Our privacy policy is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easily readable and understandable by the public as well as our customers and business partners. To ensure this, we would like to explain some of the terms used.

For the sake of readability, the terms used in our explanations regarding persons and personal nouns will be the same as those used in the GDPR. Corresponding terms apply to all genders for the purpose of equal treatment. The shortened form of language is purely for editorial reasons and does not imply any evaluation.

PERSONAL DATA
Personal data refers to any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more specific factors that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

DATA SUBJECT

A data subject is any identified or identifiable natural person whose personal data is processed by the data controller.

PROCESSING

Processing refers to any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

PROFILING

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

PSEUDONYMIZATION

Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

DATA CONTROLLER

The data controller is the natural or legal person, agency, authority, or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the data controller or the specific criteria for its nomination may be provided for by Union or Member State law.

DATA PROCESSOR

A data processor is a natural or legal person, agency, authority, or other body that processes personal data on behalf of the data controller.

RECIPIENT

A recipient is a natural or legal person, agency, authority, or other body to whom personal data are disclosed, whether a third party or not. However, authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of such data by those authorities shall be in compliance with applicable data protection laws according to the purposes of the processing.

THIRD PARTIES

Third parties are natural or legal persons, agencies, authorities, or bodies other than the data subject, the data controller, the data processor, and the persons who, under the direct authority of the data controller or the data processor, are authorized to process personal data.

CONSENT

Consent of the data subject is any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

COOKIES

Our websites use cookies, which do not contain viruses or cause any other damage to your computer. Cookies are solely used to make our offer more user-friendly, effective, and secure. A cookie is a small text file that is sent to your computer or mobile device by a website's server and stored by your web browser. Cookies can store information such as your IP address or another identifier, your browser type, and information about the content you view and interact with on the digital services.

WEBSITE

Website, internet presence, and social media channels refer to all websites of the data controller at www.lindnerhotels.com, www.ottos-skybar.lindner.de, www.hotels-nuerburgring.de, www.karriere.lindnerhotels.com, www.development.lindnerhotels.com, www.digitaleheimat.lindner.de, and www.lindner.whistleblowernetwork.net.

The responsible party according to the EU General Data Protection Regulation (GDPR) and other national data protection laws of the member states, as well as other data protection provisions, is:

Lindner Hotels AG
Emanuel-Leutze-Straße 20; D-40547 Dusseldorf
Telephone: +49 211 5997-310
Fax: +49 211 5997-348
E-Mail: info@lindnerhotels.com

Represented by the Management Board: Arno Schwalie, Stefanie Brandes, and Frank Lindner

Responsible for website content:

Maximilian Abele
maximilian.abele@lindnerhotels.com

Responsible for information technology (IT):

Michael Eckert
michael.eckert@lindnerhotels.com

The data protection officer of the data controller is:

TÜV Informationstechnik GmbH
IT Security, Business Security & Privacy
Fachstelle für Datenschutz
Am TÜV 1; D-45307 Essen

Phone 0201 - 8999-899
Fax 0201 - 8999-666
E-Mail: privacyguard@tuvit.de

SCOPE OF PROCESSING OF PERSONAL DATA
We generally collect and use personal data of our users only to the extent necessary for providing a functioning website, as well as our content and services. The collection and use of personal data of our users usually only takes place with the user's consent. An exception applies in cases where obtaining prior consent is not possible for factual reasons and the processing of data is permitted by legal regulations.

LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
If we obtain the consent of the data subject for processing personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.

For the processing of personal data necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) of the GDPR serves as the legal basis. This also applies to processing operations necessary for the performance of pre-contractual measures.

If the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Article 6(1)(c) of the GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) of the GDPR serves as the legal basis.

If the processing is necessary for the purposes of the legitimate interests pursued by our company or a third party, and the interests, fundamental rights, and freedoms of the data subject do not override the first-mentioned interest, then Article 6(1)(f) of the GDPR serves as the legal basis for the processing.

DATA DELETION AND STORAGE PERIOD
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. Storage may also take place if provided for by the European or national legislator in Union regulations, laws, or other provisions to which the data controller is subject. Data will also be blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless there is a necessity for further storage of the data for the conclusion or performance of a contract.

BESCHREIBUNG UND UMFANG DER DATENVERARBEITUNG
With each visit to our website, our system automatically collects data and information from the computer system of the accessing device.

The following data is collected:

• Information about the browser type and version
• The user's operating system
• Hashed mobile device identifiers
• Hashed cross-device identifiers
• Geo-information
• Digital fingerprints
• Language settings in the user's browser
• Customer journey within our website
• The user's internet service provider
• Truncated IP addresses
• Date, time, and duration of access
• Websites from which the user's system accessed our website
• Websites accessed by the user's system through our website
• The data is also stored in log files by our system. No storage of this data together with other personal data of the user takes place.

LEGAL BASIS FOR DATA PROCESSING
The legal basis for the temporary storage of data and log files is Art. 6(1)(f) of the General Data Protection Regulation (GDPR).

PURPOSE OF DATA PROCESSING
The temporary storage of the IP address by the system is necessary to deliver the website to the user's device. For this purpose, the user's IP address must be stored for the duration of the session.

Storage in log files is done to ensure the functionality of the website. Additionally, the data is used for website optimization and to ensure the security of our information technology systems. No evaluation of the data for marketing purposes takes place in this context.

These purposes also constitute our legitimate interest in data processing pursuant to Art. 6(1)(f) of the GDPR.

DURATION OF STORAGE
The data is deleted as soon as it is no longer necessary to achieve the purpose of its collection. In the case of data collection for the provision of the website, this is the case when the respective session ends.

In the case of data storage in log files, this is the case no later than seven days after the data was collected. Storage beyond this period is possible. In such cases, the IP addresses of users are deleted or anonymized so that they can no longer be associated with the accessing client.

OPPOSITION AND REMOVAL OPTIONS
The collection of data for the provision of the website and the storage of data in log files are essential for the operation of the website. Therefore, users do not have the option to object.

DESCRIPTION AND SCOPE OF THE COOKIE AND TRACKING TECHNOLOGIES WE USE
We use cookies for our website. We use cookies to personalize content and ads, provide social media features, and analyze traffic to our website. We also share information about your use of our website with our partners for social media, advertising, and analytics. Our partners may combine this information with other data that you have provided to them or that they have collected as part of your use of their services. By continuing to use our website, you consent to our use of cookies.

Cookies are small text files used by websites to make the user experience more efficient.

We use cookies to make our website more user-friendly. Some elements of our website require that the requesting browser can be identified even after a page change.

The following data is stored and transmitted in the cookies:

• Language settings
• Items in a shopping cart
• Furthermore, we use cookies on our website that enable us to analyze user browsing behavior.

The following data can be transmitted:

• Entered search terms
• Frequency of page views
• Date of access Visited internal URLs
• Shopping cart (booking data, booked services, shopping cart amount, currency)
• Use of website functions

The user data collected in this way is pseudonymized through technical precautions. Therefore, it is no longer possible to assign the data to the user making the request. The data is not stored together with any other personal data of the users.

According to the law, we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies, we need your permission.

This site uses different types of cookies. Some cookies are placed by third parties that appear on our pages.

TARGETING
Based on cookie technology, data is collected on our websites to optimize our advertising and overall online offering. This data is not used to personally identify you but is solely used for pseudonymous evaluation of website usage. Your data is never merged with the personal data stored by us. With this technology, we can present you with advertising and/or special offers and services that are based on the information obtained from clickstream analysis (for example, advertising targeted at products viewed exclusively in the last few days, such as sports shoes). Our goal is to make our online offering as attractive as possible for you and to present you with advertising that matches your areas of interest.

THIRD-PARTY-COOKIES 
We use advertising partners to make our Internet offering and websites more interesting for you. Therefore, cookies from partner companies are also stored on your hard drive when you visit the websites. These are temporary/permanent cookies that are automatically deleted after the specified time. These temporary or permanent cookies (lifespan of 14 days to 10 years) are stored on your hard drive and are automatically deleted after the specified time. The cookies of our partner companies only contain pseudonymous, and in most cases, anonymous data. This may include data about which products you have viewed, whether something was purchased, which products were searched for, etc. Some of our advertising partners also collect information beyond the websites, such as which pages you visited before or which products you were interested in, in order to show you advertising that best matches your interests. This pseudonymous data is never merged with your personal data. Its sole purpose is to enable our advertising partners to address you with advertising that may actually be of interest to you.

RE-TARGETING 
Our websites use so-called re-targeting technologies. We use these technologies to make our Internet offering more interesting for you. This technique allows us to address Internet users who have already shown interest in our shop and our products with advertising on the websites of our partners. We believe that displaying personalized, interest-based advertising is generally more interesting for Internet users than advertising that has no personal connection. The display of these advertising materials on our partner sites is based on cookie technology and an analysis of previous usage behavior. This form of advertising is completely pseudonymous. Usage profiles are never merged with your personal data. By using our site, you consent to the use of so-called cookies and the collection, storage, and use of usage data about you. Your data will be stored in cookies beyond the end of the browser session and can be accessed again, for example, on your next visit to the websites. You can revoke this consent at any time with effect for the future by refusing to accept cookies in your browser settings.

HOW CAN YOU PREVENT THE STORAGE OF COOKIES?
Depending on the browser you use, you can set it to only accept storage of cookies if you agree. If you only want to accept the cookies we use and not the cookies of our service providers and partners, you can choose the setting in your browser to "block third-party cookies". In most cases, the help function in the menu bar of your web browser will show you how to reject new cookies and disable ones you have already received. For detailed information on how to adjust the settings in your browser, please use the following link. We recommend that you always completely log out on shared computers that are set to accept cookies and flash cookies.

LEGAL BASIS FOR DATA PROCESSING
The legal basis for processing personal data using cookies in this context is your personal consent pursuant to § 25 (1) TTDSG. If personal data is processed, the legal basis is Art. 6 (1) lit. a GDPR.

PURPOSE OF DATA PROCESSING
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these functions, it is necessary that the browser can be recognized even after a page change.

We require cookies for the following applications:

• Shopping cart
• Language settings
• Remembering search terms
• Remembering visited pages

The user data collected through technically necessary cookies is not used to create user profiles. The use of analysis cookies is for the purpose of improving the quality of our website and its content. Through analysis cookies, we learn how the website is used and can continuously optimize our offering. These purposes also constitute our legitimate interest in processing personal data pursuant to Art. 6 (1) lit. f GDPR.

STORAGE DURATION, OBJECTION, AND REMOVAL OPTIONS
Cookies are stored on the user's computer and transmitted to our site from there. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to fully use all the functions of the website.

Accommodation facilities, especially hotels, are required according to § 30 of the Federal Registration Act (BMG) to collect the following data from guests on the day of arrival and have the guest sign the registration form manually:

• Date of arrival and expected departure
• Last names
• First names
• Date of birth
• Nationalities
• Address
• Number of accompanying travelers and their nationalities, Serial number of the recognized and valid passport or travel document for foreign individuals
• Additional data, if necessary, for the collection of tourist and spa levies.

We are obliged to collect, process, and disclose this data in accordance with the Federal Data Protection Act (BMG). The legal basis for the processing is derived from Article 6(1)(c) of the General Data Protection Regulation (DS-GVO) in conjunction with Section 30 of the BMG. Additional information requested by us (such as telephone number, email address) is provided on a purely voluntary basis by the guest and is used for the purposes of managing the ongoing accommodation process or for invoicing. In this regard, we refer to Article 6(1)(c) of the DS-GVO.

We will delete this data or restrict its processing as soon as it is permissible according to the provisions of the BMG and if there is no consent from you (Article 6(1)(a), (b) DS-GVO) or any other legitimate interest on our part to continue processing it.

HYATT

Transmission of personal data to Hyatt Services GmbH, Römerpassage 1, 55116 Mainz, Germany ("Hyatt")

Starting from December 1, 2022, we are offering our accommodation services in collaboration with Hyatt as part of a strategic partnership. Our cooperation requires the transmission of personal data to Hyatt in order to process your reservation and provide our services.

If you give your consent in accordance with Art. 6(1)(a) of the GDPR, we will forward your reservation request, including your first and last name, title, address, and email address, to Hyatt. For more information on the processing of your personal data by Hyatt, please refer to Hyatt's privacy policy at https://www.hyatt.com/de-DE/info/privacy-policy-eu-ch.

Please note that without your consent, we will not forward your reservation request to Hyatt and, as a result, we will not be able to process it. You can withdraw your consent at any time before the start of your stay.

If you withdraw your consent, Hyatt will delete all data received from you. The cancellation of your reservation following the withdrawal of your consent is subject to the cancellation policy of our terms and conditions.

If you wish to withdraw your consent regarding a reservation before June 30, 2023, please contact Lindner directly at services@lindnerhotels.com. If you wish to withdraw your consent regarding a reservation for a date after June 30, 2023, please contact Hyatt at Hyatt Services GmbH, Römerpassage 1, 55116 Mainz, Germany, or by email at privacy@hyatt.com.

PARTNER PORTALS

Our website may utilize techniques from the following partner companies in order to efficiently process your inquiries/bookings:

• meetago GmbH
• hivr solutions GmbH

By using this website, you consent to the collection, processing, and use of automatically collected data as well as data entered by you by our partner companies, their representatives, or third-party providers. Our partner companies ensure that the processing and use of your data for the purposes of consultation, advertising, and market research only takes place with your explicit consent. Your data will not be sold, rented, or otherwise made available to third parties. You can object to the use of your data at any time by contacting our partner companies.

The terms of use and privacy policy for Meetingmarket by meeconnect, as well as the details for the meeting portal tagungshotel.com, can be found at meetago.com.

For any inquiries, please contact our partner meetago GmbH using the following contact information: meetago GmbH, Junkersring 5, 53844 Troisdorf, info@meetago.com.

The terms of use and privacy policy for hivr solutions GmbH can be found at hivr.ai. For any inquiries, please contact our partner HIVR.ai using the following contact information: hivr solutions GmbH, Gerberau 17, 79098 Freiburg, info@hivr.ai.

To provide you, as a user, with the most pleasant and convenient experience on our website, we occasionally use services from external service providers. Below, you have the opportunity to inform yourself about the data protection regulations regarding the use and implementation of these services and functions, so that you can exercise your rights with the service providers, if necessary.

GOOGLE ANALYTICS

Google Analytics is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses "cookies", i.e. text files that are stored on your computer and enable Google to carry out an analysis of the use of our offer. The information provided by the cookies on the use of our websites (including your IP address) are generally transmitted to a Google server in the USA, where they are stored. We should like to point out that Google Analytics has the additional code “gat._anonymizeIp();;” on our websites, so that the IP addresses can be recorded in an anonymised form (so-called IP masking). Therefore, with our permission, your IP address is recorded only in an abbreviated form, which guarantees that it is anonymised and that it is impossible to trace it back to you. In the case of the activation of IP anonymisation on our websites, your IP address is abbreviated in advance by Google within the member states of the European Union or within the other contracting parties to the Agreement across the European Economic Area. Only in exceptional cases is your full IP address transmitted to a Google server in the USA, where it is then abbreviated. Google uses the aforementioned information to evaluate your use of our websites, to compile reports for us on the website activities and to provide us with further services linked to the use of websites and the internet. The IP address transmitted by your browser to Google Analytics is not amalgamated with other data held by Google. The forwarding of this data by Google to third parties is carried out only within the framework of statutory provisions or the processing of contractual data. Google will never amalgamate your data with other data held by Google. By using these websites, you declare that you agree to the processing of your personal data by Google and to the aforementioned type and manner of data processing as well as the purpose thereof already mentioned. You can prevent the storage of cookies by changing the settings in your browser software; however, we should like to point out that this may result in certain functionalities of our websites not being fully operational for you. You can also prevent the recording and processing of the data regarding your use of these websites collected by the cookie (incl. your IP address) by Google, by downloading and installing the browser plugin that is available at the following link.

You will find further information on Google Analytics and data protection at http://tools.google.com/dlpage/gaoptout?hl=de.

GOOGLE-ADWORDS

This website uses the online advertising programme “Google AdWords”, which also includes conversion tracking. The cookie for conversion tracking is placed when a user clicks on an advertisement placed by Google. These cookies remain valid for 30 days only and are not used for personal identification. If the user visits specific pages of the website and the cookie has not yet expired, we and Google are able to see that the user has clicked on the advertisement and was directed to this webpage. Every Google AdWords client is given a different cookie. This means that cookies cannot be tracked via the websites of AdWords clients. The information obtained with the help of conversion cookies helps us to compile conversion statistics for AdWords clients who have opted for conversion tracking. These clients are given the total number of users who have clicked on their advertisement and were directed to a page that contains a conversion tracking tag. However, they do not receive any information that could help them to identify the individual users personally. Users who do not want to participate in tracking can easily deactivate the cookie for Google conversion tracking via the user settings in their internet browser. These users are then not recorded in the conversion tracking statistics. Find out more about Google’s Data Protection Provisions.

GOOGLE MAPS

Our websites use Google Maps to display area maps and to create routes for journeys. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using this website, you agree to the recording, processing and use of the data automatically collected by Google, or by one of its representatives or third-party suppliers, or the data supplied by you to Google, or one of its representatives or third-party suppliers. You will find the conditions of use for Google Maps at Google Maps Conditions of use. You will find further details at the data protection centre for google.de: Transparency and options as well as data protection provisions.

SOCIAL PLUGINS

Our internet site uses social plugins (“plugins”) from different social networks. With the help of these plugins you can share contents or recommend products, for example. The plugins on our websites are deactivated as standard and therefore do not transmit any data. By clicking on the "Activate Social Media" button you can activate the plugins. Naturally, the plugins can be activated with a simple click as well.

If these plugins are activated, your browser creates a direct link with the servers of the relevant social networks as soon as they call up one of the websites in our internet presence. The contents of these plugins are transmitted directly to your browser and linked by this to the website.

By linking the plugins, the social network receives the information that you have called up via the corresponding page in our internet presence. If you are logged in to the social network, this can assign the visit to your account. If you interact with the plugins, for example, if you click the “Like” button on Facebook or leave a comment, the corresponding information is transmitted to the social network by your browser, where it is then stored.

Please consult the relevant networks and/or websites for details of the purpose and scope of the data collection and the further processing and use of the data by said social networks as well as their rights and setting options in this regard for the protection of your private sphere. You will find the relevant links below.

Even if you are not registered with the social networks, data can be sent to these networks by websites with active social plugins. A cookie with an identification key is set by an active plugin at every visit to the website. Since your browser automatically sends this cookie with every link to a network server, in principle it would be possible for the network to create a profile on which websites the user with this identification key has visited. And then it would also be absolutely possible to trace back this identification key later on to a person, via a subsequent registration with a social network, for example.

We use the following plugins on our websites:

• Facebook
• Twitter
• Pinterest
• Instagram
• LinkedIn
• Xing

If you do not want social networks to collect your data via active plugins, you can either deactivate the social plugins by simply clicking on our website or click on the function "Block cookies from third-party service providers" in your browser settings. Then your browser will not send any cookies to the server in the case of embedded contents of other providers. However, by enabling this setting it is possible that other cross-page functions will no longer operate, in addition to the deactivated plugins.

a) Facebook

We use plugins for the social network facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). You will find the link to the data protection declaration for Facebook here: Data protection declaration for Facebook.

Further information about your respective data protection rights and options for adjusting the protection of your privacy can be found at: https://www.facebook.com/policy.php, https://www.facebook.com/help/186325668085084.

b) Twitter

We use plugins for the social network Twitter, which is operated by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (“Twitter”). You will find the link to the data protection declaration for Twitter here: Data protection declaration for Twitter.

c) Pinterest

We use plugins for the social network Pinterest, which is operated by Pinterest Inc., 635 High Street, Palo Alto, CA, USA (“Pinterest”). You will find the link to the data protection declaration for Pinterest here: Data protection declaration for Pinterest.

d) Instagram

We use plugins for the social network instagram.com, which is operated by Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025 USA (“Instagram”). You will find the link to the data protection declaration for Instagram here: Data protection declaration for Instagram.

e) LinkedIn

We use plugins for the social network Linkedin, which is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). You will find the link to the data protection declaration for LinkedIn here: Data protection declaration for LinkedIn.

f) XING

We use plugins for the social network xing.com, which is operated by XING SE, Dammtorstraße 30, 20354 Hamburg, Germany (“XING”). You will find the link to the data protection declaration for XING here: Data protection declaration for XING.

YOUTUBE

Our website uses plugins for YouTube, which is operated by Google. The operator of these pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit other pages that have a YouTube plugin, a connection to the YouTube servers is created. This means that the YouTube server is informed of which of our pages you have visited If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your profile. You can prevent this by logging out of your YouTube account. You will find further details on how your user data is used in the Data Protection Declaration for YouTube.

SABRE

This website uses the software provider Sabre Inc. for the provision of an online booking machine  (https://www.sabre.com)  The operator of the website is Sabre GLBL Inc., 3150 Sabre Drive, Southlake, Texas 76092, USA. The personal data that you provided with your order during the purchase process is used for the purposes of business processing. You will find further information on the data protection declaration for Sabre Inc here.

SITPAY

This website uses the SITPAY cash accounting system for e-payments and customer loyalty programmes (http://www.sit-pay.de/) for processing purchases with vouchers. The operator of this website is SIT Solution for IT-Payment GmbH, Eiffestr. 74, D-20537 Hamburg. The personal data that you provided with your voucher purchase during the purchase process is used for the purposes of business processing. You will find further information on the data protection declaration for SIT Solution for IT-Payment GmbH here.

MATTERPORT

Our website contains virtual tours of hotels connected via the portal my.matterport.com. The operator of this portal is Matterport, Inc., 352 E. Java Dr. Sunnyvale, CA 94089, USA.

When you visit our pages that include a virtual tour, a link is created to the Matterport servers. This means that the Matterport server is informed which of our pages you have visited. Matterport also receives your IP address. This occurs even if you are not logged into Matterport or do not have an account with Matterport. The information recorded by Matterport is sent to the Matterport servers in the USA.

If you are logged into your Matterport account, you enable Matterport to assign your surfing behaviour directly to your profile. You can prevent this by logging out of your Matterport account.

Matterport is used in the interests of creating an attractive representation of our online offers. This represents a legitimate interest as defined in Art. 6 (1) f) GDPR. You can find further information about how Matterport implements the GDPR and handles user data at https://support.matterport.com/hc/en-us/articles/360000904267-Matterport-s-Plan-for-GDPR and in Matterport's Privacy Policy at https://matterport.com/legal/privacy-policy/.

SQUARELOVIN

The provider of this website uses the services of Squarelovin (https://squarelovin.com) to display user-generated content. The content is collected via the network Instagram (www.instagram.com). Our partner here is Anchor Media GmbH, Budapester Strasse 45, 20253 Hamburg, Germany. You can find further information about data protection legislation at https://sqln.io/ldh?lang=de.

ADOBE ANALYTICS

We use Adobe Analytics, a web analytics tool, on our website. The service provider is the American company Adobe Inc. The Irish company Adobe Systems Software Ireland Companies, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland, is responsible for the European region.

Adobe also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may pose various risks to the lawfulness and security of data processing.

As a basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, i.e. in particular the USA) or a data transfer there, Adobe uses so-called standard contractual clauses (see Art. 46 (2) and (3) DS-GVO).

Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through these clauses, Adobe undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed, and managed in the United States. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en.

For more information about the standard contractual clauses and about the data processed through Adobe's use, see Adobe's Privacy Policy at https://www.adobe.com/privacy.html.

Description and scope of the data processing

A contact form is available on our internet site which can be used to contact us electronically. If a user wishes to take advantage of this option, the data entered in the input screen is transmitted to us and stored. This data is:

• Form of address
• First name
• Last name
• Telephone
• Email address
• Re.
• Date of arrival
• Date of departure
• Details about your enquiry

The following data is also stored when the message is sent:

• Date and time contact was made

For the processing of data, your consent will be obtained as part of the sending process, and reference will be made to this privacy policy. Alternatively, contact can be made using the provided email address. In this case, the personal data transmitted with the email will be stored. There is no further disclosure of the data to third parties in this context. The data will be used exclusively for the processing of the conversation.

Legal basis for data processing

The legal basis for the processing of the data following receipt of the user’s consent, is Art. 6 para. 1a GDPR.

The legal basis for the processing of the data that is transmitted by email, is Art. 6 para. 1f GDPR. If the email contact should result in the conclusion of a contract, the additional legal basis for the processing of the data is Art. 6 para. 1b GDPR.

Purpose of the data processing

The processing of personal data from the input screen is used by us exclusively for the purpose of processing the contact. In the case of contact by email, this also includes the necessary justified interest in the processing of the data.

The other personal data processed during the send process are used to prevent any misuse of the contact form and to guarantee the security of our IT systems.

Duration of storage

The data is deleted as soon as it is no longer required for the purpose for which it was collected. With regard to personal data from the input screen for the contact form and that sent by email, this is the case once the relevant conversation with the user has ended. This conversation is ended, once it is clear from the circumstances that the relevant matter has been definitively clarified.

The additional personal data that is collected during the send process is deleted after a period of seven days at the latest.

Opportunity to contest data or have it eliminated

The user has the option of revoking their consent to the processing of personal data at any time. If the user gets in touch with us by email, they can contest the storage of personal data at any time. In such a case it is impossible for the conversation to be continued. It is possible to have a profile deleted by emailing services@lindnerhotels.com. All the personal data that was stored during the contact process is deleted in this case. In addition, any enquiries over an interval of one month are completely deleted from our system.

Description and scope of the data processing:

For the purpose of subscribing to our newsletter, we process the following (personal) data:

• E-Mail-Adress
• Date & time of the request
• IP address

The processing of the email address is intended for sending newsletters via email to the provided email address. Providing this information is necessary to receive our newsletter. The processing of the additional data is for documentation and proof of the request. Additional details such as first and last name are optional. If provided, we use this information for personalizing our emails and tailoring our newsletter content to the interests of the recipient.

Our newsletter is regularly sent out to inform about offers, promotions, and news.

LEGAL BASIS

The processing of the email address is based on consent pursuant to Art. 6(1)(a) of the General Data Protection Regulation (GDPR). We ensure this through the use of the so-called double opt-in procedure. This means that our newsletter service starts only after the reconfirmation of our welcome email to the provided email address. The logging of the IP address, date, and time of the newsletter request, as well as the date of confirmation, is based on our legitimate interest pursuant to Art. 6(1)(f) of the GDPR, in order to document the consent to receive the newsletter and to be able to provide evidence if necessary.

Unsubscribing from the newsletter is possible at any time and can be done either through a designated link in the newsletter or by sending an email message to newsletter@lindnerhotels.com. 

STORAGE DURATION

Consent to receive our newsletter can be revoked at any time for the future. In this case, we will delete the data provided during the newsletter registration, unless there are legal retention obligations or we are otherwise authorized to store the data.

The following data protection information relates to the websites of Lindner Hotel Shop at https://lindner.hotelshop.one.

Description and Scope of Data Processing

In the context of orders placed through our Hotel Shop, we process the personal data you provide to us. Depending on the payment service provider you choose during the order process, we disclose the payment data collected for this purpose to the credit institution responsible for payment processing and, if applicable, to payment service providers commissioned by us or to the selected payment service. In some cases, the selected payment service providers also collect this data themselves if you create an account with them. In this case, you must log in to the payment service provider using your access data during the order process.

In order to fulfill the contract, we work closely with certain partner companies and individuals whom we engage to perform some of our tasks. We grant them access to the necessary data for this purpose within the scope of contract fulfillment. They are not permitted to use this data for other purposes. They are also obliged to comply with these data protection provisions and data protection laws. Examples include logistics companies that need to know the delivery address, of course.

Otherwise, data will only be disclosed to third parties with the consent of the data subject.

Legal Basis for Processing

The legal basis arises from the extension of the contract in accordance with Art. 6(1)(b) of the General Data Protection Regulation (DS-GVO). In these cases, a credit check may be carried out by a certified company based on § 31 of the German Federal Data Protection Act (BDSG).

Purpose of Processing

All personal data we process serves exclusively the purpose of fulfilling all activities that are necessary within the scope of contract conclusion or contract initiation when using the Lindner Hotel Shop, as per Art. 6(1)(b) of the DS-GVO. Without processing your personal data, it is not possible to fulfill the contract and deliver the ordered goods.

Non-customers who have an interest in the relationship of our newsletter, a product catalog, or product information can register after giving their consent and use the services of Lindner Hotels AG in accordance with Art. 6(1)(a) of the DS-GVO.

Recipients of the personal data processed in the shop are the departments of Lindner Hotels AG and its subsidiaries and their subsidiaries.

In some cases, goods are delivered to Switzerland. In this case, personal data of the contractual partner is sent to Switzerland due to contractual obligations. Switzerland is considered a safe third country in accordance with Art. 45 of the DS-GVO. The use of personal data in the context of contractual sales transactions is therefore permissible without further examination.

Disclosure of personal data to third parties only occurs for purchases made on invoice.

Retention Period

The duration of data storage depends on legal requirements and the purpose of data storage. If the purpose of data processing no longer exists, the data will be deleted. In principle, collected personal data will be deleted if consent is revoked, the data is proven to be incorrect, the data was collected unlawfully, or if legal requirements do not require data storage (e.g., invoice data after 10 years). If there is no legal basis for storage, every data subject has the right to rectification, erasure, or restriction of processing of their personal data.

The following data protection information pertains to our website www.lindner.whistleblowernetwork.net and the use of our whistleblower system, EQS Integrity Line.

PERSONAL DATA

In principle, the use of the EQS Integrity Line is possible - as far as legally permissible - without providing personal data. However, you may voluntarily provide personal data within the whistleblowing process, in particular your identity, first and last name, country of residence, telephone number or email address.

In principle, we do not request or process any special categories of personal data, e.g. information on racial and/or ethnic origin, religious and/or ideological beliefs, trade union membership or sexual orientation. However, due to free text fields in the notification form, such special categories of personal data may be voluntarily disclosed by you.

The notification you provide may also contain personal data of third parties to which you refer in your notification. Data subjects will be given the opportunity to comment on the notice. In this case, we will inform the data subjects about the notice. In this case, your confidentiality is also protected, as no information about your identity will be provided to the data subject - as far as legally possible - and your tip will be used in such a way that your anonymity is not jeopardised.

Purpose and legal basis of processing

The EQS Integrity Line enables you to contact us and report indications of compliance and legal violations. We process your personal data to verify the report you have made via the EQS Integrity Line and to investigate the alleged compliance and legal violations. In doing so, we may have queries for you. For this purpose, we exclusively use communication via the EQS Integrity Line. In this context, the confidentiality of the information you provide is our top priority.

The corresponding processing of your personal data is based on your consent given when reporting via the EQS Integrity Line (Art. 6 para. 1 lit. a European Data Protection Regulation, DSGVO).

Furthermore, we process your personal data to the extent necessary to fulfil legal obligations. This includes in particular notifications of criminal, competition and labour law relevant facts (Art. 6 para. 1 lit. c DSGVO).

Finally, the processing of your personal data takes place insofar as this is necessary to safeguard the legitimate interests of the company or a third party (Art. 6 para. 1 lit. f DSGVO). We have a legitimate interest in the processing of personal data for the prevention and detection of violations within the company, for the verification of internal processes for their lawfulness and for safeguarding the integrity of the company.

If you disclose special categories of personal data to us, we process them on the basis of your consent (Art. 9 para. 2 lit. a DSGVO).

In addition, we use your personal data in anonymised form for statistical purposes.

We do not intend to use your personal data for purposes other than those listed above. Otherwise, we will obtain appropriate consent from you in advance.

Technical implementation and security of your data

The EQS Integrity Line contains an option for anonymous communication via an encrypted connection. When using it, your IP address and your current location are not stored at any time. After sending a note, you will receive access data to the EQS Integrity Line mailbox so that you can continue to communicate with us in a protected manner.

To ensure data protection and confidentiality, we maintain appropriate technical measures. The data you provide will be stored on a specially secured database of EQS. All data stored on the database is encrypted by EQS according to the current state of the art.

Transfer of personal data

The company operates internationally and has locations in various countries within and outside the European Union. Access to the stored data is only possible for specially authorised persons within the company. Insofar as this is necessary to fulfil the aforementioned purpose, specially authorised persons from our subsidiaries may also be entitled to inspect the data.

This is particularly the case if the investigation of their report is carried out in the country concerned. All persons authorised to inspect the data are expressly obliged to maintain confidentiality.

In order to fulfil the aforementioned purpose, it may also be necessary for us to transfer your personal data to external bodies such as law firms, criminal or competition authorities, within or outside the European Union.

If we transfer your personal data within the group or externally, a uniform level of data protection is ensured by means of internal data protection regulations and/or corresponding contractual agreements. In all cases, responsibility for data processing remains with the company.

Finally, we transfer your personal data to EQS for technical implementation to the extent described above. For this purpose, we have concluded an order data processing agreement to ensure data protection with EQS.

Duration of storage

We only store personal data for as long as is necessary to process your notice or we have a legitimate interest in storing your personal data. Storage may take place beyond this if this has been provided for by the European or national legislator for the fulfilment of legal obligations, such as retention obligations.

The term "organisation" refers to the company receiving the notification (Lindner).

Lindner takes the protection of personal data very seriously. This privacy statement explains what personal data we collect from you when you use the EQS Integrity Line and how we use it. We ensure compliance with applicable data protection regulations through appropriate technical and organisational measures.

The technical implementation of the EQS Integrity Line is carried out on our behalf by EQS Group AG, Hardturmstrasse 11, 8005 Zurich, Switzerland ("EQS"). Further information on data protection at EQS Group AG can be found at: www.eqs.com/de/ueber-eqs/datenschutz/.

The following data protection information pertains to the online application platform of Lindner Hotels & Resorts and the me and all Hotel Group at karriere.lindnerhotels.com:

Scope of the processing of personal data

As part of the application process we only process your personal data that are connected with your application and which are required to determine your professional and personal capabilities in relation to the job being filled. We only use the information you have sent us directly. This may also include information you have provided on online career networks or other job portals.

Our objective is to make the application process as simple as possible for you. We will also be happy to consider your application for other positions at Lindner Hotels AG. If interested, you can join our talent community (talent pool) as part of the application process by giving your consent for this purpose. The same applies to speculative applications that you send us as part of our talent community. You decide actively whether we may contact you for specific job proposals.

With an online application you enter your personal data in the online form and upload the relevant documents. With your online application, as an alternative to entering your personal data manually or uploading a document, you can also transfer your profile from a social network or job portal (LinkedIn, Indeed, etc.).

We carry out an online assessment for selecting management positions. In order to implement the online test process, we work together with our partner AS Profiling, Andrea Schmelzenbach Personalberatung, Alpspitzstrasse 1, 82347 Bernried am Starnberger See, Germany, with whom we have a contractual relationship. People who have applied to us are invited to take part in the online test by AS Profiling by email on our behalf. We share the information required for the invitation and implementation of the online test process (first name, surname and email address) with AS Profiling solely for this purpose.

Type of personal data

We collect your personal data that are relevant to the application process. These may be general data about you (such as name, address and contact details), information about your professional education and qualifications, information about your professional training or other information about your professional career that you send us in connection with your application. In the case of a speculative application that does not relate to a specific position, we also ask about your preferences (e.g. departments you are interested in) so that we can consider you for other suitable jobs.

If we ask you about your gender as part of the application process in the form of your preferred title, the only reason for doing so is because we wish to write to or address you correctly. If you have a nationality from outside the EU, a work permit for Germany will be required. We therefore also ask you about your nationality as part of the application process.

Legal basis and purposes of the processing of personal data

We process the data specified under XII 1. for the purposes of deciding whether to establish an employment relationship and – if an employment relationship is created between you and us – to implement or terminate the employment relationship and to exercise or meet our statutory rights and duties based on § 26 of the German Data Protection Act [Bundesdatenschutzgesetz (BDSG)]. We may also process personal data about you if this is necessary to establish or defend legal claims arising from the application process. The legal basis for this is Art. 6 (1) f) GDPR (EU General Data Protection Regulation). The legitimate interest is to preserve our legal positions.

Recipients

Only those people have access to your personal data at our company who require it for the purposes stated under XII 1. We only share your personal data with external recipients if we have legal authority to do so or we have obtained your consent. External recipients may be:

• Commissioned processors: Service providers whom we use to perform services, for example in the fields of technical infrastructure and the maintenance of our IT systems.
• Public bodies: Public authorities and government institutions, such as social security agencies, the courts or authorities to which we are obliged to send personal data for mandatory legal reasons.
• Private bodies: Tax advisers, insurance companies or similar auxiliaries to whom data are sent based on a consent or a legal basis.

Your personal data are treated in strict confidence and only supplied to the people who are responsible for and involved in the application process, and contractors who perform the services required for the selection process (e.g. providers of online tests).

If you are considered for a position, the subsequent use or sharing of your personal data are restricted to purely job-related purposes and to the group of people who must be made aware of it as part of the appointment. This also applies to information disclosed to internal or external service providers for the necessary pre-contractual verification processes and based on legal or official requirements.

SOURCES

If you do not send your application to us directly, but via an external online portal or an external recruiter, we initially collect your data via these third parties.

Data deletion and duration of storage

We delete your personal data at the end of the application process, unless a legal authority or your consent allows a longer retention period. In both of these cases we delete your personal data once the legal authority no longer exists or you withdraw your consent.

If you set up your own profile as part of an online application for a specific position, you can delete your data and the attachments (such as your CV) yourself at any time. You also have the option of asking us to delete your data. If you wish us to delete your applicant profile immediately, please contact hr@lindner.de.

Our standard deletion period for an application is six months after completion of the application process or after completion of a recruitment event. Fourteen days before your profile is deleted, you will receive an email from us informing you of the impending deletion. With this email you have the option of asking for your data to continue to be stored as part of our talent community.

If you have asked us to delete your data as part of an application for a management position, we will inform our partner for the compulsory online assessment, AS Profiling, immediately, with a note that your data must also be deleted immediately at AS Profiling. The deletion period for AS Profiling is immediate.

If you have filed your data and CV in our talent pool as part of the “talent community” function, we will contact you by email 12 months after you have become a member of our talent community and ask you to renew your consent. If you do not update your data, it is deleted completely no later than after 18 months.

The following data protection information relates to the processing of personal data of our employees in the employment relationship, specifically regarding the use of the internal communication platform of Lindner Hotels & Resorts and the me and all Hotel Group at digitaleheimat.lindnerhotels.com.

Scope of the processing of personal data

The data you provide (e.g. CV and emergency contacts) and data created as part of your service relationship (e.g. salary data, sickness absences, leave in order to care for dependents and grace periods) are processed as part of your employment relationship. 

The data are processed and transferred for the payment of wages, salaries and fees, and to comply with our recording, notification and reporting duties, providing this is required based on laws or standards for the collective shaping of law or employment contract obligations, including text documents created and archived with the assistance of automated processes (such as correspondence) in these matters. We cannot conclude or implement the contract with you without these data. This also applies to all voluntary social benefits paid by the employer and external training and in-service training offers.

We collect and use our employees’ personal data in principle only to the extent required to establish and implement the employment relationship. In all other respects, as a rule we only collect and use our employees’ personal data with the employee’s consent. An exception applies in those cases where prior consent cannot be obtained for objective reasons and the processing of the data is permitted by statutory regulations.

Legal basis for the processing of personal data

a. For personal data under Art. 4 subsection 1 BDSG

• Processing is based on consent (Art. 6 (1) a) GDPR) - with no employment context
• For pre-contractual measures (Art. 6 (1) b) GDPR) - with no employment context
• For performance of the contract (Art. 6 (1) b) GDPR) - with no employment context
• Processing is required for a legal obligation (Art. 6 (1) c) GDPR)
• Processing is carried out to protect vital interests (Art. 6 (1) d) GDPR)
• Processing is in the public interest or is carried out in the exercise of official authority (Art. 6 (1) e) GDPR)
• Legitimate interests of the data controller or a third party (Art. 6 (1) f) GDPR)
• Processing is based on a change of purpose (Art. 6 (4) GDPR).
• The processing is carried out to establish an employment relationship (see § 26 (1) clause 1 BDSG).
• The processing is carried out to implement or terminate an employment relationship (see § 26 (1) clause 1 BDSG).
• The processing is required to exercise or fulfil rights and duties to represent the interests of the employee arising from a law, tariff agreement or works agreement (see § 26 (1) clause 1 BDSG).
• The processing is carried out to uncover criminal offences within the employment relationship (see § 26 (1) clause 2 BDSG).
• The processing is carried out on the basis of the employee’s consent (see § 26 (2) BDSG).
• The processing is carried out on the basis of collective agreements (see § 26 (4) BDSG).

b. For particular categories of personal data as defined in Art. 9 (1) GDPR

• Processing is based on consent (Art. 9 (2) a) GDPR) - with no employee context.
• Processing is carried out in the context of social law (Art. 9 (2) b) GDPR in conjunction with § 22 (1) subsection 1a BDSG).
• To fulfil statutory duties arising from employment law or social law (Art. 9 (2) b) GDPR in conjunction with § 26 (3) BDSG) “employee context”.
• Processing is based on a tariff agreement or a works agreement (Art. 9 (2) b) in conjunction with § 26 (4) BDSG) “employee context”.
• There are vital interests / no consent is possible (Art. 9 (2) c) GDPR).
• Processing is carried out in accordance with Art. 9 (2) d) GDPR.
• Processing relates to personal data which is manifestly made public by the data subject (Art. 9 (2) e) GDPR).
• Processing is required for the establishment, exercise or defence of legal claims (Art. 9 (2) f) GDPR).
• Processing is carried out in accordance with Art. 9 (2) g) GDPR.
• Processing is carried out in accordance with Art. 9 (2) h) GDPR in conjunction with § 22 (1) subsection 1b BDSG.
• Processing is necessary for archiving purposes in the public interest, or in scientific or historical research purposes or for statistical purposes (Art. 9 (2) j) GDPR).

Sources

If you do not send your employee data to us directly, but via an external online portal or an external recruiter, we initially collect your data via these third parties.

Recipients

Only those people at our company who require your personal data for the purposes stated under IV. 1. have access to them. We only share your personal data with external recipients if we have legal authority to do so or we have obtained your consent. External recipients may be:

• Commissioned processors: Service providers whom we use to perform services, for example in the fields of technical infrastructure and the maintenance of our IT systems.
• Public bodies: Public authorities and government institutions, such as social security agencies, the courts or authorities to whom we are obliged to send personal data for mandatory legal reasons.
• Private bodies: Tax advisers, insurance companies or similar auxiliaries to whom data is sent based on consent or a legal basis.

Data deletion and duration of storage

Employees’ personal data are deleted or blocked as soon as the purpose for storing the data no longer exists. However, they may continue to be stored if this is provided for by the European or national legislation, in directives, laws or other regulations under EU law to which the data controller is subject. The data are also blocked or deleted if the retention period stipulated by the regulations referred to expires, unless there is a requirement for the data to continue to be stored for the conclusion or the performance of a contract.

The protection of the information you provide to us or that we receive about you is a priority for us. We take appropriate security measures to protect your data from loss, misuse, unauthorized access, alteration, disclosure, or destruction. Our company has implemented technical and organizational measures to ensure the ongoing confidentiality, integrity, availability, and resilience of systems and services that process personal data, and will restore the availability and access to information in a timely manner in the event of a physical or technical incident.

If personal data about you is processed by us, you are considered a data subject within the meaning of the General Data Protection Regulation (GDPR), and you have the following rights towards us after successful identification:

Right of information

You can request a confirmation from the person responsible whether personal data that affects you is being processed by us.

If such processing is indeed being carried out, you can request the following information from the person responsible:

• the purposes for which your data is being processed;
• the categories of personal data that is being processed;
• the recipients and/or categories of recipients to whom the personal data that affects you is being disclosed or will be disclosed in the future;
• the planned storage period for the personal data that affects you or, if it is not possible to give any specific information in this regard, the criteria for determining the storage period;
• the existence of a right to rectification or deletion of the personal data that affects you, a right to the restriction of processing by the person responsible and a right to object to this processing;
• the existence of a right to appeal to a supervisory authority;
• all available information on the origin of the data, if the personal data was not collected from the person affected;
• the existence of an automated decision-making process including profiling pursuant to Art. 22 para. 1 and 4 GDPR and – at least in these cases – meaningful information on the logic involved as well as the scope and the envisaged impact of such processing for the affected person.

You have the right to request information whether the personal data that affects you is being transmitted to a third country or to an international organisation. In this connection you can request to be informed about the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.

Right to rectification

You have a right to rectification and/or completion vis-à-vis the person responsible, insofar as the personal data that affects you being processed is wrong or incomplete. The person responsible must carry out the rectification as quickly as possible.

Right to a restriction in the processing

Subject to the following conditions you can request a restriction in the processing of the personal data that affects you:

• if you are contesting the correctness of the personal data that affects you for a period of time that allows the person responsible to check the correctness of the personal data;
• if the processing is unlawful and you refuse to have the personal data deleted but instead request a limitation in the use of the personal data;
• the person responsible no longer requires the personal data for the purposes of processing, but you require them for enforcement or execution purposes or for the defence of legal claims, or
• if you have submitted a complaint concerning the processing pursuant to Art. 21 para. 1 GDPR and it is not yet clear whether the justified reasons of the person responsible take precedence over your reasons.

If the processing of the personal data that affects you is restricted, this data – apart from its storage – may only be processed with your consent or in order to enforce, execute or defend legal claims or for the protection of the rights of another natural person or legal entity or for reasons of an important public interest on the part of the European Union or another member state.

If the limitation in the processing pursuant to the aforementioned conditions is restricted, you will be informed by the person responsible.

Right to deletion

You can request from the person responsible that the personal data that affects you should be deleted with immediate effect, and the person responsible is obliged to delete this data immediately, if one of the following reasons applies:

• the personal data that affects you is no longer required for the purposes for which they were collected or for which they were processed in another manner.
• You revoke your consent on which the processing is based pursuant to Art. 6 para. 1a or Art. 9 para. 2a GDPR and there is no other legal basis for the processing.
• Pursuant to Art. 21 para. 1 GDPR you have submitted a complaint regarding the processing and there are no overriding reasons that justify the processing, or you have submitted a complaint regarding the processing pursuant to Art. 21 para. 2 GDPR.
• The personal data that affects you was unlawfully processed.
• The deletion of the personal data that affects you is required for the fulfilment of a legal duty according to the law of the European Union or the law of a member state to which the person responsible is subject.

If the person responsible has made the personal data that affects you publicly and if they are obliged to delete it pursuant to Art. 17 para. 1 GDPR, they shall implement appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform the officers involved in the data processing who are processing the personal data that, as the affected person, you have requested that they should delete all the links to this personal data as well as any copies or replicas thereof.

There is no right to deletion if the processing is necessary

• for the enforcement of the right to free speech and information;
• for the fulfilment of a legal duty that requires the processing pursuant to the law of the European Union or of a member state that is subject to said responsibility, or in order to fulfil a task that is in the public interest or is a result of the exercise of public authority with which the person responsible has been entrusted;
• for reasons of the public interest within the area of public health pursuant to Art. 9 para. 2h and i as well as Art. 9 para. 3 GDPR;
• for the purposes of archiving that are in the public interest, or for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, if the law mentioned in Section a) will probably make the realisation of the aims of this processing impossible or will seriously impede it, or
• for the enforcement, execution and defence of legal claims.

Right to information

If you have exercised your right for correction, deletion or restriction in processing vis-à-vis the person responsible, the latter is obliged to inform all the recipients of the personal data that affects you of this correction or deletion of the data or the restriction in processing, unless this should prove to be impossible or it entails a disproportionate amount of time and effort.

You have the right to be informed of these recipients by the person responsible.

Right to data transferability

You have the right to receive the personal data that affects you and that you have made available to the person responsible, in a structured, current and machine-processable format. In addition, you have the right to transfer this data to another person responsible without any obstacle being placed in the way by the person responsible for whom the personal data was prepared, insofar as

• the processing is based on a consent pursuant to Art. 6 para. 1a GDPR or Art. 9 para. 2a GDPR or on a contract pursuant to Art. 6 para. 1b GDPR and
• the processing is carried out with the aid of an automated procedure.

In exercising this right, you also have the right to insist that the personal data that affects you is transferred directly from the one person responsible to the other, insofar as this is technically possible. The rights and freedoms of others must not be restricted by this.

The right of data transferability does not apply for the processing of personal data that are required for the execution of a task that is in the public interest or is a result of the exercise of public authority with which the person responsible has been entrusted.

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, which is based on Article 6(1)(e) or (f) of the GDPR, including profiling based on those provisions.

In this case, we will no longer process the personal data concerning you unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.

If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to the processing for direct marketing purposes, we will no longer process the personal data concerning you for such purposes.

You have the right to withdraw your consent to the processing of your personal data at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Right to revoke the data protection declaration of consent

You have the right to revoke your data protection declaration of consent at any time. The legality of the processing up until the point of the revocation of your consent is not affected by this.

Automatic decision in an individual case including profiling

You have the right not to be bound by a decision that is based exclusively on automated processing – including profiling – that restricts you vis-à-vis any legal effect or that considerably restricts you in any other way. This does not apply if the decision

• for the conclusion or the completion of a contract between you and the person responsible is required,
• based on the legal provisions of the European Union or of the member states to which the person responsible is subject, is admissible and these legal provisions contain appropriate measures for the maintenance of your rights and freedoms as well as your justified interests or
• is carried out with your express consent.

However, these decisions may not be based on specific categories of personal data pursuant to Art. 9 para. 1 GDPR, if Art. 9 para. 2a or g applies and appropriate measures for the protection of your rights and freedoms as well as your justified interests were met.

With regard to the cases mentioned in (1) and (3) the person responsible shall take appropriate measures to maintain your rights and freedoms as well as your justified interests, whereby the right to intercede on behalf of a person by the person responsible, to the presentation of a personal point of view and to challenge the decision is included at least.

Right to lodge a complaint with a supervisory authority

Irrespective of any other legislative or regulatory judicial remedies, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place where the alleged violation took place, if you are of the opinion that the processing of the personal data that affects you has violated the GDPR. http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm 

Die für unser Unternehmen zuständige Aufsichtsbehörde ist der/die:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen Kavalleriestr. 2-4, 40213 Düsseldorf

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestr. 2-4, 40213 Düsseldorf

Telephone: 0211/38424-0
Fax: 0211/38424-999
E-Mail: poststelle@ldi.nrw.de

To the extent that parts of our information are also offered in languages other than German, this is exclusively a service for employees, customers, guests, and interested parties of Lindner Hotels AG, Lindner Hotels & Resorts, and me and all Hotels GmbH who are not proficient in the German language.

In the event of discrepancies between the German version of our privacy policy and a version of it in another language, the German version shall prevail.

Our privacy policy and general notice regarding the processing of your personal data only apply to the processing carried out within our premises and our own websites. Other websites are not covered by our notices and generally provide their own specific guidelines.

If you are not satisfied with the privacy measures presented here or if you have any questions regarding the collection, processing, and/or use of your personal data, please contact us. We will respond to your inquiries as soon as possible and make efforts to implement your suggestions. Please direct your privacy-related concerns to privacy@lindnerhotels.com.

The Lindner Hotels AG has successfully demonstrated compliance with the Payment Card Industry Data Security Standard (PCI DSS) version 3.2.1. The company has successfully completed the following PCI DSS assessment measures:
Assessment Measure: Onsite Assessment 
Assessment Date: 08. September 2023
Valid Until: 07. September 2024

Show certificate

This privacy policy will be updated in the future in accordance with new legal requirements or significant changes to the functionality of our websites. Therefore, we recommend that you regularly review our privacy policy at regular intervals. In the event that we make substantial changes, we will publish a clear notice in this section.