PRIVACY POLICY

 General

The protection of your personal data and the collection, processing and use of such data in compliance with the law is important to AccorInvest Germany GmbH (hereinafter AccorInvest) as the website operator of [URL]  and the controller in the meaning of the EU General Data Protection Regulation (GDPR).

Insofar as this privacy statement refers to We or Us, this is always AccorInvest Germany GmbH as the responsible controller.

For you to feel safe when visiting our website, we strictly comply with the legal requirements for the processing of your personal data and hereby wish to inform you about how we collect and use data.

We undertake to comply with the GDPR and with national data protection laws that apply. For us, the protection of data and your privacy has a high priority throughout the entire company and we only co-operate with partners that can equally provide a respective level of data protection in the context of their processing activities. We process your data only if you provided your express consent for this to us; if this refers to services and work under a contract or pre-contractual measures; or insofar as the relevant laws permit or possibly even oblige us to process data.

 

The following privacy notice covers both the currently applicable national legal frame as well as the requirements under the GDPR that are valid throughout all of Europe starting 25 May 2018. In no event will we sell your data or pass these to unauthorized third parties.

 Change of purpose of processing and using data

Technical progress and organisational changes may modify/advance the processing methods used. We therefore reserve the right to update this privacy notice in accordance with the latest technical framework. We therefore ask that you check the privacy statement of AccorInvest from time to time. Should you not agree with any of the advancements that may occur over time, you may request in writing and in accordance with Article 17 GDPR that these data will be erased which have not been saved on the basis of other statutory requirements, such as commercial-law or tax-law based retention requirements.

The following privacy statement has been prepared to explain to you which data our website collects and which data we process and use.

1. Name and Address of the Controller

The controller in the meaning of the GDPR and other national data protection laws of member states as well as other data protection provisions is:

AccorInvest Germany GmbH

Hanns-Schwindt-Straße 2

81829 Munich

c/o name branch hotel

Telephone:

Telefax:

Email:

Responsible for the web design: 

PlanetPolaris – studio@planetpolaris.com

2. Name and Address of the Data Protection Officer

The controller’s Data Protection Officer is:

Prof. Dr. Rolf Lauser

Dr. Gerhard-Hanke-Weg 31

D-85221 Dachau

Email: rolf(at)lauser-nhk.de

3. General Information on Data Processing

  1. Scope of processing personal data

We collect and use the personal data of our users in principle only insofar as this is required to provide a functional website and for our content and services. The personal data of our users is routinely collected and used only following the consent on behalf of the user. An exception applies in those cases where it is not possible to obtain a prior consent for factual reasons and where data may be processed to comply with legal requirements.

  1. Legal grounds for processing personal data

Insofar as we obtain the consent from the data subject to process personal data, Article 6 (1) lit. a GDPR constitutes the legal basis for processing personal data.

When processing personal data that is required to perform a contract to whom the respective data subject is a party, Article 6 (1) lit. b GDPR constitutes the legal basis for this. This equally applies to processing which is required to execute pre-contractual measures.

Insofar as the processing of personal data is required to fulfil a legal requirement, which applies to our organisation, Article 6 (1) lit. c GDPR constitutes the legal basis for this.

If vital interests of the data subject or of any other natural person render the processing of personal data necessary, Article 6 (1) lit. d GDPR constitutes the legal basis for this.

If processing is required to preserve a legitimate interest on behalf of our organisation or of a third party and if the data subject’s interests, fundamental rights, and fundamental freedoms do not override the former interests, then Article 6 (1) lit. f GDPR constitutes the legal basis for processing.

  1. Erasure of data and storage period

The personal data of the data subject concerned will be erased or blocked as soon as the purpose of storing no longer exists. Personal data will only be stored beyond this period if provided for by European or national legislation under EU regulations, laws or other requirements that govern the controller. Data will even be blocked or erased if a storage period as prescribed by the stated regulations expires unless it remains necessary to store the data further to conclude a contract or to fulfil a contract.

4. Provision of Website and Creation of Log Files

  1. Description and scope of data processing

Each time our internet site is called up our system automatically records data and information from the calling computer system.

The following data are collected: 

  • information regarding the browser type and the version used;
  • the user’s operating system;
  • the language setting of the user’s browser;
  • the user’s internet service provider;
  • truncated IP addresses;
  • the date, time, and duration of access;
  • websites from which the user’s system accesses our internet site (referrer URL);
  • websites which are called up by the user’s system via our website.

The data are also saved in the log files of our system. These data are not stored together with other personal data of the user.

 Legal basis data processing data

Article 6 (1) lit. f GDPR constitutes the legal basis for the temporary storing of data and log files.

  1. Purpose of data processing

The temporary storing of the IP address by the system is required to allow the delivery of the website to the user’s computer. For this, the user’s IP address must be stored for the duration of the session.

Log files are stored so as to ensure the website’s functionality. In addition, the data serve to help us optimize the website and to safeguard the security of our information technology systems. An analysis of the data for marketing purposes does not take place in this context.

These purposes also constitute our legitimate interests in the processing of data pursuant to Article 6 (1) lit. f GDPR.

  1. Storage period

The data are erased as soon as they are no longer required to achieve the purpose for which they were collected. In the event that the data were collected to provide the website, this applies as soon as the respective session has ended.

In the event that the data are stored in log files, this applies after seven days the latest. Storing beyond this is possible. In this case the users’ IP addresses are erased or alienated so that it is no longer possible to identify the calling client.

  1. Objection and removal

To run the internet site, it is stringently required to record the data to provide the website and save the data in log files. Therefore, it is not possible for the user to object.

5. Cookies

  1. Description and scope of data processing

Our website uses cookies. Cookies are text files which are saved in the web browser or by the web browser on the user’s respective computer system. Whenever a user calls up a website, a cookie may be saved on the user’s operating system. This cookie contains a characteristic sequence of numbers, which facilitates the definitive identification of the browser when calling up the website again.

We use cookies to create a more user-friendly website experience. Certain elements of our website require that it be possible to identify the calling browser even after having changed the page.

Hereby, the cookies save and transfer the following data:

  • __utma 111747089.496067580.1539761626.1539786551.1540473549.3 .delice-la-brasserie.de / 2020-10-24T13:41:14.000Z 60        
    __utmb 111747089.6.10.1540473549 .delice-la-brasserie.de / 2018-10-25T14:11:14.000Z 31        
    __utmc 111747089 .delice-la-brasserie.de / 1969-12-31T23:59:59.000Z 15        
    __utmt 1 .delice-la-brasserie.de / 2018-10-25T13:44:50.000Z 7        
    __utmz 111747089.1539762153.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none) .delice-la-brasserie.de / 2019-04-26T01:41:14.000Z 76        
    _ga GA1.2.496067580.1539761626 .delice-la-brasserie.de / 2020-10-24T13:44:41.000Z 29        
    _gat 1 .delice-la-brasserie.de / 2018-10-25T13:45:41.000Z 5        
    _gid GA1.2.1395878569.1540473386 .delice-la-brasserie.de / 2018-10-26T13:44:41.000Z 31        
    moove_gdpr_popup %7B%22strict%22%3A%221%22%2C%22thirdparty%22%3A%221%22%2C%22advanced%22%3A%221%22%7D www.delice-la-brasserie.de / 2019-10-17T07:37:11.000Z 100        
    wordpress_54eb47d7c84f279f19735e44b2f8284b polariscs%7C1540646177%7CsRuXosFv1Px0oExWhXShu5reJNtlZdOczrt0qSLBA7Q%7Cc487a4b1adf09a4196759b4e639b679270b548532cd664b3d0646a3c868a2286 www.delice-la-brasserie.de /wp-content/plugins 1969-12-31T23:59:59.000Z 177      
    wordpress_logged_in_14b2c0ca967ce45e56c10f90781a0cee polariscs%7C1540646426%7CTgr8jH4rP238zB8DmD3qucsvvqJ9WerrkDV4YXNbPab%7C50a200cb229e48da4edc66b27a2bd6102def61808398c9d42e081c267122c885 www.delice-la-brasserie.de /de/ 1969-12-31T23:59:59.000Z 187      
    wordpress_logged_in_54eb47d7c84f279f19735e44b2f8284b polariscs%7C1540646177%7CsRuXosFv1Px0oExWhXShu5reJNtlZdOczrt0qSLBA7Q%7C00bd7164f8ca75aafbfbdb63e429ec23956a59ac256747bb648635040961c482 www.delice-la-brasserie.de / 1969-12-31T23:59:59.000Z 187      
    wordpress_test_cookie WP+Cookie+check www.delice-la-brasserie.de /de/ 1969-12-31T23:59:59.000Z 36        
    wordpress_test_cookie WP+Cookie+check www.delice-la-brasserie.de / 1969-12-31T23:59:59.000Z 36        
    wp-settings-1 libraryContent%3Dbrowse%26editor%3Dtinymce%26hidetb%3D1%26mfold%3Do%26imgsize%3Dfull%26advImgDetails%3Dshow%26urlbutton%3Dcustom%26posts_list_mode%3Dlist%26post_dfw%3Doff www.delice-la-brasserie.de / 2019-10-25T13:22:57.000Z 183        
    wp-settings-1 libraryContent%3Dbrowse%26editor%3Dtinymce%26hidetb%3D1%26mfold%3Do%26imgsize%3Dfull%26advImgDetails%3Dshow%26urlbutton%3Dcustom%26posts_list_mode%3Dlist%26post_dfw%3Doff www.delice-la-brasserie.de /de/ 2019-10-25T13:23:22.000Z 183        
    wp-settings-time-1 1540473691 www.delice-la-brasserie.de /de/ 2019-10-25T13:23:22.000Z 28        
    wp-settings-time-1

Moreover, we use cookies on our website which analyse the user’s surfing behaviour.

act 1540474907050%2F77 .facebook.com / 1969-12-31T23:59:59.000Z 21      
c_user 1324965392 .facebook.com / 2019-01-23T13:07:57.795Z 16      
datr 13nAW8iPJiQrJgYirfN6PgxS .facebook.com / 2020-10-11T21:16:42.466Z 28    
fr 33S6CjMjc29VQfFCz.AWXxUQD1K2C63Ew1W3JodzW_XxU.BbwHni.Bw.FvJ.0.0.Bb0cAy.AWUdZu7J .facebook.com / 2019-01-23T13:07:57.795Z 81    
locale en_US .facebook.com / 2018-10-26T16:12:51.543Z 11      
m_pixel_ratio 1 .facebook.com / 1969-12-31T23:59:59.000Z 14      
pl n .facebook.com / 2019-01-23T07:56:12.953Z 3    
presence EDvF3EtimeF1540475105EuserFA21324965392A2EstateFDt3F_5bDiFA2user_3a1B01632507581A2EoF1EfF1CAcDiFA2user_3a787423189A2ErF1EoF3EfF10CAcDiFA2user_3a647450863A2ErF1EoF4EfF17CAcDiFA2user_3a1344080243A2ErF1EoF5EfF18C_5dEutc3F1540474889587G540475105321CEchFDp_5f1324965392F133CC .facebook.com / 1969-12-31T23:59:59.000Z 278      
sb 3XnAW_I6Ye7BJfoK0hCkvggb .facebook.com / 2020-10-24T07:56:12.953Z 26    
spin r.4462275_b.trunk_t.1540474727_s.1_v.2_ .facebook.com / 2018-10-26T14:38:43.410Z 43    
wd 1920×930 .facebook.com / 2018-11-01T13:41:27.000Z 10      
xs 34%3AzzwJq8SNJ5HtVw%3A2%3A1540454176%3A17846%3A4967 .facebook.com / 2019-01-23T13:07:57.795Z 53

This allows the following data to be transmitted

Technical measures are used to pseudonymize user data collected in this manner. Therefore, it is no longer possible to reconcile the data with the user calling the sites. The data are not stored together with other personal data of users.

  1. How to opt out of storing cookies

Depending on the browser used, you may opt to save cookies only with your prior consent. Generally, the help feature in the menu bar of your web browser will show you how to reject new cookies and deactivate cookies already received. We recommend that, when sharing a computer which is set to accept these cookies and flash cookies, to always fully log off after ending the session.

  1. Legal basis for processing data

Article 6 (1) lit. f GDPR constitutes the legal basis for the processing of personal data.

  1. Purpose of data processing

The purpose of using cookies for technical reasons is to simplify the website experience for the user. Certain functionalities of our website cannot be made available unless the use of cookies is permitted. For these it is necessary that the browser is recognized even after changing the site.

We require cookies for the following applications

User data that are collected using cookies for technical reasons are not used to create user profiles.

Analysis cookies are used for the purpose of improving the quality of our website and its content. Analysis cookies allow us to learn how the website is used, and to continually optimise our offer. 

These purposes also constitute our legitimate interests in processing personal data pursuant to Article 6 (1) lit. f GDPR.

  1. Storage period, objection and removal

Cookies are stored on the user’s computer and transmitted by the user’s computer to our page. Therefore, as a user, you have full control over the use of cookies. By changing the settings of your web browser, you may deactivate or restrict the transfer of cookies. Cookies that have already been saved can be erased any time. They may even be erased automatically. If cookies are deactivated for our website, it is possible that you will not be able to experience the full functionality of the website.

The transfer of flash cookies cannot be prohibited via the browser settings, but by modifying the Flash Player settings.

6. Newsletter

  1. Description and scope of data processing

Our website offers the possibility to subscribe to a free newsletter. For this, the data entered in the input screen when subscribing to the newsletter are transferred to us.

  • salutation;
  • last name;
  • first name;
  • email address.

Also, the following data are collected during registration:

  • date and time of subscribing

Moreover, it is possible to voluntarily provide the following:

  • language;
  • address;

In order to process the data, your consent is obtained during registration and reference is made to this privacy statement.

If you purchase products or services on our website and provide your email address for this, we may use the address subsequently to send out a newsletter. In this case, the newsletter is sent out exclusively for the purposes of directly advertising our own similar goods or services. In addition, email addresses collected can be used for online marketing and social media advertising.

The processing of data in connection with the sending out of newsletters is not tied to the transfer of the data to third parties. The data are used exclusively to send out the newsletter and for our online marketing and social media advertising.

  1. Legal basis for processing data

Article 6 (1) lit. a GDPR constitutes the legal basis for the data processing after the user subscribed to the newsletter, subject to the user has given prior consent. The legal basis for sending out the newsletter in consequence of selling products and services is Section 7 (3) of the German Act Against Unfair Competition (Gesetz gegen unlauteren Wettbewerb – UWG).

  1. Purpose of data processing

The collection of the user’s email address serves the purpose of delivering the newsletter. The collection of other personal data during registration serves to prevent a misuse of the services or the email address used.

  1. Storage period

The data are erased as soon as they are no longer required to achieve the purpose for which they were collected. Therefore, the user’s email address is stored for as long as the newsletter subscription is active. Any other personal data collected during the subscription process are generally erased after a seven-day period.

  1. Objection and removal

The respective user may terminate the newsletter subscription at any time. Each newsletter contains a respective link for this. This enables also a withdrawal of the consent given to store personal data collected during registration.

 

7. Contact Form and Email Contact 

  1. Description and scope of data processing

Our website contains a contact form which can be used to contact us electronically. If a user seizes this option, the data entered in the input screen are transmitted to us and stored.

These data are:

  • salutation;
  • first name;
  • last name;
  • telephone;
  • email address.
  • subject;
  • date of arrival;
  • date of departure:
  • details regarding the enquiry.

At the time of sending the message, the following data are also saved:

  • date and time of making contact;

In order to process the data, your consent is obtained during the sending process and reference is made to this privacy statement.

Alternatively, making contact via the email address provided is also possible. In this case, the personal data of the user provided in the email that was sent are saved.

In that regard, the data are not forwarded to third parties. The data are used exclusively to process the conversation.

 

  1. Legal basis for processing data

Article 6 (1) lit. a GDPR constitutes the legal basis for processing the data if the user has given prior consent.

Article 6 (1) lit. f GDPR constitutes the legal basis for processing the data transferred in the context of sending an email. If the email contact targets the conclusion of a contract, the additional legal basis for processing it is defined in Article 6 (1) lit. b GDPR.

 

  1. Purpose of data processing

Processing the personal data from the input screen serves the exclusive purpose of handling the contact request. If contact was made by email, this also constitutes the legitimate interest in the processing of the data.

 

Any other personal data processed while sending serve to prevent any misuse of the contact form and to safeguard the security of our information technology systems.

 

  1. Storage period

The data are erased as soon as they are no longer required to achieve the purpose for which they were collected. This applies to the personal data from the input screen of the contact form and those forwarded by email if the respective conversation with the user has ended. The conversation has ended if the circumstances indicate that the issue concerned has been closed.

Any other personal data collected during the sending process are erased after a seven-day period at the latest.

 

  1. Objection and removal

The user may withdraw any consent to the processing of personal data at any time. If users contact us by email, they may object to their personal data being stored at any time. In this case the conversation cannot be continued. It is possible to have the profile deleted by sending an email to rolf(at)lauser-nhk.de. Any and all personal data saved in connection with making contact will be erased in this case. Moreover, enquiries are completely erased from our system at monthly intervals. 

 

8. Transfer of Your Data to Third Parties 

To create an as pleasant as possible website experience for you as the user we occasionally use the services of partners (third-party providers). Below you have the opportunity to obtain information about the data protection regulations regarding the services and functionalities applied and used so as to, where appropriate, exercise your rights even with these service partners.

 

  1. Google Analytics

Google Analytics is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’). Google Analytics uses cookies, which are small text files placed on your computer, to help Google analyse how users use our online offer. The information recorded by the cookie regarding the use of our websites (including your IP address) will usually be transmitted to and stored by Google on servers in the United States. We wish to point out that Google Analytics was extended on our websites by the following code: “gat._anonymizeIp();;”. This guarantees the recording of IP addresses in an anonymized format (so-called IP masking). Therefore, at our request, Google records your truncated IP address only, which guarantees anonymization and prevents any possibility to identify who you are. If IP anonymization is activated on our websites, Google will truncate your IP address in Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and truncated there. Google will use the aforementioned information to analyse your use of our websites; to compile reports for us on website activity; and to render additional services for us associated with the use of websites and the web. Google will not associate your IP address with any other data held by Google within the context of Google Analytics. Google will only transmit these data to third parties on the basis of legal regulations or in the context of commissioned data processing. By no means will Google merge your data with other data collected by Google. By using these websites, you consent to the processing of data about you by Google in the data processing manner and for the purposes set out above. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of our websites. To opt out of the collection of data generated by cookies and the use of website-related data (including your IP address) by Google as well as the processing of these data by Google, download and install the add-on for your current browser plug-in available at the following link:

 

More information about Google Analytics and the protection of data and your privacy can be found at http://tools.google.com/dlpage/gaoptout?hl=de.

 

  1. Google Maps

Our website uses Google Maps to display maps and to create travel directions. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. By using this website, you consent to the collection, processing and use of the data that is automatically collected and that you entered by Google, its representatives, or third-party providers. The terms of use for Google Maps  can be found under the terms of use for Google Maps. Details are available at the data protection centre of google.de : Transparency and options as well as data protection regulations .

 

  1. Social plug-ins

Our web presence uses social plug-ins (‘Plug-ins‘) from different social media networks. These Plug-ins help you, for example, to share content or recommend products. Plug-ins are deactivated on our websites by default and therefore do not send any data. Press ‘Activate Social Media’ to activate the Plug-ins. Naturally, Plug-ins can be deactivated again by a click of the button. 

If these Plug-ins are activated, your browser will directly connect to the servers of the respective social media networks as soon as you call up a website of our online presence. The social media network will transmit the Plug-in content directly to your browser which integrates the information into the website.

By integrating the Plug-ins, the social media network receives information that you called up the respective page of our online presence. If you logged on to the social media network, it can associate the visit to your account. If you interact with the Plug-ins, for example by using Facebook’s ‘Like’ button or posting a comment, your browser sends the respective information directly to the social media network where it is saved.

For more information about the purpose and scope of data collection and the further use and processing of the data by social media networks as well as your rights and setting options to protect your privacy, please refer to the respective networks or web pages. The links for them have been listed further below.

 

Even if you do not have any social media accounts, websites with active social plug-ins may send data to the networks. If the plug-in has been activated, an identifier cookie is set every time the website is called up. As your browser sends this cookie by default for each connection with a network server, the network could (in theory) create a profile about which websites the user associated with the identifier called. It would also be entirely possible to associate this identifier – for example, when logging on later to the social media network – to a person again.

 

We use the following plug-ins on our websites:

  • Facebook

If you do not wish for social media networks to collect data through activated plug-ins, you may simply deactivate the social media plug-ins with a click on our websites or by selecting ‘Block Cookies from Third-party Partners’ in your browser settings. In this case, the browser does not send the embedded content of other partners to the server. However, when using this setting, it is possible that except for the plug-ins, other site-wide functionalities are no longer available.

 

  1. a) Facebook

We use plug-ins by the social media network facebook.com, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (Facebook). Click on this link to be redirected to Facebook’s privacy statement: Facebook Privacy Notice .

 

  1. b) Twitter

We use plug-ins by the social media network Twitter which is operated by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (Twitter). Click on this link to be redirected to Twitter’s privacy statement: Twitter Privacy Notice .

 

  1. c) Instagram

We use plug-ins of the social media network instagram.com, which is operated by Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025 USA (Instagram). Click on this link to be redirected to Instagram’s privacy statement: Instagram Privacy Notice .

 9. Rights of Data Subject

Article 15 GDPR in conjunction with Section 34 of the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG) provide for the unrestricted right to free access of information regarding the data that we store on you, and pursuant to Section 35 BSDG, the right to the erasure or blocking of inadmissible data or the right to rectification of inaccurate data.

 

On request, we are happy to communicate to you in writing whether and which personal data we have stored about you. Insofar as it is possible, we will take appropriate measures to update or rectify data that we have stored about you at short notice. Please address all information requests, information enquiries or inconsistencies regarding the processing of data by email, stating your full postal address, directly to our Data Protection Officer.

 

If we process personal data on you, you are the data subject in the meaning of the GDPR and you have the following rights in relation to the controller:

 

  1. Right of access to information

You may request a confirmation from the controller as to whether we processed personal data that regard you.

 

If such processing did take place, you may request that the controller provides information about the following:

  • the purposes for which the personal data are processed;
  • the categories of personal data that are processed;
  • the recipients or categories of recipients to whom the personal data that regard you were disclosed or are yet to be disclosed;
  • the intended storage period for the personal data that regard you or, if specific details are not possible in this regard, criteria on establishing the storage period;
  • the existence of the right to the rectification or erasure of personal data that regard you, a right to restricting the processing of personal data by the controller or a right to object to such processing;
  • the existence of the right to lodge a complaint with a supervisory authority;
  • any and all available information regarding the origin of the data if personal data are not collected from the data subject;
  • the existence of automated decision-making, including profiling pursuant to Article 22 (1) and 4 GDPR and – at least in these cases – meaningful information about the logic involved and the scope and impact targeted by such processing for the data subject.

 

You have the right to demand information on whether the personal data that regard you are transmitted to a third country or to an international organisation. In this context you may request to be informed about suitable safeguards pursuant to Article 46 GDPR in conjunction with the transmission.

 

  1. Right to rectification

You have the right to the rectification and/or completion by the controller provided that the personal data that regard you are incorrect or incomplete. The controller must immediately rectify the information.

 

  1. Right to restrict the data processing

Subject to the following requirements you may request that the processing of personal data that regard you be restricted:

  • if you contest the accuracy of the personal data that regard you for a period which enables the controller to verify the accuracy of the personal data;
  • the processing is unlawful, and you reject the erasure of personal data and instead request that use of the personal data be restricted;
  • the controller no longer requires the personal data for the purposes of processing, however you require these to assert, exercise, or defend legal claims; or
  • if you objected to the processing in accordance with Article 21 (1) GDPR and it has yet to be established whether the justified reasons of the controller override your grounds for objection.

If the processing of personal data that regard you has been restricted, these data – apart from being stored – may only be processed with your consent, or to assert, exercise, or defend legal claims or to protect the rights of another natural or legal person or for reasons grounded in a crucial public interest of the European Union or of a member state.

 

If the restriction of data processing was limited in accordance with the above requirements, you will be informed by the controller prior to the restriction being lifted.

 

  1. Right to have data erased
  2. Duty to erase data

You may request that the controller immediately erases the personal data that regard you. The controller is obliged to erase these data immediately provided that one of the following reasons applies:

The personal data that regard you are no longer required for the purposes for which they were collected or processed in any other form or manner.

You revoke your consent which the processing relied on in accordance with Article 6 (1) lit. a or Article 9 (2) lit. a GDPR and there are no other legal grounds for processing.

In accordance with Article 21 (1) GDPR, you object to the processing and there are no justified grounds with a higher priority for processing or, in accordance with Article 21 (2) GDPR, you object to the processing.

The personal data that regard you were processed unlawfully.

The erasure of personal data that regard you is required to fulfil the legal obligation according to EU law or the law of the member state which governs the controller.

The personal data that regard you were collected in relation to information society services in accordance with Article 8 (1) GDPR.

 

  1. Information to third parties

If the controller disclosed the personal data that regard you and if the controller is obliged to erase them in accordance with Article 17 (1) GDPR, it shall pursue reasonable measures by taking into consideration available technology and implementation costs, even of technical nature, so as to inform the data controller responsible for the personal data that you as the data subject requested the erasure of all links to these personal data or of copies or replicas of said personal data.

 

  1. Exceptions

You do not have the right to have data erased if processing is required

  • to exercise the right to the freedom of speech and information;
  • to fulfil a legal obligation which requires the processing under EU law or the law of member states that govern the controller, or to exercise a task which is in the interest of the public or which follows the exercise of official authority which was transferred to the controller;
  • in the interest of the public within the domain of public health pursuant to Article 9 (2) lit. h and lit. i as well as Article 9 (3) GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Article 89 (1) GDPR insofar as the right named under paragraph a) presumably renders the implementation of the goals under this processing impossible or seriously impairs it; or
  • to assert, exercise, or defend legal claims.

 

  1. Right to be informed

If you have asserted the right to the rectification, erasure or restriction of data processing towards the controller, the controller is obliged to communicate this rectification or erasure of data or restriction of processing to all recipients to whom the personal data that regard you were disclosed unless this proves to be impossible or requires unreasonable effort.

 

You have the right towards the controller to be informed of these recipients.

 

  1. Right to data portability

You have the right to receive the personal data that regard you which you provided to the controller in a structured, commonly-used and machine-readable format. Moreover, you have the right to transmit these data to another controller without being impaired by the controller to whom the personal data were provided, provided that

  • processing was based on a consent in accordance with Article 6 (1) lit. a GDPR or Article 9 (2) lit. a GDPR or on a contract in accordance with Article 6 (1) lit. b GDPR, and

 

  • processing was performed with the help of automated procedures.

 

In exercising this right, you also have the right to request that the personal data that regard you are transmitted directly from one controller to another controller insofar as is technically feasible. The freedoms and rights of other persons must not be impaired by this.

 

The right to data portability does not apply to the processing of personal data which is required to exercise a task which is in the public interest or which follows the exercise of official authority which was transferred to the controller.

 

  1. Right to object

You have the right to object for reasons resulting from your specific situation at any time to the processing of personal data that regard you, which is executed on the grounds of Article 6 (1), lit. e or f GDPR; this applies also to any profiling based on this provision.

 

The controller no longer processes the personal data that regard you unless the controller can provide proof of compelling legitimate grounds for such processing which override your interests, rights and freedoms, or such processing serves to assert, exercise or defend legal claims.

 

If the personal data that regard you are processed for direct marketing purposes, you have the right to object to the processing of the personal data that regard you for the purposes of such marketing at any time.

If you object to the processing for purposes of direct marketing, the personal data that regard you will no longer be processed for these purposes.

 

  1. Right to withdraw consent to the processing of data

You have the right to withdraw your consent to the processing of your data at any time. Your withdrawal of the consent does not affect the lawfulness of any processing carried out by virtue of a consent that was issued prior to such withdrawal.

 

  1. Right to lodge a complaint with a supervisory authority

Irrespective of any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, especially in the member state of your habitual residence, your place of work or the location of the alleged infringement if you are of the opinion that the processing of personal data that regard you breaches the GDPR.

 

The supervisory authority where the complaint was submitted will inform the complainant of the status and the outcome of the complaint including the possibility of any judicial remedy in accordance with Article 78 GDPR.

 

Additional information and contacts

If you have any further questions on the issue of Data Protection for the Data Controller, please address the Data Protection Officer of AccorInvest. You may enquire about which data of yours we store. Moreover, you may send your requests for information on, the erasure of and the rectification of your data and even suggestions by letter or email to the following address:

 

Prof. Dr. Rolf Lauser

Data Protection Officer

Dr. Gerhard-Hanke-Weg 31

D-85221 Dachau

Email: rolf(at)lauser-nhk.de

As of May 2018