Privacy Policy

Introduction

Thank you for your interest in our website. The protection of your personal data is important to us. Below you will find information about how we handle your data that is collected through your use of our website. Your data will be processed in accordance with the legal data protection regulations.

Controller within the meaning of data protection law

Hotel Casa Colonia e.K.

Machabäerstr. 63

50668 Köln

mail@cas-colonia.de

Telefax: 0221 160601

Definitions

Our privacy policy should be simple and understandable for everyone. For this reason, our privacy policy generally uses the official terms of the General Data Protection Regulation (GDPR). The official definitions are explained in Art. 4 GDPR.

Webhosting

This website is hosted by an external service provider (hoster). This website is hosted in XX. Personal data collected on this website is stored on the hoster’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, web page accesses and other data generated by a website. We have concluded a Data Processing Agreement with the provider in accordance with the requirements of Art. 28 GDPR, in which we commit him to protect the data of our customers and not to pass them on to third parties.

Server-Logfiles

Once you visit our website, it is technically necessary that data is transmitted to our web server via your internet browser. The following data is recorded during an active connection for communication between your internet browser and our web server

Date and time of the request
Name of the requested file
Page from which the file was requested
Access status
Web browser used and operating system used
(Full) IP address of the requesting computer
Transmitted amount of data

We collect the listed data in order to guarantee a frictionless connection establishment and to enable a comfortable use of our website by the users. The log file also serves for evaluating system security and stability as well as administrative purposes. The legal basis for the temporary storage of data or log files is Art. 6 para. 1 lit. f GDPR. For reasons of technical security, in particular to prevent attempts to attack our web server, we may temporarily store this data. It is not possible for us to draw conclusions about individual persons on the basis of this data. After XX days at the latest, the data is made anonymous by shortening the IP address at domain level, so that it is no longer possible to establish a reference to the individual user. This data is not evaluated in anonymous form except for statistical purposes. This data is not combined with data from other data sources.

Cookies

Our website uses so-called “cookies”. Cookies are small text files that are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your terminal device. Session cookies are automatically deleted after the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or an automatic solution is provided by your web browser.

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or language settings). Other cookies are used to evaluate user behavior or display advertising.

Technically necessary cookies are stored on the basis of Art. 6 para. 1 lit. f DSGVO stored. We have a legitimate interest in storing cookies for the technically error-free and optimized provision of our services. Other cookies are only used with your consent on the basis of Art. 6 para. 1 lit. a DSGVO stored. The consent can be revoked at any time for the future. The legal basis can also be derived from Art. 6 para. 1 lit. b DSGVO, if the processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures taken at the request of the data subject.

Insofar as cookies are used for analysis purposes, we will inform you separately about this within the framework of this data protection declaration and obtain your consent.

You can set your browser to

be informed about the setting of cookies,
only allow cookies in individual cases,
exclude the acceptance of cookies for certain cases or generally,

activate the automatic deletion of cookies when the browser is closed.

The cookie settings can be managed under the following links for each browser:

Safari
Opera

You can also manage cookies of many companies and functions used for advertising individually. To do this, use the appropriate user tools, available at https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices. Most browsers also offer a so-called “do-not-track function”. When this feature is enabled, the browser tells ad networks, websites, and applications that you do not want to be “tracked” for behavioral advertising and the like. For information and instructions on how to edit this feature, please refer to the links below, depending on your browser provider:

Additionally, you can prevent the loading of so-called scripts by default. “NoScript” allows the execution of JavaScripts, Java and other plug-ins only at trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser (e.g. for Mozilla Firefox at: https://addons.mozilla.org/en-US/firefox/addon/noscript/ ). Please note that if you disable cookies, the functionality of our website may be limited.

Change cookie settings

You can revoke or change your cookie settings at any time. To do so, access the cookie settings again via our integrated thumbprint. You can find this at the bottom left of our website.”

Contact form and contact by e-mail

If you send us inquiries via contact form or e-mail, your data from the inquiry form or your e-mail, including the personal data you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. The specification of an e-mail address is required for contact, the specification of your first and last name and your telephone number is voluntary. Under no circumstances do we pass on this data without your consent. The legal basis for the processing of the data is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f DSGVO and, if applicable, Art. 6 para. 1 lit. b DSGVO, provided that your request is aimed at the conclusion of a contract. Your data will be deleted after final processing of your request, provided that there are no legal obligations to retain data. You may, in the case of Art. 6 para. 1 lit. f DSGVO against the processing of your personal data at any time.

Booking

You can bindingly book our hotel rooms via our website. For this purpose, we use the hotel management software “Ibelsa” provided by ibelsa GmbH (Sybelstraße 41, 10629 Berlin, Germany) to enable interested parties/guests to make an automated hotel booking. In addition to the preferred date, we collect the following personal data:

First and last name
E-Mail address
Telephone number
Postal address

In this context, the data will not be passed on to third parties. The legal basis for the processing is your consent granted to us pursuant to. Art. 6 par. 1 lit. a DSGVO if applicable Art. 6 para. 1 lit. b DSGVO, provided that your request is aimed at the conclusion of a contract.

We have concluded an order processing contract with “ibelsa”, so that the data you provide is processed for us in accordance with instructions and orders.

The personal data collected for the consultation will be deleted as soon as no contract is concluded or you revoke your consent.

For more information on the processing of data by “ibelsa”, please click here: https://www.ibelsa.com/datenschutz/

Integration of the TrustYou seal

In order to display our TrustYou quality seal and, where applicable, collected ratings, as well as to offer TrustYou products to buyers after they conducted a booking, the TrustYou quality seal is integrated on this website. This serves the purpose of protecting our overriding legitimate interests in the optimal marketing of our offer in accordance with Art. 6 para. 1 p. 1 lit. f GDPR. The quality seal and the thereby promoted services are an offer of TrustYou GmbH, Steinerstraße 15, 81369 Munich, Germany. Upon accessing the seal, the web server automatically saves a so-called server log file, which contains, for example, your IP address, date and time of access, amount of data transferred and the requesting provider (access data) and also logs the access. This access data is not evaluated and is automatically overwritten within seven days of the end of your visit to the site. Further personal data such as cookies are only transferred to TrustYou in the case that you have granted your consent in accordance with Art. 6 Para. 1 lit. a GDPR, if you decide to use Trusted Shops products after completing a booking, or if you have already registered for the use of Trusted Shops products. In this case, the contractual agreement made between you and TrustYou applies. For more information, please visit https://www.trustyou.com/de/downloads/TrustYou_GmbH_Privacy_Policy_ENG_12-2020_clean.pdft

Holiday Check Rating

This page embeds a widget from HolidayCheck to display ratings. The provider is HolidayCheck AG, Bahnweg 8, CH-8598 Bottighofen, Switzerland. To use the functions of the HolidayCheck widget, it is necessary to store your IP address. This information is usually transmitted to a HolidayCheck server in Switzerland and stored there. The provider of this site has no influence on this data transmission. When you click on the “Rate now” button, a popup will open. When you enter a rating you will have to enter your first name, email address and place of residence. Afterwards, you will receive an e-mail confirming the hotel rating. When you submit your rating, this data is usually transferred to a HolidayCheck server in Switzerland and stored there. Based on an adequacy decision pursuant to Art. 45 para. 1 GDPR, Switzerland is considered a safe third country that guarantees an adequate level of data protection.

The use of the HolidayCheck widget is in the interest of presenting the reviews of our hotel submitted on HolidayCheck, and to be able to offer the possibility of writing a review on HolidayCheck. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

Your data collection in the context of the hotel evaluation, on the other hand, takes place on a voluntary basis of your consent according to. Art. 6 par. 1 lit. a DSGVO. You can revoke your consent at any time for the future.
You can find more information on how HolidayCheck handles user data in HolidayCheck’s privacy policy: https://www.holidaycheck.de/datenschutz.

Google Maps

Our homepage uses the online map service provider Google Maps via an interface. This allows us to show you interactive maps directly in the website and enables you to use the map function comfortably. Anbieter des Kartendienstes ist Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. To use the functionalities of Google Maps, it is necessary to store your IP address. The legal basis for the processing of your personal data is your consent granted for this purpose pursuant to Art. 6 para. 1 S. 1 lit. a DSGVO.

By using the service, personal data is transferred to the USA. The legal basis for the transfer of your personal data to the USA is your consent pursuant to Art. 49 para. 1 S. 1 lit. a DSGVO. By using the service, personal data is transferred to the U.S. The legal basis for the transfer of your personal data to the U.S. is your consent in accordance with Art. 49 para. 1 s. 1 lit. a GDPR. Please note that such transfers of personal data without an adequacy decision and appropriate safeguards pose a risk to you. The risk is that due to legislation in the U.S., the personal data may be accessed by American authorities (in particular the intelligence services). Legal protection options or information on the handling of your data by the U.S. authorities are only possible to a very limited extent or not at all. A level of data protection in accordance with the regulations of the GDPR can therefore not be ensured. Further information on the handling of user data can be found in Google’s privacy policy:

https://www.google.de/intl/de/policies/privacy/
Opt-out: https://www.google.com/settings/ads/

Vimeo

On our website we embed videos from “Vimeo”. “Vimeo” is operated by Vimeo LLC, 555 West 18th Street, New York 10011, USA. If you have given us your consent, the processing is carried out for the optimal marketing of our offer in accordance with Art. 6 para. 1 s. 1 lit. a GDPR. The integrated videos from “Vimeo” automatically include the tracking tool Google Analytics. We have no influence on the tracking settings and the analysis results collected via this tool and cannot view them. In addition, web beacons are set for website visitors by embedding “Vimeo” videos. In order to prevent Google Analytics tracking cookies from being set, you can prevent the storage of cookies by adjusting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S. For the purpose and scope of data collection and the further processing and use of data by the providers, as well as your rights and setting options for protecting your privacy, please refer to the “Vimeo” privacy policy: https://vimeo.com/privacy

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our website. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). The purpose of reCAPTCHA is to check whether the data input on our website (e.g. in a contact form) is made by a human being or by an automated program. For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis reCAPTCHA evaluates different information, e.g.

IP address
Duration of the website visitor’s stay on the website
Mouse movements made by the user
The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not notified that an analysis is taking place. The data processing is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in protecting our website from improper automated spying and from unwanted automated transmissions (spam). Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 para. 2 (c) GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. The data will be deleted no later than 13 months after it was collected. We do not store any personal data from the use of reCAPTCHA. In general, personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage no longer applies. Further information about Google reCAPTCHA and Google’s privacy policy can be found at the following links:https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/v3beta.html

Google Analytics

Our website uses Google Analytics, an internet analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses so-called “cookies” and web beacons. Google will use this information on behalf of the operator of this website to evaluate your use of the website and to create reports on website activity. Google will also use this information to provide the website operator with further services related to the use of the website and the internet. The IP address sent by your browser in the context of Google Analytics is not combined with other data from Google. Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent. We use Google Analytics only with activated IP anonymisation. This means that your IP address will only be further processed by Google in abbreviated form. We have concluded a Data Processing Agreement with the service provider in which we oblige him to protect the data of our customers and not to pass them on to third parties.

Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S. The terms of use of Google Analytics and information on data protection can be accessed via the following links:

http://www.google.com/analytics/terms/de.html

https://www.google.de/intl/de/policies/

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. User and event-level data associated with cookies, user IDs (e.g., User ID), and advertising IDs (e.g., DoubleClick cookies, Android Advertising ID, IDFA) will be deleted no later than 14 months after collection.

You can prevent cookies from being saved by adjusting the settings of your browser software accordingly. Please note, however, that if you do so you may not be able to use all the functions of this website without restriction. You can also prevent Google from collecting the data generated by the cookie and analysing your use of the website (including your IP address) and processing this data by Google by downloading and installing the browser plugin available at https://tools.google.com/dlpage/gaoptout.

Google Fonts (font display)

This website uses Google Fonts, so-called web fonts, which are provided by Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland (“Google”), for the uniform display of fonts.

We use Google Fonts to enable an improved display of our website. Google Fonts are optimised for display on the web to enable the presentation of our website on different end devices and to ensure a fast loading time.

Insofar as the use is permissible on the basis of our legitimate interest in the improved presentation of our website, the use is made on the basis of Art. 6 para. 1 lit. f DSGVO

The Google Fonts are installed locally. There is no connection to Google servers. No additional data is stored for the use of Google Fonts.

When using Google Fonts, personal data relating to you will be transmitted to Google and possibly also to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, i.e. to a third country. We have agreed to the Google APIs Terms of Service (https://developers.google.com/terms), which refer to the “Google Controller-Controller Data Protection Terms” (https://privacy.google.com/businesses/gdprcontrollerterms/). The data transfer takes place on the basis of the standard data protection clauses included here, which allow a transfer to so-called third countries outside the EU in individual cases. We regularly review the necessity and possibility of using additional measures.

You can find further information on data protection in Google’s privacy policy:

http://www.google.de/intl/de/policies/privacy

Further information on Google Fonts can be found at

https://fonts.google.com/

https://developers.google.com/fonts/faq?hl=de-DE&csw=1

External links

On our website (HolidayCheck) is solely embedded as a link to the respective service. After clicking on the embedded text/image-link you will be directed to the website of the respective provider. User information will be only transferred after the redirection to the respective provider or submitting a rating. Information regarding the use of your personal data through the use of the website can be found in the privacy policies of the visited websites.

Data Transfer and Recipients

A transfer of your personal data to third parties does not take place, unless
– if we have explicitly referred to this in the description of the respective data processing.
– if you have given express consent in accordance with Art. 6 para. 1 S. 1 lit. a GDPR for this purpose,
– the disclosure according to Art. 6 para. 1 S. 1 lit. f DSGVO is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data,
– in the event that for the disclosure according to Art. 6 para. 1 S. 1 lit. c DSGVO a legal obligation exists and
– insofar as this is required by Art. 6 para. 1 S. 1 lit. b DSGVO is necessary for the processing of contractual relationships with you.
In addition, we use external service providers for the processing of our services, whom we have carefully selected and commissioned in writing. They are bound by our instructions and are regularly monitored by us. Required data processing agreements pursuant to Art. 28 GDPR are concluded before the commission. In particular, these contracts concern web hosting services, the dispatch of emails and IT updates and maintenance. Your personal data will not be transferred to third parties by our service providers.

Data Security

We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 of the GDPR, taking into account the state of the art, the cost of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying probability and severity of the risk to the rights and freedoms of natural persons. This website uses SSL encryption for security reasons and to protect the transmission of confidential content.

Storage Period

The period for which the personal data will be stored is determined by the relevant statutory storage periods (e.g. from commercial law and tax law). The corresponding data is deleted routinely upon expiry of the respective period. If data is required for the fulfilment of a contract or contract initiation, or if we have a legitimate interest in further storage, the data will be deleted if they are no longer required for these purposes or if you make use of your right of withdrawal or objection.

Your Rights

In the following, you will find information about your data subject rights, which the current data protection law grants you against the controller concerning the processing of personal data: The right, pursuant to Art. 15 GDPR, to obtain information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data concerned, the categories of recipients to whom your data has been or will be disclosed, the envisaged period for which the data will be stored, the existence of the right to request from the controller rectification or erasure or personal data or restriction of processing of personal data concerning you or to object such processing, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved, as well as the significance and the envisaged consequences.

The right to request the correction of inaccurate or incomplete personal data stored by us without undue delay in accordance with Art. 16 DSGVO. The right to request the erasure of your personal data stored by us in accordance with Article 17 of the GDPR, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims. The right to request the restriction of the processing of your personal data in accordance with Art. 18 DSGVO, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 DSGVO. The right, in accordance with Art. 20 DSGVO, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller. Translated with www.DeepL.com/Translator (free version)

The right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR, in particular in the Member State of your habitual residence, place of work. The right to withdraw your given consent pursuant to Art. 7 para. 3 GDPR: You have the right to withdraw your given consent concerning the processing of your personal data with effect for the future at any time. In the event of withdrawal, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal

Right to object

If your personal data is processed by us based on legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object at any time to the processing of your personal data on grounds relating to your particular situation. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement of stating a particular situation. If you wish to exercise your right of withdrawal, objection or any of your other rights, simply send an e-mail to
mail@cas-colonia.de.

Necessity of providing data

The provision of personal data for the decision on the conclusion of a contract, the fulfillment of the contract or for the implementation of pre-contractual measures is voluntary. However, we can only make the decision in the context of contractual measures if you provide such personal data that is required for the conclusion of the contract, the fulfillment of the contract or pre-contractual measures.

Automated decision making

Automated decision making or profiling according to Art. 22 GDPR does not take place.

Subject to change

We reserve the right to adapt or update this privacy policy, if necessary, in compliance with the applicable data protection regulations. In this way, we can adapt it to the current legal requirements and take account of changes to our services, e.g. the introduction of new services. The most current version applies to your visit.

Status of this privacy policy: 12.07.2021

Cologne