1. Introduction
In the following, we provide information about the collection of personal data when using our website https://www.thetreasuryhotel.de.
Personal data is any data that can be related to a specific natural person, such as their name or IP address.
1.1. Contact details
The controller within the meaning of Art. 4 para. 7 EU General Data Protection Regulation (GDPR) is:
Treasury Hotel
Hellersbergstraße 8
41460 Neuss, Germany
Phone: +49 179 4324280
Email: reservations@thetreasuryhotel.de
We are legally represented by Kevin Kempe, Maik Kempe, Lawrence D.
1.2. Scope of data processing, processing purposes and legal bases
We detail the scope of data processing, processing purposes and legal bases below. In principle, the following come into consideration as the legal basis for data processing:
Art. 6 para. 1 s. 1 lit. a GDPR serves as our legal basis for processing operations for which we obtain consent.
Art. 6 para. 1 s. 1 lit. b GDPR is the legal basis insofar as the processing of personal data is necessary for the performance of a contract, e.g. if a site visitor books a stay with us. This legal basis also applies to processing that is necessary for pre-contractual measures, such as in the case of inquiries about our rooms or services.
Art. 6 para. 1 s. 1 lit. c GDPR applies if we fulfill a legal obligation by processing personal data, as may be the case, for example, in tax law.
Art. 6 para. 1 s. 1 lit. f GDPR serves as the legal basis when we can rely on legitimate interests to process personal data, e.g. for cookies that are necessary for the technical operation of our website.
1.3. Data processing outside the EEA
Insofar as we transfer data to service providers or other third parties outside the EEA, the security of the data during the transfer is guaranteed by adequacy decisions of the EU Commission, insofar as they exist (e.g. for Great Britain, Canada and Israel) (Art. 45 para. 3 GDPR).
If no adequacy decision exists (e.g. for the USA), the legal basis for the data transfer are usually standard contractual clauses (Art. 46 para. 2 lit. b GDPR). Many providers also give contractual guarantees beyond these clauses, such as encryption or notification obligations.
1.4. Storage duration
Unless expressly stated otherwise in this privacy policy, the data we store will be deleted as soon as they are no longer required for their intended purpose and no legal retention obligations prevent deletion. If data must be retained, processing will be restricted (data will be blocked and not processed for other purposes).
1.5. Rights of data subjects
Data subjects have the following rights regarding their personal data:
Right of access
Right to rectification or deletion
Right to restriction of processing
Right to object to processing
Right to data portability
Right to withdraw consent at any time
Data subjects also have the right to complain to a supervisory authority. Contact details can be found here:
https://www.bfdi.bund.de/EN/Service/Anschriften/Laender/Laender-node.html
1.6. Obligation to provide data
Customers or third parties must provide us with personal data necessary for establishing, executing, or terminating a business or other relationship, or that we are legally obliged to collect. Without this data, we may not be able to conclude or perform contracts.
1.7. No automated decision-making
We do not use fully automated decision-making (Art. 22 GDPR). Should we use such procedures in individual cases, we will inform separately if required by law.
1.8. Contacting us
When contacting us (e.g. via email or phone), the provided data (e.g. name, email, phone) will be stored by us to answer the inquiry. Legal basis: Art. 6 para. 1 s. 1 lit. f GDPR (legitimate interest in responding). Data is deleted once no longer necessary unless retention obligations exist.
1.9. Customer surveys
From time to time, we may conduct surveys. Participation is voluntary. Data is processed based on Art. 6 para. 1 s. 1 lit. f GDPR (legitimate interest in improving our services) and deleted once no longer needed.
2. Newsletter
We may inform past customers about our offers via email unless they object (Art. 6 para. 1 s. 1 lit. f GDPR; Recital 47 GDPR). Customers can object anytime, for example via the unsubscribe link or by emailing reservations@thetreasuryhotel.de.
With consent (Art. 6 para. 1 s. 1 lit. a GDPR), we may also measure open/click rates.
We send newsletters with:
WhatsApp Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (Privacy Policy: link)
3. Data processing on our website
3.1. Informative use
When visiting our website without actively providing data, we collect the following to ensure stability and security (Art. 6 para. 1 s. 1 lit. f GDPR):
IP address
Date/time of request
Time zone difference to GMT
Requested content (page)
HTTP status code
Amount of data transferred
Referrer website
Browser
Operating system/interface
Language and version of browser software
These data are also stored in log files and deleted after 14 days.
4. Web hosting
Our website is hosted by Webflow, Inc., San Francisco, USA. Data transfers outside the EEA are safeguarded by standard contractual clauses (Art. 46 para. 2 lit. c GDPR).
More info: https://webflow.com/legal/eu-privacy-policy
5. Bookings via the website
When making a booking, we process:
IP address
Name
Email address
Phone number
Address
Company name (if applicable)
Date of birth
Nationality
Gender
Arrival/departure date
Number of guests
ID document
Legal basis: Art. 6 para. 1 lit. b GDPR (contract) and Art. 6 para. 1 lit. c GDPR (legal obligations under BMG).
We use Autohost for ID verification. Retention: 1 year from departure, deletion within 3 months after retention period (§30 para. 4 BMG).
6. Payment processors
We use payment providers (controllers under GDPR):
American Express Europe S.A.
Klarna Bank AB, Sweden
Mastercard Europe SA, Belgium
PayPal (Europe) S.à r.l., Luxembourg
Visa Europe Services Inc., Great Britain
Stripe Payments Europe Ltd., Ireland
Legal basis: Art. 6 para. 1 lit. b GDPR.
7. Cookies
We use technically necessary cookies (Art. 6 para. 1 lit. f GDPR), e.g.:
Language settings
Shopping cart
Login data
Payment processing cookies
Flash cookies for media
8–22. Third-party tools & services
We use:
8. Salto Systems (digital locks)
9. Autohost (ID verification)
10. Google Maps (maps display)
11. Mews (property management)
12. Siteminder (booking management)
13. WhatsApp (guest communication)
14. Social media platforms: Facebook, Instagram, YouTube, Twitter, LinkedIn, Xing
Each service is described with its provider, data processed, legal basis, and link to its privacy policy.
15. Treasury Hotel subsidiaries
Guest data collected during bookings is transferred to the relevant local Treasury Hotel subsidiary where the accommodation is located. Legal basis: Art. 6 para. 1 lit. b GDPR. All subsidiaries have signed data processing agreements with us under Art. 28 GDPR.
Changes to this policy
We reserve the right to update this privacy policy at any time with effect for the future. The current version will always be available at https://www.thetreasuryhotel.de.
Questions & contact
If you have any questions or comments regarding this privacy policy, please contact us:
Treasury Hotel
Hellersbergstraße 8
41460 Neuss, Germany
Phone: +49 179 4324280
Email: reservations@thetreasuryhotel.de
