracts and their initiation.

 

(4) Storage period

Your personal data will be deleted as soon as they are no longer required to achieve the purpose of their processing. For the personal data transmitted in the context of the room booking, this is the case when your request has been fully processed and legal retention periods do not prevent deletion.

 

(5) Possibility of objection and removal

Within the framework of the contract initiation of the accommodation contract between you and us, you have the option to object to the processing of your personal data at any time. You do this by canceling the booking process within the website, for example by closing the website. In this case, however, it is not possible for us to provide you with a room.

 

e. Google Maps

(1) Description and scope

 

We integrate Google Maps on our website to display map content. This allows us to present content that we want to present to you in an appealing, consistent manner and independent of your terminal device on our website. Google Maps is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

 

In the context of the integration of Google Maps, the following personal data is processed:

 

  • IP address;
  • Screen resolution;
  • Language settings;
  • Location data

 

When using the Google Maps service, further personal data may be processed. You can find information on this under:

 

https://policies.google.com/privacy?hl=de#whycollect

(2) Legal basis

 

Consent, Art. 6 para. 1 p. 1 lit. a) EU-DSGVO.

(3) Purpose

 

The purpose of the processing is to display map content.

(4) Storage period

We only process your personal data until the end of your visit to the website (extended data protection mode). We have no influence on the deletion of your personal data at Google Maps. You can find more information at:

https://policies.google.com/privacy?hl=de&gl=de#inforetaining

 

(5) Possibility of objection and removal

 

You have the option to revoke your consent at any time. You make this revocation in particular by exiting the application and/or reloading the website.

 

For more information, please visit:

 

https://policies.google.com/privacy?hl=de-DE

 

f. Contact form and e-mail contact

a. Description and scope

 

Within the framework of the contact form and e-mail contact, the following personal data are processed:

 

  • First name;
  • Last name;
  • Phone number;
  • E-mail address;
  • Message content;

b. Legal basis

 

Legitimate interest, Art. 6 para. 1 p. 1 lit. f) EU-DSGVO.

c. Purpose

 

The purpose of the data processing is to handle your request.

 

d. Storage period

Your personal data will be stored until the purpose ceases to exist. This usually occurs with the processing of your request, unless longer retention periods are relevant.

 

e. Possibility of objection and removal

You have the option at any time to object to the processing of your personal data in the context of contacting us for the future. In this case, however, we will not be able to further process your request. All personal data stored in the course of contacting you will be deleted in this case, unless legal retention periods prevent deletion. In this case, your personal data will be blocked until the end of the legal retention periods.

 

 

Marketing

a. Newsletter

(1) Description and scope

 

 

For the playout of our newsletter, the following personal data are processed:

 

  • E-mail address;

(2) Legal basis

 

Consent, Art. 6 para. 1 p. 1 lit. a) EU-DSGVO.

(3) Purpose

The purpose of the data processing is the playout of our newsletter.

(4) Storage period

The storage period of your personal data depends on the continued existence of your consent.

 

(5) Possibility of objection and removal

You have the option to revoke your consent at any time. You can do this by unsubscribing from our newsletter. In this case, your personal data will be deleted and we will no longer be able to include you in the distribution of our newsletter.

 

b. Direct marketing

(1) Description and scope

 

In the context of direct marketing campaigns, we process your personal data if the narrow scope of special laws allows us to address you without your consent. Furthermore, we process your personal data if you have consented to the advertising approach.

 

The following personal data are processed within the scope of direct marketing:

  • Salutation;
  • First name;
  • Last name;
  • Postal address;
  • E-mail address;
  • Phone number.

(2) Legal basis

 

Legitimate interest, Art. 6 para. 1 p. 1 lit. f) EU-DSGVO (postal service).

 

Consent, Art. 6 para. 1 p. 1 lit. a) EU-DSGVO (mail, e-mail, telephone).

 

Legitimate interest, Section 7 (3) UWG (e-mail).

(3) Purpose

 

The purpose of data processing is to carry out direct marketing campaigns and to send offers and supplementary information.

 

(4Storage period

Your personal data will be stored until you object to the processing. You will find information on this in the respective advertising approach.

 

(5) Possibility of objection and removal

You can object to the processing of your personal data in the context of direct marketing campaigns at any time for the future.

 

 

Data protection and law

a.Exercise of your data subject rights according to Art. 12 et seq. EU-DSGVO

(1) Description and scope

 

In the context of processing data subject rights, we process your personal data. In this context, we process your contact data provided in this context exclusively for the purpose of processing and responding to your message and the subsequent documentation of processing in compliance with the law as part of our accountability.

 

The following personal data are processed within the framework of the processing of data subject rights:

  • First name;
  • Last name;
  • Postal address;
  • E-mail address;
  •  

 

(2) Legal basis

 

Legal obligation, Art. 6 para. 1 p. 1 lit. c) in conjunction with. Art. 12 ff. EU-DSGVO.

 

Legitimate interest for subsequent documentation, Art. 6 para. 1 p. 1 lit. f) EU-DSGVO.

(3) Purpose

Legally compliant processing of your data protection rights.

 

(4) Storage duration

3 years after completion of the processing of the respective case, § 41 BDSG in conjunction with. § Section 31 (2) No. 1 OWIG.

 

(5) Possibility of objection and removal

 

You have the possibility at any time to object to the processing of your personal data in the context of the processing of your data subject rights for the future. In this case, however, we will not be able to further process your data protection data subject rights.

 

The documentation of the lawful processing of the respective processing of your data subject rights is mandatory. Consequently, there is no possibility for you to object.

 

b. Legal defense and enforcement

(1) Description and scope

 

Your personal data will be processed by us if you assert legal claims against us or if we assert claims and rights against you.

(2) Legal basis

 

Legitimate interest, Art. 6 para. 1 p. 1 lit. f) EU-DSGVO.

(3) Purpose

 

The purpose of data processing is the defense against unjustified claims and the legal enforcement and assertion of claims and rights.

 

This is also our legitimate interest.

 

(4) Storage period

Your personal data will be stored until the purpose ceases to exist. This is usually given with the legal force of the respective decision.

(5) Possibility of objection and removal

 

The processing of your personal data in the context of legal defense and enforcement is mandatory for legal defense and enforcement. Consequently, there is no possibility for you to object.


V. Further data processing besides our website

Instagram channel

a. Description and scope

 

As part of the operation of our Instagram channel, we process your personal data in order to contact and interact with users and visitors of the social network “Instagram”. We publish information about our company there.

 

If you contact us directly via our Instagram channel (e.g. via a direct message), the data you provide will only be processed for the purpose of recording and responding to your customer/prospect inquiry.

 

We are also able to compile statistics about visits to our Instagram channel. This information is compiled by Facebook (“Instagram Insights”) and enables us to market our activities more effectively and in a more targeted manner.

 

With respect to Instagram Insights data, we are jointly responsible for data processing with Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, we have entered into an agreement with Facebook Ireland Limited regarding which of us processes which obligations under the EU GDPR.

The essential contents of this agreement can be viewed at:

 

https://www.facebook.com/legal/controller_addendum as well as https://www.facebook.com/legal/terms/page_controller_addendum

 

You can find out which data Facebook uses for usage analysis in connection with our Instagram channel and which information Facebook provides for data processing in connection with the Instagram Insights function here:

 

https://de-de.facebook.com/legal/terms/information_about_page_insights_data

 

Further information on the processing of your personal data by Facebook Ireland Limited can be found at:

 

https://privacycenter.instagram.com/policy/ as well as https://de-de.facebook.com/legal/terms/information_about_page_insights_data

b. Legal basis

 

Legitimate interest, Art. 6 para. 1 p. 1 lit. f) EU-DSGVO.

c. Purpose

 

The purpose of the data processing is the analysis of the success of our Instagram channel and the design of our Instagram channel according to your interests and the processing of requests.

d. Storage period

 

For information about how long your personal data is stored by Facebook Ireland Limited, see:

https://privacycenter.instagram.com/policy/

e. Possibility of objection and removal

 

If you do not want your personal data to be collected as part of the operation of our Instagram account, you have the option at any time to object to the processing of your personal data as part of the operation of our Instagram channel for the future. In this case, we will forward your objection request to Facebook Ireland Limited.


VI.  Categories of recipients

Within our company, those offices and departments receive personal data that need it to fulfill the aforementioned purposes. In addition, we sometimes use different service providers and transfer your personal data to other trustworthy recipients. These can be, for example:

 

  • Banks;
  • Scan service;
  • Printers;
  • Lettershops;
  • IT service provider;
  • Cooperation partner;
  • Lawyers and courts.

VII. Third country transfer

In the course of processing your personal data, we may transfer your personal data to trusted service providers in third countries. Third countries are countries that are outside the European Union(EU) or the European Economic Area(EEA).

 

In doing so, we only work with service providers who can provide us with suitable guarantees for the security of your personal data and guarantee that your personal data will be processed in accordance with strict European data protection standards. A copy of these suitable guarantees can be viewed at our premises.

 

If we transfer personal data to third countries, this is done on the basis of a so-called adequacy decision of the European Commission, or, if no such decision exists, on the basis of so-called standard data protection clauses, which have also been issued by the European Commission.

 


VIII. Your rights

You have the following rights with respect to us:

 

Right to information

 

You have a right to information about whether and which of your personal data is processed by us. In this case, we will additionally inform you about

 

  • the purpose of processing;
  • the categories of data;
  • the recipients of your personal data;
  • the planned storage period or the criteria for the planned storage period;
  • Your other rights;
  • Unless you have provided us with your personal data: All available information about its origin;
  • if available: the existence of automated decision-making and information about the logic involved, the scope and the intended effects of the processing.

 

Right to rectification

 

You have a right to rectification and/or completion if your personal data processed by us is inaccurate or incomplete.

 

Right to restriction of processing

 

You have a right to restriction of processing, provided that

 

  • we verify the accuracy of your personal data that we process;
  • the processing of your personal data is unlawful;
  • you need your personal data processed by us for legal prosecution after the purpose has ceased to exist;
  • you have objected to the processing of your personal data and we are reviewing this objection.

 

Right to deletion

 

You have a right to deletion, provided that

 

  • we no longer need your personal data for its original purpose;
  • you revoke your consent and there is no other legal basis for processing your personal data;
  • you object to the processing of your personal data and – unless it is direct marketing – there are no overriding reasons for further processing;
  • the processing of your personal data is unlawful;
  • the deletion of your personal data is required by law;
  • Your personal data was collected as a minor for information society services.

 

Right to information

 

If you have exercised your right to rectification, erasure or restriction of processing, we will notify all recipients of your personal data of this rectification, erasure of the data or restriction of processing.

 

Right to data portability

 

You have a right to receive your personal data processed by us on the basis of consent or for the performance of a contract in a structured, common and machine-readable format and to transfer it to another controller. If technically feasible, you have the right to have us transfer this data directly to another controller.

 

Right of objection

 

You have the right to object to the processing of your personal data in case of special reasons. In this case, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing.

 

In case of processing of your personal data for direct marketing purposes, you have the right to object at any time.

 

 

Right of revocation

You have the right to revoke consent given to us at any time. The revocation of consent does not affect the lawfulness of previous processing based on consent.

 

 

Right to complain to a supervisory authority

 

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the competent supervisory authority if you consider that the processing of your personal data by us infringes the EU GDPR.

 

Competent supervisory authority for us is:

 

Bavarian State Office for Data Protection Supervision

Promenade 18

91522 Ansbach