Data Privacy Statement

The controller is:

MEININGER Shared Services GmbH

Obentrautstrasse 72, 10963 Berlin, Germany

Email: welcome[at]meininger-hotels.com

You can reach our data protection officer as follows:

MEININGER Shared Services GmbH

Data Protection Officer

Obentrautstrasse 72, 10963 Berlin, Germany

Email: dataprotection[at]meininger-hotels.com

Should you surf on our website, visit our hotels or otherwise get in touch with us, we receive personal data from you. We generally process data in accordance with the following legal provisions:

- If you issue us with your express consent (Article 6 Paragraph 1 a) GDPR), if you wish us to contact you directly, take part in competitions, subscribe to our newsletter and wish to receive advertising tailored to you personally. We also process data in order to fulfil our contractual obligations (Article 6 Paragraph 1 b) GDPR), for example should you book an overnight stay with us.

- As a company, we are subject to various legal obligations (Article 1 Paragraph 1 c) GDPR). For example, under tax and commercial laws, we are obliged to retain certain documents.

- We also process data in accordance with our legitimate interest or that of a third party (Article 6 Paragraph 1 f) GDPR). Amongst others, a legitimate interest includes data processing for purposes connected to direct advertising, sales generation, IT security and prevention of fraud, as well as the creation of use profiles in the form of pseudonyms in order to carry out analysis and design the website in line with requirements (tracking). You have the right to raise an objection to the data processing which takes place in accordance with the legitimate interest in accordance with Article 21 Paragraph 1 GDPR.

3.1.1 Hotel bookings

You can book a hotel room directly via our website. So that we can carry out your booking, we require your contact and address data, as well as information concerning the services which are being requested (travel dates, number of travellers, meal requests). The legal basis is Article 6 Paragraph 1 Letter b) GDPR.

 

3.1.2 Payment

In order to carry out payment transactions via our website, we use various payment service providers, which collect your information directly and are therefore recipients of your personal data which is gathered in connection with the payment process.

The payment service provider is responsible for your payment data. You can obtain information, in particular concerning the responsible body of the payment service provider, the contact details of the data protection officers of the payment service providers and the categories of personal data which are processed by the payment service providers from the following addresses:

 

SIX Payment Services (Europe) S.A.

10, rue Gabriel Lippmann, 5365 Munsbach, Luxembourg

Data privacy statement: https://www.six-payment-services.com/en/services/legal/privacy-statement.html#country=de

 

Adyen N.V.

Simon Carmiggeltstraat 6-50, 1011 DJ Amsterdam, The Netherlands

Data privacy statement: https://www.adyen.com/policies-and-disclaimer/privacy-policy 

 

PayPal (Europe) S.à r.l. et Cie, S.C.A.

22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg

Data privacy statement: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=en_DE

 

giropay GmbH

An der Welle 4, 60322 Frankfurt/Main, Germany

Data privacy statement: https://www.giropay.de/rechtliches/datenschutz-agb/

 

3.1.3 Get in touch with MEININGER

You can address queries to us and send messages to us via the contact form, our email address or by telephone. We only process your data in order to get in touch with you by the means you requested and in order to handle your matter (the legal basis is Article 6 Paragraph 1 Letters a) or b) GDPR).

Freshworks

We use our processor Freshworks Inc (2950 S. Delaware Street, Suite 201, San Mateo, CA 94403, USA) for the presentation of our FAQ and the handling of queries regarding our FAQ. For this, cookies may be saved on your computer. These do not serve to identify you personally. If Freshworks also processes your name and e-mail address (so that we can respond to you by name), this is only done with your consent and the personal data will be encrypted.

 

3.1.4 Participation in competitions

Should you participate in competitions, we gather the data which is necessary to perform the competition. This is generally an individual contribution to the competition (for example a commentary or photo), as well as your name and contact details. It may be the case that we pass your data on to our competition partners, for example in order to send you the prize. The data processing and passing on of data can vary depending on the competition and is therefore described in concrete terms in the terms and conditions of participation of the respective competition. The participation in the competition and the associated gathering of data is of course voluntary (legal basis is Article 6 Paragraph 1 Letter a) GDPR).

 

3.1.5 Sending of our newsletter

You can register for our newsletter in order to receive information concerning new hotels, current offers, events, travel tips and product news of the MEININGER Group and partner companies. Advertising information is only sent to your email address in connection with our newsletter if you have agreed to the use of your email address. It goes without saying that you can revoke your consent to the sending of newsletters at any time by clicking on the unsubscription link in the newsletter, using the unsubscription link on our website, or notifying us of your wish to cancel the subscription by sending an email to newsletter[at]meininger-hotels.com.

For subscription / unsubscription to our newsletter, we use the so-called double opt in / double opt out procedure. This means that following your registration / cancellation, we send an email to the email address which has been provided, in which we request confirmation that you wish to receive / cancel the newsletter. In addition, we save your respective IP addresses which have been used and the time of registration / cancellation and confirmation. By means of this, we can prove your registration / cancellation and, if applicable, clarify any possible misuse of your personal data by a third party.

 

3.1.6 Newsletter tracking

Based on your consent, we evaluate your user behaviour when the newsletter is sent in order to be able to improve the tracking of how our newsletter is used. For this evaluation, the emails which are sent contain so-called web beacons, also called tracking pixels. These are one-pixel image files which provide a link to our website and which enable us to evaluate your user behaviour. This takes place by means of the use of the web beacons, which are assigned to your email address and are mapped to your own ID. The links in the newsletter also contain these. With the data which is gathered in this way, we create a user profile, in order to tailor the newsletter to your individual interests. During this process, we record the time when you read our newsletters and which links you click in these, and are able to determine your personal interests from this information. We combine this data with the actions you carry out on our website.

You can object to this tracking at any time by unsubscribing from the newsletter. The information will be saved for as long as you remain subscribed to the newsletter. Following an unsubscription, we save the data in a purely statistical and anonymous form. Should you have de-activated the display of pictures in your email program in a standard form, such tracking is also not possible. In such a case, the newsletter will not be displayed to you in full and you may not be able to use all of the functions. Should you have the pictures displayed manually, the tracking referred to above takes place.

 

3.1.7 Other advertising by MEININGER

Should we receive your email address and postal address in connection with a stay in our hotels, we can use this data in order to inform you from then on of similar products and services offered by us. Should you prefer not to receive advertising information by post or email, you can object to the use of your contact data for advertising purposes at any time with effect for the future, without any costs being incurred apart from the transmission costs under the basic tariffs. You should send your objection to the following contact address:

MEININGER Shared Services GmbH

Obentrautstrasse 72, 10963 Berlin, Germany

Email: newsletter[at]meininger-hotels.com

 

3.1.8 Career

You can apply to the companies of the MEININGER Group electronically, via the application form on our website or via email to jobs[at]meininger-hotels.com. It goes without saying that we will only use your information in order to process the application and we will not pass this on to third parties. Please bear in mind that emails which are sent in non-encrypted form cannot be protected against unauthorised access. More information about how we process your personal data can be found in our information sheet for the application process, which you receive from our Human Resources Department or can download here.

 

3.1.9 Use of social plugins

This website uses social plugins of the provider:

- Facebook (Operator: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA)

- Twitter (Operator: Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA)

- LinkedIn (Operator: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)

- Google+ (Operator: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)

- Pinterest: (Operator: Pinterest Inc., 651 Brannan Street, San Francisco, CA 94103, USA)

- Instagram (Operator: Instagram LLC, 1601 Willow Rd, Menlo Park CA 94025, USA)

These plugins normally record standard data relating to you and transfer this to the server of the respective provider. In order to guarantee the protection of your private sphere, we have taken technical measures which ensure that your data cannot be recorded by the providers of the respective plugin without your agreement. When a page is accessed in which the plugins are integrated, these are initially de-activated. Only when you click on the respective symbol are the plugins activated and you are then issuing your agreement to your data being transferred to the respective provider. The legal basis for the use of the plugins is Article 6 Paragraph 1 a) and f) GDPR.

Once activation has taken place, the plugins also record personal data such as your IP address, and send this to the servers of the respective provider, where it is then saved. When the website concerned is called up, activated plugins also use a cookie with an unambiguous code. By means of this, the providers can also create profiles concerning your use behaviour. This also takes place if you are not a member of the social network of the respective provider. Should you be a member of the social network of the provider and should you be logged in to the social network during your visit to this website, your data and information concerning the visit to this website can be connected to your profile on the social network. We have no control over the precise scope of the data relating to you which is gathered by the respective provider. You can find more detailed information concerning the scope, type and purpose of the data processing and your rights and settings options in order to protect your private sphere in the data protection notices of the respective provider. This can be accessed via the following addresses:

- Facebook: https://www.facebook.com/privacy/explanation

- Twitter: https://twitter.com/en/privacy

- LinkedIn: www.linkedin.com/legal/privacy-policy/

- Google+: https://policies.google.com/privacy?hl=en-DE

- Pinterest: https://policy.pinterest.com/en-gb/privacy-policy

- Instagram: help.instagram.com/155833707900388

 

3.1.10 YouTube

Videos of YouTube are integrated into the website in the extended data protection mode. When the video is viewed, the following data will be transferred to Google as the operator of YouTube:

- The IP address

- The specific address of our page which has been accessed

- The transmitted name of the browser

- The system date and time of the access

- Cookies which are already present by means of which your browser can be clearly identified.

Only once the video is played are cookies and pixel tags set by YouTube in order to personalise advertising and search results. No information concerning the visitors to the website is saved by Google, unless they are watching the video.

We wish to point out that Google may receive additional data via cookies which have already been saved. We have no influence over the extent to which this data is used by Google. Google Inc is responsible for this data gathering and processing.

 

3.1.11 Google Maps

The website uses Google Maps API, in order to visually display geographical information. When Google Maps is used, data concerning visitors to the website is also gathered, processed and used by Google by means of the use of the map function. More detailed information concerning the data processing by Google can be found in the Google Privacy Policy.

 

3.1.12 How are cookies used on this website?

When you use our website, cookies are saved on your computer. Cookies are small text files which, assigned to the browser you used, are saved on your hard drive and by means of which the party which sets the cookie can receive certain information. Cookies cannot run any programs or place viruses on your computer. The purpose of cookies is to make the Internet service more user friendly and more effective as a whole. We also use cookies in order to be able to identify you during subsequent visits, should you hold an account with us. Otherwise, you would need to log in each time you visit.This website uses the following types of cookies, the scope and functions of which will be explained below.

Transient cookies

These cookies are automatically deleted once you close the browser. These include the session cookies in particular. These save a so-called session ID, by means of which various requests of your browser can be assigned to the session. By means of this process, your computer can be recognised once again if you return to our website. The session cookies are deleted when you log out or close the browser.

Persistent cookies

These cookies are automatically deleted after a prescribed period of time, which can vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

Flash cookies

The flash cookies which are used are not recorded by your browser, rather by your flash plugin. We also use HTML 5 storage objects, which are deposited on your end device. These objects save the necessary data regardless of the browser which you use and do not have an automatic expiry date. Should you not wish the processing of the flash cookies to take place, you need to install a corresponding add on, for example "Better Privacy" for Mozilla Firefox or the Adobe Flash Killer cookie for Google Chrome. The use of HTML 1 storage objects can be prevented by using the private mode in your browser. We would also recommend that you regularly delete your cookies and browser history manually.

Prevention of cookies

You can configure your browser setting in accordance with your wishes and you can, for example, reject the acceptance of third party cookies or all cookies. However, we wish to point out that in such a case, you may not be able to use all functions of this website.

 

3.1.13 Analysis of websites

For the analysis and optimisation of our websites, we use various services which are set out below. For example, by means of these we can analyse how many users are visiting our website, what information is the most popular or how users find the service. Amongst other things, we record the website where a data subject came across a website (so-called referrer), which sub-pages of the website are accessed or how often and for how long a sub-page was viewed. This helps us make our services user friendly and helps us to improve them. The data which is gathered during this process is not used to personally identify individual users. Anonymous data or data with the highest level of pseudonymisation is gathered. The legal basis is Article 6 Paragraph 1 Letter f) GDPR. We consider the optimisation of our website to be a legitimate interest. Your basic rights and basic freedoms do not outweigh our interests, as we comprehensively inform you of the data gathering in our data protection declaration and you have the opt out option at any time (via link or browser settings). We also only used pseudonymised tracking.

Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). The use includes the Universal Analytics operating type. By means of this, it is possible to assign data, sessions and interactions via more than one device to a pseudonymous user ID and thus to analyse the activities of a user across several devices.

Google Analytics uses cookies, which enable an analysis of the use of the website by you. The information concerning your use of this website which is generated by the cookie is, as a rule, transferred to a Google server in the USA and saved there. In case of the activation of the IP anonymisation on this website, your IP address is, however shortened in advance by Google within Member States of the European Union or other Member States of the European Economic Area Treaty. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there. The IP address transferred by your browser within the framework of Google Analytics not combined with other data by Google. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports about the website activities and to provide further services to the website operator connected to the use of the website and the use of the Internet. These purposes also represent our legitimate interest in the data processing. The legal basis for the use of Google Analytics is § 15 Paragraph 3 of the German Telemedia Act (TMG) and Article 6 Paragraph 1 f) GDPR. The data sent by us which is combined with cookies, user recognitions (for example user IDs) or advertising IDs is automatically deleted after 14 months. The deletion of the data whose retention period has expired takes place automatically once a month. You can find more detailed information concerning the terms and conditions of use and data protection at https://www.google.com/analytics/terms/gb.html and https://policies.google.com/?hl=en-GB. 

We use the „Google Optimize" service on our website, which allows us to show different variations of our site to users and analyse users' activities to determine which variant is better accepted by users. This also allows us to customise the contents of websites. For example, we can use Google Optimize to make different versions of the site available to different audiences. User behaviour analytics is provided by Google Analytics or Google Ads within the scope of the use of Google Optimize. Google Optimize uses Google Analytics cookies for alignment and stability purposes. Further information about the cookies used in Google Analytics is available here.

You can prevent the saving of cookies by setting your browser software accordingly. However, we wish to point out that in such a case, you may not be able to fully use all functions of this website. In addition, you can prevent the recording of the data which is generated by the cookie and which relates to your use of the website (including your IP address) by Google, as well as the processing of this data by Google by downloading and installing the browser plugin which is available via the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB. Opt out cookies prevent the future recording of your data when you visit this website. In order to prevent the recording by Universal Analytics via various devices, you need to carry out the opt out on all systems which you are using.

 

3.1.14 Cookies for marketing purposes

We use cookies for marketing purposes, in order to target our users with advertising which is tailored to their interests. In addition, we use cookies in order to restrict the likelihood that an advert will be displayed and in order to measure the effectiveness of our advertising measures. This information can also be shared with third parties, such as ad-networks. The legal basis for this is Article 6 Paragraph 1 Letter f) GDPR. The purposes pursued by the data processing come under the legitimate interest of direct marketing.

At any time, you have the right to raise an objection to the processing of your data for the purpose of such advertising. For this purpose, we will provide you at the head of this website with the opt out options of the respective services. Alternatively, you can prevent the setting of cookies in your browser settings:

Edge: https://answers.microsoft.com/en-us/insider/forum/insider_internet-insider_spartan-insiderplat_pc/how-to-view-and-manage-cookies-in-microsoft-edge/67b3a495-554e-4f1d-995e-93d0ea6882a6

Google Chrome: https://support.google.com/chrome/answer/95647

Internet Explorer: https://support.microsoft.com/en-us/help/278835/how-to-delete-cookie-files-in-internet-explorer

Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

Safari: https://support.apple.com/en-us/HT201265

Double Click

We also use DoubleClick, a service of Google Inc (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, "Google"). DoubleClick uses cookies in order to display user-based adverts. The cookies recognise which advert has already been displayed in your browser and whether you have accessed a website via a displayed advert. In this process, the cookies do not record any personal information and can also not be connected with such.

Should you not wish this to take place, you can prevent the saving of the cookie which is necessary for this technology for example via your browser settings. In such a case, your visit is not recorded under the user statistics. You also have the option of selecting the types of Google adverts and de-activating interest-based adverts on Google via the advertising settings. Alternatively, you can de-activate the use of cookies by third party providers by accessing the de-activation assistant of the network advertising initiative. We and Google do however continue to receive the statistical information as to how many users have visited this site and when. Should you also not wish to be included in these statistics, you can prevent this with the assistance of additional programs for your browser (for example with the Add-on Ghostery).

Google AdWords and conversion tracking

In order to increase awareness of our services, we use Google AdWords adverts and use conversion tracking and the Google Tag Manager within the framework of this, for the purpose of personalised online advertising which is tailored to interests and location. The option of anonymising the IP address is m by an internal setting in Google Tag Manager, which cannot be viewed in the source of this website. This internal setting is placed in such a way that the anonymisation of the IP addresses which is required under the German Federal Data Protection Act (BDSG-Bundesdatenschutzgesetz) is attained. The adverts are incorporated into websites of the Google advertising network in accordance with search queries. We have the option of combining our adverts with certain search terms. With the assistance of the cookie, we can display adverts based on the previous visits of a user to our website. When a user clicks on an advert, a cookie is set on the computer of the user by Google. Further information concerning the cookie technology which is used can also be found in the notices of Google relating to the website statistics and in the Google Privacy Policy. With the assistance of this technology, Google and we as the customer are informed that a user has clicked on an advert and was redirected to our websites. The information which is obtained during this process is only used for a statistical evaluation in order to optimise adverts. We do not receive any information which could personally identify users. The statistics provided to us by Google contain the total number of users who have clicked on one of our adverts and, if applicable, whether these were redirected to a page of our website which contains a conversion tag. On the basis of these statistics, we can find out which search terms led to the most clicks on our advert and which adverts lead to the user getting in touch via the contact form.

Should you not wish this to take place, you can prevent the saving of the cookie which is necessary for this technology, for example via your browser settings. In such a case, your visit is not recorded under the user statistics. You also have the option of selecting the types of Google adverts and de-activating interest-based adverts on Google via the advertising settings. Alternatively, you can de-activate the use of cookies by third party providers by accessing the de-activation assistant of the network advertising initiative.

Google Dynamic Remarketing

On our website, we use the dynamic remarketing function of Google AdWords, a service provided by Google Inc (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). The technology enables us to display automatically created, target group orientated advertising after your visit to our website. The adverts relate to the products and services which you clicked on last time you visited our website. In order to create interest-based adverts, Google uses cookies. Cookies are small text files which are saved in your browser when you visit our website. During this process, Google normally saves information such as your web request, the IP address, the browser type, the browser language, the date and the time of your enquiry. This information is only used to assign the web browser to a specific computer. It cannot be used in order to identify a person.

Should you not wish to receive user-based advertising from Google, you can de-activate the display of adverts with the assistance of the advertising settings of Google. Further information concerning the use of cookies by Google can be found in the Google Privacy Policy.

Bing Ads

This website uses Bing Ads, a service of Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). A cookie is set by Microsoft Bing Ads if you have come across our website via a Microsoft Bing advert. In this way, it can be shown that a person has clicked on an advert, was redirected to our website and has reached a pre-determined target page (conversion page). We are only informed of the total number of users who have clicked on a Bing advert and were then redirected to the conversion page. No personal information concerning the identity of the user is disclosed. Further information concerning data protection and the cookies used by Microsoft Bing can be found on the website of Microsoft.

THN

We work together with THN (The Hotels Network), Muntaner 262, 3º, 08021 Barcelona, Spain as our processor.

When you visit our website, THN stores a cookie on your computer. Your IP address is also processed. The cookie does not store your IP address, but a string of characters (cookie ID). This cookie ID is also stored on THN's servers. The next time you visit THN, only this ID is read, enabling identification of the Internet browser you are using in the THN network. This does not allow THN to identify you personally. If THN also processes your e-mail address (so that you can complete your booking at a later date if necessary), this will only be done with your consent. ID and e-mail are not merged by THN.

The purpose of this data processing is to be able to show you widgets and notifications that are automatically selected based on your surfing behaviour in order to optimise the relevance of these ads for you (so-called "personalised" or "behaviour-based advertising delivery" or "behavioural targeting"). The aim is to present you only those ads that might be of interest to you.

The THN cookies have an expiration date and expire automatically after a maximum of two years. Without a valid cookie file, the character string stored on THN's servers can no longer be assigned by the provider.

If you do not want the processing operations described above to take place, you can prevent the cookies required for these technologies from being saved, for example, by changing your browser settings. You can also prevent your data from being processed by THN's scripts with the help of additional programs for your browser (e.g. with the add-on Ghostery or NoScript).

Facebook Custom Audiences

Custom Audience Pixel, a service of Facebook Inc., (1601 S. California Ave, Palo Alto, CA 94304, USA), is a small piece of Java script code which we have integrated into all of our websites. This piece of code provides a number of functions for the sending of application specific events and user defined data to Facebook. We use Custom Audience pixels in order to record information concerning the way in which visitors use our website. This pixel records and provides Facebook with information concerning the browser setting of the user, a hashed version of the Facebook ID and the URL which is being visited. Each Facebook user thus possesses a clear and device-independent Facebook ID, whereby it is possible to address the user via more than one device on the social network Facebook and to recognise him or her, so that we can target our visitors again for advertising purposes by means of Facebook adverts. After 180 days, the user information is deleted until the visitor accesses our website again. Therefore, no personal information is disclosed to MEININGER in relation to the individual website visitors and we can only solicit website customer target groups once the target customer group has reached a critical mass in terms of numbers. Further information concerning Facebook and its private sphere settings above and beyond the details set out can be found in the Data Policy and the Terms of Service of Facebook Inc.

When you stay with us, we gather personal data about you. More information about how we process your personal data can be found in our information sheet for customers and guests, which you receive from the Reception or can download here.

If you contact us by telephone or in writing with support issues or reservation requests, we record your name, company name, query and, if applicable contact details for a response or return call, should the gathering of this information be necessary in order to carry out the processing. Your data is used to process your query. The legal basis is Article 6 Paragraph 1 b) and f) GDPR. A phone call is only recorded if you have issued your express agreement to this (§ 6 Paragraph 1 a) GDPR). The recording takes place in order to check the quality of our customer support and to improve it. 

In order to better understand how our necessary emails (booking confirmation, etc.) are used, we evaluate your user behavior after dispatch. For this evaluation, the e-mails sent contain so-called web beacons, also known as tracking pixels. These are one-pixel image files that link to our website and thus enable us to evaluate your user behavior. Links contained in the mails themselves also contain these.

The data is collected exclusively under pseudonyms, so the IDs are not linked to your other personal data, and there is no possibility of direct personal reference.

More information about how we process your personal data can be found in our information sheet for customers and guests, which you receive from our Service Center or can download here.

Should you provide us with your contact data at a trade fair, for example by handing your visitor card to us, participating in a competition (see 3.1.2) or subscribing to our newsletter (see 3.1.3), we record this data in our CRM system. We use this data to get in touch with you as requested, to enter into a business relationship and to provide you with information material.

So that MEININGER can process your data for the purposes described above, it may be necessary for other recipients also to view and process your data.

4.1 Recipients within the MEININGER Group

In certain cases, it may be necessary for us to distribute your data across the Group. However, data processing within the MEININGER Group only takes place if this is permitted by law. For example, this is the case if other companies of the MEININGER Group work for us in connection with the processing of an order or if a legitimate interest under Article 6 Paragraph1 f) GDPR is present. You can find a list of other companies of the MEININGER Group here.

4.2 External service providers (processors)

Your data will be passed on to service partners, should these work on our behalf and support MEININGER in the provision of its services. For example, should you subscribe to our newsletter, we have engaged a service provider in relation to the sending of the newsletter. Processing of your personal data by commissioned service providers takes place within the framework of order processing in accordance with Article 28 GDPR.

Our mail communication is managed on our behalf by a service provider based in Germany. This service provider performs the technical dispatch and administration of the mail communication for us and also processes personal data in this context. A transfer of your data to third parties does not take place unless we are legally obliged to do so or the data transfer is necessary for the execution of the contractual relationship. We ensure by legal, technical and organizational measures as well as by regular controls that personal data are processed on the basis of our instructions, in agreement with these data protection references and thus according to GDPR.

4.3 Other service providers, partners and third parties

MEININGER can co-operate with other partners, should this be necessary in order to fulfil the services which we offer or should we be legally obliged to hand over data. This can include the following partners or third parties:

- Banks and payment providers

- Public sector entities / authorities or by court order

- Police / customs authorities

We prefer to process your data within the EU / EEA. However, it may be the case that we use service providers which are located outside of the EU / EEA. In such cases, we ensure that prior to the transfer of your personal data, a reasonable level of data protection is guaranteed. This means that by means of EU standard contracts or adequacy resolutions, such as the EU Privacy Shield, a data protection level which is comparable to the standards within the EU is attained.

We delete personal data of the data subject once the purpose of the storage no longer applies and provided that statutory retention obligations do not prevent a deletion.

You have the following rights in relation to us concerning your personal data:

7.1 General rights

You have the right of access, correction, erasure, restriction of processing, objection to the processing and of data portability. Should processing take place with your consent, you have the right to revoke this in relation to us with effect for the future.

7.2 Rights in the case of data processing based on a legitimate interest

7.4 Right to complain to a supervisory authority

You also have the right to complain to a competent data protection supervisory authority in relation to the processing of your personal data by us.